From e7fcf933b7912f039c3bd271516d5d3d7889f6ae Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 5 Oct 2021 12:12:38 -0400 Subject: [PATCH] Island: Remove try/except from MimikatzResultsEncryptor.encrypt() Catching this exception was a workaround for an issue that was resolved in PR #1508. --- .../mimikatz_cred_collector.py | 2 ++ .../field_encryptors/mimikatz_results_encryptor.py | 13 +++---------- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py b/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py index 6a4ef7799..ab44d85ea 100644 --- a/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py +++ b/monkey/infection_monkey/system_info/windows_cred_collector/mimikatz_cred_collector.py @@ -16,6 +16,8 @@ class MimikatzCredentialCollector(object): def cred_list_to_cred_dict(creds: List[WindowsCredentials]): cred_dict = {} for cred in creds: + # TODO: This should be handled by the island, not the agent. There is already similar + # code in monkey_island/cc/models/report/report_dal.py. # Lets not use "." and "$" in keys, because it will confuse mongo. # Ideally we should refactor island not to use a dict and simply parse credential list. key = cred.username.replace(".", ",").replace("$", "") diff --git a/monkey/monkey_island/cc/server_utils/encryption/dict_encryption/field_encryptors/mimikatz_results_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/dict_encryption/field_encryptors/mimikatz_results_encryptor.py index 163bee8fd..696a9187b 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/dict_encryption/field_encryptors/mimikatz_results_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/dict_encryption/field_encryptors/mimikatz_results_encryptor.py @@ -14,16 +14,9 @@ class MimikatzResultsEncryptor(IFieldEncryptor): def encrypt(results: dict) -> dict: for _, credentials in results.items(): for secret_type in MimikatzResultsEncryptor.secret_types: - try: - credentials[secret_type] = get_datastore_encryptor().encrypt( - credentials[secret_type] - ) - except ValueError as e: - logger.error( - f"Failed encrypting sensitive field for " - f"user {credentials['username']}! Error: {e}" - ) - credentials[secret_type] = get_datastore_encryptor().encrypt("") + credentials[secret_type] = get_datastore_encryptor().encrypt( + credentials[secret_type] + ) return results @staticmethod