Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create new user with a random password #1174

Merged
merged 8 commits into from
May 18, 2021
Merged

Create new user with a random password #1174

merged 8 commits into from
May 18, 2021

Conversation

shreyamalviya
Copy link
Contributor

Fixes #1169

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Ran the Island, configuration page loads properly. Swimm units work.

  • If applicable, add screenshots or log transcripts of the feature working

@shreyamalviya shreyamalviya requested a review from VakarisZ May 17, 2021 13:47
@codecov
Copy link

codecov bot commented May 17, 2021
edited
Loading

Codecov Report

Merging #1174 (c779655) into develop (ce6b658) will decrease coverage by 0.02%.
The diff coverage is 0.00%.

❗ Current head c779655 differs from pull request most recent head 58b04ec. Consider uploading reports for the commit 58b04ec to get more accurate results
Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1174      +/-   ##
===========================================
- Coverage    28.77%   28.75%   -0.03%     
===========================================
  Files          414      415       +1     
  Lines        12752    12760       +8     
===========================================
- Hits          3670     3669       -1     
- Misses        9082     9091       +9
Impacted Files Coverage Δ
monkey/infection_monkey/config.py 65.00% <ø> (-0.25%) ⬇️
monkey/infection_monkey/exploit/win_ms08_067.py 0.00% <0.00%> (ø)
...y/infection_monkey/post_breach/actions/add_user.py 0.00% <0.00%> (ø)
...nfection_monkey/utils/random_password_generator.py 0.00% <0.00%> (ø)
...onkey_island/cc/services/config_schema/internal.py 100.00% <ø> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ce6b658...58b04ec. Read the comment docs.

VakarisZ
VakarisZ reviewed May 17, 2021
View reviewed changes
monkey/infection_monkey/post_breach/actions/add_user.py Outdated
from infection_monkey.utils.users import get_commands_to_add_user


class BackdoorUser(PBA):
def __init__(self):
remote_user_pwd = get_random_password()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be more readable if called random_password, because that's what it is in this context. It's not a password of remote user yet and pwd is not consistent (also means print working directory), either ..._pass or ..._password

VakarisZ
VakarisZ reviewed May 17, 2021
View reviewed changes
monkey/infection_monkey/utils/random_password_generator.py
@@ -0,0 +1,6 @@
import secrets

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Create a constant here, called SECRET_BYTE_LENGTH and set it to 32. Then use this constant as a default parameter in get_random_password. 12 bytes is not enough.

VakarisZ
VakarisZ requested changes May 17, 2021
View reviewed changes
Copy link
Contributor

@VakarisZ VakarisZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small changes

@shreyamalviya shreyamalviya requested a review from VakarisZ May 17, 2021 17:25
@VakarisZ VakarisZ merged commit 085a133 into develop May 18, 2021
@VakarisZ VakarisZ deleted the create-user-with-random-pwd branch July 29, 2021 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VakarisZ VakarisZ Awaiting requested review from VakarisZ

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create user PBA needs random password
2 participants
@shreyamalviya @VakarisZ