forked from p15670423/monkey
Agent: Import attack technique tags from common in Zerologon
This commit is contained in:
parent
e46bb8964d
commit
0ed167fb48
|
@ -18,6 +18,7 @@ from impacket.dcerpc.v5.dtypes import NULL
|
|||
from common.agent_events import CredentialsStolenEvent
|
||||
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
||||
from common.credentials import Credentials, LMHash, NTHash, Username
|
||||
from common.tags import T1003_ATTACK_TECHNIQUE_TAG, T1098_ATTACK_TECHNIQUE_TAG
|
||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||
from infection_monkey.exploit.tools.wmi_tools import WmiTools
|
||||
from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
|
||||
|
@ -32,9 +33,6 @@ from infection_monkey.utils.threading import interruptible_iter
|
|||
logger = logging.getLogger(__name__)
|
||||
|
||||
ZEROLOGON_EXPLOITER_TAG = "zerologon-exploiter"
|
||||
T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
|
||||
T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098"
|
||||
|
||||
|
||||
ZEROLOGON_EVENT_TAGS = frozenset(
|
||||
{
|
||||
|
@ -315,7 +313,7 @@ class ZerologonExploiter(HostExploiter):
|
|||
tags=ZEROLOGON_EVENT_TAGS,
|
||||
stolen_credentials=extracted_credentials,
|
||||
)
|
||||
self.event_queue.publish(credentials_stolen_event)
|
||||
self.agent_event_queue.publish(credentials_stolen_event)
|
||||
|
||||
def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> Optional[str]:
|
||||
if not self.save_HKLM_keys_locally(username, user_pwd_hashes):
|
||||
|
|
Loading…
Reference in New Issue