p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

T1003 credential dumping implemented

This commit is contained in:
VakarisZ 2019-06-07 11:51:47 +03:00
parent 75d52a7ee7
commit 350c7d93fa
5 changed files with 57 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
monkey/monkey_island/cc/services/attack/attack_report.py
View File

@ -1,5 +1,5 @@
import logging
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003
from monkey_island.cc.services.attack.attack_telem import AttackTelemService
from monkey_island.cc.services.attack.attack_config import AttackConfig
from monkey_island.cc.database import mongo
@ -12,7 +12,8 @@ LOG = logging.getLogger(__name__)
TECHNIQUES = {'T1210': T1210.T1210,
'T1197': T1197.T1197,
'T1110': T1110.T1110,
'T1075': T1075.T1075}
'T1075': T1075.T1075,
'T1003': T1003.T1003}
REPORT_NAME = 'new_report'

25
monkey/monkey_island/cc/services/attack/technique_reports/T1003.py Normal file
View File

@ -0,0 +1,25 @@
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
from common.utils.attack_utils import ScanStatus
from monkey_island.cc.database import mongo
__author__ = "VakarisZ"
class T1003(AttackTechnique):
tech_id = "T1003"
unscanned_msg = "Monkey tried to obtain credentials from systems in the network but didn't find any or failed."
scanned_msg = "Monkey tried to obtain credentials from systems in the network but didn't find any or failed."
used_msg = "Monkey successfully obtained some credentials from systems on the network."
query = {'telem_type': 'system_info_collection', '$and': [{'data.credentials': {'$exists': True}},
{'data.credentials': {'$gt': {}}}]}
@staticmethod
def get_report_data():
data = {'title': T1003.technique_title(T1003.tech_id)}
if mongo.db.telemetry.count_documents(T1003.query):
data.update({'message': T1003.used_msg, 'status': ScanStatus.USED.name})
else:
data.update({'message': T1003.unscanned_msg, 'status': ScanStatus.UNSCANNED.name})
return data

24
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js Normal file
View File

@ -0,0 +1,24 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import '../../report-components/StolenPasswords'
import StolenPasswordsComponent from "../../report-components/StolenPasswords";
class T1003 extends React.Component {
constructor(props) {
super(props);
}
render() {
return (
<div>
<div>{this.props.data.message}</div>
<br/>
<StolenPasswordsComponent data={this.props.reportData.glance.stolen_creds.concat(this.props.reportData.glance.ssh_keys)}/>
</div>
);
}
}
export default T1003;

2
monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
View File

@ -520,7 +520,7 @@ class ReportPageComponent extends AuthComponent {
This report shows information about ATT&CK techniques used by Infection Monkey.
</p>
<div>
<AttackReport/>
<AttackReport reportData={this.state.report}/>
</div>
<br />
</div>)

6
monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js
View File

@ -9,12 +9,14 @@ import T1210 from '../attack/techniques/T1210';
import T1197 from '../attack/techniques/T1197';
import T1110 from '../attack/techniques/T1110';
import T1075 from "../attack/techniques/T1075";
import T1003 from "../attack/techniques/T1003";
const tech_components = {
'T1210': T1210,
'T1197': T1197,
'T1110': T1110,
'T1075': T1075
'T1075': T1075,
'T1003': T1003
};
const classNames = require('classnames');
@ -101,7 +103,7 @@ class AttackReportPageComponent extends AuthComponent {
const TechniqueComponent = tech_components[technique];
return (
<div className={`content ${collapseState}`}>
<TechniqueComponent data={this.state.report[technique]} />
<TechniqueComponent data={this.state.report[technique]} reportData={this.props.reportData}/>
</div>
);
}