forked from p15670423/monkey
Merge pull request #444 from guardicore/434/bugfix/plaintext-passwords-logged
Hashing lm+ntlm hashes to make sure we don't log them plaintext
This commit is contained in:
commit
5c680256cd
|
@ -68,8 +68,12 @@ class SmbExploiter(HostExploiter):
|
|||
self._config.smb_download_timeout)
|
||||
|
||||
if remote_full_path is not None:
|
||||
LOG.debug("Successfully logged in %r using SMB (%s : (SHA-512) %s : %s : %s)",
|
||||
self.host, user, self._config.hash_sensitive_data(password), lm_hash, ntlm_hash)
|
||||
LOG.debug("Successfully logged in %r using SMB (%s : (SHA-512) %s : (SHA-512) %s : (SHA-512) %s)",
|
||||
self.host,
|
||||
user,
|
||||
self._config.hash_sensitive_data(password),
|
||||
self._config.hash_sensitive_data(lm_hash),
|
||||
self._config.hash_sensitive_data(ntlm_hash))
|
||||
self.report_login_attempt(True, user, password, lm_hash, ntlm_hash)
|
||||
self.add_vuln_port("%s or %s" % (SmbExploiter.KNOWN_PROTOCOLS['139/SMB'][1],
|
||||
SmbExploiter.KNOWN_PROTOCOLS['445/SMB'][1]))
|
||||
|
@ -80,9 +84,15 @@ class SmbExploiter(HostExploiter):
|
|||
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
|
||||
|
||||
except Exception as exc:
|
||||
LOG.debug("Exception when trying to copy file using SMB to %r with user:"
|
||||
" %s, password (SHA-512): '%s', LM hash: %s, NTLM hash: %s: (%s)", self.host,
|
||||
user, self._config.hash_sensitive_data(password), lm_hash, ntlm_hash, exc)
|
||||
LOG.debug(
|
||||
"Exception when trying to copy file using SMB to %r with user:"
|
||||
" %s, password (SHA-512): '%s', LM hash (SHA-512): %s, NTLM hash (SHA-512): %s: (%s)",
|
||||
self.host,
|
||||
user,
|
||||
self._config.hash_sensitive_data(password),
|
||||
self._config.hash_sensitive_data(lm_hash),
|
||||
self._config.hash_sensitive_data(ntlm_hash),
|
||||
exc)
|
||||
continue
|
||||
|
||||
if not exploited:
|
||||
|
@ -92,7 +102,8 @@ class SmbExploiter(HostExploiter):
|
|||
# execute the remote dropper in case the path isn't final
|
||||
if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
|
||||
cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \
|
||||
build_monkey_commandline(self.host, get_monkey_depth() - 1, self._config.dropper_target_path_win_32)
|
||||
build_monkey_commandline(self.host, get_monkey_depth() - 1,
|
||||
self._config.dropper_target_path_win_32)
|
||||
else:
|
||||
cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {'monkey_path': remote_full_path} + \
|
||||
build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||
|
|
|
@ -32,8 +32,12 @@ class SmbTools(object):
|
|||
# skip guest users
|
||||
if smb.isGuestSession() > 0:
|
||||
LOG.debug("Connection to %r granted guest privileges with user: %s, password (SHA-512): '%s',"
|
||||
" LM hash: %s, NTLM hash: %s",
|
||||
host, username, Configuration.hash_sensitive_data(password), lm_hash, ntlm_hash)
|
||||
" LM hash (SHA-512): %s, NTLM hash (SHA-512): %s",
|
||||
host,
|
||||
username,
|
||||
Configuration.hash_sensitive_data(password),
|
||||
Configuration.hash_sensitive_data(lm_hash),
|
||||
Configuration.hash_sensitive_data(ntlm_hash))
|
||||
|
||||
try:
|
||||
smb.logoff()
|
||||
|
@ -164,9 +168,13 @@ class SmbTools(object):
|
|||
smb = None
|
||||
|
||||
if not file_uploaded:
|
||||
LOG.debug("Couldn't find a writable share for exploiting"
|
||||
" victim %r with username: %s, password (SHA-512): '%s', LM hash: %s, NTLM hash: %s",
|
||||
host, username, Configuration.hash_sensitive_data(password), lm_hash, ntlm_hash)
|
||||
LOG.debug("Couldn't find a writable share for exploiting victim %r with "
|
||||
"username: %s, password (SHA-512): '%s', LM hash (SHA-512): %s, NTLM hash (SHA-512): %s",
|
||||
host,
|
||||
