def _encrypt_or_decrypt_config(config, is_decrypt=False): for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS: config_arr = config parent_config_arr = None # Because the config isn't flat, this for-loop gets the actual config value out of the config for config_key_part in config_arr_as_array: parent_config_arr = config_arr config_arr = config_arr[config_key_part] if isinstance(config_arr, collections.Sequence) and not isinstance( config_arr, str): for i in range(len(config_arr)): # Check if array of shh key pairs and then decrypt if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]: config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \ ConfigService.decrypt_ssh_key_pair(config_arr[i], True) else: config_arr[i] = encryptor.dec( config_arr[i]) if is_decrypt else encryptor.enc( config_arr[i]) else: parent_config_arr[config_arr_as_array[-1]] = \ encryptor.dec(config_arr) if is_decrypt else encryptor.enc(config_arr)
def decrypt_ssh_key_pair(pair, encrypt=False): if encrypt: pair['public_key'] = encryptor.enc(pair['public_key']) pair['private_key'] = encryptor.enc(pair['private_key']) else: pair['public_key'] = encryptor.dec(pair['public_key']) pair['private_key'] = encryptor.dec(pair['private_key']) return pair
def encrypt_exploit_creds(telemetry_json): attempts = telemetry_json['data']['attempts'] for i in range(len(attempts)): for field in ['password', 'lm_hash', 'ntlm_hash']: credential = attempts[i][field] if len(credential) > 0: attempts[i][field] = encryptor.enc(credential.encode('utf-8'))
def encrypt_system_info_creds(creds): for user in creds: for field in ['password', 'lm_hash', 'ntlm_hash']: if field in creds[user]: # this encoding is because we might run into passwords which are not pure ASCII creds[user][field] = encryptor.enc( creds[user][field].encode('utf-8'))
def add_item_to_config_set_if_dont_exist(item_key, item_value, should_encrypt): item_path_array = item_key.split('.') items_from_config = ConfigService.get_config_value(item_path_array, False, should_encrypt) if item_value in items_from_config: return if should_encrypt: item_value = encryptor.enc(item_value) mongo.db.config.update( {'name': 'newconfig'}, {'$addToSet': {item_key: item_value}}, upsert=False ) mongo.db.monkey.update( {}, {'$addToSet': {'config.' + item_key.split('.')[-1]: item_value}}, multi=True )
def encrypt_system_info_ssh_keys(ssh_info): for idx, user in enumerate(ssh_info): for field in ['public_key', 'private_key', 'known_hosts']: if ssh_info[idx][field]: ssh_info[idx][field] = encryptor.enc(ssh_info[idx][field])