Help Needed: Automating tests #87
Comments
Hackndo
added
enhancement
|
It is possible to create a GitHub Workflow (actions), that will execute jobs on 2 separates runners (See https://docs.github.com/en/actions/using-jobs/choosing-the-runner-for-a-job ). I think here, that you can create a workflow that will trigger on commit on the main branch. It is also possible to use self-hosted runners. ( https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners ) Hope it will help you. |
|
I think I found a workaround. I use a windows runner (provided by Github), I run lsassy on this runner, and I dump lsass on localhost. For this to work, I need to add a local admin and set a registry key, but it seems to work quite well |
|
@Hackndo, great workaround. It sounds that
Of course everything I described can be combined. But if you can have a quick win by checking the whole is working correctly do so ! Your idea and "workaround" is the way to go. Cya |
lsassy
Description
lsassy is a Python tool designed to remotely extract credentials from a set of hosts, particularly targeting the lsass process on these hosts. This is done in two steps First, code must be executed on the remote target to dump lsass. Then, the dump must be parsed remotely to extract the passwords.
Workflow
Here is how a dump and parsing works in a nutshell:
https://github.com/Hackndo/lsassy/blob/4b1ddf1b3491b014aa27a68f3aa26cb0c962b0a5/lsassy/console.py#L99
From console.py, the ThreadPool is used to execute different lsassy instances in different threads
https://github.com/Hackndo/lsassy/blob/4b1ddf1b3491b014aa27a68f3aa26cb0c962b0a5/lsassy/core.py#L149
Get an SMB session with the target and provided credentials (checks for admin rights)
https://github.com/Hackndo/lsassy/blob/4b1ddf1b3491b014aa27a68f3aa26cb0c962b0a5/lsassy/core.py#L170
Get the dumping method (defined globally in https://github.com/Hackndo/lsassy/blob/master/lsassy/dumpmethod/__init__.py and every dump method will override get_commands)
https://github.com/Hackndo/lsassy/blob/4b1ddf1b3491b014aa27a68f3aa26cb0c962b0a5/lsassy/core.py#L175 to actually dump lsass remotely.
https://github.com/Hackndo/lsassy/blob/4b1ddf1b3491b014aa27a68f3aa26cb0c962b0a5/lsassy/dumpmethod/__init__.py#L291
For dumping lsass, a command line is remotely executed on the target using one of the executors (SMB using services by default, code stolen from impacket)
https://github.com/Hackndo/lsassy/blob/4b1ddf1b3491b014aa27a68f3aa26cb0c962b0a5/lsassy/dumpmethod/__init__.py#L300
Checks if dump was successful
https://github.com/Hackndo/lsassy/blob/4b1ddf1b3491b014aa27a68f3aa26cb0c962b0a5/lsassy/core.py#L193
Then back to core.py, instantiating Parser that will use Pypykatz project to parse the lsass dump remotely.
https://github.com/Hackndo/lsassy/blob/4b1ddf1b3491b014aa27a68f3aa26cb0c962b0a5/lsassy/core.py#L208
To write credentials in console (and file if asked)
Goal
I want to create tests for lsassy to ensure that all features and options work correctly with each new version release.
I know how to create tests for everything that happens locally on my machine (and on Github actions), like testing threads number, instantiating classes dynamically, stuff like that.
My issue
The problem I encounter is testing network functionalities. I know about
mockfromunittestbut I don't think it's enough for what I need.For instance:
These are behaviors I can test if I execute lsassy in a controlled environment, with a Windows machine whose IP address I know. However, I would like to be able to launch tests from anywhere.
Ideas
One solution I can think of would be to use Docker, with a Linux machine executing the tool, and a Windows machine that would be the target.
But I'm not sure it's a good solution, and I would really appreciate some input
Thanks a lot
The text was updated successfully, but these errors were encountered: