forked from p15670423/monkey
ZL BB tests: Renamed "ZeroLogon" to "Zerologon" for cinsistency, extracted relevant credential extortion from island config into a separate method.
This commit is contained in:
parent
70ec513f51
commit
f43d9fe035
|
@ -14,7 +14,7 @@ TELEM_QUERY = {'telem_category': 'exploit',
|
||||||
'data.info.password_restored': True}
|
'data.info.password_restored': True}
|
||||||
|
|
||||||
|
|
||||||
class ZeroLogonAnalyzer(Analyzer):
|
class ZerologonAnalyzer(Analyzer):
|
||||||
|
|
||||||
def __init__(self, island_client: MonkeyIslandClient, expected_credentials: List[str]):
|
def __init__(self, island_client: MonkeyIslandClient, expected_credentials: List[str]):
|
||||||
self.island_client = island_client
|
self.island_client = island_client
|
||||||
|
@ -28,12 +28,17 @@ class ZeroLogonAnalyzer(Analyzer):
|
||||||
return is_creds_gathered and is_creds_restored
|
return is_creds_gathered and is_creds_restored
|
||||||
|
|
||||||
def _analyze_credential_gathering(self) -> bool:
|
def _analyze_credential_gathering(self) -> bool:
|
||||||
credentials_on_island = []
|
|
||||||
config = self.island_client.get_config()
|
config = self.island_client.get_config()
|
||||||
|
credentials_on_island = ZerologonAnalyzer._get_relevant_credentials(config)
|
||||||
|
return self._is_all_credentials_in_list(credentials_on_island)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _get_relevant_credentials(config: dict):
|
||||||
|
credentials_on_island = []
|
||||||
credentials_on_island.extend(dpath.util.get(config['configuration'], USER_LIST_PATH))
|
credentials_on_island.extend(dpath.util.get(config['configuration'], USER_LIST_PATH))
|
||||||
credentials_on_island.extend(dpath.util.get(config['configuration'], NTLM_HASH_LIST_PATH))
|
credentials_on_island.extend(dpath.util.get(config['configuration'], NTLM_HASH_LIST_PATH))
|
||||||
credentials_on_island.extend(dpath.util.get(config['configuration'], LM_HASH_LIST_PATH))
|
credentials_on_island.extend(dpath.util.get(config['configuration'], LM_HASH_LIST_PATH))
|
||||||
return self._is_all_credentials_in_list(credentials_on_island)
|
return credentials_on_island
|
||||||
|
|
||||||
def _is_all_credentials_in_list(self,
|
def _is_all_credentials_in_list(self,
|
||||||
all_creds: List[str]) -> bool:
|
all_creds: List[str]) -> bool:
|
||||||
|
@ -43,10 +48,10 @@ class ZeroLogonAnalyzer(Analyzer):
|
||||||
|
|
||||||
def _log_creds_not_gathered(self, missing_creds: List[str]):
|
def _log_creds_not_gathered(self, missing_creds: List[str]):
|
||||||
if not missing_creds:
|
if not missing_creds:
|
||||||
self.log.add_entry("ZeroLogon exploiter gathered all credentials expected.")
|
self.log.add_entry("Zerologon exploiter gathered all credentials expected.")
|
||||||
else:
|
else:
|
||||||
for cred in missing_creds:
|
for cred in missing_creds:
|
||||||
self.log.add_entry(f"Credential ZeroLogon exploiter failed to gathered:{cred}.")
|
self.log.add_entry(f"Credential Zerologon exploiter failed to gathered:{cred}.")
|
||||||
|
|
||||||
def _analyze_credential_restore(self) -> bool:
|
def _analyze_credential_restore(self) -> bool:
|
||||||
cred_restore_telems = self.island_client.find_telems_in_db(TELEM_QUERY)
|
cred_restore_telems = self.island_client.find_telems_in_db(TELEM_QUERY)
|
||||||
|
@ -55,7 +60,7 @@ class ZeroLogonAnalyzer(Analyzer):
|
||||||
|
|
||||||
def _log_credential_restore(self, telem_list: List[dict]):
|
def _log_credential_restore(self, telem_list: List[dict]):
|
||||||
if telem_list:
|
if telem_list:
|
||||||
self.log.add_entry("ZeroLogon exploiter telemetry contains indicators that credentials "
|
self.log.add_entry("Zerologon exploiter telemetry contains indicators that credentials "
|
||||||
"were successfully restored.")
