Agent: Simplify credentials object in MimikatzCredentialCollector

2022-07-18 11:49:44 +02:00 · 2022-07-18 11:49:44 +02:00 · 575fff0cdb
parent 2cb6c60866
commit 575fff0cdb
2 changed files with 12 additions and 16 deletions
--- a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
+++ b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
@ -22,28 +22,24 @@ class MimikatzCredentialCollector(ICredentialCollector):
    def _to_credentials(win_creds: Sequence[WindowsCredentials]) -> [Credentials]:
        all_creds = []
        for win_cred in win_creds:
-            identities = []
+            identity = None
            secrets = []
            # Mimikatz picks up users created by the Monkey even if they're successfully deleted
            # since it picks up creds from the registry. The newly created users are not removed
            # from the registry until a reboot of the system, hence this check.
            if win_cred.username and not win_cred.username.startswith(USERNAME_PREFIX):
                identity = Username(win_cred.username)
                identities.append(identity)
            if win_cred.password:
                password = Password(win_cred.password)
-                secrets.append(password)
+                all_creds.append(Credentials(identity, password))
            if win_cred.lm_hash:
                lm_hash = LMHash(lm_hash=win_cred.lm_hash)
-                secrets.append(lm_hash)
+                all_creds.append(Credentials(identity, lm_hash))
            if win_cred.ntlm_hash:
-                lm_hash = NTHash(nt_hash=win_cred.ntlm_hash)
+                ntlm_hash = NTHash(nt_hash=win_cred.ntlm_hash)
-                secrets.append(lm_hash)
+                all_creds.append(Credentials(identity, ntlm_hash))
            if identities != [] or secrets != []:
                all_creds.append(Credentials(identities, secrets))
        return all_creds
--- a/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py
+++ b/monkey/tests/unit_tests/infection_monkey/credential_collectors/test_mimikatz_collector.py
@ -36,7 +36,7 @@ def test_pypykatz_result_parsing(monkeypatch):
    username = Username("user")
    password = Password("secret")
-    expected_credentials = Credentials([username], [password])
+    expected_credentials = Credentials(username, password)
    collected_credentials = collect_credentials()
    assert len(collected_credentials) == 1
@ -66,11 +66,11 @@ def test_pypykatz_result_parsing_defaults(monkeypatch):
    username = Username("user2")
    password = Password("secret2")
    lm_hash = LMHash("0182BD0BD4444BF8FC83B5D9042EED2E")
-    expected_credentials = Credentials([username], [password, lm_hash])
+    expected_credentials = [Credentials(username, password), Credentials(username, lm_hash)]
    collected_credentials = collect_credentials()
-    assert len(collected_credentials) == 1
+    assert len(collected_credentials) == 2
-    assert collected_credentials[0] == expected_credentials
+    assert collected_credentials == expected_credentials
 def test_pypykatz_result_parsing_no_identities(monkeypatch):
@ -86,8 +86,8 @@ def test_pypykatz_result_parsing_no_identities(monkeypatch):
    lm_hash = LMHash("0182BD0BD4444BF8FC83B5D9042EED2E")
    nt_hash = NTHash("E9F85516721DDC218359AD5280DB4450")
-    expected_credentials = Credentials([], [lm_hash, nt_hash])
+    expected_credentials = [Credentials(None, lm_hash), Credentials(None, nt_hash)]
    collected_credentials = collect_credentials()
-    assert len(collected_credentials) == 1
+    assert len(collected_credentials) == 2
-    assert collected_credentials[0] == expected_credentials
+    assert collected_credentials == expected_credentials