p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

analsis runs

This commit is contained in:
Oran Nadler 2018-03-06 23:56:32 -08:00
parent b56f05335b
commit 9be9c48253
1 changed files with 47 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
monkey_island/cc/resources/pthmap.py
View File

@ -9,8 +9,12 @@ import hashlib
import binascii import binascii
from pymongo import MongoClient from pymongo import MongoClient
class PthMap(flask_restful.Resource): class mongo(object):
@jwt_required() db = MongoClient().monkeyisland
#class PthMap(flask_restful.Resource):
class PthMap(object):
# @jwt_required()
def get(self, **kw): def get(self, **kw):
graph = PassTheHashMap() graph = PassTheHashMap()
@ -310,6 +314,7 @@ class PassTheHashMap(object):
def __init__(self): def __init__(self):
self.vertices = self.GetAllMachines() self.vertices = self.GetAllMachines()
self.edges = set() self.edges = set()
self.machines = map(Machine, self.vertices)
self.GenerateEdgesBySid() # Useful for non-cached domain users self.GenerateEdgesBySid() # Useful for non-cached domain users
self.GenerateEdgesBySamHash() # This will add edges based only on password hash without caring about username self.GenerateEdgesBySamHash() # This will add edges based only on password hash without caring about username
@ -395,34 +400,29 @@ class PassTheHashMap(object):
print map(lambda x: (Machine(x[0]).GetIp(), Machine(x[1]).GetIp()), self.edges) print map(lambda x: (Machine(x[0]).GetIp(), Machine(x[1]).GetIp()), self.edges)
def GetSecretBySid(self, sid): def GetSecretBySid(self, sid):
for m in self.vertices: for m in self.machines:
for user, user_secret in m.GetLocalSecrets(): for user, user_secret in m.GetLocalSecrets().iteritems():
if m.GetSidByUsername(user) == sid: if m.GetSidByUsername(user) == sid:
return user_secret return user_secret
return None return None
def GetAttackableMachineCountBySid(self, sid): def GetVictimCountBySid(self, sid):
count = 0 count = 0
for m in self.vertices: for m in self.machines:
if sid in m.GetLocalAdmins(): if sid in m.GetLocalAdmins():
count += 1 count += 1
return count return count
def GetAttackableMachineCountByMachine(self, attacker): def GetVictimCountByMachine(self, attacker):
count = 0 return len(self.GetVictimsByAttacker(attacker))
for secret in attack.GetCachedSecrets():
count += len(m.GetAttackableMachinesBySecret(secret))
return count
def GetSecretCacheCount(self, secret): def GetSecretCacheCount(self, secret):
count = 0 count = 0
for m in self.vertices: for m in self.machines:
if secret in m.GetCachedSecrets(): if secret in m.GetCachedSecrets():
count += 1 count += 1
@ -439,7 +439,7 @@ class PassTheHashMap(object):
def GetAllSids(self): def GetAllSids(self):
SIDs = set() SIDs = set()
for m in self.vertices: for m in self.machines:
SIDs |= m.GetLocalSids() SIDs |= m.GetLocalSids()
return SIDs return SIDs
@ -447,16 +447,14 @@ class PassTheHashMap(object):
def GetAllSecrets(self): def GetAllSecrets(self):
secrets = set() secrets = set()
for m in self.vertices: for m in self.machines:
for secret in m.GetLocalAdminSecrets(): for secret in m.GetLocalAdminSecrets():
secret.add(secret) secrets.add(secret)
#secrets[secret]["cache_count"] = self.GetSecretCacheCount(secret)
#secrets[secret]["sid_count"] = len(self.GetSidsBySecret(secret))
return secrets return secrets
def GetUsernameBySid(self, sid): def GetUsernameBySid(self, sid):
for m in self.vertices: for m in self.machines:
