Island, Agent: Fix credential parsing to match pydantic syntax

This commit is contained in:
vakarisz 2022-09-01 14:38:34 +03:00 committed by vakaris_zilius
parent d73cbee591
commit 7149c704a2
6 changed files with 92 additions and 117 deletions

View File

@ -1,7 +1,8 @@
import logging
from typing import Any, Iterable
from common.credentials import CredentialComponentType, Credentials, ICredentialComponent
from common.credentials import Credentials, LMHash, NTHash, Password, SSHKeypair, Username
from common.credentials.credentials import Identity, Secret
from infection_monkey.custom_types import PropagationCredentials
from infection_monkey.i_control_channel import IControlChannel
from infection_monkey.utils.decorators import request_cache
@ -43,18 +44,18 @@ class AggregatingPropagationCredentialsRepository(IPropagationCredentialsReposit
if credentials.secret:
self._add_secret(credentials.secret)
def _add_identity(self, identity: ICredentialComponent):
if identity.credential_type is CredentialComponentType.USERNAME:
def _add_identity(self, identity: Identity):
if type(identity) == Username:
self._stored_credentials.setdefault("exploit_user_list", set()).add(identity.username)
def _add_secret(self, secret: ICredentialComponent):
if secret.credential_type is CredentialComponentType.PASSWORD:
def _add_secret(self, secret: Secret):
if type(secret) is Password:
self._stored_credentials.setdefault("exploit_password_list", set()).add(secret.password)
elif secret.credential_type is CredentialComponentType.LM_HASH:
elif type(secret) is LMHash:
self._stored_credentials.setdefault("exploit_lm_hash_list", set()).add(secret.lm_hash)
elif secret.credential_type is CredentialComponentType.NT_HASH:
elif type(secret) is NTHash:
self._stored_credentials.setdefault("exploit_ntlm_hash_list", set()).add(secret.nt_hash)
elif secret.credential_type is CredentialComponentType.SSH_KEYPAIR:
elif type(secret) is SSHKeypair:
self._set_attribute(
"exploit_ssh_keys",
[{"public_key": secret.public_key, "private_key": secret.private_key}],

View File

@ -1,7 +1,7 @@
import logging
from typing import Mapping, Sequence
from common.credentials import CredentialComponentType, Credentials
from common.credentials import Credentials, LMHash, NTHash, Password, SSHKeypair
logger = logging.getLogger(__name__)
@ -11,23 +11,22 @@ def format_creds_for_reporting(credentials: Sequence[Credentials]) -> Sequence[M
formatted_creds = []
cred_type_dict = {
CredentialComponentType.PASSWORD: "Clear Password",
CredentialComponentType.LM_HASH: "LM hash",
CredentialComponentType.NT_HASH: "NTLM hash",
CredentialComponentType.SSH_KEYPAIR: "Clear SSH private key",
Password: "Clear Password",
LMHash: "LM hash",
NTHash: "NTLM hash",
SSHKeypair: "Clear SSH private key",
}
for cred in credentials:
secret = cred.secret
if secret is None:
continue
if secret.credential_type not in cred_type_dict:
if type(secret) not in cred_type_dict:
continue
username = _get_username(cred)
cred_row = {
"username": username,
"_type": secret.credential_type.name,
"type": cred_type_dict[secret.credential_type],
"type": cred_type_dict[type(secret)],
}
if cred_row not in formatted_creds:
formatted_creds.append(cred_row)

