From 9edfe6979b3aa541f26fe75f541b3ef937034193 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 08:51:58 -0400 Subject: [PATCH] Agent: Capture secrets if missing username in SSHCredentialCollector --- .../ssh_collector/ssh_credential_collector.py | 2 +- .../test_ssh_credentials_collector.py | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py index 5c5b05467..cf18a8efc 100644 --- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py +++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py @@ -45,7 +45,7 @@ class SSHCredentialCollector(ICredentialCollector): ssh_keypair.get("private_key", ""), ssh_keypair.get("public_key", "") ) - if identity is not None: + if any([identity, secret]): ssh_credentials.append(Credentials(identity, secret)) return ssh_credentials diff --git a/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_ssh_credentials_collector.py b/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_ssh_credentials_collector.py index c092ed1fb..c6d2a869d 100644 --- a/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_ssh_credentials_collector.py +++ b/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_ssh_credentials_collector.py @@ -43,6 +43,12 @@ def test_ssh_info_result_parsing(monkeypatch, patch_telemetry_messenger): "private_key": None, }, {"name": "guest", "home_dir": "/", "public_key": None, "private_key": None}, + { + "name": "", + "home_dir": "/home/mcus", + "public_key": "PubKey", + "private_key": "PrivKey", + }, ] patch_ssh_handler(ssh_creds, monkeypatch) @@ -53,11 +59,13 @@ def test_ssh_info_result_parsing(monkeypatch, patch_telemetry_messenger): ssh_keypair1 = SSHKeypair("ExtremelyGoodPrivateKey", "SomePublicKeyUbuntu") ssh_keypair2 = SSHKeypair("", "AnotherPublicKey") + ssh_keypair3 = SSHKeypair("PrivKey", "PubKey") expected = [ Credentials(identity=username, secret=ssh_keypair1), Credentials(identity=username2, secret=ssh_keypair2), Credentials(identity=username3, secret=None), + Credentials(identity=None, secret=ssh_keypair3), ] collected = SSHCredentialCollector(patch_telemetry_messenger).collect_credentials() assert expected == collected