Extract credentials in a more generic fashion

This commit is contained in:
Itay Mizeretz 2017-09-13 18:11:59 +03:00
parent 5b3e526d49
commit 8973032ca5
1 changed files with 6 additions and 9 deletions

View File

@ -70,17 +70,14 @@ class EdgeService:
user = "" user = ""
password = "" password = ""
# TODO: implement for other exploiters
# TODO: The format that's used today to get the credentials is bad. Change it from monkey side and adapt. # TODO: The format that's used today to get the credentials is bad. Change it from monkey side and adapt.
result = exploit["data"]["result"] result = exploit["data"]["result"]
if exploit["exploiter"] == "RdpExploiter": if result:
user = exploit["data"]["machine"]["creds"].keys()[0] if "creds" in exploit["data"]["machine"]:
password = exploit["data"]["machine"]["creds"][user] user = exploit["data"]["machine"]["creds"].keys()[0]
elif exploit["exploiter"] == "SmbExploiter": password = exploit["data"]["machine"]["creds"][user]
if result: else:
user = exploit["data"]["machine"]["cred"].keys()[0] if ("user" in exploit["data"]) and ("password" in exploit["data"]):
password = exploit["data"]["machine"]["cred"][user]
else:
user = exploit["data"]["user"] user = exploit["data"]["user"]
password = exploit["data"]["password"] password = exploit["data"]["password"]