forked from p15670423/monkey
Merge pull request #513 from guardicore/duplicate_credentials
Refactored credential saving to check if credentials already exist
This commit is contained in:
commit
63c4492174
|
@ -6,10 +6,10 @@ from jsonschema import Draft4Validator, validators
|
|||
import monkey_island.cc.services.post_breach_files
|
||||
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.encryptor import encryptor
|
||||
from monkey_island.cc.environment.environment import env
|
||||
from monkey_island.cc.utils import local_ip_addresses
|
||||
from .config_schema import SCHEMA
|
||||
from monkey_island.cc.encryptor import encryptor
|
||||
|
||||
__author__ = "itay.mizeretz"
|
||||
|
||||
|
@ -90,7 +90,13 @@ class ConfigService:
|
|||
return SCHEMA
|
||||
|
||||
@staticmethod
|
||||
def add_item_to_config_set(item_key, item_value):
|
||||
def add_item_to_config_set_if_dont_exist(item_key, item_value, should_encrypt):
|
||||
item_path_array = item_key.split('.')
|
||||
items_from_config = ConfigService.get_config_value(item_path_array, False, should_encrypt)
|
||||
if item_value in items_from_config:
|
||||
return
|
||||
if should_encrypt:
|
||||
item_value = encryptor.enc(item_value)
|
||||
mongo.db.config.update(
|
||||
{'name': 'newconfig'},
|
||||
{'$addToSet': {item_key: item_value}},
|
||||
|
@ -105,31 +111,42 @@ class ConfigService:
|
|||
|
||||
@staticmethod
|
||||
def creds_add_username(username):
|
||||
ConfigService.add_item_to_config_set('basic.credentials.exploit_user_list', username)
|
||||
ConfigService.add_item_to_config_set_if_dont_exist('basic.credentials.exploit_user_list',
|
||||
username,
|
||||
should_encrypt=False)
|
||||
|
||||
@staticmethod
|
||||
def creds_add_password(password):
|
||||
ConfigService.add_item_to_config_set('basic.credentials.exploit_password_list', password)
|
||||
ConfigService.add_item_to_config_set_if_dont_exist('basic.credentials.exploit_password_list',
|
||||
password,
|
||||
should_encrypt=True)
|
||||
|
||||
@staticmethod
|
||||
def creds_add_lm_hash(lm_hash):
|
||||
ConfigService.add_item_to_config_set('internal.exploits.exploit_lm_hash_list', lm_hash)
|
||||
ConfigService.add_item_to_config_set_if_dont_exist('internal.exploits.exploit_lm_hash_list',
|
||||
lm_hash,
|
||||
should_encrypt=True)
|
||||
|
||||
@staticmethod
|
||||
def creds_add_ntlm_hash(ntlm_hash):
|
||||
ConfigService.add_item_to_config_set('internal.exploits.exploit_ntlm_hash_list', ntlm_hash)
|
||||
ConfigService.add_item_to_config_set_if_dont_exist('internal.exploits.exploit_ntlm_hash_list',
|
||||
ntlm_hash,
|
||||
should_encrypt=True)
|
||||
|
||||
@staticmethod
|
||||
def ssh_add_keys(public_key, private_key, user, ip):
|
||||
if not ConfigService.ssh_key_exists(
|
||||
ConfigService.get_config_value(['internal', 'exploits', 'exploit_ssh_keys'], False, False), user, ip):
|
||||
ConfigService.add_item_to_config_set(
|
||||
ConfigService.add_item_to_config_set_if_dont_exist(
|
||||
'internal.exploits.exploit_ssh_keys',
|
||||
{
|
||||
"public_key": public_key,
|
||||
"private_key": private_key,
|
||||
"user": user, "ip": ip
|
||||
}
|
||||
},
|
||||
# SSH keys already encrypted in process_ssh_info()
|
||||
should_encrypt=False
|
||||
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -72,7 +72,6 @@ def encrypt_system_info_ssh_keys(ssh_info):
|
|||
def process_credential_info(telemetry_json):
|
||||
if 'credentials' in telemetry_json['data']:
|
||||
creds = telemetry_json['data']['credentials']
|
||||
encrypt_system_info_creds(creds)
|
||||
add_system_info_creds_to_config(creds)
|
||||
replace_user_dot_with_comma(creds)
|
||||
|
||||
|
@ -95,14 +94,6 @@ def add_system_info_creds_to_config(creds):
|
|||
ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash'])
|
||||
|
||||
|
||||
def encrypt_system_info_creds(creds):
|
||||
for user in creds:
|
||||
for field in ['password', 'lm_hash', 'ntlm_hash']:
|
||||
if field in creds[user]:
|
||||
# this encoding is because we might run into passwords which are not pure ASCII
|
||||
creds[user][field] = encryptor.enc(creds[user][field])
|
||||
|
||||
|
||||
def process_mimikatz_and_wmi_info(telemetry_json):
|
||||
users_secrets = {}
|
||||
if 'mimikatz' in telemetry_json['data']:
|
||||
|
|
Loading…
Reference in New Issue