p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #2317 from guardicore/fix-zerologon 

Fix zerologon
This commit is contained in:
Mike Salvatore 2022-09-19 10:16:19 -04:00 committed by GitHub
parent 8e88f81c36 2857e70fa2
commit 9f697e57d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py
View File

@ -28,20 +28,21 @@ class ZerologonAnalyzer(Analyzer):
def _analyze_credential_gathering(self) -> bool: def _analyze_credential_gathering(self) -> bool:
propagation_credentials = self.island_client.get_propagation_credentials() propagation_credentials = self.island_client.get_propagation_credentials()
self.log.add_entry(f"Credentials from endpoint: {propagation_credentials}")
credentials_on_island = ZerologonAnalyzer._get_relevant_credentials(propagation_credentials) credentials_on_island = ZerologonAnalyzer._get_relevant_credentials(propagation_credentials)
self.log.add_entry(f"Relevant credentials: {credentials_on_island}")
return self._is_all_credentials_in_list(credentials_on_island) return self._is_all_credentials_in_list(credentials_on_island)
@staticmethod @staticmethod
def _get_relevant_credentials(propagation_credentials: Credentials) -> List[str]: def _get_relevant_credentials(propagation_credentials: Credentials) -> List[str]:
credentials_on_island = set() credentials_on_island = set()
for credentials in propagation_credentials: for credentials in propagation_credentials:
if isinstance(credentials.identity, Username): if isinstance(credentials.identity, Username):
credentials_on_island.update([credentials.identity.username]) credentials_on_island.update([credentials.identity.username])
if isinstance(credentials.secret, NTHash): if isinstance(credentials.secret, NTHash):
credentials_on_island.update([credentials.secret.nt_hash]) credentials_on_island.update([credentials.secret.nt_hash.get_secret_value()])
if isinstance(credentials.secret, LMHash): if isinstance(credentials.secret, LMHash):
credentials_on_island.update([credentials.secret.lm_hash]) credentials_on_island.update([credentials.secret.lm_hash.get_secret_value()])
return list(credentials_on_island) return list(credentials_on_island)

6
monkey/monkey_island/cc/agent_event_handlers/save_stolen_credentials_to_repository.py
View File

@ -14,10 +14,8 @@ class save_stolen_credentials_to_repository:
def __init__(self, credentials_repository: ICredentialsRepository): def __init__(self, credentials_repository: ICredentialsRepository):
self._credentials_repository = credentials_repository self._credentials_repository = credentials_repository
def __call__(self, credentials_stolen_event: CredentialsStolenEvent): def __call__(self, event: CredentialsStolenEvent):
try: try:
self._credentials_repository.save_stolen_credentials( self._credentials_repository.save_stolen_credentials(event.stolen_credentials)
credentials_stolen_event.stolen_credentials
)
except StorageError as err: except StorageError as err:
logger.error(f"Error occurred while storing stolen credentials: {err}") logger.error(f"Error occurred while storing stolen credentials: {err}")