Skip to content

fix: assist_pattern_key reads username from credential.username for exploit payloads#312

Merged
l50 merged 1 commit into
feat/more-attack-covfrom
feat/dreadgoad-assist-key-credential
May 14, 2026
Merged

fix: assist_pattern_key reads username from credential.username for exploit payloads#312
l50 merged 1 commit into
feat/more-attack-covfrom
feat/dreadgoad-assist-key-credential

Conversation

@l50
Copy link
Copy Markdown
Contributor

@l50 l50 commented May 13, 2026
edited
Loading

Key Changes:

  • Enhanced username and domain extraction in assist_pattern_key to handle nested credential fields
  • Fixed exploit deduplication logic to prevent repeated retries due to missed credential fields
  • Added comprehensive tests for username/domain extraction priority and fallback behavior

Added:

  • Test cases covering various payload shapes, including nested credential objects, username/domain precedence, pass-the-hash scenarios, and cross-forest exploits

Changed:

  • Username extraction now prioritizes top-level "username", then falls back to "credential.username", and finally "hash_username"
  • Domain extraction now prefers top-level "domain", with fallback to "credential.domain" to avoid key collisions across forests
  • Updated documentation and inline comments to clarify lookup priorities and rationale for changes

Removed:

  • Implicit assumption that username/domain fields are always top-level, reducing risk of exploit deduplication failures

@l50
fix: improve assist_pattern_key to correctly extract username and dom…
b6ddb39 
…ain from payload

**Added:**

- Introduced new tests to verify assist_pattern_key behavior with nested credential fields, hash_username, and domain fallback, including normalization and preference logic

**Changed:**

- Updated assist_pattern_key to prioritize extracting username from top-level, then from nested credential, then from hash_username to handle various payload shapes and avoid assist-abandoned dedup bypasses
- Enhanced domain extraction logic to fall back to credential.domain when top-level domain is missing, preventing collisions between different authentication realms
- Added detailed inline comments explaining the lookup priority and rationale for both username and domain extraction
@codecov
Copy link
Copy Markdown

codecov Bot commented May 13, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.06%. Comparing base (72fa578) to head (b6ddb39).

Additional details and impacted files

Impacted file tree graph

@@                   Coverage Diff                    @@
##           feat/more-attack-cov     #312      +/-   ##
========================================================
+ Coverage                 76.05%   76.06%   +0.01%     
========================================================
  Files                       439      439              
  Lines                    118188   118258      +70     
========================================================
+ Hits                      89884    89954      +70     
  Misses                    28304    28304
Files with missing lines Coverage Δ
ares-cli/src/orchestrator/dispatcher/submission.rs 19.47% <100.00%> (+11.16%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@l50 l50 merged commit 0537e40 into feat/more-attack-cov May 14, 2026
12 checks passed
@l50 l50 deleted the feat/dreadgoad-assist-key-credential branch May 14, 2026 02:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@l50