Bugfix: victimhost telem is sent instead of attack telem.

2019-07-17 12:14:44 +03:00 · 2019-07-17 12:14:44 +03:00 · 69de938a37
parent d891eb4abb
commit 69de938a37
7 changed files with 12 additions and 22 deletions
--- a/monkey/infection_monkey/exploit/shellshock.py
+++ b/monkey/infection_monkey/exploit/shellshock.py
@ -133,7 +133,7 @@ class ShellShockExploiter(HostExploiter):
            chmod = '/bin/chmod +x %s' % dropper_target_path_linux
            run_path = exploit + chmod
            self.attack_page(url, header, run_path)
-            T1222Telem(ScanStatus.USED, chmod).send()
+            T1222Telem(ScanStatus.USED, chmod, self.host).send()

            # run the monkey
            cmdline = "%s %s" % (dropper_target_path_linux, DROPPER_ARG)
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@ -165,7 +165,7 @@ class SSHExploiter(HostExploiter):
                ftp.putfo(file_obj, self._config.dropper_target_path_linux, file_size=monkeyfs.getsize(src_path),
                          callback=self.log_transfer)
                ftp.chmod(self._config.dropper_target_path_linux, 0o777)
-                T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux).send()
+                T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux, self.host).send()
                T1105Telem(ScanStatus.USED,
                           get_interface_to_target(self.host.ip_addr),
                           self.host.ip_addr,
--- a/monkey/infection_monkey/exploit/vsftpd.py
+++ b/monkey/infection_monkey/exploit/vsftpd.py
@ -129,7 +129,7 @@ class VSFTPDExploiter(HostExploiter):
        change_permission = str.encode(str(change_permission) + '\n')
        LOG.info("change_permission command is %s", change_permission)
        backdoor_socket.send(change_permission)
-        T1222Telem(ScanStatus.USED, change_permission).send()
+        T1222Telem(ScanStatus.USED, change_permission, self.host).send()

        # Run monkey on the machine
        parameters = build_monkey_commandline(self.host, get_monkey_depth() - 1)
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@ -368,10 +368,10 @@ class WebRCE(HostExploiter):
            command = CHMOD_MONKEY % {'monkey_path': path}
        try:
            resp = self.exploit(url, command)
-            T1222Telem(ScanStatus.USED, command).send()
+            T1222Telem(ScanStatus.USED, command, self.host).send()
        except Exception as e:
            LOG.error("Something went wrong while trying to change permission: %s" % e)
-            T1222Telem(ScanStatus.SCANNED, "").send()
+            T1222Telem(ScanStatus.SCANNED, "", self.host).send()
            return False
        # If exploiter returns True / False
        if type(resp) is bool:
--- a/monkey/infection_monkey/telemetry/attack/t1222_telem.py
+++ b/monkey/infection_monkey/telemetry/attack/t1222_telem.py
@ -1,14 +1,14 @@
-from infection_monkey.telemetry.attack.attack_telem import AttackTelem
+from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem


-class T1222Telem(AttackTelem):
-    def __init__(self, status, command):
+class T1222Telem(VictimHostTelem):
+    def __init__(self, status, command, machine):
        """
        T1222 telemetry.
        :param status: ScanStatus of technique
        :param command: command used to change permissions
        """
-        super(T1222Telem, self).__init__('T1222', status)
+        super(T1222Telem, self).__init__('T1222', status, machine)
        self.command = command

    def get_data(self):
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1222.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1222.py
@ -14,17 +14,7 @@ class T1222(AttackTechnique):
    query = [{'$match': {'telem_category': 'attack',
                         'data.technique': 'T1222',
                         'data.status': ScanStatus.USED.value}},
-             {'$lookup': {'from': 'monkey',
-                          'localField': 'monkey_guid',
-                          'foreignField': 'guid',
-                          'as': 'monkey'}},
-             {'$project': {'monkey': {'$arrayElemAt': ['$monkey', 0]},
-                           'status': '$data.status',
-                           'command': '$data.command'}},
-             {'$addFields': {'_id': 0,
-                             'machine': {'hostname': '$monkey.hostname', 'ips': '$monkey.ip_addresses'},
-                             'monkey': 0}},
-             {'$group': {'_id': {'machine': '$machine', 'status': '$status', 'command': '$command'}}},
+             {'$group': {'_id': {'machine': '$data.machine', 'status': '$data.status', 'command': '$data.command'}}},
             {"$replaceRoot": {"newRoot": "$_id"}}]

    @staticmethod
--- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js
+++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js
@ -1,7 +1,7 @@
 import React from 'react';
 import '../../../styles/Collapse.scss'
 import ReactTable from "react-table";
-import { renderMachineFromSystemData, scanStatus } from "./Helpers"
+import { renderMachine, scanStatus } from "./Helpers"


 class T1222 extends React.Component {
@ -14,7 +14,7 @@ class T1222 extends React.Component {
    return ([{
      Header: "Permission modification commands",
      columns: [
-        {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }},
+        {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: { 'whiteSpace': 'unset' }},
        {Header: 'Command', id: 'command', accessor: x => x.command, style: { 'whiteSpace': 'unset' }},
        ]
    }])};