Extract credentials in a more generic fashion

This commit is contained in:
Itay Mizeretz 2017-09-13 18:11:59 +03:00
parent 5b3e526d49
commit 8973032ca5
1 changed files with 6 additions and 9 deletions

View File

@ -70,17 +70,14 @@ class EdgeService:
user = ""
password = ""
# TODO: implement for other exploiters
# TODO: The format that's used today to get the credentials is bad. Change it from monkey side and adapt.
result = exploit["data"]["result"]
if exploit["exploiter"] == "RdpExploiter":
if result:
if "creds" in exploit["data"]["machine"]:
user = exploit["data"]["machine"]["creds"].keys()[0]
password = exploit["data"]["machine"]["creds"][user]
elif exploit["exploiter"] == "SmbExploiter":
if result:
user = exploit["data"]["machine"]["cred"].keys()[0]
password = exploit["data"]["machine"]["cred"][user]
else:
if ("user" in exploit["data"]) and ("password" in exploit["data"]):
user = exploit["data"]["user"]
password = exploit["data"]["password"]