def test_get_credentials__username_lm_hash_windows_true( windows_true_usernames): results = get_credentials(TEST_USERNAMES, TEST_PASSWORDS, TEST_LM_HASHES, [], True) assert_secrets_in_results(windows_true_usernames, TEST_LM_HASHES, SecretType.LM_HASH, results)
def test_get_credentials__username_only_windows_true(windows_true_usernames): results = get_credentials(TEST_USERNAMES, [], [], [], True) assert len(results) == 19 assert_secrets_in_results(windows_true_usernames, [""], SecretType.PASSWORD, results) assert_secrets_in_results(windows_true_usernames, [None], SecretType.CACHED, results)
def test_get_credentials__username_nt_hash_windows_false( windows_false_usernames): results = get_credentials(TEST_USERNAMES, TEST_PASSWORDS, TEST_LM_HASHES, TEST_NT_HASHES, False) assert len(results) == 28 assert_secrets_in_results(windows_false_usernames, TEST_NT_HASHES, SecretType.NT_HASH, results)
def test_get_credentials__get_username_failure(windows_false_usernames): win32api = MagicMock() win32api.GetUserNameEx = MagicMock( side_effect=Exception("win32api test failure")) win32api.NameSamCompatible = None sys.modules["win32api"] = win32api results = get_credentials(TEST_USERNAMES, [], [], [], True) assert len(results) == 9 assert_secrets_in_results(windows_false_usernames, [""], SecretType.PASSWORD, results)
def _exploit_host(self): try: use_ssl = self._is_client_using_https() except PowerShellRemotingDisabledError as e: logging.info(e) return False credentials = get_credentials( self._config.exploit_user_list, self._config.exploit_password_list, self._config.exploit_lm_hash_list, self._config.exploit_ntlm_hash_list, is_windows_os(), ) auth_options = [ get_auth_options(creds, use_ssl) for creds in credentials ] self._client = self._authenticate_via_brute_force( credentials, auth_options) if not self._client: return False return self._execute_monkey_agent_on_victim()
def test_get_credentials__username_password_windows_true( windows_true_usernames): results = get_credentials(TEST_USERNAMES, TEST_PASSWORDS, [], [], True) assert_secrets_in_results(windows_true_usernames, TEST_PASSWORDS, SecretType.PASSWORD, results)
def test_get_credentials__username_only_windows_false(windows_false_usernames): results = get_credentials(TEST_USERNAMES, [], [], [], False) assert len(results) == 4 assert_secrets_in_results(windows_false_usernames, [""], SecretType.PASSWORD, results)
def test_get_credentials__empty_windows_false(): results = get_credentials([], [], [], [], False) assert len(results) == 0
def test_get_credentials__empty_windows_true(): results = get_credentials([], [], [], [], True) assert Credentials(username=None, secret=None, secret_type=SecretType.CACHED) in results