diff --git a/monkey_island/cc/resources/pthmap.py b/monkey_island/cc/resources/pthmap.py
index f61c2d9c9..25f2b05c3 100644
--- a/monkey_island/cc/resources/pthmap.py
+++ b/monkey_island/cc/resources/pthmap.py
@@ -818,6 +818,14 @@ class PassTheHashMap(object):
return machines
+ def GetThreateningUsersByVictim(victim):
+ threatening_users = set()
+
+ for attacker in pth.GetAttackersByVictim(victim):
+ threatening_users |= (attacker.GetCachedSids() & victim.GetAdmins())
+
+ return threatening_users
+
def main():
pth = PassTheHashMap()
@@ -836,11 +844,32 @@ def main():
print """| {secret} | {count} | """.format(secret=secret, count=count)
print """"""
for sid in pth.GetSidsBySecret(secret):
- print """- {username}"""
print """
- {username}
""".format(sid=sid, username=pth.GetUsernameBySid(sid))
print """ |
"""
print """"""
+
+
+ print "Strong Users That Threat Critical Servers
"
+ print "Administrators of critical servers that we could find thier secret cached somewhere
"
+
+ threatening = dict(map(lambda x: (x, len(pth.GetThreateningUsersByVictim(x))), pth.GetCritialServers()))
+
+ print """"""
+ print """| Critical Server | Hostname | Domain | Threatening User Count | Threatening Users |
|---|
"""
+ for m, count in sorted(threatening.iteritems(), key=lambda (k,v): (v,k), reverse=True):
+ if count <= 0:
+ continue
+ print """| {ip} | {hostname} | {domain} | {count} | """.format(ip=m.GetIp(), hostname=m.GetHostName(), domain=m.GetDomainName(), count=count)
+ print """"""
+
+ for sid in pth.GetThreateningUsersByVictim(m):
+ print """- {username}
""".format(sid=sid, username=pth.GetUsernameBySid(sid))
+
+ print """ |
"""
+ print """
"""
+
+
print "Cached Passwords
"
print "On how many machines each secret is cached (possible attacker count)?
"
cache_counts = dict(map(lambda x: (x, pth.GetAttackCountBySecret(x)), pth.GetAllSecrets()))