Agent: split up nt and lm hashes into separate credential components

This commit is contained in:
vakarisz 2022-02-15 12:43:37 +02:00
parent 9037dfdf99
commit b7003bc231
6 changed files with 33 additions and 24 deletions

View File

@ -1,5 +1,6 @@
from .i_credential_collector import ICredentialCollector from .i_credential_collector import ICredentialCollector
from .credential_components.nt_hashes import NTHashes from .credential_components.nt_hash import NTHash
from .credential_components.lm_hash import LMHash
from .credential_components.password import Password from .credential_components.password import Password
from .credential_components.ssh_keypair import SSHKeypair from .credential_components.ssh_keypair import SSHKeypair
from .credential_components.username import Username from .credential_components.username import Username

View File

@ -0,0 +1,7 @@
from ..credential_type import CredentialType
from .i_credential_component import ICredentialComponent
class LMHash(ICredentialComponent):
def __init__(self, lm_hash: str):
super().__init__(type=CredentialType.NTLM_HASH, content={"lm_hash": lm_hash})

View File

@ -0,0 +1,7 @@
from ..credential_type import CredentialType
from .i_credential_component import ICredentialComponent
class NTHash(ICredentialComponent):
def __init__(self, nt_hash: str):
super().__init__(type=CredentialType.NTLM_HASH, content={"nt_hash": nt_hash})

View File

@ -1,9 +0,0 @@
from ..credential_types import CredentialTypes
from .i_credential_component import ICredentialComponent
class NTHashes(ICredentialComponent):
def __init__(self, ntlm_hash: str, lm_hash: str):
super().__init__(
type=CredentialTypes.NTLM_HASH, content={"ntlm_hash": ntlm_hash, "lm_hash": lm_hash}
)

View File

@ -3,7 +3,8 @@ from typing import List
from infection_monkey.credential_collectors import ( from infection_monkey.credential_collectors import (
Credentials, Credentials,
ICredentialCollector, ICredentialCollector,
NTHashes, LMHash,
NTHash,
Password, Password,
Username, Username,
) )
@ -15,10 +16,10 @@ from .windows_credentials import WindowsCredentials
class MimikatzCredentialCollector(ICredentialCollector): class MimikatzCredentialCollector(ICredentialCollector):
def collect_credentials(self) -> List[Credentials]: def collect_credentials(self) -> List[Credentials]:
creds = pypykatz_handler.get_windows_creds() creds = pypykatz_handler.get_windows_creds()
return MimikatzCredentialCollector.to_credentials(creds) return MimikatzCredentialCollector._to_credentials(creds)
@staticmethod @staticmethod
def to_credentials(win_creds: List[WindowsCredentials]) -> [Credentials]: def _to_credentials(win_creds: List[WindowsCredentials]) -> [Credentials]:
all_creds = [] all_creds = []
for win_cred in win_creds: for win_cred in win_creds:
creds_obj = Credentials(identities=[], secrets=[]) creds_obj = Credentials(identities=[], secrets=[])
@ -30,9 +31,13 @@ class MimikatzCredentialCollector(ICredentialCollector):
password = Password(win_cred.password) password = Password(win_cred.password)
creds_obj.secrets.append(password) creds_obj.secrets.append(password)
if win_cred.lm_hash or win_cred.ntlm_hash: if win_cred.lm_hash:
hashes = NTHashes(ntlm_hash=win_cred.ntlm_hash, lm_hash=win_cred.lm_hash) lm_hash = LMHash(lm_hash=win_cred.lm_hash)
creds_obj.secrets.append(hashes) creds_obj.secrets.append(lm_hash)
if win_cred.ntlm_hash:
lm_hash = NTHash(nt_hash=win_cred.ntlm_hash)
creds_obj.secrets.append(lm_hash)
if creds_obj.identities != [] or creds_obj.secrets != []: if creds_obj.identities != [] or creds_obj.secrets != []:
all_creds.append(creds_obj) all_creds.append(creds_obj)

View File

@ -1,4 +1,4 @@
from infection_monkey.credential_collectors import Credentials, NTHashes, Password, Username from infection_monkey.credential_collectors import Credentials, LMHash, NTHash, Password, Username
from infection_monkey.credential_collectors.mimikatz_collector.mimikatz_cred_collector import ( from infection_monkey.credential_collectors.mimikatz_collector.mimikatz_cred_collector import (
MimikatzCredentialCollector, MimikatzCredentialCollector,
) )
@ -32,9 +32,7 @@ def test_pypykatz_result_parsing(monkeypatch):
WindowsCredentials(username="user", password="secret", ntlm_hash="", lm_hash=""), WindowsCredentials(username="user", password="secret", ntlm_hash="", lm_hash=""),
WindowsCredentials(username="", password="", ntlm_hash="ntlm_hash", lm_hash="lm_hash"), WindowsCredentials(username="", password="", ntlm_hash="ntlm_hash", lm_hash="lm_hash"),
WindowsCredentials(username="user", password="secret", ntlm_hash="", lm_hash=""), WindowsCredentials(username="user", password="secret", ntlm_hash="", lm_hash=""),
WindowsCredentials( WindowsCredentials(username="user2", password="secret2", lm_hash="lm_hash"),
username="user2", password="secret2", ntlm_hash="ntlm_hash2", lm_hash="lm_hash2"
),
] ]
patch_pypykatz(win_creds, monkeypatch) patch_pypykatz(win_creds, monkeypatch)
@ -43,14 +41,14 @@ def test_pypykatz_result_parsing(monkeypatch):
username2 = Username("user2") username2 = Username("user2")
password = Password("secret") password = Password("secret")
password2 = Password("secret2") password2 = Password("secret2")
hash = NTHashes(ntlm_hash="ntlm_hash", lm_hash="lm_hash") nt_hash = NTHash(nt_hash="ntlm_hash")
hash2 = NTHashes(ntlm_hash="ntlm_hash2", lm_hash="lm_hash2") lm_hash = LMHash(lm_hash="lm_hash")
expected = [ expected = [
Credentials(identities=[username], secrets=[password]), Credentials(identities=[username], secrets=[password]),
Credentials(identities=[], secrets=[hash]), Credentials(identities=[], secrets=[lm_hash, nt_hash]),
Credentials(identities=[username], secrets=[password]), Credentials(identities=[username], secrets=[password]),
Credentials(identities=[username2], secrets=[password2, hash2]), Credentials(identities=[username2], secrets=[password2, lm_hash]),
] ]
collected = MimikatzCredentialCollector().collect_credentials() collected = MimikatzCredentialCollector().collect_credentials()
assert expected == collected assert expected == collected