username,
|
||||
Configuration.hash_sensitive_data(password),
|
||||
Configuration.hash_sensitive_data(lm_hash),
|
||||
Configuration.hash_sensitive_data(ntlm_hash))
|
||||
return None
|
||||
|
||||
return remote_full_path
|
||||
|
@ -195,8 +203,14 @@ class SmbTools(object):
|
|||
smb.login(username, password, '', lm_hash, ntlm_hash)
|
||||
except Exception as exc:
|
||||
LOG.debug(
|
||||
"Error while logging into %r using user: %s, password (SHA-512): '%s', LM hash: %s, NTLM hash: %s: %s",
|
||||
host, username, Configuration.hash_sensitive_data(password), lm_hash, ntlm_hash, exc)
|
||||
"Error while logging into %r using user: %s, password (SHA-512): '%s', "
|
||||
"LM hash (SHA-512): %s, NTLM hash (SHA-512): %s: %s",
|
||||
host,
|
||||
username,
|
||||
Configuration.hash_sensitive_data(password),
|
||||
Configuration.hash_sensitive_data(lm_hash),
|
||||
Configuration.hash_sensitive_data(ntlm_hash),
|
||||
exc)
|
||||
return None, dialect
|
||||
|
||||
smb.setTimeout(timeout)
|
||||
|
|
|
@ -37,9 +37,10 @@ class WmiExploiter(HostExploiter):
|
|||
|
||||
for user, password, lm_hash, ntlm_hash in creds:
|
||||
password_hashed = self._config.hash_sensitive_data(password)
|
||||
LOG.debug("Attempting to connect %r using WMI with "
|
||||
"user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')",
|
||||
self.host, user, password_hashed, lm_hash, ntlm_hash)
|
||||
lm_hash_hashed = self._config.hash_sensitive_data(lm_hash)
|
||||
mtlm_hash_hashed = self._config.hash_sensitive_data(ntlm_hash)
|
||||
creds_for_logging = "user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): ({},{},{},{})".format(user, password_hashed, lm_hash_hashed, mtlm_hash_hashed)
|
||||
LOG.debug(("Attempting to connect %r using WMI with " % self.host) + creds_for_logging)
|
||||
|
||||
wmi_connection = WmiTools.WmiConnection()
|
||||
|
||||
|
@ -47,25 +48,21 @@ class WmiExploiter(HostExploiter):
|
|||
wmi_connection.connect(self.host, user, password, None, lm_hash, ntlm_hash)
|
||||
except AccessDeniedException:
|
||||
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
|
||||
LOG.debug("Failed connecting to %r using WMI with "
|
||||
"user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')",
|
||||
self.host, user, password_hashed, lm_hash, ntlm_hash)
|
||||
LOG.debug(("Failed connecting to %r using WMI with " % self.host) + creds_for_logging)
|
||||
continue
|
||||
except DCERPCException:
|
||||
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
|
||||
LOG.debug("Failed connecting to %r using WMI with "
|
||||
"user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')",
|
||||
self.host, user, password_hashed, lm_hash, ntlm_hash)
|
||||
LOG.debug(("Failed connecting to %r using WMI with " % self.host) + creds_for_logging)
|
||||
continue
|
||||
except socket.error:
|
||||
LOG.debug("Network error in WMI connection to %r with "
|
||||
"user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')",
|
||||
self.host, user, password_hashed, lm_hash, ntlm_hash)
|
||||
LOG.debug(("Network error in WMI connection to %r with " % self.host) + creds_for_logging)
|
||||
return False
|
||||
except Exception as exc:
|
||||
LOG.debug("Unknown WMI connection error to %r with "
|
||||
"user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s') (%s):\n%s",
|
||||
self.host, user, password_hashed, lm_hash, ntlm_hash, exc, traceback.format_exc())
|
||||
LOG.debug(
|
||||
("Unknown WMI connection error to %r with " % self.host)
|
||||
+ creds_for_logging
|
||||
+ (" (%s):\n%s" % (exc, traceback.format_exc()))
|
||||
)
|
||||
return False
|
||||
|
||||
self.report_login_attempt(True, user, password, lm_hash, ntlm_hash)
|
||||
|
|
Loading…
Reference in New Issue