p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Return single AuthOptions from get_auth_options() 

The test suite was overly complicated for get_auth_options(), which
indicated that, perhaps, the function itself was overly complicated.
Previously, it accepted a list of Credentials and returned a list of
AuthOptions. Now, it accepts a single Credentials object and returns a
single AuthOptions object. This simpler interface allowed the test suite
to be easier to read, while adding negligible complexity to
PowerShellExploiter._exploit_host()
This commit is contained in:
Mike Salvatore 2021-09-17 11:30:32 -04:00
parent 9d07f82bd6
commit 444fb90f93
3 changed files with 35 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey/infection_monkey/exploit/powershell.py
View File

@ -47,7 +47,7 @@ class PowerShellExploiter(HostExploiter):
def _exploit_host(self): def _exploit_host(self):
try: try:
is_https = self._is_client_using_https() use_ssl = self._is_client_using_https()
except PowerShellRemotingDisabledError as e: except PowerShellRemotingDisabledError as e:
logging.info(e) logging.info(e)
return False return False
@ -59,7 +59,7 @@ class PowerShellExploiter(HostExploiter):
self._config.exploit_ntlm_hash_list, self._config.exploit_ntlm_hash_list,
is_windows_os(), is_windows_os(),
) )
auth_options = get_auth_options(credentials, is_https) auth_options = [get_auth_options(creds, use_ssl) for creds in credentials]
self._client = self._authenticate_via_brute_force(credentials, auth_options) self._client = self._authenticate_via_brute_force(credentials, auth_options)
if not self._client: if not self._client:

18
monkey/infection_monkey/exploit/powershell_utils/auth_options.py
View File

@ -1,5 +1,4 @@
from dataclasses import dataclass from dataclasses import dataclass
from typing import List
from infection_monkey.exploit.powershell_utils.credentials import Credentials from infection_monkey.exploit.powershell_utils.credentials import Credentials
@ -16,15 +15,10 @@ class AuthOptions:
ssl: bool ssl: bool
def get_auth_options(credentials: List[Credentials], use_ssl: bool) -> List[AuthOptions]: def get_auth_options(credentials: Credentials, use_ssl: bool) -> AuthOptions:
auth_options = [] # Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER
ssl = False if credentials.secret == "" else use_ssl
auth_type = AUTH_BASIC if credentials.secret == "" else AUTH_NEGOTIATE
encryption = ENCRYPTION_NEVER if credentials.secret == "" else ENCRYPTION_AUTO
for creds in credentials: return AuthOptions(auth_type, encryption, ssl)
# Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER
ssl = False if creds.secret == "" else use_ssl
auth_type = AUTH_BASIC if creds.secret == "" else AUTH_NEGOTIATE
encryption = ENCRYPTION_NEVER if creds.secret == "" else ENCRYPTION_AUTO
auth_options.append(AuthOptions(auth_type, encryption, ssl))
return auth_options

56
monkey/tests/unit_tests/infection_monkey/exploit/powershell_utils/test_auth_options.py
View File

@ -8,80 +8,78 @@ from infection_monkey.exploit.powershell_utils.auth_options import (
) )
from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType
CREDENTIALS = [ CREDENTIALS_WITH_PASSWORD = Credentials("user1", "password1", SecretType.PASSWORD)
Credentials("user1", "password1", SecretType.PASSWORD), CREDENTIALS_EMPTY_PASSWORD = Credentials("user2", "", SecretType.PASSWORD)
Credentials("user2", "", SecretType.PASSWORD), CREDENTIALS_NONE_PASSWORD = Credentials("user3", None, SecretType.CACHED)
Credentials("user3", None, SecretType.CACHED),
]
def test_get_auth_options__ssl_true_with_password(): def test_get_auth_options__ssl_true_with_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=True) auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, use_ssl=True)
assert auth_options[0].ssl assert auth_options.ssl
def test_get_auth_options__ssl_true_empty_password(): def test_get_auth_options__ssl_true_empty_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=True) auth_options = get_auth_options(CREDENTIALS_EMPTY_PASSWORD, use_ssl=True)
assert not auth_options[1].ssl assert not auth_options.ssl
def test_get_auth_options__ssl_true_none_password(): def test_get_auth_options__ssl_true_none_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=True) auth_options = get_auth_options(CREDENTIALS_NONE_PASSWORD, use_ssl=True)
assert auth_options[2].ssl assert auth_options.ssl
def test_get_auth_options__ssl_false_with_password(): def test_get_auth_options__ssl_false_with_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, use_ssl=False)
assert not auth_options[0].ssl assert not auth_options.ssl
def test_get_auth_options__ssl_false_empty_password(): def test_get_auth_options__ssl_false_empty_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_EMPTY_PASSWORD, use_ssl=False)
assert not auth_options[1].ssl assert not auth_options.ssl
def test_get_auth_options__ssl_false_none_password(): def test_get_auth_options__ssl_false_none_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_NONE_PASSWORD, use_ssl=False)
assert not auth_options[2].ssl assert not auth_options.ssl
def test_get_auth_options__auth_type_with_password(): def test_get_auth_options__auth_type_with_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, use_ssl=False)
assert auth_options[0].auth_type == AUTH_NEGOTIATE assert auth_options.auth_type == AUTH_NEGOTIATE
def test_get_auth_options__auth_type_empty_password(): def test_get_auth_options__auth_type_empty_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_EMPTY_PASSWORD, use_ssl=False)
assert auth_options[1].auth_type == AUTH_BASIC assert auth_options.auth_type == AUTH_BASIC
def test_get_auth_options__auth_type_none_password(): def test_get_auth_options__auth_type_none_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_NONE_PASSWORD, use_ssl=False)
assert auth_options[2].auth_type == AUTH_NEGOTIATE assert auth_options.auth_type == AUTH_NEGOTIATE
def test_get_auth_options__encryption_with_password(): def test_get_auth_options__encryption_with_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, use_ssl=False)
assert auth_options[0].encryption == ENCRYPTION_AUTO assert auth_options.encryption == ENCRYPTION_AUTO
def test_get_auth_options__encryption_empty_password(): def test_get_auth_options__encryption_empty_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_EMPTY_PASSWORD, use_ssl=False)
assert auth_options[1].encryption == ENCRYPTION_NEVER assert auth_options.encryption == ENCRYPTION_NEVER
def test_get_auth_options__encryption_none_password(): def test_get_auth_options__encryption_none_password():
auth_options = get_auth_options(CREDENTIALS, use_ssl=False) auth_options = get_auth_options(CREDENTIALS_NONE_PASSWORD, use_ssl=False)
assert auth_options[2].encryption == ENCRYPTION_AUTO assert auth_options.encryption == ENCRYPTION_AUTO