Add credential harvesting by default to both OS colelctors
This commit is contained in:
parent
cb39be6f58
commit
e3bd29ef6f
|
@ -7,6 +7,8 @@ from enum import IntEnum
|
|||
|
||||
from network.info import get_host_subnets
|
||||
|
||||
from azure_cred_collector import AzureCollector
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
# Linux doesn't have WindowsError
|
||||
|
@ -104,3 +106,22 @@ class InfoCollector(object):
|
|||
"""
|
||||
LOG.debug("Reading subnets")
|
||||
self.info['network_info'] = {'networks': get_host_subnets()}
|
||||
|
||||
def get_azure_info(self):
|
||||
"""
|
||||
Adds credentials possibly stolen from an Azure VM instance (if we're on one)
|
||||
Updates the credentials structure, creating it if neccesary (compat with mimikatz)
|
||||
:return: None. Updates class information
|
||||
"""
|
||||
LOG.debug("Harvesting creds if on an Azure machine")
|
||||
azure_collector = AzureCollector()
|
||||
if 'credentials' not in self.info:
|
||||
self.info["credentials"] = {}
|
||||
for cred in azure_collector.extract_stored_credentials():
|
||||
username = cred[0]
|
||||
password = cred[1]
|
||||
if username not in self.info["credentials"]:
|
||||
self.info["credentials"][username] = {}
|
||||
# we might be losing passwords in case of multiple reset attempts on same username
|
||||
# or in case another collector already filled in a password for this user
|
||||
self.info["credentials"][username]['Password'] = password
|
||||
|
|
|
@ -25,4 +25,5 @@ class LinuxInfoCollector(InfoCollector):
|
|||
self.get_hostname()
|
||||
self.get_process_list()
|
||||
self.get_network_info()
|
||||
self.get_azure_info()
|
||||
return self.info
|
||||
|
|
|
@ -27,6 +27,8 @@ class WindowsInfoCollector(InfoCollector):
|
|||
self.get_hostname()
|
||||
self.get_process_list()
|
||||
self.get_network_info()
|
||||
self.get_azure_info()
|
||||
mimikatz_collector = MimikatzCollector()
|
||||
self.info["credentials"] = mimikatz_collector.get_logon_info()
|
||||
mimikatz_info = mimikatz_collector.get_logon_info()
|
||||
self.info["credentials"].update(mimikatz_info)
|
||||
return self.info
|
||||
|
|
Loading…
Reference in New Issue