From f175c93f5acbd7e10fbe75241cb3121269b75d54 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Sun, 22 Sep 2019 13:00:33 +0300 Subject: [PATCH] Now hashes are hashed as well --- monkey/infection_monkey/exploit/smbexec.py | 23 +++++++++++---- .../exploit/tools/smb_tools.py | 28 ++++++++++++++----- monkey/infection_monkey/exploit/wmiexec.py | 27 ++++++++---------- 3 files changed, 50 insertions(+), 28 deletions(-) diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py index 0a17d7622..398d78d66 100644 --- a/monkey/infection_monkey/exploit/smbexec.py +++ b/monkey/infection_monkey/exploit/smbexec.py @@ -68,8 +68,12 @@ class SmbExploiter(HostExploiter): self._config.smb_download_timeout) if remote_full_path is not None: - LOG.debug("Successfully logged in %r using SMB (%s : (SHA-512) %s : %s : %s)", - self.host, user, self._config.hash_sensitive_data(password), lm_hash, ntlm_hash) + LOG.debug("Successfully logged in %r using SMB (%s : (SHA-512) %s : (SHA-512) %s : (SHA-512) %s)", + self.host, + user, + self._config.hash_sensitive_data(password), + self._config.hash_sensitive_data(lm_hash), + self._config.hash_sensitive_data(ntlm_hash)) self.report_login_attempt(True, user, password, lm_hash, ntlm_hash) self.add_vuln_port("%s or %s" % (SmbExploiter.KNOWN_PROTOCOLS['139/SMB'][1], SmbExploiter.KNOWN_PROTOCOLS['445/SMB'][1])) @@ -80,9 +84,15 @@ class SmbExploiter(HostExploiter): self.report_login_attempt(False, user, password, lm_hash, ntlm_hash) except Exception as exc: - LOG.debug("Exception when trying to copy file using SMB to %r with user:" - " %s, password (SHA-512): '%s', LM hash: %s, NTLM hash: %s: (%s)", self.host, - user, self._config.hash_sensitive_data(password), lm_hash, ntlm_hash, exc) + LOG.debug( + "Exception when trying to copy file using SMB to %r with user:" + " %s, password (SHA-512): '%s', LM hash (SHA-512): %s, NTLM hash (SHA-512): %s: (%s)", + self.host, + user, + self._config.hash_sensitive_data(password), + self._config.hash_sensitive_data(lm_hash), + self._config.hash_sensitive_data(ntlm_hash), + exc) continue if not exploited: @@ -92,7 +102,8 @@ class SmbExploiter(HostExploiter): # execute the remote dropper in case the path isn't final if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower(): cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \ - build_monkey_commandline(self.host, get_monkey_depth() - 1, self._config.dropper_target_path_win_32) + build_monkey_commandline(self.host, get_monkey_depth() - 1, + self._config.dropper_target_path_win_32) else: cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {'monkey_path': remote_full_path} + \ build_monkey_commandline(self.host, get_monkey_depth() - 1) diff --git a/monkey/infection_monkey/exploit/tools/smb_tools.py b/monkey/infection_monkey/exploit/tools/smb_tools.py index 0d18a8365..51564518e 100644 --- a/monkey/infection_monkey/exploit/tools/smb_tools.py +++ b/monkey/infection_monkey/exploit/tools/smb_tools.py @@ -32,8 +32,12 @@ class SmbTools(object): # skip guest users if smb.isGuestSession() > 0: LOG.debug("Connection to %r granted guest privileges with user: %s, password (SHA-512): '%s'," - " LM hash: %s, NTLM hash: %s", - host, username, Configuration.hash_sensitive_data(password), lm_hash, ntlm_hash) + " LM hash (SHA-512): %s, NTLM hash (SHA-512): %s", + host, + username, + Configuration.hash_sensitive_data(password), + Configuration.hash_sensitive_data(lm_hash), + Configuration.hash_sensitive_data(ntlm_hash)) try: smb.logoff() @@ -164,9 +168,13 @@ class SmbTools(object): smb = None if not file_uploaded: - LOG.debug("Couldn't find a writable share for exploiting" - " victim %r with username: %s, password (SHA-512): '%s', LM hash: %s, NTLM hash: %s", - host, username, Configuration.hash_sensitive_data(password), lm_hash, ntlm_hash) + LOG.debug("Couldn't find a writable share for exploiting victim %r with " + "username: %s, password (SHA-512): '%s', LM hash (SHA-512): %s, NTLM hash (SHA-512): %s", + host, + username, + Configuration.hash_sensitive_data(password), + Configuration.hash_sensitive_data(lm_hash), + Configuration.hash_sensitive_data(ntlm_hash)) return None return remote_full_path @@ -195,8 +203,14 @@ class SmbTools(object): smb.login(username, password, '', lm_hash, ntlm_hash) except Exception as exc: LOG.debug( - "Error while logging into %r using user: %s, password (SHA-512): '%s', LM hash: %s, NTLM hash: %s: %s", - host, username, Configuration.hash_sensitive_data(password), lm_hash, ntlm_hash, exc) + "Error while logging into %r using user: %s, password (SHA-512): '%s', " + "LM hash (SHA-512): %s, NTLM hash (SHA-512): %s: %s", + host, + username, + Configuration.hash_sensitive_data(password), + Configuration.hash_sensitive_data(lm_hash), + Configuration.hash_sensitive_data(ntlm_hash), + exc) return None, dialect smb.setTimeout(timeout) diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py index f9b7c627c..947fd57a1 100644 --- a/monkey/infection_monkey/exploit/wmiexec.py +++ b/monkey/infection_monkey/exploit/wmiexec.py @@ -37,9 +37,10 @@ class WmiExploiter(HostExploiter): for user, password, lm_hash, ntlm_hash in creds: password_hashed = self._config.hash_sensitive_data(password) - LOG.debug("Attempting to connect %r using WMI with " - "user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')", - self.host, user, password_hashed, lm_hash, ntlm_hash) + lm_hash_hashed = self._config.hash_sensitive_data(lm_hash) + mtlm_hash_hashed = self._config.hash_sensitive_data(ntlm_hash) + creds_for_logging = "user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): ({},{},{},{})".format(user, password_hashed, lm_hash_hashed, mtlm_hash_hashed) + LOG.debug(("Attempting to connect %r using WMI with " % self.host) + creds_for_logging) wmi_connection = WmiTools.WmiConnection() @@ -47,25 +48,21 @@ class WmiExploiter(HostExploiter): wmi_connection.connect(self.host, user, password, None, lm_hash, ntlm_hash) except AccessDeniedException: self.report_login_attempt(False, user, password, lm_hash, ntlm_hash) - LOG.debug("Failed connecting to %r using WMI with " - "user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')", - self.host, user, password_hashed, lm_hash, ntlm_hash) + LOG.debug(("Failed connecting to %r using WMI with " % self.host) + creds_for_logging) continue except DCERPCException: self.report_login_attempt(False, user, password, lm_hash, ntlm_hash) - LOG.debug("Failed connecting to %r using WMI with " - "user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')", - self.host, user, password_hashed, lm_hash, ntlm_hash) + LOG.debug(("Failed connecting to %r using WMI with " % self.host) + creds_for_logging) continue except socket.error: - LOG.debug("Network error in WMI connection to %r with " - "user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')", - self.host, user, password_hashed, lm_hash, ntlm_hash) + LOG.debug(("Network error in WMI connection to %r with " % self.host) + creds_for_logging) return False except Exception as exc: - LOG.debug("Unknown WMI connection error to %r with " - "user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s') (%s):\n%s", - self.host, user, password_hashed, lm_hash, ntlm_hash, exc, traceback.format_exc()) + LOG.debug( + ("Unknown WMI connection error to %r with " % self.host) + + creds_for_logging + + (" (%s):\n%s" % (exc, traceback.format_exc())) + ) return False self.report_login_attempt(True, user, password, lm_hash, ntlm_hash)