Agent: Use NTLM specifically for PowerShell if using pass-the-hash

This commit is contained in:
Mike Salvatore 2021-09-17 11:43:06 -04:00
parent 79aacf3dcb
commit 844d244d67
2 changed files with 24 additions and 2 deletions

View File

@ -1,9 +1,10 @@
from dataclasses import dataclass from dataclasses import dataclass
from infection_monkey.exploit.powershell_utils.credentials import Credentials from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType
AUTH_BASIC = "basic" AUTH_BASIC = "basic"
AUTH_NEGOTIATE = "negotiate" AUTH_NEGOTIATE = "negotiate"
AUTH_NTLM = "ntlm"
ENCRYPTION_AUTO = "auto" ENCRYPTION_AUTO = "auto"
ENCRYPTION_NEVER = "never" ENCRYPTION_NEVER = "never"
@ -29,7 +30,13 @@ def _get_ssl(credentials: Credentials, use_ssl):
def _get_auth_type(credentials: Credentials): def _get_auth_type(credentials: Credentials):
return AUTH_BASIC if credentials.secret == "" else AUTH_NEGOTIATE if credentials.secret == "":
return AUTH_BASIC
if credentials.secret_type in {SecretType.LM_HASH, SecretType.NT_HASH}:
return AUTH_NTLM
return AUTH_NEGOTIATE
def _get_encryption(credentials: Credentials): def _get_encryption(credentials: Credentials):

View File

@ -2,6 +2,7 @@
from infection_monkey.exploit.powershell_utils.auth_options import ( from infection_monkey.exploit.powershell_utils.auth_options import (
AUTH_BASIC, AUTH_BASIC,
AUTH_NEGOTIATE, AUTH_NEGOTIATE,
AUTH_NTLM,
ENCRYPTION_AUTO, ENCRYPTION_AUTO,
ENCRYPTION_NEVER, ENCRYPTION_NEVER,
get_auth_options, get_auth_options,
@ -11,6 +12,8 @@ from infection_monkey.exploit.powershell_utils.credentials import Credentials, S
CREDENTIALS_WITH_PASSWORD = Credentials("user1", "password1", SecretType.PASSWORD) CREDENTIALS_WITH_PASSWORD = Credentials("user1", "password1", SecretType.PASSWORD)
CREDENTIALS_EMPTY_PASSWORD = Credentials("user2", "", SecretType.PASSWORD) CREDENTIALS_EMPTY_PASSWORD = Credentials("user2", "", SecretType.PASSWORD)
CREDENTIALS_NONE_PASSWORD = Credentials("user3", None, SecretType.CACHED) CREDENTIALS_NONE_PASSWORD = Credentials("user3", None, SecretType.CACHED)
CREDENTIALS_LM_HASH = Credentials("user4", "LM_HASH:NONE", SecretType.LM_HASH)
CREDENTIALS_NT_HASH = Credentials("user5", "NONE:NT_HASH", SecretType.NT_HASH)
def test_get_auth_options__ssl_true_with_password(): def test_get_auth_options__ssl_true_with_password():
@ -67,6 +70,18 @@ def test_get_auth_options__auth_type_none_password():
assert auth_options.auth_type == AUTH_NEGOTIATE assert auth_options.auth_type == AUTH_NEGOTIATE
def test_get_auth_options__auth_type_with_LM_hash():
auth_options = get_auth_options(CREDENTIALS_LM_HASH, use_ssl=False)
assert auth_options.auth_type == AUTH_NTLM
def test_get_auth_options__auth_type_with_NT_hash():
auth_options = get_auth_options(CREDENTIALS_NT_HASH, use_ssl=False)
assert auth_options.auth_type == AUTH_NTLM
def test_get_auth_options__encryption_with_password(): def test_get_auth_options__encryption_with_password():
auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, use_ssl=False)