Agent: Extract zerologon tags into constant
This commit is contained in:
parent
aaef2f1f81
commit
d400fcb215
|
@ -9,7 +9,6 @@ import os
|
|||
import re
|
||||
import tempfile
|
||||
from binascii import unhexlify
|
||||
from time import time
|
||||
from typing import Dict, List, Optional, Sequence, Tuple
|
||||
|
||||
import impacket
|
||||
|
@ -19,7 +18,6 @@ from impacket.dcerpc.v5.dtypes import NULL
|
|||
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
||||
from common.credentials import Credentials, LMHash, NTHash, Username
|
||||
from common.events import CredentialsStolenEvent
|
||||
from infection_monkey.config import IGUID
|
||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||
from infection_monkey.exploit.tools.wmi_tools import WmiTools
|
||||
from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
|
||||
|
@ -33,6 +31,10 @@ from infection_monkey.utils.threading import interruptible_iter
|
|||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ZEROLOGON_EXPLOIT_TAG = "ZerologonCredentialsStolen"
|
||||
|
||||
ZEROLOGON_EVENT_TAGS = {ZEROLOGON_EXPLOIT_TAG}
|
||||
|
||||
|
||||
class ZerologonExploiter(HostExploiter):
|
||||
_EXPLOITED_SERVICE = "Netlogon"
|
||||
|
@ -297,10 +299,8 @@ class ZerologonExploiter(HostExploiter):
|
|||
|
||||
def _publish_credentials_stolen_event(self, extracted_credentials: Sequence[Credentials]):
|
||||
credentials_stolen_event = CredentialsStolenEvent(
|
||||
source=IGUID,
|
||||
target=None,
|
||||
timestamp=time(),
|
||||
tags=({"ZerologonCredentialsStolen"}),
|
||||
tags=(ZEROLOGON_EVENT_TAGS),
|
||||
stolen_credentials=extracted_credentials,
|
||||
)
|
||||
self.event_queue.publish(credentials_stolen_event)
|
||||
|
|
Loading…
Reference in New Issue