diff --git a/monkey/infection_monkey/credential_store/aggregating_credentials_store.py b/monkey/infection_monkey/credential_store/aggregating_credentials_store.py index bfa69117f..cef6f1bf4 100644 --- a/monkey/infection_monkey/credential_store/aggregating_credentials_store.py +++ b/monkey/infection_monkey/credential_store/aggregating_credentials_store.py @@ -1,5 +1,5 @@ import logging -from typing import Any, Iterable, Mapping +from typing import Any, Iterable, Sequence from common.credentials import CredentialComponentType, Credentials, ICredentialComponent from infection_monkey.custom_types import PropagationCredentials @@ -52,9 +52,7 @@ class AggregatingCredentialsStore(ICredentialsStore): def get_credentials(self) -> PropagationCredentials: try: propagation_credentials = self._get_credentials_from_control_channel() - - # Needs to be reworked when exploiters accepts sequence of Credentials - self._aggregate_credentials(propagation_credentials) + self.add_credentials(propagation_credentials) return self._stored_credentials except Exception as ex: @@ -62,13 +60,9 @@ class AggregatingCredentialsStore(ICredentialsStore): logger.error(f"Error while attempting to retrieve credentials for propagation: {ex}") @request_cache(CREDENTIALS_POLL_PERIOD_SEC) - def _get_credentials_from_control_channel(self) -> PropagationCredentials: + def _get_credentials_from_control_channel(self) -> Sequence[Credentials]: return self._control_channel.get_credentials_for_propagation() - def _aggregate_credentials(self, credentials_to_aggr: Mapping): - for cred_attr, credentials_values in credentials_to_aggr.items(): - self._set_attribute(cred_attr, credentials_values) - def _set_attribute(self, attribute_to_be_set: str, credentials_values: Iterable[Any]): if not credentials_values: return diff --git a/monkey/tests/unit_tests/infection_monkey/credential_store/test_aggregating_credentials_store.py b/monkey/tests/unit_tests/infection_monkey/credential_store/test_aggregating_credentials_store.py index e5ddccfe2..5435d8e15 100644 --- a/monkey/tests/unit_tests/infection_monkey/credential_store/test_aggregating_credentials_store.py +++ b/monkey/tests/unit_tests/infection_monkey/credential_store/test_aggregating_credentials_store.py @@ -1,54 +1,67 @@ from unittest.mock import MagicMock import pytest +from tests.data_for_tests.propagation_credentials import ( + LM_HASH, + NT_HASH, + PASSWORD_1, + PASSWORD_2, + PASSWORD_3, + PRIVATE_KEY, + PROPAGATION_CREDENTIALS, + PUBLIC_KEY, + SPECIAL_USERNAME, + USERNAME, +) -from common.credentials import Credentials, Password, SSHKeypair, Username +from common.credentials import Credentials, LMHash, NTHash, Password, SSHKeypair, Username from infection_monkey.credential_store import AggregatingCredentialsStore -CONTROL_CHANNEL_CREDENTIALS = { - "exploit_user_list": ["Administrator", "root", "user1"], - "exploit_password_list": ["123456", "123456789", "password", "root"], - "exploit_lm_hash_list": ["aasdf23asd1fdaasadasdfas"], - "exploit_ntlm_hash_list": ["asdfadvxvsdftw3e3421234123412", "qw4trklxklvznksbhasd1231"], - "exploit_ssh_keys": [ - {"public_key": "some_public_key", "private_key": "some_private_key"}, - { - "public_key": "ssh-ed25519 AAAAC3NzEIFaJ7xH+Yoxd\n", - "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BdHIAAAAGYXjl0j66VAKruPEKjS3A=\n" - "-----END OPENSSH PRIVATE KEY-----\n", - }, - ], +CONTROL_CHANNEL_CREDENTIALS = PROPAGATION_CREDENTIALS +TRANSFORMED_CONTROL_CHANNEL_CREDENTIALS = { + "exploit_user_list": {USERNAME, SPECIAL_USERNAME}, + "exploit_password_list": {PASSWORD_1, PASSWORD_2, PASSWORD_3}, + "exploit_lm_hash_list": {LM_HASH}, + "exploit_ntlm_hash_list": {NT_HASH}, + "exploit_ssh_keys": [{"public_key": PUBLIC_KEY, "private_key": PRIVATE_KEY}], } -EMPTY_CHANNEL_CREDENTIALS = { - "exploit_user_list": [], - "exploit_password_list": [], - "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [], -} +EMPTY_CHANNEL_CREDENTIALS = [] -TEST_CREDENTIALS = [ +STOLEN_USERNAME_1 = "user1" +STOLEN_USERNAME_2 = "user2" +STOLEN_USERNAME_3 = "user3" +STOLEN_PASSWORD_1 = "abcdefg" +STOLEN_PASSWORD_2 = "super_secret" +STOLEN_PUBLIC_KEY_1 = "some_public_key_1" +STOLEN_PUBLIC_KEY_2 = "some_public_key_2" +STOLEN_LM_HASH = "AAD3B435B51404EEAAD3B435B51404EE" +STOLEN_NT_HASH = "C0172DFF622FE29B5327CB79DC12D24C" +STOLEN_PRIVATE_KEY_1 = "some_private_key_1" +STOLEN_PRIVATE_KEY_2 = "some_private_key_2" +STOLEN_CREDENTIALS = [ Credentials( - identity=Username("user1"), - secret=Password("root"), + identity=Username(STOLEN_USERNAME_1), + secret=Password(PASSWORD_1), ), - Credentials(identity=Username("user1"), secret=Password("abcdefg")), + Credentials(identity=Username(STOLEN_USERNAME_1), secret=Password(STOLEN_PASSWORD_1)), Credentials( - identity=Username("user3"), - secret=SSHKeypair(public_key="some_public_key_1", private_key="some_private_key_1"), + identity=Username(STOLEN_USERNAME_2), + secret=SSHKeypair(public_key=STOLEN_PUBLIC_KEY_1, private_key=STOLEN_PRIVATE_KEY_1), ), Credentials( identity=None, - secret=Password("super_secret"), + secret=Password(STOLEN_PASSWORD_2), ), - Credentials(identity=Username("user4"), secret=None), + Credentials(identity=Username(STOLEN_USERNAME_2), secret=LMHash(STOLEN_LM_HASH)), + Credentials(identity=Username(STOLEN_USERNAME_2), secret=NTHash(STOLEN_NT_HASH)), + Credentials(identity=Username(STOLEN_USERNAME_3), secret=None), ] -SSH_KEYS_CREDENTIALS = [ +STOLEN_SSH_KEYS_CREDENTIALS = [ Credentials( - Username("root"), - SSHKeypair(public_key="some_public_key", private_key="some_private_key"), + Username(USERNAME), + SSHKeypair(public_key=STOLEN_PUBLIC_KEY_2, private_key=STOLEN_PRIVATE_KEY_2), ) ] @@ -63,45 +76,49 @@ def aggregating_credentials_store() -> AggregatingCredentialsStore: def test_get_credentials_from_store(aggregating_credentials_store): actual_stored_credentials = aggregating_credentials_store.get_credentials() - assert actual_stored_credentials["exploit_user_list"] == set( - CONTROL_CHANNEL_CREDENTIALS["exploit_user_list"] + assert ( + actual_stored_credentials["exploit_user_list"] + == TRANSFORMED_CONTROL_CHANNEL_CREDENTIALS["exploit_user_list"] ) - assert actual_stored_credentials["exploit_password_list"] == set( - CONTROL_CHANNEL_CREDENTIALS["exploit_password_list"] + assert ( + actual_stored_credentials["exploit_password_list"] + == TRANSFORMED_CONTROL_CHANNEL_CREDENTIALS["exploit_password_list"] ) - assert actual_stored_credentials["exploit_ntlm_hash_list"] == set( - CONTROL_CHANNEL_CREDENTIALS["exploit_ntlm_hash_list"] + assert ( + actual_stored_credentials["exploit_ntlm_hash_list"] + == TRANSFORMED_CONTROL_CHANNEL_CREDENTIALS["exploit_ntlm_hash_list"] ) for ssh_keypair in actual_stored_credentials["exploit_ssh_keys"]: - assert ssh_keypair in CONTROL_CHANNEL_CREDENTIALS["exploit_ssh_keys"] + assert ssh_keypair in TRANSFORMED_CONTROL_CHANNEL_CREDENTIALS["exploit_ssh_keys"] def test_add_credentials_to_store(aggregating_credentials_store): - aggregating_credentials_store.add_credentials(TEST_CREDENTIALS) - aggregating_credentials_store.add_credentials(SSH_KEYS_CREDENTIALS) + aggregating_credentials_store.add_credentials(STOLEN_CREDENTIALS) + aggregating_credentials_store.add_credentials(STOLEN_SSH_KEYS_CREDENTIALS) actual_stored_credentials = aggregating_credentials_store.get_credentials() assert actual_stored_credentials["exploit_user_list"] == set( [ - "Administrator", - "root", - "user1", - "user3", - "user4", + USERNAME, + SPECIAL_USERNAME, + STOLEN_USERNAME_1, + STOLEN_USERNAME_2, + STOLEN_USERNAME_3, ] ) assert actual_stored_credentials["exploit_password_list"] == set( [ - "123456", - "123456789", - "abcdefg", - "password", - "root", - "super_secret", + PASSWORD_1, + PASSWORD_2, + PASSWORD_3, + STOLEN_PASSWORD_1, + STOLEN_PASSWORD_2, ] ) + assert actual_stored_credentials["exploit_lm_hash_list"] == set([LM_HASH, STOLEN_LM_HASH]) + assert actual_stored_credentials["exploit_ntlm_hash_list"] == set([NT_HASH, STOLEN_NT_HASH]) assert len(actual_stored_credentials["exploit_ssh_keys"]) == 3