forked from p15670423/monkey
Exported common T1021 and T1110 functions to 'technique_report_tools.py' file, fixed 'ScanStatus' usage on front end
This commit is contained in:
VakarisZ
parent
1360e1877c
commit
54b38b04b2
|
|
@ -1,7 +1,8 @@
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from monkey_island.cc.services.attack.technique_reports.T1110 import T1110
|
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import parse_creds
|
||||||
|
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
|
||||||
|
|
@ -44,7 +45,7 @@ class T1021(AttackTechnique):
|
||||||
for result in attempts:
|
for result in attempts:
|
||||||
result['successful_creds'] = []
|
result['successful_creds'] = []
|
||||||
for attempt in result['attempts']:
|
for attempt in result['attempts']:
|
||||||
result['successful_creds'].append(T1110.parse_creds(attempt))
|
result['successful_creds'].append(parse_creds(attempt))
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.SCANNED.value
|
status = ScanStatus.SCANNED.value
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from monkey_island.cc.encryptor import encryptor
|
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import parse_creds
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
|
||||||
|
|
@ -32,7 +32,7 @@ class T1110(AttackTechnique):
|
||||||
result['successful_creds'] = []
|
result['successful_creds'] = []
|
||||||
for attempt in result['attempts']:
|
for attempt in result['attempts']:
|
||||||
succeeded = True
|
succeeded = True
|
||||||
result['successful_creds'].append(T1110.parse_creds(attempt))
|
result['successful_creds'].append(parse_creds(attempt))
|
||||||
|
|
||||||
if succeeded:
|
if succeeded:
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.USED.value
|
||||||
|
|
@ -47,47 +47,4 @@ class T1110(AttackTechnique):
|
||||||
data.update({'services': attempts})
|
data.update({'services': attempts})
|
||||||
return data
|
return data
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def parse_creds(attempt):
|
|
||||||
"""
|
|
||||||
Parses used credentials into a string
|
|
||||||
:param attempt: login attempt from database
|
|
||||||
:return: string with username and used password/hash
|
|
||||||
"""
|
|
||||||
username = attempt['user']
|
|
||||||
creds = {'lm_hash': {'type': 'LM hash', 'output': T1110.censor_hash(attempt['lm_hash'])},
|
|
||||||
'ntlm_hash': {'type': 'NTLM hash', 'output': T1110.censor_hash(attempt['ntlm_hash'], 20)},
|
|
||||||
'ssh_key': {'type': 'SSH key', 'output': attempt['ssh_key']},
|
|
||||||
'password': {'type': 'Plaintext password', 'output': T1110.censor_password(attempt['password'])}}
|
|
||||||
for key, cred in creds.items():
|
|
||||||
if attempt[key]:
|
|
||||||
return '%s ; %s : %s' % (username,
|
|
||||||
cred['type'],
|
|
||||||
cred['output'])
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def censor_password(password, plain_chars=3, secret_chars=5):
|
|
||||||
"""
|
|
||||||
Decrypts and obfuscates password by changing characters to *
|
|
||||||
:param password: Password or string to obfuscate
|
|
||||||
:param plain_chars: How many plain-text characters should be kept at the start of the string
|
|
||||||
:param secret_chars: How many * symbols should be used to hide the remainder of the password
|
|
||||||
:return: Obfuscated string e.g. Pass****
|
|
||||||
"""
|
|
||||||
if not password:
|
|
||||||
return ""
|
|
||||||
password = encryptor.dec(password)
|
|
||||||
return password[0:plain_chars] + '*' * secret_chars
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def censor_hash(hash_, plain_chars=5):
|
|
||||||
"""
|
|
||||||
Decrypts and obfuscates hash by only showing a part of it
|
|
||||||
:param hash_: Hash to obfuscate
|
|
||||||
:param plain_chars: How many chars of hash should be shown
|
|
||||||
:return: Obfuscated string
|
|
||||||
"""
|
|
||||||
if not hash_:
|
|
||||||
return ""
|
|
||||||
hash_ = encryptor.dec(hash_)
|
|
||||||
return hash_[0: plain_chars] + ' ...'
