Attack brute force#345
Conversation
itaymmguardicore left a comment
itaymmguardicore left a comment There was a problem hiding this comment.
Fix these comments
monkey/monkey_island/cc/services/attack/technique_reports/T1110.py Outdated Show resolved Hide resolved
monkey/monkey_island/cc/services/attack/technique_reports/T1110.py Outdated Show resolved Hide resolved
| :return: string with username and used password/hash | ||
| """ | ||
| username = attempt['user'] | ||
| if attempt['lm_hash']: |
There was a problem hiding this comment.
lets censor the credentials regardless of their type.
There was a problem hiding this comment.
They are censored, just in a different format. Passwords are censored like this Pas***** and hashes like this 0NLY_P4RT_0F_IMP0RT4NT_H4S .... This indicates that we only give the start of the hash.
There was a problem hiding this comment.
I don't understand the need for the different censor method. we also only provide the start of the password.
In addition, I don't think the 3 dots make it look better :
I think they should use the same method, but you can have the last word here
There was a problem hiding this comment.
I think using dots makes more sense because a) it's more obvious that hash is cropped (just by looking at password one might think we don't hide the length) b) it's easier to distinguish between random characters, as hashes can contain symbols.
monkey/monkey_island/cc/services/attack/technique_reports/T1110.py Outdated Show resolved Hide resolved
itaymmguardicore left a comment
itaymmguardicore left a comment There was a problem hiding this comment.
Fix new comments & fix merge conflicts
| return ScanStatus.UNSCANNED | ||
| | ||
| @staticmethod | ||
| def get_message_and_status(technique, status): |
There was a problem hiding this comment.
Use this function in get_tech_base_data
# Conflicts: # monkey/infection_monkey/utils.py
2 participants
Branch by @VakarisZ
Feature