From c83f76b02b9fe7da7baa525bf71669d51f48a5cb Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Fri, 15 Jul 2022 15:22:30 +0200 Subject: [PATCH] Island: Add formatting credentials for report --- .../services/reporting/stolen_credentials.py | 35 +++------ .../reporting/test_stolen_credentials.py | 72 ++++++++----------- 2 files changed, 39 insertions(+), 68 deletions(-) diff --git a/monkey/monkey_island/cc/services/reporting/stolen_credentials.py b/monkey/monkey_island/cc/services/reporting/stolen_credentials.py index ebcc2190a..9d01bde25 100644 --- a/monkey/monkey_island/cc/services/reporting/stolen_credentials.py +++ b/monkey/monkey_island/cc/services/reporting/stolen_credentials.py @@ -1,48 +1,35 @@ import logging from typing import Mapping, Sequence -from common.credentials import CredentialComponentType -from monkey_island.cc.models import StolenCredentials +from common.credentials import CredentialComponentType, Credentials logger = logging.getLogger(__name__) -def get_stolen_creds() -> Sequence[Mapping]: - stolen_creds = _fetch_from_db() - stolen_creds = _format_creds_for_reporting(stolen_creds) - +def format_creds_for_reporting(credentials: Sequence[Credentials]) -> Sequence[Mapping]: logger.info("Stolen creds generated for reporting") - return stolen_creds - -def _fetch_from_db() -> Sequence[StolenCredentials]: - return list(StolenCredentials.objects()) - - -def _format_creds_for_reporting(credentials: Sequence[StolenCredentials]): formatted_creds = [] cred_type_dict = { - CredentialComponentType.PASSWORD.name: "Clear Password", - CredentialComponentType.LM_HASH.name: "LM hash", - CredentialComponentType.NT_HASH.name: "NTLM hash", - CredentialComponentType.SSH_KEYPAIR.name: "Clear SSH private key", + CredentialComponentType.PASSWORD: "Clear Password", + CredentialComponentType.LM_HASH: "LM hash", + CredentialComponentType.NT_HASH: "NTLM hash", + CredentialComponentType.SSH_KEYPAIR: "Clear SSH private key", } - for cred in credentials: for secret_type in cred.secrets: - if secret_type not in cred_type_dict: + if secret_type.credential_type not in cred_type_dict: continue username = _get_username(cred) cred_row = { "username": username, - "_type": secret_type, - "type": cred_type_dict[secret_type], - "origin": cred.monkey.hostname, + "_type": secret_type.credential_type.name, + "type": cred_type_dict[secret_type.credential_type], } if cred_row not in formatted_creds: formatted_creds.append(cred_row) return formatted_creds -def _get_username(credentials: StolenCredentials) -> str: - return credentials.identities[0]["username"] if credentials.identities else "" +def _get_username(credentials: Credentials) -> str: + return credentials.identities[0].username if credentials.identities else "" diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/reporting/test_stolen_credentials.py b/monkey/tests/unit_tests/monkey_island/cc/services/reporting/test_stolen_credentials.py index 201dda576..54dc31e7f 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/services/reporting/test_stolen_credentials.py +++ b/monkey/tests/unit_tests/monkey_island/cc/services/reporting/test_stolen_credentials.py @@ -1,70 +1,54 @@ -import pytest - -from common.credentials import CredentialComponentType -from monkey_island.cc.models import Monkey, StolenCredentials -from monkey_island.cc.services.reporting.stolen_credentials import get_stolen_creds +from common.credentials import ( + CredentialComponentType, + Credentials, + LMHash, + NTHash, + Password, + SSHKeypair, + Username, +) +from monkey_island.cc.services.reporting.stolen_credentials import format_creds_for_reporting monkey_hostname = "fake_hostname" fake_monkey_guid = "abc" -fake_username = "m0nk3y_user" -fake_nt_hash = "c1c58f96cdf212b50837bc11a00be47c" -fake_lm_hash = "299BD128C1101FD6" -fake_password = "trytostealthis" -fake_ssh_key = "RSA_fake_key" -fake_credentials = { - "identities": [{"username": fake_username, "credential_type": "USERNAME"}], - "secrets": [ - CredentialComponentType.NT_HASH.name, - CredentialComponentType.LM_HASH.name, - CredentialComponentType.PASSWORD.name, - CredentialComponentType.SSH_KEYPAIR.name, - ], -} +fake_username = Username("m0nk3y_user") +fake_nt_hash = NTHash("AEBD4DE384C7EC43AAD3B435B51404EE") +fake_lm_hash = LMHash("7A21990FCD3D759941E45C490F143D5F") +fake_password = Password("trytostealthis") +fake_ssh_public_key = "RSA_public_key" +fake_ssh_private_key = "RSA_private_key" +fake_ssh_key = SSHKeypair(fake_ssh_private_key, fake_ssh_public_key) + +identities = (fake_username,) +secrets = (fake_nt_hash, fake_lm_hash, fake_password, fake_ssh_key) + +fake_credentials = [Credentials(identities, secrets)] -@pytest.fixture -def fake_monkey(): - monkey = Monkey() - monkey.guid = fake_monkey_guid - monkey.hostname = monkey_hostname - monkey.save() - return monkey.id +def test_formatting_credentials_for_report(): - -@pytest.mark.usefixtures("uses_database") -def test_get_credentials(fake_monkey): - StolenCredentials( - identities=fake_credentials["identities"], - secrets=fake_credentials["secrets"], - monkey=fake_monkey, - ).save() - - credentials = get_stolen_creds() + credentials = format_creds_for_reporting(fake_credentials) result1 = { - "origin": monkey_hostname, "_type": CredentialComponentType.NT_HASH.name, "type": "NTLM hash", - "username": fake_username, + "username": fake_username.username, } result2 = { - "origin": monkey_hostname, "_type": CredentialComponentType.LM_HASH.name, "type": "LM hash", - "username": fake_username, + "username": fake_username.username, } result3 = { - "origin": monkey_hostname, "_type": CredentialComponentType.PASSWORD.name, "type": "Clear Password", - "username": fake_username, + "username": fake_username.username, } result4 = { - "origin": monkey_hostname, "_type": CredentialComponentType.SSH_KEYPAIR.name, "type": "Clear SSH private key", - "username": fake_username, + "username": fake_username.username, } assert result1 in credentials assert result2 in credentials