From 3228bcf2c7da23a66ca8f56dc5e9113b230f3201 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Jun 2020 14:23:39 +0300 Subject: [PATCH] CR comments fixed: renames and readability improvements --- ...ollector.py => mimikatz_cred_collector.py} | 12 +++--- .../pypykatz_handler.py | 40 +++++++++---------- .../test_pypykatz_handler.py | 3 +- ...s_credential.py => windows_credentials.py} | 2 +- .../system_info/windows_info_collector.py | 6 +-- .../report-components/SecurityReport.js | 5 --- 6 files changed, 31 insertions(+), 37 deletions(-) rename monkey/infection_monkey/system_info/windows_cred_collector/{windows_cred_collector.py => mimikatz_cred_collector.py} (61%) rename monkey/infection_monkey/system_info/windows_cred_collector/{windows_credential.py => windows_credentials.py} (94%) diff --git a/monkey/infection_monkey/system_info/windows_cred_collector/windows_cred_collector.py b/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py similarity index 61% rename from monkey/infection_monkey/system_info/windows_cred_collector/windows_cred_collector.py rename to monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py index 3e462bbe0..96d3912e3 100644 --- a/monkey/infection_monkey/system_info/windows_cred_collector/windows_cred_collector.py +++ b/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py @@ -1,21 +1,21 @@ import logging from typing import List -from infection_monkey.system_info.windows_cred_collector.pypykatz_handler import get_windows_creds -from infection_monkey.system_info.windows_cred_collector.windows_credential import WindowsCredential +from infection_monkey.system_info.windows_cred_collector import pypykatz_handler +from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials LOG = logging.getLogger(__name__) -class WindowsCredentialCollector(object): +class MimikatzCredentialCollector(object): @staticmethod def get_creds(): - creds = get_windows_creds() - return WindowsCredentialCollector.cred_list_to_cred_dict(creds) + creds = pypykatz_handler.get_windows_creds() + return MimikatzCredentialCollector.cred_list_to_cred_dict(creds) @staticmethod - def cred_list_to_cred_dict(creds: List[WindowsCredential]): + def cred_list_to_cred_dict(creds: List[WindowsCredentials]): cred_dict = {} for cred in creds: # Lets not use "." and "$" in keys, because it will confuse mongo. diff --git a/monkey/infection_monkey/system_info/windows_cred_collector/pypykatz_handler.py b/monkey/infection_monkey/system_info/windows_cred_collector/pypykatz_handler.py index 3e726a989..7688c8643 100644 --- a/monkey/infection_monkey/system_info/windows_cred_collector/pypykatz_handler.py +++ b/monkey/infection_monkey/system_info/windows_cred_collector/pypykatz_handler.py @@ -1,29 +1,29 @@ import binascii -from typing import Dict, List +from typing import Dict, List, NewType, Any from pypykatz.pypykatz import pypykatz -from infection_monkey.system_info.windows_cred_collector.windows_credential import WindowsCredential +from infection_monkey.system_info.windows_cred_collector.windows_credentials import WindowsCredentials CREDENTIAL_TYPES = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'dpapi_creds', 'kerberos_creds', 'credman_creds', 'tspkg_creds'] +PypykatzCredential = NewType('PypykatzCredential', Dict) - -def get_windows_creds(): +def get_windows_creds() -> List[WindowsCredentials]: pypy_handle = pypykatz.go_live() logon_data = pypy_handle.to_dict() windows_creds = _parse_pypykatz_results(logon_data) return windows_creds -def _parse_pypykatz_results(pypykatz_data: Dict) -> List: +def _parse_pypykatz_results(pypykatz_data: Dict) -> List[WindowsCredentials]: windows_creds = [] for session in pypykatz_data['logon_sessions'].values(): windows_creds.extend(_get_creds_from_pypykatz_session(session)) return windows_creds -def _get_creds_from_pypykatz_session(pypykatz_session: Dict): +def _get_creds_from_pypykatz_session(pypykatz_session: Dict) -> List[WindowsCredentials]: windows_creds = [] for cred_type_key in CREDENTIAL_TYPES: pypykatz_creds = pypykatz_session[cred_type_key] @@ -31,23 +31,23 @@ def _get_creds_from_pypykatz_session(pypykatz_session: Dict): return windows_creds -def _get_creds_from_pypykatz_creds(pypykatz_creds): +def _get_creds_from_pypykatz_creds(pypykatz_creds: List[PypykatzCredential]) -> List[WindowsCredentials]: creds = _filter_empty_creds(pypykatz_creds) return [_get_windows_cred(cred) for cred in creds] -def _filter_empty_creds(pypykatz_creds: List[Dict]): +def _filter_empty_creds(pypykatz_creds: List[PypykatzCredential]) -> List[PypykatzCredential]: return [cred for cred in pypykatz_creds if not _is_cred_empty(cred)] -def _is_cred_empty(pypykatz_cred: Dict): +def _is_cred_empty(pypykatz_cred: PypykatzCredential): password_empty = 'password' not in pypykatz_cred or not pypykatz_cred['password'] ntlm_hash_empty = 'NThash' not in pypykatz_cred or not pypykatz_cred['NThash'] lm_hash_empty = 'LMhash' not in pypykatz_cred or not pypykatz_cred['LMhash'] return password_empty and ntlm_hash_empty and lm_hash_empty -def _get_windows_cred(pypykatz_cred: Dict): +def _get_windows_cred(pypykatz_cred: PypykatzCredential): password = '' ntlm_hash = '' lm_hash = '' @@ -58,15 +58,15 @@ def _get_windows_cred(pypykatz_cred: Dict): ntlm_hash = _hash_to_string(pypykatz_cred['NThash']) if 'LMhash' in pypykatz_cred: lm_hash = _hash_to_string(pypykatz_cred['LMhash']) - return WindowsCredential(username=username, - password=password, - ntlm_hash=ntlm_hash, - lm_hash=lm_hash) + return WindowsCredentials(username=username, + password=password, + ntlm_hash=ntlm_hash, + lm_hash=lm_hash) -def _hash_to_string(hash): - if type(hash) == str: - return hash - if type(hash) == bytes: - return binascii.hexlify(bytearray(hash)).decode() - raise Exception(f"Can't convert hash to string, unsupported hash type {type(hash)}") +def _hash_to_string(hash_: Any): + if type(hash_) == str: + return hash_ + if type(hash_) == bytes: + return binascii.hexlify(bytearray(hash_)).decode() + raise Exception(f"Can't convert hash_ to string, unsupported hash_ type {type(hash_)}") diff --git a/monkey/infection_monkey/system_info/windows_cred_collector/test_pypykatz_handler.py b/monkey/infection_monkey/system_info/windows_cred_collector/test_pypykatz_handler.py index 025f5d1dc..b0ae2d751 100644 --- a/monkey/infection_monkey/system_info/windows_cred_collector/test_pypykatz_handler.py +++ b/monkey/infection_monkey/system_info/windows_cred_collector/test_pypykatz_handler.py @@ -80,5 +80,4 @@ class TestPypykatzHandler(TestCase): 'lm_hash': ''}, ] results = [result.to_dict() for result in results] - for test_dict in test_dicts: - self.assertTrue(test_dict in results) + [self.assertTrue(test_dict in results) for test_dict in test_dicts] diff --git a/monkey/infection_monkey/system_info/windows_cred_collector/windows_credential.py b/monkey/infection_monkey/system_info/windows_cred_collector/windows_credentials.py similarity index 94% rename from monkey/infection_monkey/system_info/windows_cred_collector/windows_credential.py rename to monkey/infection_monkey/system_info/windows_cred_collector/windows_credentials.py index f8d1ecac9..8f57ce5c3 100644 --- a/monkey/infection_monkey/system_info/windows_cred_collector/windows_credential.py +++ b/monkey/infection_monkey/system_info/windows_cred_collector/windows_credentials.py @@ -1,7 +1,7 @@ from typing import Dict -class WindowsCredential: +class WindowsCredentials: def __init__(self, username: str, password="", ntlm_hash="", lm_hash=""): self.username = username self.password = password diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 01d6c768e..13f0a5593 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -2,7 +2,7 @@ import os import logging import sys -from infection_monkey.system_info.windows_cred_collector.windows_cred_collector import WindowsCredentialCollector +from infection_monkey.system_info.windows_cred_collector.mimikatz_cred_collector import MimikatzCredentialCollector sys.coinit_flags = 0 # needed for proper destruction of the wmi python module # noinspection PyPep8 @@ -63,7 +63,7 @@ class WindowsInfoCollector(InfoCollector): def get_mimikatz_info(self): LOG.info("Gathering mimikatz info") try: - credentials = WindowsCredentialCollector.get_creds() + credentials = MimikatzCredentialCollector.get_creds() if credentials: if "credentials" in self.info: self.info["credentials"].update(credentials) @@ -72,4 +72,4 @@ class WindowsInfoCollector(InfoCollector): else: LOG.info('No mimikatz info was gathered') except Exception as e: - LOG.info(f"Pypykatz failed: {e}") + LOG.info(f"Mimikatz credential collector failed: {e}") diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js index 0ca0b74f6..87299edff 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js @@ -420,11 +420,6 @@ class ReportPageComponent extends AuthComponent { -
- {/*Disable PTH map until we fix it - this.generateReportPthMap()*/} -
-