View File

@ -1,4 +1,5 @@
import {defaultCredentials} from '../../services/configuration/propagation/credentials';
import {CredentialTypes, SecretTypes} from '../utils/CredentialTypes.js';
import _ from 'lodash';
export function reformatConfig(config, reverse = false) {
@ -35,16 +36,16 @@ export function formatCredentialsForForm(credentials) {
let secret = credentials[i]['secret'];
if(secret !== null){
if (secret['credential_type'] === 'PASSWORD') {
if (secret.hasOwnProperty(SecretTypes.Password)) {
formattedCredentials['exploit_password_list'].push(secret['password'])
}
if (secret['credential_type'] === 'NT_HASH') {
if (secret.hasOwnProperty(SecretTypes.NTHash)) {
formattedCredentials['exploit_ntlm_hash_list'].push(secret['nt_hash'])
}
if (secret['credential_type'] === 'LM_HASH') {
if (secret.hasOwnProperty(SecretTypes.LMHash)) {
formattedCredentials['exploit_lm_hash_list'].push(secret['lm_hash'])
}
if (secret['credential_type'] === 'SSH_KEY') {
if (secret.hasOwnProperty(SecretTypes.PrivateKey)) {
let keypair = {'public_key': secret['public_key'], 'private_key': secret['private_key']}
formattedCredentials['exploit_ssh_keys'].push(keypair)
}
@ -64,43 +65,34 @@ export function formatCredentialsForIsland(credentials) {
let usernames = credentials['exploit_user_list'];
for (let i = 0; i < usernames.length; i++) {
formattedCredentials.push({
'identity': {'username': usernames[i], 'credential_type': 'USERNAME'},
'identity': {'username': usernames[i]},
'secret': null
})
}
let passwords = credentials['exploit_password_list'];
for (let i = 0; i < passwords.length; i++) {
formattedCredentials.push({
'identity': null,
'secret': {'credential_type': 'PASSWORD', 'password': passwords[i]}
})
}
let nt_hashes = credentials['exploit_ntlm_hash_list'];
for (let i = 0; i < nt_hashes.length; i++) {
formattedCredentials.push({
'identity': null,
'secret': {'credential_type': 'NT_HASH', 'nt_hash': nt_hashes[i]}
})
}
let lm_hashes = credentials['exploit_lm_hash_list'];
for (let i = 0; i < lm_hashes.length; i++) {
formattedCredentials.push({
'identity': null,
'secret': {'credential_type': 'LM_HASH', 'lm_hash': lm_hashes[i]}
})
}
formattedCredentials.push(...getFormattedCredentials(credentials['exploit_password_list'], 'password'))
formattedCredentials.push(...getFormattedCredentials(credentials['exploit_ntlm_hash_list'], 'nt_hash'))
formattedCredentials.push(...getFormattedCredentials(credentials['exploit_lm_hash_list'], 'lm_hash'))
let ssh_keys = credentials['exploit_ssh_keys'];
for (let i = 0; i < ssh_keys.length; i++) {
formattedCredentials.push({
'identity': null,
'secret': {'credential_type': 'SSH_KEYPAIR', 'private_key': ssh_keys[i]['private_key'],
'secret': {'private_key': ssh_keys[i]['private_key'],
'public_key': ssh_keys[i]['public_key']}
})
}
return formattedCredentials;
}
function getFormattedCredentials(credentials, keyOfSecret) {
let formattedCredentials = [];
for (let i = 0; i < credentials.length; i++) {
formattedCredentials.push({
'identity': null,
'secret': {[keyOfSecret]: credentials[i]}
})
}
return formattedCredentials;
}

