ZL BB tests: Renamed "ZeroLogon" to "Zerologon" for cinsistency, extracted relevant credential extortion from island config into a separate method.

2021-03-08 13:58:11 +02:00 · 2021-03-08 13:58:11 +02:00 · f43d9fe035
parent 70ec513f51
commit f43d9fe035
3 changed files with 17 additions and 12 deletions
--- a/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py
+++ b/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py
@ -14,7 +14,7 @@ TELEM_QUERY = {'telem_category': 'exploit',
               'data.info.password_restored': True}


-class ZeroLogonAnalyzer(Analyzer):
+class ZerologonAnalyzer(Analyzer):

    def __init__(self, island_client: MonkeyIslandClient, expected_credentials: List[str]):
        self.island_client = island_client
@ -28,12 +28,17 @@ class ZeroLogonAnalyzer(Analyzer):
        return is_creds_gathered and is_creds_restored

    def _analyze_credential_gathering(self) -> bool:
-        credentials_on_island = []
        config = self.island_client.get_config()
+        credentials_on_island = ZerologonAnalyzer._get_relevant_credentials(config)
+        return self._is_all_credentials_in_list(credentials_on_island)
+
+    @staticmethod
+    def _get_relevant_credentials(config: dict):
+        credentials_on_island = []
        credentials_on_island.extend(dpath.util.get(config['configuration'], USER_LIST_PATH))
        credentials_on_island.extend(dpath.util.get(config['configuration'], NTLM_HASH_LIST_PATH))
        credentials_on_island.extend(dpath.util.get(config['configuration'], LM_HASH_LIST_PATH))
-        return self._is_all_credentials_in_list(credentials_on_island)
+        return credentials_on_island

    def _is_all_credentials_in_list(self,
                                    all_creds: List[str]) -> bool:
@ -43,10 +48,10 @@ class ZeroLogonAnalyzer(Analyzer):

    def _log_creds_not_gathered(self, missing_creds: List[str]):
        if not missing_creds:
-            self.log.add_entry("ZeroLogon exploiter gathered all credentials expected.")
+            self.log.add_entry("Zerologon exploiter gathered all credentials expected.")
        else:
            for cred in missing_creds:
-                self.log.add_entry(f"Credential ZeroLogon exploiter failed to gathered:{cred}.")
+                self.log.add_entry(f"Credential Zerologon exploiter failed to gathered:{cred}.")

    def _analyze_credential_restore(self) -> bool:
        cred_restore_telems = self.island_client.find_telems_in_db(TELEM_QUERY)
@ -55,7 +60,7 @@ class ZeroLogonAnalyzer(Analyzer):

    def _log_credential_restore(self, telem_list: List[dict]):
        if telem_list:
-            self.log.add_entry("ZeroLogon exploiter telemetry contains indicators that credentials "
+            self.log.add_entry("Zerologon exploiter telemetry contains indicators that credentials "
                               "were successfully restored.")
        else:
            self.log.add_entry("Credential restore failed or credential restore "
--- a/envs/monkey_zoo/blackbox/island_configs/zerologon.py
+++ b/envs/monkey_zoo/blackbox/island_configs/zerologon.py
@ -3,7 +3,7 @@ from copy import copy
 from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate


-class ZeroLogon(BaseTemplate):
+class Zerologon(BaseTemplate):

    config_values = copy(BaseTemplate.config_values)

--- a/envs/monkey_zoo/blackbox/test_blackbox.py
+++ b/envs/monkey_zoo/blackbox/test_blackbox.py
@ -7,7 +7,7 @@ from typing_extensions import Type

 from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \
    CommunicationAnalyzer
-from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZeroLogonAnalyzer
+from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZerologonAnalyzer
 from envs.monkey_zoo.blackbox.island_client.island_config_parser import \
    IslandConfigParser
 from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
@ -26,7 +26,7 @@ from envs.monkey_zoo.blackbox.island_configs.tunneling import Tunneling
 from envs.monkey_zoo.blackbox.island_configs.weblogic import Weblogic
 from envs.monkey_zoo.blackbox.island_configs.wmi_mimikatz import WmiMimikatz
 from envs.monkey_zoo.blackbox.island_configs.wmi_pth import WmiPth
-from envs.monkey_zoo.blackbox.island_configs.zerologon import ZeroLogon
+from envs.monkey_zoo.blackbox.island_configs.zerologon import Zerologon
 from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \
    TestLogsHandler
 from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
@ -163,12 +163,12 @@ class TestMonkeyBlackbox:
        TestMonkeyBlackbox.run_exploitation_test(island_client, WmiPth, "WMI_PTH")

    def test_zerologon_exploiter(self, island_client):
-        test_name = "ZeroLogon_exploiter"
+        test_name = "Zerologon_exploiter"
        expected_creds = ["Administrator",
                          "aad3b435b51404eeaad3b435b51404ee",
                          "2864b62ea4496934a5d6e86f50b834a5"]
-        raw_config = IslandConfigParser.get_raw_config(ZeroLogon, island_client)
-        analyzer = ZeroLogonAnalyzer(island_client, expected_creds)
+        raw_config = IslandConfigParser.get_raw_config(Zerologon, island_client)
+        analyzer = ZerologonAnalyzer(island_client, expected_creds)
        log_handler = TestLogsHandler(test_name, island_client, TestMonkeyBlackbox.get_log_dir_path())
        ExploitationTest(
            name=test_name,