p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: refactor mimikatz_cred_collector to credential collector

This commit is contained in:
vakarisz 2022-02-14 15:25:06 +02:00
parent c21cf681a4
commit 6aa2160f31
8 changed files with 48 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
monkey/infection_monkey/credential_collectors/__init__.py
View File

@ -0,0 +1,6 @@
from .i_credential_collector import ICredentialCollector
from .credential_components.nt_hashes import NTHashes
from .credential_components.password import Password
from .credential_components.ssh_keypair import SSHKeypair
from .credential_components.username import Username
from .credentials import Credentials

9
monkey/infection_monkey/credential_collectors/credential_components/nt_hashes.py Normal file
View File

@ -0,0 +1,9 @@
from ..credential_types import CredentialTypes
from .i_credential_component import ICredentialComponent
class NTHashes(ICredentialComponent):
def __init__(self, ntlm_hash: str, lm_hash: str):
super().__init__(
type=CredentialTypes.NTLM_HASH, content={"ntlm_hash": ntlm_hash, "lm_hash": lm_hash}
)

8
monkey/infection_monkey/credential_collectors/credential_components/ntlm_hash.py
View File

@ -1,8 +0,0 @@
from ..credential_types import CredentialTypes
from .i_credential_component import ICredentialComponent
class NtlmHash(ICredentialComponent):
def __init__(self, content: dict):
super().__init__(type=CredentialTypes.NTLM_HASH, content=content)

5
monkey/infection_monkey/credential_collectors/credential_components/password.py
View File

@ -1,8 +1,7 @@
from ..credential_types import CredentialTypes from ..credential_types import CredentialTypes
from .i_credential_component import ICredentialComponent from .i_credential_component import ICredentialComponent
class Password(ICredentialComponent): class Password(ICredentialComponent):
def __init__(self, content: dict): def __init__(self, password: str):
super().__init__(type=CredentialTypes.PASSWORD, content=content) super().__init__(type=CredentialTypes.PASSWORD, content={"password": password})

3
monkey/infection_monkey/credential_collectors/credential_components/ssh_keypair.py
View File

@ -1,8 +1,7 @@
from ..credential_types import CredentialTypes from ..credential_types import CredentialTypes
from .i_credential_component import ICredentialComponent from .i_credential_component import ICredentialComponent
class SSHKeypair(ICredentialComponent): class SSHKeypair(ICredentialComponent):
def __init__(self, content: dict): def __init__(self, content: dict):
super().__init__(type=CredentialTypes.KEYPAIR, content=content) super().__init__(type=CredentialTypes.SSH_KEYPAIR, content=content)

5
monkey/infection_monkey/credential_collectors/credential_components/username.py
View File

@ -1,8 +1,7 @@
from ..credential_types import CredentialTypes from ..credential_types import CredentialTypes
from .i_credential_component import ICredentialComponent from .i_credential_component import ICredentialComponent
class Username(ICredentialComponent): class Username(ICredentialComponent):
def __init__(self, content: dict): def __init__(self, username: str):
super().__init__(type=CredentialTypes.USERNAME, content=content) super().__init__(type=CredentialTypes.USERNAME, content={"username": username})

2
monkey/infection_monkey/credential_collectors/credential_types.py
View File

@ -2,7 +2,7 @@ from enum import Enum
class CredentialTypes(Enum): class CredentialTypes(Enum):
KEYPAIR = 1 SSH_KEYPAIR = 1
USERNAME = 2 USERNAME = 2
PASSWORD = 3 PASSWORD = 3
NTLM_HASH = 4 NTLM_HASH = 4

41
monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py
View File

@ -1,25 +1,38 @@
from typing import List from typing import List
from infection_monkey.credential_collectors import (
Credentials,
ICredentialCollector,
NTHashes,
Password,
Username,
)
from infection_monkey.system_info.windows_cred_collector import pypykatz_handler from infection_monkey.system_info.windows_cred_collector import pypykatz_handler
from infection_monkey.system_info.windows_cred_collector.windows_credentials import ( from infection_monkey.system_info.windows_cred_collector.windows_credentials import (
WindowsCredentials, WindowsCredentials,
) )
class MimikatzCredentialCollector(object): class MimikatzCredentialCollector(ICredentialCollector):
@staticmethod def collect_credentials(self) -> Credentials:
def get_creds():
creds = pypykatz_handler.get_windows_creds() creds = pypykatz_handler.get_windows_creds()
return MimikatzCredentialCollector.cred_list_to_cred_dict(creds) return MimikatzCredentialCollector.to_credentials(creds)
@staticmethod @staticmethod
def cred_list_to_cred_dict(creds: List[WindowsCredentials]): def to_credentials(win_creds: List[WindowsCredentials]) -> Credentials:
cred_dict = {} creds_obj = Credentials(identities=[], secrets=[])
for cred in creds: for win_cred in win_creds:
# TODO: This should be handled by the island, not the agent. There is already similar
# code in monkey_island/cc/models/report/report_dal.py. if win_cred.username:
# Lets not use "." and "$" in keys, because it will confuse mongo. identity = Username(win_cred.username)
# Ideally we should refactor island not to use a dict and simply parse credential list. creds_obj.identities.append(identity)
key = cred.username.replace(".", ",").replace("$", "")
cred_dict.update({key: cred.to_dict()}) if win_cred.password:
return cred_dict password = Password(win_cred.password)
creds_obj.secrets.append(password)
if win_cred.lm_hash or win_cred.ntlm_hash:
hashes = NTHashes(ntlm_hash=win_cred.ntlm_hash, lm_hash=win_cred.lm_hash)
creds_obj.secrets.append(hashes)
return creds_obj