p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Island: Remove credentials from reporting

This commit is contained in:
Ilija Lazoroski 2022-07-14 16:47:33 +02:00
parent 7456ef6b05
commit f0f4f6d591
1 changed files with 3 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
monkey/monkey_island/cc/services/reporting/report.py
View File

@ -20,16 +20,11 @@ from monkey_island.cc.services.reporting.pth_report import PTHReportService
from monkey_island.cc.services.reporting.report_generation_synchronisation import ( from monkey_island.cc.services.reporting.report_generation_synchronisation import (
safe_generate_regular_report, safe_generate_regular_report,
) )
from monkey_island.cc.services.reporting.stolen_credentials import (
extract_ssh_keys,
get_stolen_creds,
)
from monkey_island.cc.services.utils.network_utils import get_subnets, local_ip_addresses from monkey_island.cc.services.utils.network_utils import get_subnets, local_ip_addresses
from .. import AWSService from .. import AWSService
from . import aws_exporter from . import aws_exporter
from .issue_processing.exploit_processing.exploiter_descriptor_enum import ExploiterDescriptorEnum from .issue_processing.exploit_processing.exploiter_descriptor_enum import ExploiterDescriptorEnum
from .issue_processing.exploit_processing.processors.cred_exploit import CredentialType
from .issue_processing.exploit_processing.processors.exploit import ExploiterReportInfo from .issue_processing.exploit_processing.processors.exploit import ExploiterReportInfo
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -42,8 +37,6 @@ class ReportService:
_credentials_repository = None _credentials_repository = None
class DerivedIssueEnum: class DerivedIssueEnum:
WEAK_PASSWORD = "weak_password"
STOLEN_CREDS = "stolen_creds"
ZEROLOGON_PASS_RESTORE_FAILED = "zerologon_pass_restore_failed" ZEROLOGON_PASS_RESTORE_FAILED = "zerologon_pass_restore_failed"
@classmethod @classmethod
@ -438,42 +431,18 @@ class ReportService:
return agent_configuration.propagation.network_scan.targets.local_network_scan return agent_configuration.propagation.network_scan.targets.local_network_scan
@staticmethod @staticmethod
def get_issue_set(issues, config_users, config_passwords): def get_issue_set(issues):
issue_set = set() issue_set = set()
for machine in issues: for machine in issues:
for issue in issues[machine]: for issue in issues[machine]:
if ReportService._is_weak_credential_issue(issue, config_users, config_passwords): if ReportService._is_zerologon_pass_restore_failed(issue):
issue_set.add(ReportService.DerivedIssueEnum.WEAK_PASSWORD)
elif ReportService._is_stolen_credential_issue(issue):
issue_set.add(ReportService.DerivedIssueEnum.STOLEN_CREDS)
elif ReportService._is_zerologon_pass_restore_failed(issue):
issue_set.add(ReportService.DerivedIssueEnum.ZEROLOGON_PASS_RESTORE_FAILED) issue_set.add(ReportService.DerivedIssueEnum.ZEROLOGON_PASS_RESTORE_FAILED)
issue_set.add(issue["type"]) issue_set.add(issue["type"])
return issue_set return issue_set
@staticmethod
def _is_weak_credential_issue(
issue: dict, config_usernames: List[str], config_passwords: List[str]
) -> bool:
# Only credential exploiter issues have 'credential_type'
return (
"credential_type" in issue
and issue["credential_type"] == CredentialType.PASSWORD.value
and issue["password"] in config_passwords
and issue["username"] in config_usernames
)
@staticmethod
def _is_stolen_credential_issue(issue: dict) -> bool:
# Only credential exploiter issues have 'credential_type'
return "credential_type" in issue and (
issue["credential_type"] == CredentialType.PASSWORD.value
or issue["credential_type"] == CredentialType.HASH.value
)
@staticmethod @staticmethod
def _is_zerologon_pass_restore_failed(issue: dict): def _is_zerologon_pass_restore_failed(issue: dict):
return ( return (
@ -490,12 +459,9 @@ class ReportService:
def generate_report(): def generate_report():
domain_issues = ReportService.get_domain_issues() domain_issues = ReportService.get_domain_issues()
issues = ReportService.get_issues() issues = ReportService.get_issues()
config_users = ReportService.get_config_users() issue_set = ReportService.get_issue_set(issues)
config_passwords = ReportService.get_config_passwords()
issue_set = ReportService.get_issue_set(issues, config_users, config_passwords)
cross_segment_issues = ReportService.get_cross_segment_issues() cross_segment_issues = ReportService.get_cross_segment_issues()
monkey_latest_modify_time = Monkey.get_latest_modifytime() monkey_latest_modify_time = Monkey.get_latest_modifytime()
stolen_creds = get_stolen_creds()
scanned_nodes = ReportService.get_scanned() scanned_nodes = ReportService.get_scanned()
exploited_cnt = len(get_monkey_exploited()) exploited_cnt = len(get_monkey_exploited())
@ -515,8 +481,6 @@ class ReportService:
"glance": { "glance": {
"scanned": scanned_nodes, "scanned": scanned_nodes,
"exploited_cnt": exploited_cnt, "exploited_cnt": exploited_cnt,
"stolen_creds": stolen_creds,
"ssh_keys": extract_ssh_keys(stolen_creds),
"strong_users": PTHReportService.get_strong_users_on_crit_details(), "strong_users": PTHReportService.get_strong_users_on_crit_details(),
}, },
"recommendations": {"issues": issues, "domain_issues": domain_issues}, "recommendations": {"issues": issues, "domain_issues": domain_issues},
@ -532,8 +496,6 @@ class ReportService:
ReportService.get_exploits, ReportService.get_exploits,
ReportService.get_tunnels, ReportService.get_tunnels,
ReportService.get_island_cross_segment_issues, ReportService.get_island_cross_segment_issues,
PTHReportService.get_duplicated_passwords_issues,
PTHReportService.get_strong_users_on_crit_issues,
] ]
issues = functools.reduce(lambda acc, issue_gen: acc + issue_gen(), ISSUE_GENERATORS, []) issues = functools.reduce(lambda acc, issue_gen: acc + issue_gen(), ISSUE_GENERATORS, [])