Bugfix: victimhost telem is sent instead of attack telem.

monkey/infection_monkey/exploit/shellshock.py

@@ -133,7 +133,7 @@ class ShellShockExploiter(HostExploiter):
             chmod = '/bin/chmod +x %s' % dropper_target_path_linux
             run_path = exploit + chmod
             self.attack_page(url, header, run_path)
-            T1222Telem(ScanStatus.USED, chmod).send()
+            T1222Telem(ScanStatus.USED, chmod, self.host).send()
 
             # run the monkey
             cmdline = "%s %s" % (dropper_target_path_linux, DROPPER_ARG)

monkey/infection_monkey/exploit/sshexec.py

@@ -165,7 +165,7 @@ class SSHExploiter(HostExploiter):
                 ftp.putfo(file_obj, self._config.dropper_target_path_linux, file_size=monkeyfs.getsize(src_path),
                           callback=self.log_transfer)
                 ftp.chmod(self._config.dropper_target_path_linux, 0o777)
-                T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux).send()
+                T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux, self.host).send()
                 T1105Telem(ScanStatus.USED,
                            get_interface_to_target(self.host.ip_addr),
                            self.host.ip_addr,

monkey/infection_monkey/exploit/vsftpd.py

@@ -129,7 +129,7 @@ class VSFTPDExploiter(HostExploiter):
         change_permission = str.encode(str(change_permission) + '\n')
         LOG.info("change_permission command is %s", change_permission)
         backdoor_socket.send(change_permission)
-        T1222Telem(ScanStatus.USED, change_permission).send()
+        T1222Telem(ScanStatus.USED, change_permission, self.host).send()
 
         # Run monkey on the machine
         parameters = build_monkey_commandline(self.host, get_monkey_depth() - 1)

monkey/infection_monkey/exploit/web_rce.py

@@ -368,10 +368,10 @@ class WebRCE(HostExploiter):
             command = CHMOD_MONKEY % {'monkey_path': path}
         try:
             resp = self.exploit(url, command)
-            T1222Telem(ScanStatus.USED, command).send()
+            T1222Telem(ScanStatus.USED, command, self.host).send()
         except Exception as e:
             LOG.error("Something went wrong while trying to change permission: %s" % e)
-            T1222Telem(ScanStatus.SCANNED, "").send()
+            T1222Telem(ScanStatus.SCANNED, "", self.host).send()
             return False
         # If exploiter returns True / False
         if type(resp) is bool:

monkey/infection_monkey/telemetry/attack/t1222_telem.py

@@ -1,14 +1,14 @@
-from infection_monkey.telemetry.attack.attack_telem import AttackTelem
+from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
 
 
-class T1222Telem(AttackTelem):
+class T1222Telem(VictimHostTelem):
-    def __init__(self, status, command):
+    def __init__(self, status, command, machine):
         """
         T1222 telemetry.
         :param status: ScanStatus of technique
         :param command: command used to change permissions
         """
-        super(T1222Telem, self).__init__('T1222', status)
+        super(T1222Telem, self).__init__('T1222', status, machine)
         self.command = command
 
     def get_data(self):

monkey/monkey_island/cc/services/attack/technique_reports/T1222.py

@@ -14,17 +14,7 @@ class T1222(AttackTechnique):
     query = [{'$match': {'telem_category': 'attack',
                          'data.technique': 'T1222',
                          'data.status': ScanStatus.USED.value}},
-             {'$lookup': {'from': 'monkey',
+             {'$group': {'_id': {'machine': '$data.machine', 'status': '$data.status', 'command': '$data.command'}}},
-                          'localField': 'monkey_guid',
-                          'foreignField': 'guid',
-                          'as': 'monkey'}},
-             {'$project': {'monkey': {'$arrayElemAt': ['$monkey', 0]},
-                           'status': '$data.status',
-                           'command': '$data.command'}},
-             {'$addFields': {'_id': 0,
-                             'machine': {'hostname': '$monkey.hostname', 'ips': '$monkey.ip_addresses'},
-                             'monkey': 0}},
-             {'$group': {'_id': {'machine': '$machine', 'status': '$status', 'command': '$command'}}},
              {"$replaceRoot": {"newRoot": "$_id"}}]
 
     @staticmethod

monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js

@@ -1,7 +1,7 @@
 import React from 'react';
 import '../../../styles/Collapse.scss'
 import ReactTable from "react-table";
-import { renderMachineFromSystemData, scanStatus } from "./Helpers"
+import { renderMachine, scanStatus } from "./Helpers"
 
 
 class T1222 extends React.Component {
@@ -14,7 +14,7 @@ class T1222 extends React.Component {
     return ([{
       Header: "Permission modification commands",
       columns: [
-        {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }},
+        {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: { 'whiteSpace': 'unset' }},
         {Header: 'Command', id: 'command', accessor: x => x.command, style: { 'whiteSpace': 'unset' }},
         ]
     }])};