View File

@ -1,3 +1,5 @@
import {CredentialTypes, SecretTypes} from '../utils/CredentialTypes.js';
export function getAllUsernames(stolen, configured) {
let usernames = [];
usernames.push(...getCredentialsUsernames(stolen));
@ -21,35 +23,37 @@ export function getAllSecrets(stolen, configured){
for (let i = 0; i < stolen.length; i++) {
let secret = stolen[i]['secret'];
if (secret !== null) {
secrets.push(getSecretsFromCredential(secret));
secrets.push(reformatSecret(secret));
}
}
for (let i = 0; i < configured.length; i++) {
let secret = configured[i]['secret'];
if (secret !== null) {
secrets.push(getSecretsFromCredential(secret));
secrets.push(reformatSecret(secret));
}
}
return secrets;
}
function getSecretsFromCredential(credential) {
if(credential['credential_type'] === 'SSH_KEYPAIR'){
return {'type': 'SSH keypair', 'content': credential['private_key']}
function reformatSecret(secret) {
if (secret.hasOwnProperty(SecretTypes.Password)) {
return {'type': CredentialTypes.Password, 'content': secret[SecretTypes.Password]}
}
if(credential['credential_type'] === 'NT_HASH'){
return {'type': 'NT hash', 'content': credential['nt_hash']}
if (secret.hasOwnProperty(SecretTypes.NTHash)) {
return {'type': CredentialTypes.NTHash, 'content': secret[SecretTypes.NTHash]}
}
if(credential['credential_type'] === 'LM_HASH'){
return {'type': 'LM hash', 'content': credential['lm_hash']}
if (secret.hasOwnProperty(SecretTypes.LMHash)) {
return {'type': CredentialTypes.LMHash, 'content': secret[SecretTypes.LMHash]}
}
if (secret.hasOwnProperty(SecretTypes.PrivateKey)) {
return {
'type': CredentialTypes.SSHKeys,
'content': secret[SecretTypes.PrivateKey]
}
if(credential['credential_type'] === 'PASSWORD'){
return {'type': 'Password', 'content': credential['password']}
}
}
export function getCredentialsTableData(credentials) {
let table_data = [];
let identites = getCredentialsUsernames(credentials);

View File

@ -0,0 +1,14 @@
export const CredentialTypes = {
Password: 'Clear Password',
SSHKeys: 'Clear SSH private key',
LMHash: 'LM hash',
NTHash: 'NT hash',
Username: 'Username'
}
export const SecretTypes = {
Password: 'password',
PrivateKey: 'private_key',
LMHash: 'lm_hash',
NTHash: 'nt_hash'
}

View File

@ -1,64 +1,29 @@
from common.credentials import (
CredentialComponentType,
Credentials,
LMHash,
NTHash,
Password,
SSHKeypair,
Username,
)
from tests.data_for_tests.propagation_credentials import FULL_CREDENTIALS, USERNAME
from monkey_island.cc.services.reporting import format_creds_for_reporting
monkey_hostname = "fake_hostname"
fake_monkey_guid = "abc"
fake_username = Username("m0nk3y_user")
fake_nt_hash = NTHash("AEBD4DE384C7EC43AAD3B435B51404EE")
fake_lm_hash = LMHash("7A21990FCD3D759941E45C490F143D5F")
fake_password = Password("trytostealthis")
fake_ssh_public_key = "RSA_public_key"
fake_ssh_private_key = "RSA_private_key"
fake_ssh_key = SSHKeypair(fake_ssh_private_key, fake_ssh_public_key)
identities = (fake_username,)
secrets = (fake_nt_hash, fake_lm_hash, fake_password, fake_ssh_key)
fake_credentials = [
Credentials(identity=fake_username, secret=fake_nt_hash),
Credentials(identity=fake_username, secret=fake_lm_hash),
Credentials(identity=fake_username, secret=fake_password),
Credentials(identity=fake_username, secret=fake_ssh_key),
Credentials(identity=None, secret=fake_ssh_key),
Credentials(identity=fake_username, secret=None),
]
def test_formatting_credentials_for_report():
credentials = format_creds_for_reporting(fake_credentials)
credentials = format_creds_for_reporting(FULL_CREDENTIALS)
result1 = {
"_type": CredentialComponentType.NT_HASH.name,
"type": "NTLM hash",
"username": fake_username.username,
"username": USERNAME,
}
result2 = {
"_type": CredentialComponentType.LM_HASH.name,
"type": "LM hash",
"username": fake_username.username,
"username": USERNAME,
}
result3 = {
"_type": CredentialComponentType.PASSWORD.name,
"type": "Clear Password",
"username": fake_username.username,
"username": USERNAME,
}
result4 = {
"_type": CredentialComponentType.SSH_KEYPAIR.name,
"type": "Clear SSH private key",
"username": fake_username.username,
"username": USERNAME,
}
result5 = {
"_type": CredentialComponentType.SSH_KEYPAIR.name,
"type": "Clear SSH private key",
"username": "",
}