forked from p15670423/monkey
Island: Add formatting credentials for report
This commit is contained in:
parent
c75ee22c29
commit
c83f76b02b
|
@ -1,48 +1,35 @@
|
||||||
import logging
|
import logging
|
||||||
from typing import Mapping, Sequence
|
from typing import Mapping, Sequence
|
||||||
|
|
||||||
from common.credentials import CredentialComponentType
|
from common.credentials import CredentialComponentType, Credentials
|
||||||
from monkey_island.cc.models import StolenCredentials
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
def get_stolen_creds() -> Sequence[Mapping]:
|
def format_creds_for_reporting(credentials: Sequence[Credentials]) -> Sequence[Mapping]:
|
||||||
stolen_creds = _fetch_from_db()
|
|
||||||
stolen_creds = _format_creds_for_reporting(stolen_creds)
|
|
||||||
|
|
||||||
logger.info("Stolen creds generated for reporting")
|
logger.info("Stolen creds generated for reporting")
|
||||||
return stolen_creds
|
|
||||||
|
|
||||||
|
|
||||||
def _fetch_from_db() -> Sequence[StolenCredentials]:
|
|
||||||
return list(StolenCredentials.objects())
|
|
||||||
|
|
||||||
|
|
||||||
def _format_creds_for_reporting(credentials: Sequence[StolenCredentials]):
|
|
||||||
formatted_creds = []
|
formatted_creds = []
|
||||||
cred_type_dict = {
|
cred_type_dict = {
|
||||||
CredentialComponentType.PASSWORD.name: "Clear Password",
|
CredentialComponentType.PASSWORD: "Clear Password",
|
||||||
CredentialComponentType.LM_HASH.name: "LM hash",
|
CredentialComponentType.LM_HASH: "LM hash",
|
||||||
CredentialComponentType.NT_HASH.name: "NTLM hash",
|
CredentialComponentType.NT_HASH: "NTLM hash",
|
||||||
CredentialComponentType.SSH_KEYPAIR.name: "Clear SSH private key",
|
CredentialComponentType.SSH_KEYPAIR: "Clear SSH private key",
|
||||||
}
|
}
|
||||||
|
|
||||||
for cred in credentials:
|
for cred in credentials:
|
||||||
for secret_type in cred.secrets:
|
for secret_type in cred.secrets:
|
||||||
if secret_type not in cred_type_dict:
|
if secret_type.credential_type not in cred_type_dict:
|
||||||
continue
|
continue
|
||||||
username = _get_username(cred)
|
username = _get_username(cred)
|
||||||
cred_row = {
|
cred_row = {
|
||||||
"username": username,
|
"username": username,
|
||||||
"_type": secret_type,
|
"_type": secret_type.credential_type.name,
|
||||||
"type": cred_type_dict[secret_type],
|
"type": cred_type_dict[secret_type.credential_type],
|
||||||
"origin": cred.monkey.hostname,
|
|
||||||
}
|
}
|
||||||
if cred_row not in formatted_creds:
|
if cred_row not in formatted_creds:
|
||||||
formatted_creds.append(cred_row)
|
formatted_creds.append(cred_row)
|
||||||
return formatted_creds
|
return formatted_creds
|
||||||
|
|
||||||
|
|
||||||
def _get_username(credentials: StolenCredentials) -> str:
|
def _get_username(credentials: Credentials) -> str:
|
||||||
return credentials.identities[0]["username"] if credentials.identities else ""
|
return credentials.identities[0].username if credentials.identities else ""
|
||||||
|
|
|
@ -1,70 +1,54 @@
|
||||||
import pytest
|
from common.credentials import (
|
||||||
|
CredentialComponentType,
|
||||||
from common.credentials import CredentialComponentType
|
Credentials,
|
||||||
from monkey_island.cc.models import Monkey, StolenCredentials
|
LMHash,
|
||||||
from monkey_island.cc.services.reporting.stolen_credentials import get_stolen_creds
|
NTHash,
|
||||||
|
Password,
|
||||||
|
SSHKeypair,
|
||||||
|
Username,
|
||||||
|
)
|
||||||
|
from monkey_island.cc.services.reporting.stolen_credentials import format_creds_for_reporting
