Agent: Extract zerologon tags into constant

This commit is contained in:
Ilija Lazoroski 2022-08-16 12:13:29 +02:00
parent aaef2f1f81
commit d400fcb215
1 changed files with 5 additions and 5 deletions

View File

@ -9,7 +9,6 @@ import os
import re
import tempfile
from binascii import unhexlify
from time import time
from typing import Dict, List, Optional, Sequence, Tuple
import impacket
@ -19,7 +18,6 @@ from impacket.dcerpc.v5.dtypes import NULL
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
from common.credentials import Credentials, LMHash, NTHash, Username
from common.events import CredentialsStolenEvent
from infection_monkey.config import IGUID
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.wmi_tools import WmiTools
from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
@ -33,6 +31,10 @@ from infection_monkey.utils.threading import interruptible_iter
logger = logging.getLogger(__name__)
ZEROLOGON_EXPLOIT_TAG = "ZerologonCredentialsStolen"
ZEROLOGON_EVENT_TAGS = {ZEROLOGON_EXPLOIT_TAG}
class ZerologonExploiter(HostExploiter):
_EXPLOITED_SERVICE = "Netlogon"
@ -297,10 +299,8 @@ class ZerologonExploiter(HostExploiter):
def _publish_credentials_stolen_event(self, extracted_credentials: Sequence[Credentials]):
credentials_stolen_event = CredentialsStolenEvent(
source=IGUID,
target=None,
timestamp=time(),
tags=({"ZerologonCredentialsStolen"}),
tags=(ZEROLOGON_EVENT_TAGS),
stolen_credentials=extracted_credentials,
)
self.event_queue.publish(credentials_stolen_event)