Agent: Use NTLM specifically for PowerShell if using pass-the-hash

2021-09-17 11:43:06 -04:00 · 2021-09-17 11:43:06 -04:00 · 844d244d67
parent 79aacf3dcb
commit 844d244d67
2 changed files with 24 additions and 2 deletions
--- a/monkey/infection_monkey/exploit/powershell_utils/auth_options.py
+++ b/monkey/infection_monkey/exploit/powershell_utils/auth_options.py
@ -1,9 +1,10 @@
 from dataclasses import dataclass

-from infection_monkey.exploit.powershell_utils.credentials import Credentials
+from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType

 AUTH_BASIC = "basic"
 AUTH_NEGOTIATE = "negotiate"
+AUTH_NTLM = "ntlm"
 ENCRYPTION_AUTO = "auto"
 ENCRYPTION_NEVER = "never"

@ -29,7 +30,13 @@ def _get_ssl(credentials: Credentials, use_ssl):


 def _get_auth_type(credentials: Credentials):
-    return AUTH_BASIC if credentials.secret == "" else AUTH_NEGOTIATE
+    if credentials.secret == "":
+        return AUTH_BASIC
+
+    if credentials.secret_type in {SecretType.LM_HASH, SecretType.NT_HASH}:
+        return AUTH_NTLM
+
+    return AUTH_NEGOTIATE


 def _get_encryption(credentials: Credentials):
--- a/monkey/tests/unit_tests/infection_monkey/exploit/powershell_utils/test_auth_options.py
+++ b/monkey/tests/unit_tests/infection_monkey/exploit/powershell_utils/test_auth_options.py
@ -2,6 +2,7 @@
 from infection_monkey.exploit.powershell_utils.auth_options import (
    AUTH_BASIC,
    AUTH_NEGOTIATE,
+    AUTH_NTLM,
    ENCRYPTION_AUTO,
    ENCRYPTION_NEVER,
    get_auth_options,
@ -11,6 +12,8 @@ from infection_monkey.exploit.powershell_utils.credentials import Credentials, S
 CREDENTIALS_WITH_PASSWORD = Credentials("user1", "password1", SecretType.PASSWORD)
 CREDENTIALS_EMPTY_PASSWORD = Credentials("user2", "", SecretType.PASSWORD)
 CREDENTIALS_NONE_PASSWORD = Credentials("user3", None, SecretType.CACHED)
+CREDENTIALS_LM_HASH = Credentials("user4", "LM_HASH:NONE", SecretType.LM_HASH)
+CREDENTIALS_NT_HASH = Credentials("user5", "NONE:NT_HASH", SecretType.NT_HASH)


 def test_get_auth_options__ssl_true_with_password():
@ -67,6 +70,18 @@ def test_get_auth_options__auth_type_none_password():
    assert auth_options.auth_type == AUTH_NEGOTIATE


+def test_get_auth_options__auth_type_with_LM_hash():
+    auth_options = get_auth_options(CREDENTIALS_LM_HASH, use_ssl=False)
+
+    assert auth_options.auth_type == AUTH_NTLM
+
+
+def test_get_auth_options__auth_type_with_NT_hash():
+    auth_options = get_auth_options(CREDENTIALS_NT_HASH, use_ssl=False)
+
+    assert auth_options.auth_type == AUTH_NTLM
+
+
 def test_get_auth_options__encryption_with_password():
    auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, use_ssl=False)