Common, Agent: Extract credential encoding related methods

monkey/common/credentials/__init__.py

@@ -3,5 +3,6 @@ from .nt_hash import NTHash
 from .password import Password
 from .ssh_keypair import SSHKeypair
 from .username import Username
+from .encoding import get_plaintext, SecretEncodingConfig
 
 from .credentials import Credentials

monkey/common/credentials/credentials.py

@@ -2,22 +2,14 @@ from __future__ import annotations
 
 from typing import Optional, Union
 
-from pydantic import SecretBytes, SecretStr
-
 from ..base_models import InfectionMonkeyBaseModel, InfectionMonkeyModelConfig
 from . import LMHash, NTHash, Password, SSHKeypair, Username
+from .encoding import SecretEncodingConfig
 
 Secret = Union[Password, LMHash, NTHash, SSHKeypair]
 Identity = Username
 
 
-def get_plaintext(secret: Union[SecretStr, SecretBytes, None, str]) -> Optional[str]:
-    if isinstance(secret, (SecretStr, SecretBytes)):
-        return secret.get_secret_value()
-    else:
-        return secret
-
-
 class Credentials(InfectionMonkeyBaseModel):
     """Represents a credential pair (an identity and a secret)"""
 
@@ -27,9 +19,5 @@ class Credentials(InfectionMonkeyBaseModel):
     secret: Optional[Secret]
     """Secret part of credentials, like a password or a hash"""
 
-    class Config(InfectionMonkeyModelConfig):
-        json_encoders = {
-            # This makes secrets dumpable to json, but not loggable
-            SecretStr: get_plaintext,
-            SecretBytes: get_plaintext,
-        }
+    class Config(SecretEncodingConfig, InfectionMonkeyModelConfig):
+        pass

monkey/common/credentials/encoding.py

@@ -0,0 +1,20 @@
+from __future__ import annotations
+
+from typing import Optional, Union
+
+from pydantic import SecretBytes, SecretStr
+
+
+def get_plaintext(secret: Union[SecretStr, SecretBytes, None, str]) -> Optional[str]:
+    if isinstance(secret, (SecretStr, SecretBytes)):
+        return secret.get_secret_value()
+    else:
+        return secret
+
+
+class SecretEncodingConfig:
+    json_encoders = {
+        # This makes secrets dumpable to json, but not loggable
+        SecretStr: get_plaintext,
+        SecretBytes: get_plaintext,
+    }

monkey/infection_monkey/exploit/mssqlexec.py

@@ -6,7 +6,7 @@ from typing import Sequence, Tuple
 import pymssql
 
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from common.utils.exceptions import FailedExploitationError
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path

monkey/infection_monkey/exploit/powershell_utils/powershell_client.py

@@ -11,7 +11,7 @@ from pypsrp.powershell import PowerShell, RunspacePool
 from typing_extensions import Protocol
 from urllib3 import connectionpool
 
-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from infection_monkey.exploit.powershell_utils.auth_options import AuthOptions
 from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType
 

monkey/infection_monkey/exploit/smbexec.py

@@ -4,7 +4,7 @@ from impacket.dcerpc.v5 import scmr, transport
 from impacket.dcerpc.v5.scmr import DCERPCSessionError
 
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from common.utils.attack_utils import ScanStatus, UsageEnum
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path

monkey/infection_monkey/exploit/sshexec.py

@@ -6,7 +6,7 @@ import paramiko
 
 from common import OperatingSystem
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from common.utils import Timer
 from common.utils.attack_utils import ScanStatus
 from common.utils.exceptions import FailedExploitationError

monkey/infection_monkey/exploit/tools/smb_tools.py

@@ -10,7 +10,7 @@ from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21
 from impacket.smbconnection import SMB_DIALECT, SMBConnection
 from pydantic import SecretStr
 
-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from common.utils.attack_utils import ScanStatus
 from infection_monkey.network.tools import get_interface_to_target
 from infection_monkey.telemetry.attack.t1105_telem import T1105Telem

monkey/infection_monkey/exploit/wmiexec.py

@@ -5,7 +5,7 @@ import traceback
 
 from impacket.dcerpc.v5.rpcrt import DCERPCException
 
-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
 from infection_monkey.exploit.tools.smb_tools import SmbTools