From 3f9204dd83c32379558d8f51ba5dee055a7594ca Mon Sep 17 00:00:00 2001 From: Oran Nadler Date: Tue, 6 Mar 2018 22:29:17 +0200 Subject: [PATCH] add a lot of information to report --- monkey_island/cc/resources/pthmap.py | 86 ++++++++++++++++++++++++++-- 1 file changed, 81 insertions(+), 5 deletions(-) diff --git a/monkey_island/cc/resources/pthmap.py b/monkey_island/cc/resources/pthmap.py index 68d2b102a..db3952e17 100644 --- a/monkey_island/cc/resources/pthmap.py +++ b/monkey_island/cc/resources/pthmap.py @@ -415,7 +415,7 @@ class PassTheHashMap(object): count = 0 for secret in attack.GetCachedSecrets(): - count += len(m.GetVictimsBySecret(secret)) + count += len(m.GetAttackableMachinesBySecret(secret)) return count @@ -427,6 +427,14 @@ class PassTheHashMap(object): count += 1 return count + + def GetAllUsernames(self): + names = set() + + for sid in self.GetAllSids(): + names.add(self.GetUsernameBySid(sid)) + + return names def GetAllSids(self): SIDs = set() @@ -483,7 +491,7 @@ class PassTheHashMap(object): return SIDs - def GetVictimsBySid(self, sid): + def GetAttackableMachinesBySid(self, sid): machines = set() for m in self.vertices: @@ -492,7 +500,7 @@ class PassTheHashMap(object): return machines - def GetVictimsBySecret(self, secret): + def GetAttackableMachinesBySecret(self, secret): machines = set() SIDs = self.GetSidsBySecret(secret) @@ -557,7 +565,7 @@ def main(): print """""" print """Attacker IpAttacker HostnameDomain NameVictim Machine Count""" for m, count in sorted(attackable_counts.iteritems(), key=lambda (k,v): (v,k), reverse=True): - print """{ip}{hostname}{domain}{count}""".format(ip=m.GetIp(), hostname=n.GetHostName(), domain=m.GetDomainName(), count=count) + print """{ip}{hostname}{domain}{count}""".format(ip=m.GetIp(), hostname=m.GetHostName(), domain=m.GetDomainName(), count=count) print """""" print "

Domain Controllers

" @@ -567,8 +575,76 @@ def main(): print """""" print """DC IpDC HostnameDomain Name""" for m in DCs: - print """{ip}{hostname}{domain}""".format(ip=m.GetIp(), hostname=n.GetHostName(), domain=m.GetDomainName()) + print """{ip}{hostname}{domain}""".format(ip=m.GetIp(), hostname=m.GetHostName(), domain=m.GetDomainName()) print """""" + + print "
" + + for m in pth.vertices: + print """

Machine '{ip}'

+

Hostname '{hostname}'

""".format{ip=m.GetIp(), hostname=m.GetHostName()} + + print """

Cached SIDs

""" + print """""" + + print """

Possible Attackers

""" + print """

TODO. see graph.

""" # pth.GetAttackersByVictim(m) + + print """

Admins

""" + print """""" + print "
" + + for username in pth.GetAllUsernames(): + print """

User '{username}'

""".format(username=username) + + print """

Matching SIDs

""" + print """""" + + print "
" + + for sid in pth.GetAllSids(): + print """

SID '{sid}'

+

Username: '{username}'

+

Secret: '{secret}'

+ """.format(username=pth.GetUsernameBySid(sid), sid=sid, secret=pth.GetSecretBySid(sid)) + + print """

Attackable Machines

""" + print """""" + + for secret in pth.GetAllSecrets(): + print """

Secret '{secret}'

""".format(secret=secret) + + print """

SIDs that use that secret

""" + print """""" + + print """

Attackable Machines with that secret

""" + print """""" + + print """

Machines that have this secret cached and can use it to attack other machines

""" + print """""" + + if __name__ == "__main__": main() \ No newline at end of file