p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Publish an CredentialsStolenEvent from SSHCredentialCollector

This commit is contained in:
Ilija Lazoroski 2022-08-15 14:24:03 +02:00
parent 4952a544c0
commit 2610666f93
1 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
View File

@ -1,14 +1,19 @@
import logging import logging
import time
from typing import Dict, Iterable, Sequence from typing import Dict, Iterable, Sequence
from common.credentials import Credentials, SSHKeypair, Username from common.credentials import Credentials, SSHKeypair, Username
from common.event_queue import IEventQueue from common.event_queue import IEventQueue
from common.events import CredentialsStolenEvent
from infection_monkey.config import GUID
from infection_monkey.credential_collectors.ssh_collector import ssh_handler from infection_monkey.credential_collectors.ssh_collector import ssh_handler
from infection_monkey.i_puppet import ICredentialCollector from infection_monkey.i_puppet import ICredentialCollector
from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
SSH_CREDENTIAL_COLLECTOR_TAG = "SSHCredentialsStolen"
class SSHCredentialCollector(ICredentialCollector): class SSHCredentialCollector(ICredentialCollector):
""" """
@ -23,8 +28,28 @@ class SSHCredentialCollector(ICredentialCollector):
logger.info("Started scanning for SSH credentials") logger.info("Started scanning for SSH credentials")
ssh_info = ssh_handler.get_ssh_info(self._telemetry_messenger) ssh_info = ssh_handler.get_ssh_info(self._telemetry_messenger)
logger.info("Finished scanning for SSH credentials") logger.info("Finished scanning for SSH credentials")
ssh_collector_credentials = SSHCredentialCollector._to_credentials(ssh_info)
return SSHCredentialCollector._to_credentials(ssh_info) credentials_stolen_event = SSHCredentialCollector._generate_credentials_stolen_event(
ssh_collector_credentials
)
self._event_queue.publish(credentials_stolen_event)
return ssh_collector_credentials
@staticmethod
def _generate_credentials_stolen_event(
collected_credentials: Sequence[Credentials],
) -> CredentialsStolenEvent:
credentials_stolen_event = CredentialsStolenEvent(
source=GUID,
target=None,
timestamp=time.time(),
tags=frozenset({SSH_CREDENTIAL_COLLECTOR_TAG, "T1005", "T1145"}),
stolen_credentials=collected_credentials,
)
return credentials_stolen_event
@staticmethod @staticmethod
def _to_credentials(ssh_info: Iterable[Dict]) -> Sequence[Credentials]: def _to_credentials(ssh_info: Iterable[Dict]) -> Sequence[Credentials]: