diff --git a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py index 3404479a4..bc56efea2 100644 --- a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py +++ b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py @@ -22,28 +22,24 @@ class MimikatzCredentialCollector(ICredentialCollector): def _to_credentials(win_creds: Sequence[WindowsCredentials]) -> [Credentials]: all_creds = [] for win_cred in win_creds: - identities = [] - secrets = [] + identity = None # Mimikatz picks up users created by the Monkey even if they're successfully deleted # since it picks up creds from the registry. The newly created users are not removed # from the registry until a reboot of the system, hence this check. if win_cred.username and not win_cred.username.startswith(USERNAME_PREFIX): identity = Username(win_cred.username) - identities.append(identity) if win_cred.password: password = Password(win_cred.password) - secrets.append(password) + all_creds.append(Credentials(identity, password)) if win_cred.lm_hash: lm_hash = LMHash(lm_hash=win_cred.lm_hash) - secrets.append(lm_hash) + all_creds.append(Credentials(identity, lm_hash)) if win_cred.ntlm_hash: - lm_hash = NTHash(nt_hash=win_cred.ntlm_hash) - secrets.append(lm_hash) + ntlm_hash = NTHash(nt_hash=win_cred.ntlm_hash) + all_creds.append(Credentials(identity, ntlm_hash)) - if identities != [] or secrets != []: - all_creds.append(Credentials(identities, secrets)) return all_creds diff --git a/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py b/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py index 62142f6e9..47a6ead49 100644 --- a/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py +++ b/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py @@ -36,7 +36,7 @@ def test_pypykatz_result_parsing(monkeypatch): username = Username("user") password = Password("secret") - expected_credentials = Credentials([username], [password]) + expected_credentials = Credentials(username, password) collected_credentials = collect_credentials() assert len(collected_credentials) == 1 @@ -66,11 +66,11 @@ def test_pypykatz_result_parsing_defaults(monkeypatch): username = Username("user2") password = Password("secret2") lm_hash = LMHash("0182BD0BD4444BF8FC83B5D9042EED2E") - expected_credentials = Credentials([username], [password, lm_hash]) + expected_credentials = [Credentials(username, password), Credentials(username, lm_hash)] collected_credentials = collect_credentials() - assert len(collected_credentials) == 1 - assert collected_credentials[0] == expected_credentials + assert len(collected_credentials) == 2 + assert collected_credentials == expected_credentials def test_pypykatz_result_parsing_no_identities(monkeypatch): @@ -86,8 +86,8 @@ def test_pypykatz_result_parsing_no_identities(monkeypatch): lm_hash = LMHash("0182BD0BD4444BF8FC83B5D9042EED2E") nt_hash = NTHash("E9F85516721DDC218359AD5280DB4450") - expected_credentials = Credentials([], [lm_hash, nt_hash]) + expected_credentials = [Credentials(None, lm_hash), Credentials(None, nt_hash)] collected_credentials = collect_credentials() - assert len(collected_credentials) == 1 - assert collected_credentials[0] == expected_credentials + assert len(collected_credentials) == 2 + assert collected_credentials == expected_credentials