Changes after manual testing

This commit is contained in:
Shreya 2021-01-31 18:24:44 +05:30
parent c05a48d34d
commit 9c0fc7e435
4 changed files with 16 additions and 10 deletions

View File

@ -566,8 +566,6 @@ class DumpSecrets:
if self.__NTDS_hashes:
self.__NTDS_hashes.finish()
# how to execute monkey on exploited machine
# clean up logging
# mention in report explicitly - machine exploited/not (return True, if yes) & password restored/not
# mention patching details in report
# add exploit info to documentation
@ -604,7 +602,7 @@ class Wmiexec:
oxidResolver=True)
try:
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login, wmi.IID_IWbemLevel1Login)
iInterface = self.dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login, wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
self.iWbemServices = iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()

View File

@ -12,9 +12,14 @@ class T1003(AttackTechnique):
scanned_msg = ""
used_msg = "Monkey successfully obtained some credentials from systems on the network."
query = {'telem_category': 'system_info', '$and': [{'data.credentials': {'$exists': True}},
# $gt: {} checks if field is not an empty object
{'data.credentials': {'$gt': {}}}]}
query = {'$or': [
{'telem_category': 'system_info',
'$and': [{'data.credentials': {'$exists': True}},
{'data.credentials': {'$gt': {}}}]}, # $gt: {} checks if field is not an empty object
{'telem_category': 'exploit',
'$and': [{'data.info.credentials': {'$exists': True}},
{'data.info.credentials': {'$gt': {}}}]}
]}
@staticmethod
def get_report_data():

View File

@ -188,7 +188,9 @@ class ReportService:
{'data.credentials': 1, 'monkey_guid': 1}
):
monkey_creds = telem['data']['credentials']
creds.append(ReportService._format_creds_for_reporting(telem, monkey_creds))
formatted_creds = ReportService._format_creds_for_reporting(telem, monkey_creds)
if formatted_creds:
creds.extend(formatted_creds)
# stolen creds from exploiters
for telem in mongo.db.telemetry.find(
@ -196,7 +198,9 @@ class ReportService:
{'data.info.credentials': 1, 'monkey_guid': 1}
):
monkey_creds = telem['data']['info']['credentials']
creds.append(ReportService._format_creds_for_reporting(telem, monkey_creds))
formatted_creds = ReportService._format_creds_for_reporting(telem, monkey_creds)
if formatted_creds:
creds.extend(formatted_creds)
logger.info('Stolen creds generated for reporting')
return creds
@ -206,7 +210,7 @@ class ReportService:
creds = []
PASS_TYPE_DICT = {'password': 'Clear Password', 'lm_hash': 'LM hash', 'ntlm_hash': 'NTLM hash'}
if len(monkey_creds) == 0:
continue
return
origin = NodeService.get_monkey_by_guid(telem['monkey_guid'])['hostname']
for user in monkey_creds:
for pass_type in PASS_TYPE_DICT:

View File

@ -31,7 +31,6 @@ def process_exploit_telemetry(telemetry_json):
def add_exploit_extracted_creds_to_config(telemetry_json):
if 'credentials' in telemetry_json['data']['info']:
creds = telemetry_json['data']['info']['credentials']
add_system_info_creds_to_config(creds)
for user in creds:
ConfigService.creds_add_username(creds[user]['username'])