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,46 @@
|
||||||
|
from monkey_island.cc.encryptor import encryptor
|
||||||
|
|
||||||
|
|
||||||
|
def parse_creds(attempt):
|
||||||
|
"""
|
||||||
|
Parses used credentials into a string
|
||||||
|
:param attempt: login attempt from database
|
||||||
|
:return: string with username and used password/hash
|
||||||
|
"""
|
||||||
|
username = attempt['user']
|
||||||
|
creds = {'lm_hash': {'type': 'LM hash', 'output': censor_hash(attempt['lm_hash'])},
|
||||||
|
'ntlm_hash': {'type': 'NTLM hash', 'output': censor_hash(attempt['ntlm_hash'], 20)},
|
||||||
|
'ssh_key': {'type': 'SSH key', 'output': attempt['ssh_key']},
|
||||||
|
'password': {'type': 'Plaintext password', 'output': censor_password(attempt['password'])}}
|
||||||
|
for key, cred in creds.items():
|
||||||
|
if attempt[key]:
|
||||||
|
return '%s ; %s : %s' % (username,
|
||||||
|
cred['type'],
|
||||||
|
cred['output'])
|
||||||
|
|
||||||
|
|
||||||
|
def censor_password(password, plain_chars=3, secret_chars=5):
|
||||||
|
"""
|
||||||
|
Decrypts and obfuscates password by changing characters to *
|
||||||
|
:param password: Password or string to obfuscate
|
||||||
|
:param plain_chars: How many plain-text characters should be kept at the start of the string
|
||||||
|
:param secret_chars: How many * symbols should be used to hide the remainder of the password
|
||||||
|
:return: Obfuscated string e.g. Pass****
|
||||||
|
"""
|
||||||
|
if not password:
|
||||||
|
return ""
|
||||||
|
password = encryptor.dec(password)
|
||||||
|
return password[0:plain_chars] + '*' * secret_chars
|
||||||
|
|
||||||
|
|
||||||
|
def censor_hash(hash_, plain_chars=5):
|
||||||
|
"""
|
||||||
|
Decrypts and obfuscates hash by only showing a part of it
|
||||||
|
:param hash_: Hash to obfuscate
|
||||||
|
:param plain_chars: How many chars of hash should be shown
|
||||||
|
:return: Obfuscated string
|
||||||
|
"""
|
||||||
|
if not hash_:
|
||||||
|
return ""
|
||||||
|
hash_ = encryptor.dec(hash_)
|
||||||
|
return hash_[0: plain_chars] + ' ...'
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
import React from 'react';
|
import React from 'react';
|
||||||
import '../../../styles/Collapse.scss'
|
import '../../../styles/Collapse.scss'
|
||||||
import ReactTable from "react-table";
|
import ReactTable from "react-table";
|
||||||
import { renderMachine, scanStatus } from "./Helpers"
|
import { renderMachine, ScanStatus } from "./Helpers"
|
||||||
|
|
||||||
|
|
||||||
class T1021 extends React.Component {
|
class T1021 extends React.Component {
|
||||||
|
|
@ -29,7 +29,7 @@ class T1021 extends React.Component {
|
||||||
<div>
|
<div>
|
||||||
<div>{this.props.data.message}</div>
|
<div>{this.props.data.message}</div>
|
||||||
<br/>
|
<br/>
|
||||||
{this.props.data.status === scanStatus.USED ?
|
{this.props.data.status === ScanStatus.USED ?
|
||||||
<ReactTable
|
<ReactTable
|
||||||
columns={T1021.getServiceColumns()}
|
columns={T1021.getServiceColumns()}
|
||||||
data={this.props.data.services}
|
data={this.props.data.services}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue