p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Send extracted creds as CredentialTelemetry from Zerologon exploiter

This commit is contained in:
Shreya Malviya 2022-03-07 15:01:38 +05:30 committed by Mike Salvatore
parent aee3566a0c
commit 040227286a
1 changed files with 9 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
monkey/infection_monkey/exploit/zerologon.py
View File

@ -16,11 +16,14 @@ from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
from impacket.dcerpc.v5.dtypes import NULL from impacket.dcerpc.v5.dtypes import NULL
from common.utils.exploit_enum import ExploitType from common.utils.exploit_enum import ExploitType
from infection_monkey.credential_collectors import LMHash, NTHash, Username
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable
from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec
from infection_monkey.i_puppet.credential_collection import Credentials
from infection_monkey.telemetry.credentials_telem import CredentialsTelem
from infection_monkey.utils.capture_output import StdoutCapture from infection_monkey.utils.capture_output import StdoutCapture
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -36,7 +39,6 @@ class ZerologonExploiter(HostExploiter):
def __init__(self, host: object): def __init__(self, host: object):
super().__init__(host) super().__init__(host)
self.exploit_info["credentials"] = {}
self.exploit_info["password_restored"] = None self.exploit_info["password_restored"] = None
self._extracted_creds = {} self._extracted_creds = {}
self._secrets_dir = tempfile.TemporaryDirectory(prefix="zerologon") self._secrets_dir = tempfile.TemporaryDirectory(prefix="zerologon")
@ -264,7 +266,7 @@ class ZerologonExploiter(HostExploiter):
def store_extracted_creds_for_exploitation(self) -> None: def store_extracted_creds_for_exploitation(self) -> None:
for user in self._extracted_creds.keys(): for user in self._extracted_creds.keys():
self.add_extracted_creds_to_exploit_info( self.send_extracted_creds_as_credential_telemetry(
user, user,
self._extracted_creds[user]["lm_hash"], self._extracted_creds[user]["lm_hash"],
self._extracted_creds[user]["nt_hash"], self._extracted_creds[user]["nt_hash"],
@ -275,18 +277,11 @@ class ZerologonExploiter(HostExploiter):
self._extracted_creds[user]["nt_hash"], self._extracted_creds[user]["nt_hash"],
) )
def add_extracted_creds_to_exploit_info(self, user: str, lmhash: str, nthash: str) -> None: def send_extracted_creds_as_credential_telemetry(
# TODO exploit_info["credentials"] is discontinued, self, user: str, lmhash: str, nthash: str
# refactor to send a credential telemetry ) -> None:
self.exploit_info["credentials"].update( self._telemetry_messenger.send_telemetry(
{ CredentialsTelem([Credentials([Username(user)], [LMHash(lmhash), NTHash(nthash)])])
user: {
"username": user,
"password": "",
"lm_hash": lmhash,
"ntlm_hash": nthash,
}
}
) )
# so other exploiters can use these creds # so other exploiters can use these creds