From 58ed42a247e79b45f5f2149c7bed8d929ad3be48 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 14 Sep 2021 07:43:23 -0400
Subject: [PATCH] Agent: Add comment regarding NTLM hashes to format_password()

---
 .../exploit/powershell_utils/powershell_client.py    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/monkey/infection_monkey/exploit/powershell_utils/powershell_client.py b/monkey/infection_monkey/exploit/powershell_utils/powershell_client.py
index 55ccd477a..6727ac67c 100644
--- a/monkey/infection_monkey/exploit/powershell_utils/powershell_client.py
+++ b/monkey/infection_monkey/exploit/powershell_utils/powershell_client.py
@@ -27,6 +27,18 @@ def _set_sensitive_packages_log_level_to_error():
         logging.getLogger(package.__name__).setLevel(logging.ERROR)
 
 
+# The pypsrp library requires LM or NT hashes to be formatted like "LM_HASH:NT_HASH"
+#
+# Example:
+# If your LM hash is 1ec78eb5f6edd379351858c437fc3e4e and your NT hash is
+# 79a760336ad8c808fee32aa96985a305, then you would pass
+# "1ec78eb5f6edd379351858c437fc3e4e:79a760336ad8c808fee32aa96985a305" as the
+# `password` parameter to pypsrp.
+#
+# In our case, we have a set of NT hashes and a set of LM hashes, but we don't
+# know if any particular LM/NT hash pair was generated from the same password.
+# To avoid confusion, we pair each NT or LM hash with a dummy (i.e. all zeros)
+# hash.
 def format_password(credentials: Credentials) -> Optional[str]:
     if credentials.secret_type == SecretType.CACHED:
         return None