diff --git a/monkey_island/cc/resources/pthmap.py b/monkey_island/cc/resources/pthmap.py index 0393939cf..d7934663c 100644 --- a/monkey_island/cc/resources/pthmap.py +++ b/monkey_island/cc/resources/pthmap.py @@ -841,6 +841,18 @@ class PassTheHashMap(object): return threatening_users + @cache + def GetSharedAdmins(self, m): + shared_admins = set() + + for other in pth.machines: + if m == other: + continue + + shared_admins |= (m.GetLocalAdminSids() & other.GetLocalAdminSids()) + + return shared_admins + def main(): pth = PassTheHashMap() @@ -863,8 +875,35 @@ def main(): print """""" print """""" + + print "

Local Admin Uniqueness

" + print "

We argue that each machine should have it's own distinct set of local admins

" + dups = dict(map(lambda x: (x, len(pth.GetSharedAdmins(x))), pth.machines)) + print """""" + print """""" + for secret, count in sorted(dups.iteritems(), key=lambda (k,v): (v,k), reverse=True): + if count <= 0: + continue + + print """""".format(ip=m.GetIp(), hostname=m.GetHostName(), domain=m.GetDomainName(), count=count) + + print """""" + + print """""".format(count=count) + + print """""" + print """
IpHostnameDomainCritical Services InstalledShared User CountShared Users
{ip}{hostname}{domain}
    """ + for service_name in m.GetCriticalServicesInstalled(): + print """
  • {service_name}
    • """.format(service_name=service_name) + print """
{count}
    """ + + for sid in pth.GetThreateningUsersByVictim(m): + print """
  • {username}
    • """.format(sid=sid, username=pth.GetUsernameBySid(sid)) + + print """
""" + print "

Strong Users That Threat Critical Servers

" print "

Administrators of critical servers that we could find thier secret cached somewhere

"