Generate password randomly when creating a new user for Create User PBA and exploit MS08_67 using https://docs.python.org/3.7/library/secrets.html#secrets.token_urlsafe

monkey/infection_monkey/config.py

@@ -192,7 +192,6 @@ class Configuration(object):
 
     ms08_067_exploit_attempts = 5
     user_to_add = "Monkey_IUSER_SUPPORT"
-    remote_user_pass = "Password1!"
 
     # User and password dictionaries for exploits.
 

monkey/infection_monkey/example.conf

@@ -61,7 +61,6 @@
   "send_log_to_server": true,
   "ms08_067_exploit_attempts": 5,
   "user_to_add": "Monkey_IUSER_SUPPORT",
-  "remote_user_pass": "Password1!",
   "ping_scan_timeout": 10000,
   "smb_download_timeout": 300,
   "smb_service_name": "InfectionMonkey",

monkey/infection_monkey/exploit/win_ms08_067.py

@@ -25,6 +25,7 @@ from infection_monkey.exploit.tools.smb_tools import SmbTools
 from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
 from infection_monkey.network.smbfinger import SMBFinger
 from infection_monkey.network.tools import check_tcp_port
+from infection_monkey.utils.random_password_generator import get_random_password
 
 LOG = getLogger(__name__)
 
@@ -230,6 +231,7 @@ class Ms08_067_Exploiter(HostExploiter):
         )
 
         exploited = False
+        remote_user_pwd = get_random_password()
         for _ in range(self._config.ms08_067_exploit_attempts):
             exploit = SRVSVC_Exploit(target_addr=self.host.ip_addr, os_version=os_version)
 
@@ -240,7 +242,7 @@ class Ms08_067_Exploiter(HostExploiter):
                     "cmd /c (net user {} {} /add) &&"
                     " (net localgroup administrators {} /add)\r\n".format(
                         self._config.user_to_add,
-                        self._config.remote_user_pass,
+                        remote_user_pwd,
                         self._config.user_to_add,
                     ).encode()
                 )
@@ -264,7 +266,7 @@ class Ms08_067_Exploiter(HostExploiter):
             src_path,
             self._config.dropper_target_path_win_32,
             self._config.user_to_add,
-            self._config.remote_user_pass,
+            remote_user_pwd,
         )
 
         if not remote_full_path:

monkey/infection_monkey/post_breach/actions/add_user.py

@@ -1,14 +1,18 @@
 from common.common_consts.post_breach_consts import POST_BREACH_BACKDOOR_USER
 from infection_monkey.config import WormConfiguration
 from infection_monkey.post_breach.pba import PBA
+from infection_monkey.utils.random_password_generator import get_random_password
 from infection_monkey.utils.users import get_commands_to_add_user
 
 
 class BackdoorUser(PBA):
     def __init__(self):
+        remote_user_pwd = get_random_password()
+
         linux_cmds, windows_cmds = get_commands_to_add_user(
-            WormConfiguration.user_to_add, WormConfiguration.remote_user_pass
+            WormConfiguration.user_to_add, remote_user_pwd
         )
+
         super(BackdoorUser, self).__init__(
             POST_BREACH_BACKDOOR_USER, linux_cmd=" ".join(linux_cmds), windows_cmd=windows_cmds
         )

monkey/infection_monkey/utils/random_password_generator.py

@@ -0,0 +1,6 @@
+import secrets
+
+
+def get_random_password(length: int = 12) -> str:
+    password = secrets.token_urlsafe(length)
+    return password

monkey/monkey_island/cc/services/config_schema/internal.py

@@ -397,12 +397,6 @@ INTERNAL = {
                             "default": "Monkey_IUSER_SUPPORT",
                             "description": "Username to add on successful exploit",
                         },
-                        "remote_user_pass": {
-                            "title": "Remote user password",
-                            "type": "string",
-                            "default": "Password1!",
-                            "description": "Password to use for created user",
-                        },
                     },
                 },
                 "sambacry": {