p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Check username of Mimikatz gathered creds 

before adding to the config since we don't want to add users created by the Monkey
This commit is contained in:
Shreya Malviya 2022-04-20 18:18:23 +05:30
parent 2bcdb72555
commit 3561573a6b
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
View File

@ -1,6 +1,7 @@
import logging import logging
from typing import Sequence from typing import Sequence
from infection_monkey.consts import USERNAME_PREFIX
from infection_monkey.credential_collectors import LMHash, NTHash, Password, Username from infection_monkey.credential_collectors import LMHash, NTHash, Password, Username
from infection_monkey.i_puppet.credential_collection import Credentials, ICredentialCollector from infection_monkey.i_puppet.credential_collection import Credentials, ICredentialCollector
@ -23,7 +24,11 @@ class MimikatzCredentialCollector(ICredentialCollector):
for win_cred in win_creds: for win_cred in win_creds:
identities = [] identities = []
secrets = [] secrets = []
if win_cred.username:
# Mimikatz picks up users created by the Monkey even if they're successfully deleted
# since it picks up creds from the registry. The newly created users are not removed
# from the registry until a reboot of the system, hence this check.
if win_cred.username and not win_cred.username.startswith(USERNAME_PREFIX):
identity = Username(win_cred.username) identity = Username(win_cred.username)
identities.append(identity) identities.append(identity)