username = m.GetUsernameBySid(sid) username = m.GetUsernameBySid(sid)
if username: if username:
@ -467,7 +465,7 @@ class PassTheHashMap(object):
def GetSidsBySecret(self, secret): def GetSidsBySecret(self, secret):
SIDs = set() SIDs = set()
for m in self.vertices: for m in self.machines:
SIDs.add(m.GetSidBySecret(secret)) SIDs.add(m.GetSidBySecret(secret))
return SIDs return SIDs
@ -475,37 +473,37 @@ class PassTheHashMap(object):
def GetAllDomainControllers(self): def GetAllDomainControllers(self):
DCs = set() DCs = set()
for m in self.vertices: for m in self.machines:
if m.IsDomainController(): if m.IsDomainController():
DCs.add(m) DCs.add(m)
def GetSidsByUsername(self, username): return DCs
doc = self.latest_system_info
def GetSidsByUsername(self, username):
SIDs = set() SIDs = set()
for m in self.vertices: for m in self.machines:
sid = m.GetSidByUsername(username) sid = m.GetSidByUsername(username)
if sid: if sid:
SIDs.add(sid) SIDs.add(sid)
return SIDs return SIDs
def GetAttackableMachinesBySid(self, sid): def GetVictimsBySid(self, sid):
machines = set() machines = set()
for m in self.vertices: for m in self.machines:
if sid in m.GetAdmins(): if sid in m.GetAdmins():
machines.add(m) machines.add(m)
return machines return machines
def GetAttackableMachinesBySecret(self, secret): def GetVictimsBySecret(self, secret):
machines = set() machines = set()
SIDs = self.GetSidsBySecret(secret) SIDs = self.GetSidsBySecret(secret)
for m in self.vertices: for m in self.machines:
if len(SIDs & m.GetAdmins()) > 0: if len(SIDs & m.GetAdmins()) > 0:
machines.add(m) machines.add(m)
@ -514,7 +512,7 @@ class PassTheHashMap(object):
def GetAttackersBySecret(self, secret): def GetAttackersBySecret(self, secret):
machines = set() machines = set()
for m in self.vertices: for m in self.machines:
if secret in m.GetCachedSecrets(): if secret in m.GetCachedSecrets():
machines.add(m) machines.add(m)
@ -523,12 +521,21 @@ class PassTheHashMap(object):
def GetAttackersByVictim(self, victim): def GetAttackersByVictim(self, victim):
attackers = set() attackers = set()
for atck, vic in self.edge: for atck, vic, _ in self.edges:
if vic == victim: if vic == victim:
attackers.add(atck) attackers.add(atck)
return attackers return attackers
def GetVictimsByAttacker(self, attacker):
victims = set()
for atck, vic, _ in self.edges:
if atck == attacker:
victims.add(vic)
return victims
def main(): def main():
pth = PassTheHashMap() pth = PassTheHashMap()
@ -536,7 +543,7 @@ def main():
print "<h2>Duplicated Passwords</h2>" print "<h2>Duplicated Passwords</h2>"
print "<h3>How many users share each secret?</h3>" print "<h3>How many users share each secret?</h3>"
dups = dict(map(lambda x: (x, len(self.GetSidsBySecret(x))), pth.GetAllSecrets())) dups = dict(map(lambda x: (x, len(pth.GetSidsBySecret(x))), pth.GetAllSecrets()))
print """<talbe>""" print """<talbe>"""
print """<tr><th>Secret</th><th>User Count</th></tr>""" print """<tr><th>Secret</th><th>User Count</th></tr>"""
@ -546,7 +553,7 @@ def main():
print "<h2>Cached Passwords</h2>" print "<h2>Cached Passwords</h2>"
print "<h3>On how many machines each secret is cached?</h3>" print "<h3>On how many machines each secret is cached?</h3>"
cache_counts = dict(map(lambda x: (x, self.GetSecretCacheCount(x)), pth.GetAllSecrets())) cache_counts = dict(map(lambda x: (x, pth.GetSecretCacheCount(x)), pth.GetAllSecrets()))
print """<talbe>""" print """<talbe>"""
print """<tr><th>Secret</th><th>Machine Count</th></tr>""" print """<tr><th>Secret</th><th>Machine Count</th></tr>"""
@ -556,7 +563,7 @@ def main():
print "<h2>User's Creds</h2>" print "<h2>User's Creds</h2>"
print "<h3>To how many machines each user is able to connect with admin rights?</h3>" print "<h3>To how many machines each user is able to connect with admin rights?</h3>"
attackable_counts = dict(map(lambda x: (x, self.GetAttackableMachineCountBySid(x)), pth.GetAllSids())) attackable_counts = dict(map(lambda x: (x, pth.GetVictimCountBySid(x)), pth.GetAllSids()))
print """<talbe>""" print """<talbe>"""
print """<tr><th>SID</th><th>Username</th><th>Machine Count</th></tr>""" print """<tr><th>SID</th><th>Username</th><th>Machine Count</th></tr>"""
@ -566,7 +573,7 @@ def main():
print "<h2>Machine's Creds</h2>" print "<h2>Machine's Creds</h2>"
print "<h3>To how many machines each machine is able to directly connect with admin rights?</h3>" print "<h3>To how many machines each machine is able to directly connect with admin rights?</h3>"
attackable_counts = dict(map(lambda m: (m, pth.GetAttackableMachineCountByMachine(m)), pth.vertices)) attackable_counts = dict(map(lambda m: (m, pth.GetVictimCountByMachine(m)), pth.machines))
print """<talbe>""" print """<talbe>"""
print """<tr><th>Attacker Ip</th><th>Attacker Hostname</th><th>Domain Name</th><th>Victim Machine Count</th></tr>""" print """<tr><th>Attacker Ip</th><th>Attacker Hostname</th><th>Domain Name</th><th>Victim Machine Count</th></tr>"""
@ -586,9 +593,9 @@ def main():
print "<hr />" print "<hr />"
for m in pth.vertices: for m in pth.machines:
print """<a name="{ip}"><h2>Machine '{ip}'</h2></a> print """<a name="{ip}"><h2>Machine '{ip}'</h2></a>
<h3>Hostname '{hostname}'</h3>""".format{ip=m.GetIp(), hostname=m.GetHostName()} <h3>Hostname '{hostname}'</h3>""".format(ip=m.GetIp(), hostname=m.GetHostName())
print """<h3>Cached SIDs</h3>""" print """<h3>Cached SIDs</h3>"""
print """<h4>SIDs cached on this machine</h4>""" print """<h4>SIDs cached on this machine</h4>"""
@ -619,7 +626,7 @@ def main():
print """<h3>Matching SIDs</h3>""" print """<h3>Matching SIDs</h3>"""
print """<ul>""" print """<ul>"""
for sid in pth.GetSidsByUsername(username) for sid in pth.GetSidsByUsername(username):
print """<li><a href="#{sid}">{username} ({sid})</a></li>""".format(username=m.GetUsernameBySid(sid), sid=sid) print """<li><a href="#{sid}">{username} ({sid})</a></li>""".format(username=m.GetUsernameBySid(sid), sid=sid)
print """</ul>""" print """</ul>"""
@ -633,7 +640,7 @@ def main():
print """<h3>Attackable Machines</h3>""" print """<h3>Attackable Machines</h3>"""
print """<ul>""" print """<ul>"""
for m in pth.GetAttackableMachinesBySid(sid) for m in pth.GetVictimsBySid(sid):
print """<li><a href="#{ip}">{ip} ({hostname})</a></li>""".format(ip=m.GetIp(), hostname=m.GetHostName()) print """<li><a href="#{ip}">{ip} ({hostname})</a></li>""".format(ip=m.GetIp(), hostname=m.GetHostName())
print """</ul>""" print """</ul>"""
@ -648,7 +655,7 @@ def main():
print """<h3>Attackable Machines with that secret</h3>""" print """<h3>Attackable Machines with that secret</h3>"""
print """<ul>""" print """<ul>"""
for m in pth.GetAttackableMachinesBySecret(secret): for m in pth.GetVictimsBySecret(secret):
print """<li><a href="#{ip}">{hostname}</a></li>""".format(ip=m.GetIp(), hostname=m.GetHostName()) print """<li><a href="#{ip}">{hostname}</a></li>""".format(ip=m.GetIp(), hostname=m.GetHostName())
print """</ul>""" print """</ul>"""