|
"were successfully restored.")
|
||||||
else:
|
else:
|
||||||
self.log.add_entry("Credential restore failed or credential restore "
|
self.log.add_entry("Credential restore failed or credential restore "
|
||||||
|
|
|
@ -3,7 +3,7 @@ from copy import copy
|
||||||
from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate
|
from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate
|
||||||
|
|
||||||
|
|
||||||
class ZeroLogon(BaseTemplate):
|
class Zerologon(BaseTemplate):
|
||||||
|
|
||||||
config_values = copy(BaseTemplate.config_values)
|
config_values = copy(BaseTemplate.config_values)
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ from typing_extensions import Type
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \
|
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \
|
||||||
CommunicationAnalyzer
|
CommunicationAnalyzer
|
||||||
from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZeroLogonAnalyzer
|
from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZerologonAnalyzer
|
||||||
from envs.monkey_zoo.blackbox.island_client.island_config_parser import \
|
from envs.monkey_zoo.blackbox.island_client.island_config_parser import \
|
||||||
IslandConfigParser
|
IslandConfigParser
|
||||||
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
|
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
|
||||||
|
@ -26,7 +26,7 @@ from envs.monkey_zoo.blackbox.island_configs.tunneling import Tunneling
|
||||||
from envs.monkey_zoo.blackbox.island_configs.weblogic import Weblogic
|
from envs.monkey_zoo.blackbox.island_configs.weblogic import Weblogic
|
||||||
from envs.monkey_zoo.blackbox.island_configs.wmi_mimikatz import WmiMimikatz
|
from envs.monkey_zoo.blackbox.island_configs.wmi_mimikatz import WmiMimikatz
|
||||||
from envs.monkey_zoo.blackbox.island_configs.wmi_pth import WmiPth
|
from envs.monkey_zoo.blackbox.island_configs.wmi_pth import WmiPth
|
||||||
from envs.monkey_zoo.blackbox.island_configs.zerologon import ZeroLogon
|
from envs.monkey_zoo.blackbox.island_configs.zerologon import Zerologon
|
||||||
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \
|
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \
|
||||||
TestLogsHandler
|
TestLogsHandler
|
||||||
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
||||||
|
@ -163,12 +163,12 @@ class TestMonkeyBlackbox:
|
||||||
TestMonkeyBlackbox.run_exploitation_test(island_client, WmiPth, "WMI_PTH")
|
TestMonkeyBlackbox.run_exploitation_test(island_client, WmiPth, "WMI_PTH")
|
||||||
|
|
||||||
def test_zerologon_exploiter(self, island_client):
|
def test_zerologon_exploiter(self, island_client):
|
||||||
test_name = "ZeroLogon_exploiter"
|
test_name = "Zerologon_exploiter"
|
||||||
expected_creds = ["Administrator",
|
expected_creds = ["Administrator",
|
||||||
"aad3b435b51404eeaad3b435b51404ee",
|
"aad3b435b51404eeaad3b435b51404ee",
|
||||||
"2864b62ea4496934a5d6e86f50b834a5"]
|
"2864b62ea4496934a5d6e86f50b834a5"]
|
||||||
raw_config = IslandConfigParser.get_raw_config(ZeroLogon, island_client)
|
raw_config = IslandConfigParser.get_raw_config(Zerologon, island_client)
|
||||||
analyzer = ZeroLogonAnalyzer(island_client, expected_creds)
|
analyzer = ZerologonAnalyzer(island_client, expected_creds)
|
||||||
log_handler = TestLogsHandler(test_name, island_client, TestMonkeyBlackbox.get_log_dir_path())
|
log_handler = TestLogsHandler(test_name, island_client, TestMonkeyBlackbox.get_log_dir_path())
|
||||||
ExploitationTest(
|
ExploitationTest(
|
||||||
name=test_name,
|
name=test_name,
|
||||||
|
|
Loading…
Reference in New Issue