|
||||||
|
|
||||||
monkey_hostname = "fake_hostname"
|
monkey_hostname = "fake_hostname"
|
||||||
fake_monkey_guid = "abc"
|
fake_monkey_guid = "abc"
|
||||||
|
|
||||||
fake_username = "m0nk3y_user"
|
fake_username = Username("m0nk3y_user")
|
||||||
fake_nt_hash = "c1c58f96cdf212b50837bc11a00be47c"
|
fake_nt_hash = NTHash("AEBD4DE384C7EC43AAD3B435B51404EE")
|
||||||
fake_lm_hash = "299BD128C1101FD6"
|
fake_lm_hash = LMHash("7A21990FCD3D759941E45C490F143D5F")
|
||||||
fake_password = "trytostealthis"
|
fake_password = Password("trytostealthis")
|
||||||
fake_ssh_key = "RSA_fake_key"
|
fake_ssh_public_key = "RSA_public_key"
|
||||||
fake_credentials = {
|
fake_ssh_private_key = "RSA_private_key"
|
||||||
"identities": [{"username": fake_username, "credential_type": "USERNAME"}],
|
fake_ssh_key = SSHKeypair(fake_ssh_private_key, fake_ssh_public_key)
|
||||||
"secrets": [
|
|
||||||
CredentialComponentType.NT_HASH.name,
|
identities = (fake_username,)
|
||||||
CredentialComponentType.LM_HASH.name,
|
secrets = (fake_nt_hash, fake_lm_hash, fake_password, fake_ssh_key)
|
||||||
CredentialComponentType.PASSWORD.name,
|
|
||||||
CredentialComponentType.SSH_KEYPAIR.name,
|
fake_credentials = [Credentials(identities, secrets)]
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
def test_formatting_credentials_for_report():
|
||||||
def fake_monkey():
|
|
||||||
monkey = Monkey()
|
|
||||||
monkey.guid = fake_monkey_guid
|
|
||||||
monkey.hostname = monkey_hostname
|
|
||||||
monkey.save()
|
|
||||||
return monkey.id
|
|
||||||
|
|
||||||
|
credentials = format_creds_for_reporting(fake_credentials)
|
||||||
@pytest.mark.usefixtures("uses_database")
|
|
||||||
def test_get_credentials(fake_monkey):
|
|
||||||
StolenCredentials(
|
|
||||||
identities=fake_credentials["identities"],
|
|
||||||
secrets=fake_credentials["secrets"],
|
|
||||||
monkey=fake_monkey,
|
|
||||||
).save()
|
|
||||||
|
|
||||||
credentials = get_stolen_creds()
|
|
||||||
|
|
||||||
result1 = {
|
result1 = {
|
||||||
"origin": monkey_hostname,
|
|
||||||
"_type": CredentialComponentType.NT_HASH.name,
|
"_type": CredentialComponentType.NT_HASH.name,
|
||||||
"type": "NTLM hash",
|
"type": "NTLM hash",
|
||||||
"username": fake_username,
|
"username": fake_username.username,
|
||||||
}
|
}
|
||||||
result2 = {
|
result2 = {
|
||||||
"origin": monkey_hostname,
|
|
||||||
"_type": CredentialComponentType.LM_HASH.name,
|
"_type": CredentialComponentType.LM_HASH.name,
|
||||||
"type": "LM hash",
|
"type": "LM hash",
|
||||||
"username": fake_username,
|
"username": fake_username.username,
|
||||||
}
|
}
|
||||||
result3 = {
|
result3 = {
|
||||||
"origin": monkey_hostname,
|
|
||||||
"_type": CredentialComponentType.PASSWORD.name,
|
"_type": CredentialComponentType.PASSWORD.name,
|
||||||
"type": "Clear Password",
|
"type": "Clear Password",
|
||||||
"username": fake_username,
|
"username": fake_username.username,
|
||||||
}
|
}
|
||||||
result4 = {
|
result4 = {
|
||||||
"origin": monkey_hostname,
|
|
||||||
"_type": CredentialComponentType.SSH_KEYPAIR.name,
|
"_type": CredentialComponentType.SSH_KEYPAIR.name,
|
||||||
"type": "Clear SSH private key",
|
"type": "Clear SSH private key",
|
||||||
"username": fake_username,
|
"username": fake_username.username,
|
||||||
}
|
}
|
||||||
assert result1 in credentials
|
assert result1 in credentials
|
||||||
assert result2 in credentials
|
assert result2 in credentials
|
||||||
|
|
Loading…
Reference in New Issue