forked from p34709852/monkey
CR comments fixed: renames and readability improvements
This commit is contained in:
VakarisZ
parent
0dc864baa5
commit
3228bcf2c7
|
|
@ -1,21 +1,21 @@
|
|||
import logging
|
||||
from typing import List
|
||||
|
||||
from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import get_windows_creds
|
||||
from infection_monkey.system_info.windows_cred_collector.windows_credential import WindowsCredential
|
||||
from infection_monkey.system_info.windows_cred_collector import pypykatz_handler
|
||||
from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class WindowsCredentialCollector(object):
|
||||
class MimikatzCredentialCollector(object):
|
||||
|
||||
@staticmethod
|
||||
def get_creds():
|
||||
creds = get_windows_creds()
|
||||
return WindowsCredentialCollector.cred_list_to_cred_dict(creds)
|
||||
creds = pypykatz_handler.get_windows_creds()
|
||||
return MimikatzCredentialCollector.cred_list_to_cred_dict(creds)
|
||||
|
||||
@staticmethod
|
||||
def cred_list_to_cred_dict(creds: List[WindowsCredential]):
|
||||
def cred_list_to_cred_dict(creds: List[WindowsCredentials]):
|
||||
cred_dict = {}
|
||||
for cred in creds:
|
||||
# Lets not use "." and "$" in keys, because it will confuse mongo.
|
||||
|
|
@ -1,29 +1,29 @@
|
|||
import binascii
|
||||
from typing import Dict, List
|
||||
from typing import Dict, List, NewType, Any
|
||||
|
||||
from pypykatz.pypykatz import pypykatz
|
||||
|
||||
from infection_monkey.system_info.windows_cred_collector.windows_credential import WindowsCredential
|
||||
from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials
|
||||
|
||||
CREDENTIAL_TYPES = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'dpapi_creds',
|
||||
'kerberos_creds', 'credman_creds', 'tspkg_creds']
|
||||
PypykatzCredential = NewType('PypykatzCredential', Dict)
|
||||
|
||||
|
||||
def get_windows_creds():
|
||||
def get_windows_creds() -> List[WindowsCredentials]:
|
||||
pypy_handle = pypykatz.go_live()
|
||||
logon_data = pypy_handle.to_dict()
|
||||
windows_creds = _parse_pypykatz_results(logon_data)
|
||||
return windows_creds
|
||||
|
||||
|
||||
def _parse_pypykatz_results(pypykatz_data: Dict) -> List:
|
||||
def _parse_pypykatz_results(pypykatz_data: Dict) -> List[WindowsCredentials]:
|
||||
windows_creds = []
|
||||
for session in pypykatz_data['logon_sessions'].values():
|
||||
windows_creds.extend(_get_creds_from_pypykatz_session(session))
|
||||
return windows_creds
|
||||
|
||||
|
||||
def _get_creds_from_pypykatz_session(pypykatz_session: Dict):
|
||||
def _get_creds_from_pypykatz_session(pypykatz_session: Dict) -> List[WindowsCredentials]:
|
||||
windows_creds = []
|
||||
for cred_type_key in CREDENTIAL_TYPES:
|
||||
pypykatz_creds = pypykatz_session[cred_type_key]
|
||||
|
|
@ -31,23 +31,23 @@ def _get_creds_from_pypykatz_session(pypykatz_session: Dict):
|
|||
return windows_creds
|
||||
|
||||
|
||||
def _get_creds_from_pypykatz_creds(pypykatz_creds):
|
||||
def _get_creds_from_pypykatz_creds(pypykatz_creds: List[PypykatzCredential]) -> List[WindowsCredentials]:
|
||||
creds = _filter_empty_creds(pypykatz_creds)
|
||||
return [_get_windows_cred(cred) for cred in creds]
|
||||
|
||||
|
||||
def _filter_empty_creds(pypykatz_creds: List[Dict]):
|
||||
def _filter_empty_creds(pypykatz_creds: List[PypykatzCredential]) -> List[PypykatzCredential]:
|
||||
return [cred for cred in pypykatz_creds if not _is_cred_empty(cred)]
|
||||
|
||||
|
||||
def _is_cred_empty(pypykatz_cred: Dict):
|
||||
def _is_cred_empty(pypykatz_cred: PypykatzCredential):
|
||||
password_empty = 'password' not in pypykatz_cred or not pypykatz_cred['password']
|
||||
ntlm_hash_empty = 'NThash' not in pypykatz_cred or not pypykatz_cred['NThash']
|
||||
lm_hash_empty = 'LMhash' not in pypykatz_cred or not pypykatz_cred['LMhash']
|
||||
return password_empty and ntlm_hash_empty and lm_hash_empty
|
||||
|
||||
|
||||
def _get_windows_cred(pypykatz_cred: Dict):
|
||||
def _get_windows_cred(pypykatz_cred: PypykatzCredential):
|
||||
password = ''
|
||||
ntlm_hash = ''
|
||||
lm_hash = ''
|
||||
|
|
@ -58,15 +58,15 @@ def _get_windows_cred(pypykatz_cred: Dict):
|
|||
ntlm_hash = _hash_to_string(pypykatz_cred['NThash'])
|
||||
if 'LMhash' in pypykatz_cred:
|
||||
lm_hash = _hash_to_string(pypykatz_cred['LMhash'])
|
||||
return WindowsCredential(username=username,
|
||||
password=password,
|
||||
ntlm_hash=ntlm_hash,
|
||||
lm_hash=lm_hash)
|
||||
return WindowsCredentials(username=username,
|
||||
password=password,
|
||||
ntlm_hash=ntlm_hash,
|
||||
lm_hash=lm_hash)
|
||||
|
||||
|
||||
def _hash_to_string(hash):
|
||||
if type(hash) == str:
|
||||
return hash
|
||||
if type(hash) == bytes:
|
||||
return binascii.hexlify(bytearray(hash)).decode()
|
||||
raise Exception(f"Can't convert hash to string, unsupported hash type {type(hash)}")
|
||||
def _hash_to_string(hash_: Any):
|
||||
if type(hash_) == str:
|
||||
return hash_
|
||||
if type(hash_) == bytes:
|
||||
return binascii.hexlify(bytearray(hash_)).decode()
|
||||
raise Exception(f"Can't convert hash_ to string, unsupported hash_ type {type(hash_)}")
|
||||
|
|
|
|||
|
|
@ -80,5 +80,4 @@ class TestPypykatzHandler(TestCase):
|
|||
'lm_hash': ''},
|
||||
]
|
||||
results = [result.to_dict() for result in results]
|
||||
for test_dict in test_dicts:
|
||||
self.assertTrue(test_dict in results)
|
||||
[self.assertTrue(test_dict in results) for test_dict in test_dicts]
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from typing import Dict
|
||||
|
||||
|
||||
class WindowsCredential:
|
||||
class WindowsCredentials:
|
||||
def __init__(self, username: str, password="", ntlm_hash="", lm_hash=""):
|
||||
self.username = username
|
||||
self.password = password
|
||||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import logging
|
||||
import sys
|
||||
|
||||
from infection_monkey.system_info.windows_cred_collector.windows_cred_collector import WindowsCredentialCollector
|
||||
from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import MimikatzCredentialCollector
|
||||
|
||||
sys.coinit_flags = 0 # needed for proper destruction of the wmi python module
|
||||
# noinspection PyPep8
|
||||
|
|
@ -63,7 +63,7 @@ class WindowsInfoCollector(InfoCollector):
|
|||
def get_mimikatz_info(self):
|
||||
LOG.info("Gathering mimikatz info")
|
||||
try:
|
||||
credentials = WindowsCredentialCollector.get_creds()
|
||||
credentials = MimikatzCredentialCollector.get_creds()
|
||||
if credentials:
|
||||
if "credentials" in self.info:
|
||||
self.info["credentials"].update(credentials)
|
||||
|
|
@ -72,4 +72,4 @@ class WindowsInfoCollector(InfoCollector):
|
|||
else:
|
||||
LOG.info('No mimikatz info was gathered')
|
||||
except Exception as e:
|
||||
LOG.info(f"Pypykatz failed: {e}")
|
||||
LOG.info(f"Mimikatz credential collector failed: {e}")
|
||||
|
|
|
|||
|
|
@ -420,11 +420,6 @@ class ReportPageComponent extends AuthComponent {
|
|||
<PostBreach data={this.state.report.glance.scanned}/>
|
||||
</div>
|
||||
|
||||
<div style={{position: 'relative' /*, height: '80vh'*/}}>
|
||||
{/*Disable PTH map until we fix it
|
||||
this.generateReportPthMap()*/}
|
||||
</div>
|
||||
|
||||
<div style={{marginBottom: '20px'}}>
|
||||
<StolenPasswords data={this.state.report.glance.stolen_creds.concat(this.state.report.glance.ssh_keys)}/>
|
||||
</div>
|
||||
|
|
|
|||
Loading…
Reference in New Issue