forked from p15670423/monkey
Change origin of creds stolen using exploits from host machine to exploited machine
This commit is contained in:
parent
eb41376f53
commit
1528b00a1b
|
@ -198,7 +198,8 @@ class ReportService:
|
||||||
for telem in mongo.db.telemetry.find({'telem_category': 'system_info', 'data.credentials': {'$exists': True}},
|
for telem in mongo.db.telemetry.find({'telem_category': 'system_info', 'data.credentials': {'$exists': True}},
|
||||||
{'data.credentials': 1, 'monkey_guid': 1}):
|
{'data.credentials': 1, 'monkey_guid': 1}):
|
||||||
creds = telem['data']['credentials']
|
creds = telem['data']['credentials']
|
||||||
formatted_creds.extend(ReportService._format_creds_for_reporting(telem, creds))
|
origin = NodeService.get_monkey_by_guid(telem['monkey_guid'])['hostname']
|
||||||
|
formatted_creds.extend(ReportService._format_creds_for_reporting(telem, creds, origin))
|
||||||
return formatted_creds
|
return formatted_creds
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -207,16 +208,17 @@ class ReportService:
|
||||||
for telem in mongo.db.telemetry.find({'telem_category': 'exploit', 'data.info.credentials': {'$exists': True}},
|
for telem in mongo.db.telemetry.find({'telem_category': 'exploit', 'data.info.credentials': {'$exists': True}},
|
||||||
{'data.info.credentials': 1, 'monkey_guid': 1}):
|
{'data.info.credentials': 1, 'monkey_guid': 1}):
|
||||||
creds = telem['data']['info']['credentials']
|
creds = telem['data']['info']['credentials']
|
||||||
formatted_creds.extend(ReportService._format_creds_for_reporting(telem, creds))
|
origin = telem['data']['machine']['domain_name']
|
||||||
|
formatted_creds.extend(ReportService._format_creds_for_reporting(telem, creds, origin))
|
||||||
return formatted_creds
|
return formatted_creds
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _format_creds_for_reporting(telem, monkey_creds):
|
def _format_creds_for_reporting(telem, monkey_creds, origin):
|
||||||
creds = []
|
creds = []
|
||||||
CRED_TYPE_DICT = {'password': 'Clear Password', 'lm_hash': 'LM hash', 'ntlm_hash': 'NTLM hash'}
|
CRED_TYPE_DICT = {'password': 'Clear Password', 'lm_hash': 'LM hash', 'ntlm_hash': 'NTLM hash'}
|
||||||
if len(monkey_creds) == 0:
|
if len(monkey_creds) == 0:
|
||||||
return []
|
return []
|
||||||
origin = NodeService.get_monkey_by_guid(telem['monkey_guid'])['hostname']
|
|
||||||
for user in monkey_creds:
|
for user in monkey_creds:
|
||||||
for cred_type in CRED_TYPE_DICT:
|
for cred_type in CRED_TYPE_DICT:
|
||||||
if cred_type not in monkey_creds[user] or not monkey_creds[user][cred_type]:
|
if cred_type not in monkey_creds[user] or not monkey_creds[user][cred_type]:
|
||||||
|
|
Loading…
Reference in New Issue