Change origin of creds stolen using exploits from host machine to exploited machine

This commit is contained in:
Shreya 2021-02-26 23:38:45 +05:30
parent eb41376f53
commit 1528b00a1b
1 changed files with 6 additions and 4 deletions

View File

@ -198,7 +198,8 @@ class ReportService:
for telem in mongo.db.telemetry.find({'telem_category': 'system_info', 'data.credentials': {'$exists': True}}, for telem in mongo.db.telemetry.find({'telem_category': 'system_info', 'data.credentials': {'$exists': True}},
{'data.credentials': 1, 'monkey_guid': 1}): {'data.credentials': 1, 'monkey_guid': 1}):
creds = telem['data']['credentials'] creds = telem['data']['credentials']
formatted_creds.extend(ReportService._format_creds_for_reporting(telem, creds)) origin = NodeService.get_monkey_by_guid(telem['monkey_guid'])['hostname']
formatted_creds.extend(ReportService._format_creds_for_reporting(telem, creds, origin))
return formatted_creds return formatted_creds
@staticmethod @staticmethod
@ -207,16 +208,17 @@ class ReportService:
for telem in mongo.db.telemetry.find({'telem_category': 'exploit', 'data.info.credentials': {'$exists': True}}, for telem in mongo.db.telemetry.find({'telem_category': 'exploit', 'data.info.credentials': {'$exists': True}},
{'data.info.credentials': 1, 'monkey_guid': 1}): {'data.info.credentials': 1, 'monkey_guid': 1}):
creds = telem['data']['info']['credentials'] creds = telem['data']['info']['credentials']
formatted_creds.extend(ReportService._format_creds_for_reporting(telem, creds)) origin = telem['data']['machine']['domain_name']
formatted_creds.extend(ReportService._format_creds_for_reporting(telem, creds, origin))
return formatted_creds return formatted_creds
@staticmethod @staticmethod
def _format_creds_for_reporting(telem, monkey_creds): def _format_creds_for_reporting(telem, monkey_creds, origin):
creds = [] creds = []
CRED_TYPE_DICT = {'password': 'Clear Password', 'lm_hash': 'LM hash', 'ntlm_hash': 'NTLM hash'} CRED_TYPE_DICT = {'password': 'Clear Password', 'lm_hash': 'LM hash', 'ntlm_hash': 'NTLM hash'}
if len(monkey_creds) == 0: if len(monkey_creds) == 0:
return [] return []
origin = NodeService.get_monkey_by_guid(telem['monkey_guid'])['hostname']
for user in monkey_creds: for user in monkey_creds:
for cred_type in CRED_TYPE_DICT: for cred_type in CRED_TYPE_DICT:
if cred_type not in monkey_creds[user] or not monkey_creds[user][cred_type]: if cred_type not in monkey_creds[user] or not monkey_creds[user][cred_type]: