Agent: Remove logging of sensitive data from SmbTools

2022-03-18 08:51:11 -04:00 · 2022-03-18 08:51:11 -04:00 · 32491d5998
parent 396dd0fca6
commit 32491d5998
1 changed files with 4 additions and 29 deletions
--- a/monkey/infection_monkey/exploit/tools/smb_tools.py
+++ b/monkey/infection_monkey/exploit/tools/smb_tools.py
@ -8,7 +8,6 @@ from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21
 from impacket.smbconnection import SMB_DIALECT, SMBConnection

 from common.utils.attack_utils import ScanStatus
-from infection_monkey.config import Configuration
 from infection_monkey.network.tools import get_interface_to_target
 from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
 from infection_monkey.utils.brute_force import get_credential_string
@ -40,16 +39,7 @@ class SmbTools(object):

        # skip guest users
        if smb.isGuestSession() > 0:
-            logger.debug(
-                "Connection to %r granted guest privileges with user: %s, password (SHA-512): "
-                "'%s',"
-                " LM hash (SHA-512): %s, NTLM hash (SHA-512): %s",
-                host,
-                username,
-                Configuration.hash_sensitive_data(password),
-                Configuration.hash_sensitive_data(lm_hash),
-                Configuration.hash_sensitive_data(ntlm_hash),
-            )
+            logger.debug(f'Connection to {host} granted guest privileges with user "{username}"')

            try:
                smb.logoff()
@ -184,14 +174,8 @@ class SmbTools(object):

        if not file_uploaded:
            logger.debug(
-                "Couldn't find a writable share for exploiting victim %r with "
-                "username: %s, password (SHA-512): '%s', LM hash (SHA-512): %s, NTLM hash ("
-                "SHA-512): %s",
-                host,
-                username,
-                Configuration.hash_sensitive_data(password),
-                Configuration.hash_sensitive_data(lm_hash),
-                Configuration.hash_sensitive_data(ntlm_hash),
+                f"Couldn't find a writable share for exploiting victim {host} with "
+                f'user "{username}"'
            )
            return None

@ -222,16 +206,7 @@ class SmbTools(object):
        try:
            smb.login(username, password, "", lm_hash, ntlm_hash)
        except Exception as exc:
-            logger.debug(
-                "Error while logging into %r using user: %s, password (SHA-512): '%s', "
-                "LM hash (SHA-512): %s, NTLM hash (SHA-512): %s: %s",
-                host,
-                username,
-                Configuration.hash_sensitive_data(password),
-                Configuration.hash_sensitive_data(lm_hash),
-                Configuration.hash_sensitive_data(ntlm_hash),
-                exc,
-            )
+            logger.debug(f'Error while logging into {host} using user "{username}": {exc}')
            return None, dialect

        smb.setTimeout(timeout)