diff --git a/monkey_island/cc/resources/pthmap.py b/monkey_island/cc/resources/pthmap.py
index c4a770f51..222762e47 100644
--- a/monkey_island/cc/resources/pthmap.py
+++ b/monkey_island/cc/resources/pthmap.py
@@ -9,8 +9,12 @@ import hashlib
import binascii
from pymongo import MongoClient
-class PthMap(flask_restful.Resource):
- @jwt_required()
+class mongo(object):
+ db = MongoClient().monkeyisland
+
+#class PthMap(flask_restful.Resource):
+class PthMap(object):
+# @jwt_required()
def get(self, **kw):
graph = PassTheHashMap()
@@ -310,6 +314,7 @@ class PassTheHashMap(object):
def __init__(self):
self.vertices = self.GetAllMachines()
self.edges = set()
+ self.machines = map(Machine, self.vertices)
self.GenerateEdgesBySid() # Useful for non-cached domain users
self.GenerateEdgesBySamHash() # This will add edges based only on password hash without caring about username
@@ -395,34 +400,29 @@ class PassTheHashMap(object):
print map(lambda x: (Machine(x[0]).GetIp(), Machine(x[1]).GetIp()), self.edges)
def GetSecretBySid(self, sid):
- for m in self.vertices:
- for user, user_secret in m.GetLocalSecrets():
+ for m in self.machines:
+ for user, user_secret in m.GetLocalSecrets().iteritems():
if m.GetSidByUsername(user) == sid:
return user_secret
return None
- def GetAttackableMachineCountBySid(self, sid):
+ def GetVictimCountBySid(self, sid):
count = 0
- for m in self.vertices:
+ for m in self.machines:
if sid in m.GetLocalAdmins():
count += 1
return count
- def GetAttackableMachineCountByMachine(self, attacker):
- count = 0
-
- for secret in attack.GetCachedSecrets():
- count += len(m.GetAttackableMachinesBySecret(secret))
-
- return count
+ def GetVictimCountByMachine(self, attacker):
+ return len(self.GetVictimsByAttacker(attacker))
def GetSecretCacheCount(self, secret):
count = 0
- for m in self.vertices:
+ for m in self.machines:
if secret in m.GetCachedSecrets():
count += 1
@@ -439,7 +439,7 @@ class PassTheHashMap(object):
def GetAllSids(self):
SIDs = set()
- for m in self.vertices:
+ for m in self.machines:
SIDs |= m.GetLocalSids()
return SIDs
@@ -447,16 +447,14 @@ class PassTheHashMap(object):
def GetAllSecrets(self):
secrets = set()
- for m in self.vertices:
+ for m in self.machines:
for secret in m.GetLocalAdminSecrets():
- secret.add(secret)
- #secrets[secret]["cache_count"] = self.GetSecretCacheCount(secret)
- #secrets[secret]["sid_count"] = len(self.GetSidsBySecret(secret))
+ secrets.add(secret)
return secrets
def GetUsernameBySid(self, sid):
- for m in self.vertices:
+ for m in self.machines:
username = m.GetUsernameBySid(sid)
if username:
@@ -467,7 +465,7 @@ class PassTheHashMap(object):
def GetSidsBySecret(self, secret):
SIDs = set()
- for m in self.vertices:
+ for m in self.machines:
SIDs.add(m.GetSidBySecret(secret))
return SIDs
@@ -475,37 +473,37 @@ class PassTheHashMap(object):
def GetAllDomainControllers(self):
DCs = set()
- for m in self.vertices:
+ for m in self.machines:
if m.IsDomainController():
DCs.add(m)
+
+ return DCs
def GetSidsByUsername(self, username):
- doc = self.latest_system_info
-
SIDs = set()
- for m in self.vertices:
+ for m in self.machines:
sid = m.GetSidByUsername(username)
if sid:
SIDs.add(sid)
return SIDs
- def GetAttackableMachinesBySid(self, sid):
+ def GetVictimsBySid(self, sid):
machines = set()
- for m in self.vertices:
+ for m in self.machines:
if sid in m.GetAdmins():
machines.add(m)
return machines
- def GetAttackableMachinesBySecret(self, secret):
+ def GetVictimsBySecret(self, secret):
machines = set()
SIDs = self.GetSidsBySecret(secret)
- for m in self.vertices:
+ for m in self.machines:
if len(SIDs & m.GetAdmins()) > 0:
machines.add(m)
@@ -514,7 +512,7 @@ class PassTheHashMap(object):
def GetAttackersBySecret(self, secret):
machines = set()
- for m in self.vertices:
+ for m in self.machines:
if secret in m.GetCachedSecrets():
machines.add(m)
@@ -523,12 +521,21 @@ class PassTheHashMap(object):
def GetAttackersByVictim(self, victim):
attackers = set()
- for atck, vic in self.edge:
+ for atck, vic, _ in self.edges:
if vic == victim:
attackers.add(atck)
return attackers
+ def GetVictimsByAttacker(self, attacker):
+ victims = set()
+
+ for atck, vic, _ in self.edges:
+ if atck == attacker:
+ victims.add(vic)
+
+ return victims
+
def main():
pth = PassTheHashMap()
@@ -536,7 +543,7 @@ def main():
print "Duplicated Passwords
"
print "How many users share each secret?
