Merge pull request #513 from guardicore/duplicate_credentials

Refactored credential saving to check if credentials already exist
This commit is contained in:
VakarisZ 2020-01-02 10:23:10 +02:00 committed by GitHub
commit 63c4492174
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 17 deletions

View File

@ -6,10 +6,10 @@ from jsonschema import Draft4Validator, validators
import monkey_island.cc.services.post_breach_files
from monkey_island.cc.database import mongo
from monkey_island.cc.encryptor import encryptor
from monkey_island.cc.environment.environment import env
from monkey_island.cc.utils import local_ip_addresses
from .config_schema import SCHEMA
from monkey_island.cc.encryptor import encryptor
__author__ = "itay.mizeretz"
@ -90,7 +90,13 @@ class ConfigService:
return SCHEMA
@staticmethod
def add_item_to_config_set(item_key, item_value):
def add_item_to_config_set_if_dont_exist(item_key, item_value, should_encrypt):
item_path_array = item_key.split('.')
items_from_config = ConfigService.get_config_value(item_path_array, False, should_encrypt)
if item_value in items_from_config:
return
if should_encrypt:
item_value = encryptor.enc(item_value)
mongo.db.config.update(
{'name': 'newconfig'},
{'$addToSet': {item_key: item_value}},
@ -105,31 +111,42 @@ class ConfigService:
@staticmethod
def creds_add_username(username):
ConfigService.add_item_to_config_set('basic.credentials.exploit_user_list', username)
ConfigService.add_item_to_config_set_if_dont_exist('basic.credentials.exploit_user_list',
username,
should_encrypt=False)
@staticmethod
def creds_add_password(password):
ConfigService.add_item_to_config_set('basic.credentials.exploit_password_list', password)
ConfigService.add_item_to_config_set_if_dont_exist('basic.credentials.exploit_password_list',
password,
should_encrypt=True)
@staticmethod
def creds_add_lm_hash(lm_hash):
ConfigService.add_item_to_config_set('internal.exploits.exploit_lm_hash_list', lm_hash)
ConfigService.add_item_to_config_set_if_dont_exist('internal.exploits.exploit_lm_hash_list',
lm_hash,
should_encrypt=True)
@staticmethod
def creds_add_ntlm_hash(ntlm_hash):
ConfigService.add_item_to_config_set('internal.exploits.exploit_ntlm_hash_list', ntlm_hash)
ConfigService.add_item_to_config_set_if_dont_exist('internal.exploits.exploit_ntlm_hash_list',
ntlm_hash,
should_encrypt=True)
@staticmethod
def ssh_add_keys(public_key, private_key, user, ip):
if not ConfigService.ssh_key_exists(
ConfigService.get_config_value(['internal', 'exploits', 'exploit_ssh_keys'], False, False), user, ip):
ConfigService.add_item_to_config_set(
ConfigService.add_item_to_config_set_if_dont_exist(
'internal.exploits.exploit_ssh_keys',
{
"public_key": public_key,
"private_key": private_key,
"user": user, "ip": ip
}
},
# SSH keys already encrypted in process_ssh_info()
should_encrypt=False
)
@staticmethod

View File

@ -72,7 +72,6 @@ def encrypt_system_info_ssh_keys(ssh_info):
def process_credential_info(telemetry_json):
if 'credentials' in telemetry_json['data']:
creds = telemetry_json['data']['credentials']
encrypt_system_info_creds(creds)
add_system_info_creds_to_config(creds)
replace_user_dot_with_comma(creds)
@ -95,14 +94,6 @@ def add_system_info_creds_to_config(creds):
ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash'])
def encrypt_system_info_creds(creds):
for user in creds:
for field in ['password', 'lm_hash', 'ntlm_hash']:
if field in creds[user]:
# this encoding is because we might run into passwords which are not pure ASCII
creds[user][field] = encryptor.enc(creds[user][field])
def process_mimikatz_and_wmi_info(telemetry_json):
users_secrets = {}
if 'mimikatz' in telemetry_json['data']: