forked from p34709852/monkey
Agent: split up nt and lm hashes into separate credential components
This commit is contained in:
parent
9037dfdf99
commit
b7003bc231
|
@ -1,5 +1,6 @@
|
||||||
from .i_credential_collector import ICredentialCollector
|
from .i_credential_collector import ICredentialCollector
|
||||||
from .credential_components.nt_hashes import NTHashes
|
from .credential_components.nt_hash import NTHash
|
||||||
|
from .credential_components.lm_hash import LMHash
|
||||||
from .credential_components.password import Password
|
from .credential_components.password import Password
|
||||||
from .credential_components.ssh_keypair import SSHKeypair
|
from .credential_components.ssh_keypair import SSHKeypair
|
||||||
from .credential_components.username import Username
|
from .credential_components.username import Username
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
from ..credential_type import CredentialType
|
||||||
|
from .i_credential_component import ICredentialComponent
|
||||||
|
|
||||||
|
|
||||||
|
class LMHash(ICredentialComponent):
|
||||||
|
def __init__(self, lm_hash: str):
|
||||||
|
super().__init__(type=CredentialType.NTLM_HASH, content={"lm_hash": lm_hash})
|
|
@ -0,0 +1,7 @@
|
||||||
|
from ..credential_type import CredentialType
|
||||||
|
from .i_credential_component import ICredentialComponent
|
||||||
|
|
||||||
|
|
||||||
|
class NTHash(ICredentialComponent):
|
||||||
|
def __init__(self, nt_hash: str):
|
||||||
|
super().__init__(type=CredentialType.NTLM_HASH, content={"nt_hash": nt_hash})
|
|
@ -1,9 +0,0 @@
|
||||||
from ..credential_types import CredentialTypes
|
|
||||||
from .i_credential_component import ICredentialComponent
|
|
||||||
|
|
||||||
|
|
||||||
class NTHashes(ICredentialComponent):
|
|
||||||
def __init__(self, ntlm_hash: str, lm_hash: str):
|
|
||||||
super().__init__(
|
|
||||||
type=CredentialTypes.NTLM_HASH, content={"ntlm_hash": ntlm_hash, "lm_hash": lm_hash}
|
|
||||||
)
|
|
|
@ -3,7 +3,8 @@ from typing import List
|
||||||
from infection_monkey.credential_collectors import (
|
from infection_monkey.credential_collectors import (
|
||||||
Credentials,
|
Credentials,
|
||||||
ICredentialCollector,
|
ICredentialCollector,
|
||||||
NTHashes,
|
LMHash,
|
||||||
|
NTHash,
|
||||||
Password,
|
Password,
|
||||||
Username,
|
Username,
|
||||||
)
|
)
|
||||||
|
@ -15,10 +16,10 @@ from .windows_credentials import WindowsCredentials
|
||||||
class MimikatzCredentialCollector(ICredentialCollector):
|
class MimikatzCredentialCollector(ICredentialCollector):
|
||||||
def collect_credentials(self) -> List[Credentials]:
|
def collect_credentials(self) -> List[Credentials]:
|
||||||
creds = pypykatz_handler.get_windows_creds()
|
creds = pypykatz_handler.get_windows_creds()
|
||||||
return MimikatzCredentialCollector.to_credentials(creds)
|
return MimikatzCredentialCollector._to_credentials(creds)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def to_credentials(win_creds: List[WindowsCredentials]) -> [Credentials]:
|
def _to_credentials(win_creds: List[WindowsCredentials]) -> [Credentials]:
|
||||||
all_creds = []
|
all_creds = []
|
||||||
for win_cred in win_creds:
|
for win_cred in win_creds:
|
||||||
creds_obj = Credentials(identities=[], secrets=[])
|
creds_obj = Credentials(identities=[], secrets=[])
|
||||||
|
@ -30,9 +31,13 @@ class MimikatzCredentialCollector(ICredentialCollector):
|
||||||
password = Password(win_cred.password)
|
password = Password(win_cred.password)
|
||||||
