From b85fb8c94ae5816aa28709ff0eeec9d799f61437 Mon Sep 17 00:00:00 2001 From: "maor.rayzin" Date: Mon, 29 Oct 2018 13:06:09 +0200 Subject: [PATCH] Some bug fixes and CR after shocks --- monkey/monkey_island/cc/services/node.py | 2 +- monkey/monkey_island/cc/services/pth_report.py | 3 +-- monkey/monkey_island/cc/services/report.py | 9 +++++---- monkey/monkey_island/cc/services/user_info.py | 2 +- monkey/monkey_island/cc/services/wmi_info_handler.py | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/monkey/monkey_island/cc/services/node.py b/monkey/monkey_island/cc/services/node.py index 87b2a1aec..072917974 100644 --- a/monkey/monkey_island/cc/services/node.py +++ b/monkey/monkey_island/cc/services/node.py @@ -328,4 +328,4 @@ class NodeService: @staticmethod def get_hostname_by_id(node_id): - NodeService.get_node_hostname(mongo.db.monkey.find_one({'_id': node_id}, {'hostname': 1})) + return NodeService.get_node_hostname(mongo.db.monkey.find_one({'_id': node_id}, {'hostname': 1})) diff --git a/monkey/monkey_island/cc/services/pth_report.py b/monkey/monkey_island/cc/services/pth_report.py index 11d2be821..c29049951 100644 --- a/monkey/monkey_island/cc/services/pth_report.py +++ b/monkey/monkey_island/cc/services/pth_report.py @@ -70,8 +70,7 @@ class PTHReportService(object): { 'username': user['name'], 'domain_name': user['domain_name'], - 'hostname': NodeService.get_hostname_by_id(ObjectId(user['machine_id'])) - if user['machine_id'] else None + 'hostname': NodeService.get_hostname_by_id(ObjectId(user['machine_id'])) if user['machine_id'] else None } for user in doc['Docs'] ] users_cred_groups.append({'cred_groups': users_list}) diff --git a/monkey/monkey_island/cc/services/report.py b/monkey/monkey_island/cc/services/report.py index 26a5c87f1..216882fa7 100644 --- a/monkey/monkey_island/cc/services/report.py +++ b/monkey/monkey_island/cc/services/report.py @@ -159,7 +159,7 @@ class ReportService: @staticmethod def get_stolen_creds(): PASS_TYPE_DICT = {'password': 'Clear Password', 'lm_hash': 'LM hash', 'ntlm_hash': 'NTLM hash'} - creds = set() + creds = [] for telem in mongo.db.telemetry.find( {'telem_type': 'system_info_collection', 'data.credentials': {'$exists': True}}, {'data.credentials': 1, 'monkey_guid': 1} @@ -176,9 +176,10 @@ class ReportService: 'type': PASS_TYPE_DICT[pass_type], 'origin': origin } - creds.add(cred_row) + if cred_row not in creds: + creds.append(cred_row) logger.info('Stolen creds generated for reporting') - return list(creds) + return creds @staticmethod def get_ssh_keys(): @@ -560,7 +561,7 @@ class ReportService: issues_dict = {} for issue in issues: if issue.get('is_local', True): - machine = issue.get('machine').upper() + machine = issue.get('machine', '').upper() if machine not in issues_dict: issues_dict[machine] = [] issues_dict[machine].append(issue) diff --git a/monkey/monkey_island/cc/services/user_info.py b/monkey/monkey_island/cc/services/user_info.py index e233c1f31..9aca91a59 100644 --- a/monkey/monkey_island/cc/services/user_info.py +++ b/monkey/monkey_island/cc/services/user_info.py @@ -22,7 +22,7 @@ class MimikatzSecrets(object): users_dict[username] = {} ntlm = sam_user.get("NTLM") - if "[hashed secret]" not in ntlm: + if not ntlm or "[hashed secret]" not in ntlm: continue users_dict[username]['SAM'] = ntlm.replace("[hashed secret]", "").strip() diff --git a/monkey/monkey_island/cc/services/wmi_info_handler.py b/monkey/monkey_island/cc/services/wmi_info_handler.py index 61f85eb61..d119772f5 100644 --- a/monkey/monkey_island/cc/services/wmi_info_handler.py +++ b/monkey/monkey_island/cc/services/wmi_info_handler.py @@ -29,7 +29,7 @@ class WMIHandler(object): self.update_critical_services() def update_critical_services(self): - critical_names = ("W3svc", "MSExchangeServiceHost", "MSSQLServer", "dns", 'MSSQL$SQLEXPRESS', 'SQL') + critical_names = ("W3svc", "MSExchangeServiceHost", "dns", 'MSSQL$SQLEXPRES') mongo.db.monkey.update({'_id': self.monkey_id}, {'$set': {'critical_services': []}}) services_names_list = [str(i['Name'])[2:-1] for i in self.services]