def decrypt_ssh_key_pair(pair, encrypt=False): if encrypt: pair['public_key'] = encryptor.enc(pair['public_key']) pair['private_key'] = encryptor.enc(pair['private_key']) else: pair['public_key'] = encryptor.dec(pair['public_key']) pair['private_key'] = encryptor.dec(pair['private_key']) return pair
def encrypt_exploit_creds(telemetry_json): attempts = telemetry_json['data']['attempts'] for i in range(len(attempts)): for field in ['password', 'lm_hash', 'ntlm_hash']: credential = attempts[i][field] if len(credential) > 0: attempts[i][field] = encryptor.enc(credential)
def add_item_to_config_set_if_dont_exist(item_path_array, item_value, should_encrypt): item_key = '.'.join(item_path_array) items_from_config = ConfigService.get_config_value(item_path_array, False, should_encrypt) if item_value in items_from_config: return if should_encrypt: item_value = encryptor.enc(item_value) mongo.db.config.update( {'name': 'newconfig'}, {'$addToSet': {item_key: item_value}}, upsert=False ) mongo.db.monkey.update( {}, {'$addToSet': {'config.' + item_key.split('.')[-1]: item_value}}, multi=True )
def _encrypt_or_decrypt_config(config, is_decrypt=False): for config_arr_as_array in ENCRYPTED_CONFIG_VALUES: config_arr = config parent_config_arr = None # Because the config isn't flat, this for-loop gets the actual config value out of the config for config_key_part in config_arr_as_array: parent_config_arr = config_arr config_arr = config_arr[config_key_part] if isinstance(config_arr, collections.Sequence) and not isinstance(config_arr, str): for i in range(len(config_arr)): # Check if array of shh key pairs and then decrypt if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]: config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \ ConfigService.decrypt_ssh_key_pair(config_arr[i], True) else: config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i]) else: parent_config_arr[config_arr_as_array[-1]] = \ encryptor.dec(config_arr) if is_decrypt else encryptor.enc(config_arr)
def _set_aws_key(key_type: str, key_value: str): path_to_keys = AWS_KEYS_PATH encrypted_key = encryptor.enc(key_value) ConfigService.set_config_value(path_to_keys + [key_type], encrypted_key)