creds_obj.secrets.append(password)
|
creds_obj.secrets.append(password)
|
||||||
|
|
||||||
if win_cred.lm_hash or win_cred.ntlm_hash:
|
if win_cred.lm_hash:
|
||||||
hashes = NTHashes(ntlm_hash=win_cred.ntlm_hash, lm_hash=win_cred.lm_hash)
|
lm_hash = LMHash(lm_hash=win_cred.lm_hash)
|
||||||
creds_obj.secrets.append(hashes)
|
creds_obj.secrets.append(lm_hash)
|
||||||
|
|
||||||
|
if win_cred.ntlm_hash:
|
||||||
|
lm_hash = NTHash(nt_hash=win_cred.ntlm_hash)
|
||||||
|
creds_obj.secrets.append(lm_hash)
|
||||||
|
|
||||||
if creds_obj.identities != [] or creds_obj.secrets != []:
|
if creds_obj.identities != [] or creds_obj.secrets != []:
|
||||||
all_creds.append(creds_obj)
|
all_creds.append(creds_obj)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
from infection_monkey.credential_collectors import Credentials, NTHashes, Password, Username
|
from infection_monkey.credential_collectors import Credentials, LMHash, NTHash, Password, Username
|
||||||
from infection_monkey.credential_collectors.mimikatz_collector.mimikatz_cred_collector import (
|
from infection_monkey.credential_collectors.mimikatz_collector.mimikatz_cred_collector import (
|
||||||
MimikatzCredentialCollector,
|
MimikatzCredentialCollector,
|
||||||
)
|
)
|
||||||
|
@ -32,9 +32,7 @@ def test_pypykatz_result_parsing(monkeypatch):
|
||||||
WindowsCredentials(username="user", password="secret", ntlm_hash="", lm_hash=""),
|
WindowsCredentials(username="user", password="secret", ntlm_hash="", lm_hash=""),
|
||||||
WindowsCredentials(username="", password="", ntlm_hash="ntlm_hash", lm_hash="lm_hash"),
|
WindowsCredentials(username="", password="", ntlm_hash="ntlm_hash", lm_hash="lm_hash"),
|
||||||
WindowsCredentials(username="user", password="secret", ntlm_hash="", lm_hash=""),
|
WindowsCredentials(username="user", password="secret", ntlm_hash="", lm_hash=""),
|
||||||
WindowsCredentials(
|
WindowsCredentials(username="user2", password="secret2", lm_hash="lm_hash"),
|
||||||
username="user2", password="secret2", ntlm_hash="ntlm_hash2", lm_hash="lm_hash2"
|
|
||||||
),
|
|
||||||
]
|
]
|
||||||
patch_pypykatz(win_creds, monkeypatch)
|
patch_pypykatz(win_creds, monkeypatch)
|
||||||
|
|
||||||
|
@ -43,14 +41,14 @@ def test_pypykatz_result_parsing(monkeypatch):
|
||||||
username2 = Username("user2")
|
username2 = Username("user2")
|
||||||
password = Password("secret")
|
password = Password("secret")
|
||||||
password2 = Password("secret2")
|
password2 = Password("secret2")
|
||||||
hash = NTHashes(ntlm_hash="ntlm_hash", lm_hash="lm_hash")
|
nt_hash = NTHash(nt_hash="ntlm_hash")
|
||||||
hash2 = NTHashes(ntlm_hash="ntlm_hash2", lm_hash="lm_hash2")
|
lm_hash = LMHash(lm_hash="lm_hash")
|
||||||
|
|
||||||
expected = [
|
expected = [
|
||||||
Credentials(identities=[username], secrets=[password]),
|
Credentials(identities=[username], secrets=[password]),
|
||||||
Credentials(identities=[], secrets=[hash]),
|
Credentials(identities=[], secrets=[lm_hash, nt_hash]),
|
||||||
Credentials(identities=[username], secrets=[password]),
|
Credentials(identities=[username], secrets=[password]),
|
||||||
Credentials(identities=[username2], secrets=[password2, hash2]),
|
Credentials(identities=[username2], secrets=[password2, lm_hash]),
|
||||||
]
|
]
|
||||||
collected = MimikatzCredentialCollector().collect_credentials()
|
collected = MimikatzCredentialCollector().collect_credentials()
|
||||||
assert expected == collected
|
assert expected == collected
|
||||||
|
|
Loading…
Reference in New Issue