add posssible attacks per sid

2018-03-10 23:18:53 -08:00 · 2018-03-10 23:18:53 -08:00 · 8807e68177
parent ce1c8a54f8
commit 8807e68177
1 changed files with 35 additions and 1 deletions
--- a/monkey_island/cc/resources/pthmap.py
+++ b/monkey_island/cc/resources/pthmap.py
@ -405,6 +405,30 @@ class PassTheHashMap(object):
        print map(lambda x: Machine(x).GetIp(), self.vertices)
        print map(lambda x: (Machine(x[0]).GetIp(), Machine(x[1]).GetIp()), self.edges)
    
+    def GetPossibleAttackCountBySid(self, sid):
+        return len(self.GetPossibleAttacksBySid(sid))
+    
+    def GetPossibleAttacksBySid(self, sid):
+        attacks = set()
+    
+        for attacker in self.vertices:
+            cached_creds = set(Machine(attacker).GetCachedCreds().items())
+
+            for victim in self.vertices:
+                if attacker == victim:
+                    continue
+
+                admin_creds = set(Machine(victim).GetLocalAdminCreds().items())
+                
+                if len(cached_creds & admin_creds) > 0:
+                    curr_attacks = dict(cached_creds & admin_creds)
+                    
+                    for username, secret in curr_attacks.iteritems():
+                        if Machine(victim).GetSidByUsername(username) == sid:
+                            attacks.add((attacker, victim))
+        
+        return attacks
+    
    def GetSecretBySid(self, sid):
        for m in self.machines:
            for user, user_secret in m.GetLocalSecrets().iteritems():
@ -582,7 +606,7 @@ def main():
    print """</table>"""
    
    print "<h2>User's Creds</h2>"
-    print "<h3>To how many machines each user is able to connect with admin rights?</h3>"
+    print "<h3>To how many machines each user is able to connect with admin rights</h3>"
    attackable_counts = dict(map(lambda x: (x, pth.GetVictimCountBySid(x)), pth.GetAllSids()))
    
    print """<table>"""
@ -591,6 +615,16 @@ def main():
        print """<tr><td><a href="#{sid}">{sid}</a></td><td>{username}</td><td>{count}</td>""".format(sid=sid, username=pth.GetUsernameBySid(sid), count=count)
    print """</table>"""
    
+    print "<h2>Actual Possible Attacks By SID</h2>"
+    print "<h3>How many attacks possible using each SID (aka len(attacker->victim pairs))</h3>"
+    possible_attacks_by_sid = dict(map(lambda x: (x, pth.GetPossibleAttackCountBySid(x)), pth.GetAllSids()))
+    
+    print """<table>"""
+    print """<tr><th>SID</th><th>Username</th><th>Machine Count</th></tr>"""
+    for sid, count in sorted(possible_attacks_by_sid.iteritems(), key=lambda (k,v): (v,k), reverse=True):
+        print """<tr><td><a href="#{sid}">{sid}</a></td><td>{username}</td><td>{count}</td>""".format(sid=sid, username=pth.GetUsernameBySid(sid), count=count)
+    print """</table>"""
+    
    print "<h2>Machine's Creds</h2>"
    print "<h3>To how many machines each machine is able to directly connect with admin rights?</h3>"
    attackable_counts = dict(map(lambda m: (m, pth.GetVictimCountByMachine(m)), pth.machines))