forked from p34709852/monkey
Exported common T1021 and T1110 functions to 'technique_report_tools.py' file, fixed 'ScanStatus' usage on front end
This commit is contained in:
parent
1360e1877c
commit
54b38b04b2
|
@ -1,7 +1,8 @@
|
|||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||
from common.utils.attack_utils import ScanStatus
|
||||
from monkey_island.cc.services.attack.technique_reports.T1110 import T1110
|
||||
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import parse_creds
|
||||
|
||||
|
||||
__author__ = "VakarisZ"
|
||||
|
||||
|
@ -44,7 +45,7 @@ class T1021(AttackTechnique):
|
|||
for result in attempts:
|
||||
result['successful_creds'] = []
|
||||
for attempt in result['attempts']:
|
||||
result['successful_creds'].append(T1110.parse_creds(attempt))
|
||||
result['successful_creds'].append(parse_creds(attempt))
|
||||
else:
|
||||
status = ScanStatus.SCANNED.value
|
||||
else:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||
from common.utils.attack_utils import ScanStatus
|
||||
from monkey_island.cc.encryptor import encryptor
|
||||
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import parse_creds
|
||||
|
||||
__author__ = "VakarisZ"
|
||||
|
||||
|
@ -32,7 +32,7 @@ class T1110(AttackTechnique):
|
|||
result['successful_creds'] = []
|
||||
for attempt in result['attempts']:
|
||||
succeeded = True
|
||||
result['successful_creds'].append(T1110.parse_creds(attempt))
|
||||
result['successful_creds'].append(parse_creds(attempt))
|
||||
|
||||
if succeeded:
|
||||
status = ScanStatus.USED.value
|
||||
|
@ -47,47 +47,4 @@ class T1110(AttackTechnique):
|
|||
data.update({'services': attempts})
|
||||
return data
|
||||
|
||||
@staticmethod
|
||||
def parse_creds(attempt):
|
||||
"""
|
||||
Parses used credentials into a string
|
||||
:param attempt: login attempt from database
|
||||
:return: string with username and used password/hash
|
||||
"""
|
||||
username = attempt['user']
|
||||
creds = {'lm_hash': {'type': 'LM hash', 'output': T1110.censor_hash(attempt['lm_hash'])},
|
||||
'ntlm_hash': {'type': 'NTLM hash', 'output': T1110.censor_hash(attempt['ntlm_hash'], 20)},
|
||||
'ssh_key': {'type': 'SSH key', 'output': attempt['ssh_key']},
|
||||
'password': {'type': 'Plaintext password', 'output': T1110.censor_password(attempt['password'])}}
|
||||
for key, cred in creds.items():
|
||||
if attempt[key]:
|
||||
return '%s ; %s : %s' % (username,
|
||||
cred['type'],
|
||||
cred['output'])
|
||||
|
||||
@staticmethod
|
||||
def censor_password(password, plain_chars=3, secret_chars=5):
|
||||
"""
|
||||
Decrypts and obfuscates password by changing characters to *
|
||||
:param password: Password or string to obfuscate
|
||||
:param plain_chars: How many plain-text characters should be kept at the start of the string
|
||||
:param secret_chars: How many * symbols should be used to hide the remainder of the password
|
||||
:return: Obfuscated string e.g. Pass****
|
||||
"""
|
||||
if not password:
|
||||
return ""
|
||||
password = encryptor.dec(password)
|
||||
return password[0:plain_chars] + '*' * secret_chars
|
||||
|
||||
@staticmethod
|
||||
def censor_hash(hash_, plain_chars=5):
|
||||
"""
|
||||
Decrypts and obfuscates hash by only showing a part of it
|
||||
:param hash_: Hash to obfuscate
|
||||
:param plain_chars: How many chars of hash should be shown
|
||||
:return: Obfuscated string
|
||||
"""
|
||||
if not hash_:
|
||||
return ""
|
||||
hash_ = encryptor.dec(hash_)
|
||||
return hash_[0: plain_chars] + ' ...'
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
from monkey_island.cc.encryptor import encryptor
|
||||
|
||||
|
||||
def parse_creds(attempt):
|
||||
"""
|
||||
Parses used credentials into a string
|
||||
:param attempt: login attempt from database
|
||||
:return: string with username and used password/hash
|
||||
"""
|
||||
username = attempt['user']
|
||||
creds = {'lm_hash': {'type': 'LM hash', 'output': censor_hash(attempt['lm_hash'])},
|
||||
'ntlm_hash': {'type': 'NTLM hash', 'output': censor_hash(attempt['ntlm_hash'], 20)},
|
||||
'ssh_key': {'type': 'SSH key', 'output': attempt['ssh_key']},
|
||||
'password': {'type': 'Plaintext password', 'output': censor_password(attempt['password'])}}
|
||||
for key, cred in creds.items():
|
||||
if attempt[key]:
|
||||
return '%s ; %s : %s' % (username,
|
||||
cred['type'],
|
||||
cred['output'])
|
||||
|
||||
|
||||
def censor_password(password, plain_chars=3, secret_chars=5):
|
||||
"""
|
||||
Decrypts and obfuscates password by changing characters to *
|
||||
:param password: Password or string to obfuscate
|
||||
:param plain_chars: How many plain-text characters should be kept at the start of the string
|
||||
:param secret_chars: How many * symbols should be used to hide the remainder of the password
|
||||
:return: Obfuscated string e.g. Pass****
|
||||
"""
|
||||
if not password:
|
||||
return ""
|
||||
password = encryptor.dec(password)
|
||||
return password[0:plain_chars] + '*' * secret_chars
|
||||
|
||||
|
||||
def censor_hash(hash_, plain_chars=5):
|
||||
"""
|
||||
Decrypts and obfuscates hash by only showing a part of it
|
||||
:param hash_: Hash to obfuscate
|
||||
:param plain_chars: How many chars of hash should be shown
|
||||
:return: Obfuscated string
|
||||
"""
|
||||
if not hash_:
|
||||
return ""
|
||||
hash_ = encryptor.dec(hash_)
|
||||
return hash_[0: plain_chars] + ' ...'
|
|
@ -1,7 +1,7 @@
|
|||
import React from 'react';
|
||||
import '../../../styles/Collapse.scss'
|
||||
import ReactTable from "react-table";
|
||||
import { renderMachine, scanStatus } from "./Helpers"
|
||||
import { renderMachine, ScanStatus } from "./Helpers"
|
||||
|
||||
|
||||
class T1021 extends React.Component {
|
||||
|
@ -29,7 +29,7 @@ class T1021 extends React.Component {
|
|||
<div>
|
||||
<div>{this.props.data.message}</div>
|
||||
<br/>
|
||||
{this.props.data.status === scanStatus.USED ?
|
||||
{this.props.data.status === ScanStatus.USED ?
|
||||
<ReactTable
|
||||
columns={T1021.getServiceColumns()}
|
||||
data={this.props.data.services}
|
||||
|
|
Loading…
Reference in New Issue