"
- dups = dict(map(lambda x: (x, len(self.GetSidsBySecret(x))), pth.GetAllSecrets()))
+ dups = dict(map(lambda x: (x, len(pth.GetSidsBySecret(x))), pth.GetAllSecrets()))
print """"""
print """| Secret | User Count |
|---|
"""
@@ -546,7 +553,7 @@ def main():
print "Cached Passwords
"
print "On how many machines each secret is cached?
"
- cache_counts = dict(map(lambda x: (x, self.GetSecretCacheCount(x)), pth.GetAllSecrets()))
+ cache_counts = dict(map(lambda x: (x, pth.GetSecretCacheCount(x)), pth.GetAllSecrets()))
print """"""
print """| Secret | Machine Count |
|---|
"""
@@ -556,7 +563,7 @@ def main():
print "User's Creds
"
print "To how many machines each user is able to connect with admin rights?
"
- attackable_counts = dict(map(lambda x: (x, self.GetAttackableMachineCountBySid(x)), pth.GetAllSids()))
+ attackable_counts = dict(map(lambda x: (x, pth.GetVictimCountBySid(x)), pth.GetAllSids()))
print """"""
print """| SID | Username | Machine Count |
|---|
"""
@@ -566,7 +573,7 @@ def main():
print "Machine's Creds
"
print "To how many machines each machine is able to directly connect with admin rights?
"
- attackable_counts = dict(map(lambda m: (m, pth.GetAttackableMachineCountByMachine(m)), pth.vertices))
+ attackable_counts = dict(map(lambda m: (m, pth.GetVictimCountByMachine(m)), pth.machines))
print """"""
print """| Attacker Ip | Attacker Hostname | Domain Name | Victim Machine Count |
|---|
"""
@@ -586,9 +593,9 @@ def main():
print "
"
- for m in pth.vertices:
+ for m in pth.machines:
print """Machine '{ip}'
- Hostname '{hostname}'
""".format{ip=m.GetIp(), hostname=m.GetHostName()}
+ Hostname '{hostname}'
""".format(ip=m.GetIp(), hostname=m.GetHostName())
print """Cached SIDs
"""
print """SIDs cached on this machine
"""
@@ -619,7 +626,7 @@ def main():
print """Matching SIDs
"""
print """"""
- for sid in pth.GetSidsByUsername(username)
+ for sid in pth.GetSidsByUsername(username):
print """- {username} ({sid})
""".format(username=m.GetUsernameBySid(sid), sid=sid)
print """
"""
@@ -633,7 +640,7 @@ def main():
print """Attackable Machines
"""
print """"""
- for m in pth.GetAttackableMachinesBySid(sid)
+ for m in pth.GetVictimsBySid(sid):
print """- {ip} ({hostname})
""".format(ip=m.GetIp(), hostname=m.GetHostName())
print """
"""
@@ -648,7 +655,7 @@ def main():
print """Attackable Machines with that secret
"""
print """"""
- for m in pth.GetAttackableMachinesBySecret(secret):
+ for m in pth.GetVictimsBySecret(secret):
print """- {hostname}
""".format(ip=m.GetIp(), hostname=m.GetHostName())
print """
"""