From 6fc37cef07d4c81e37c64e4f71cef301b6169175 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Wed, 18 Sep 2019 10:39:25 +0300 Subject: [PATCH 1/2] Hashing passwords to make sure we don't log passwords plaintext --- .../infection_monkey/exploit/tools/smb_tools.py | 15 ++++++++------- monkey/infection_monkey/exploit/wmiexec.py | 8 ++++---- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/monkey/infection_monkey/exploit/tools/smb_tools.py b/monkey/infection_monkey/exploit/tools/smb_tools.py index 6ca0b63ad..0d18a8365 100644 --- a/monkey/infection_monkey/exploit/tools/smb_tools.py +++ b/monkey/infection_monkey/exploit/tools/smb_tools.py @@ -11,7 +11,7 @@ import infection_monkey.monkeyfs as monkeyfs from common.utils.attack_utils import ScanStatus from infection_monkey.telemetry.attack.t1105_telem import T1105Telem from infection_monkey.exploit.tools.helpers import get_interface_to_target - +from infection_monkey.config import Configuration __author__ = 'itamar' LOG = logging.getLogger(__name__) @@ -31,9 +31,9 @@ class SmbTools(object): # skip guest users if smb.isGuestSession() > 0: - LOG.debug("Connection to %r granted guest privileges with user: %s, password: '%s'," + LOG.debug("Connection to %r granted guest privileges with user: %s, password (SHA-512): '%s'," " LM hash: %s, NTLM hash: %s", - host, username, password, lm_hash, ntlm_hash) + host, username, Configuration.hash_sensitive_data(password), lm_hash, ntlm_hash) try: smb.logoff() @@ -165,8 +165,8 @@ class SmbTools(object): if not file_uploaded: LOG.debug("Couldn't find a writable share for exploiting" - " victim %r with username: %s, password: '%s', LM hash: %s, NTLM hash: %s", - host, username, password, lm_hash, ntlm_hash) + " victim %r with username: %s, password (SHA-512): '%s', LM hash: %s, NTLM hash: %s", + host, username, Configuration.hash_sensitive_data(password), lm_hash, ntlm_hash) return None return remote_full_path @@ -194,8 +194,9 @@ class SmbTools(object): try: smb.login(username, password, '', lm_hash, ntlm_hash) except Exception as exc: - LOG.debug("Error while logging into %r using user: %s, password: '%s', LM hash: %s, NTLM hash: %s: %s", - host, username, password, lm_hash, ntlm_hash, exc) + LOG.debug( + "Error while logging into %r using user: %s, password (SHA-512): '%s', LM hash: %s, NTLM hash: %s: %s", + host, username, Configuration.hash_sensitive_data(password), lm_hash, ntlm_hash, exc) return None, dialect smb.setTimeout(timeout) diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py index 1f3e1cecc..f9b7c627c 100644 --- a/monkey/infection_monkey/exploit/wmiexec.py +++ b/monkey/infection_monkey/exploit/wmiexec.py @@ -48,23 +48,23 @@ class WmiExploiter(HostExploiter): except AccessDeniedException: self.report_login_attempt(False, user, password, lm_hash, ntlm_hash) LOG.debug("Failed connecting to %r using WMI with " - "user,password,lm hash,ntlm hash: ('%s','%s','%s','%s')", + "user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')", self.host, user, password_hashed, lm_hash, ntlm_hash) continue except DCERPCException: self.report_login_attempt(False, user, password, lm_hash, ntlm_hash) LOG.debug("Failed connecting to %r using WMI with " - "user,password,lm hash,ntlm hash: ('%s','%s','%s','%s')", + "user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')", self.host, user, password_hashed, lm_hash, ntlm_hash) continue except socket.error: LOG.debug("Network error in WMI connection to %r with " - "user,password,lm hash,ntlm hash: ('%s','%s','%s','%s')", + "user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s')", self.host, user, password_hashed, lm_hash, ntlm_hash) return False except Exception as exc: LOG.debug("Unknown WMI connection error to %r with " - "user,password,lm hash,ntlm hash: ('%s','%s','%s','%s') (%s):\n%s", + "user,password (SHA-512),lm hash,ntlm hash: ('%s','%s','%s','%s') (%s):\n%s", self.host, user, password_hashed, lm_hash, ntlm_hash, exc, traceback.format_exc()) return False From 4762cbc5450393c6f632ea5a54d85f15f2f116d9 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Wed, 18 Sep 2019 10:57:46 +0300 Subject: [PATCH 2/2] Using the new utils - probably a merge mistake somewhere along the lines --- monkey/infection_monkey/monkey.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index e8af1b60d..a4c72c439 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -7,6 +7,7 @@ import time from six.moves import xrange import infection_monkey.tunnel as tunnel +from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.monkey_dir import create_monkey_dir, get_monkey_dir_path, remove_monkey_dir from infection_monkey.utils.monkey_log_path import get_monkey_log_path from infection_monkey.config import WormConfiguration @@ -105,7 +106,7 @@ class InfectionMonkey(object): ControlClient.wakeup(parent=self._parent) ControlClient.load_control_config() - if utils.is_windows_os(): + if is_windows_os(): T1106Telem(ScanStatus.USED, UsageEnum.SINGLETON_WINAPI).send() if not WormConfiguration.alive: