Island: remove system_info processing file
No system info telemetries need to be processed anymore
This commit is contained in:
parent
5471e9854c
commit
73434537fe
|
@ -2,22 +2,22 @@ import logging
|
||||||
|
|
||||||
from common.common_consts.telem_categories import TelemCategoryEnum
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
from monkey_island.cc.services.telemetry.processing.aws_info import process_aws_telemetry
|
from monkey_island.cc.services.telemetry.processing.aws_info import process_aws_telemetry
|
||||||
|
from monkey_island.cc.services.telemetry.processing.credentials.credentials_parser import\
|
||||||
|
parse_credentials
|
||||||
from monkey_island.cc.services.telemetry.processing.exploit import process_exploit_telemetry
|
from monkey_island.cc.services.telemetry.processing.exploit import process_exploit_telemetry
|
||||||
from monkey_island.cc.services.telemetry.processing.post_breach import process_post_breach_telemetry
|
from monkey_island.cc.services.telemetry.processing.post_breach import process_post_breach_telemetry
|
||||||
from monkey_island.cc.services.telemetry.processing.scan import process_scan_telemetry
|
from monkey_island.cc.services.telemetry.processing.scan import process_scan_telemetry
|
||||||
from monkey_island.cc.services.telemetry.processing.state import process_state_telemetry
|
from monkey_island.cc.services.telemetry.processing.state import process_state_telemetry
|
||||||
from monkey_island.cc.services.telemetry.processing.system_info import process_system_info_telemetry
|
|
||||||
from monkey_island.cc.services.telemetry.processing.tunnel import process_tunnel_telemetry
|
from monkey_island.cc.services.telemetry.processing.tunnel import process_tunnel_telemetry
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
TELEMETRY_CATEGORY_TO_PROCESSING_FUNC = {
|
TELEMETRY_CATEGORY_TO_PROCESSING_FUNC = {
|
||||||
TelemCategoryEnum.CREDENTIALS: process_credentials_telemetry,
|
TelemCategoryEnum.CREDENTIALS: parse_credentials,
|
||||||
TelemCategoryEnum.TUNNEL: process_tunnel_telemetry,
|
TelemCategoryEnum.TUNNEL: process_tunnel_telemetry,
|
||||||
TelemCategoryEnum.STATE: process_state_telemetry,
|
TelemCategoryEnum.STATE: process_state_telemetry,
|
||||||
TelemCategoryEnum.EXPLOIT: process_exploit_telemetry,
|
TelemCategoryEnum.EXPLOIT: process_exploit_telemetry,
|
||||||
TelemCategoryEnum.SCAN: process_scan_telemetry,
|
TelemCategoryEnum.SCAN: process_scan_telemetry,
|
||||||
TelemCategoryEnum.SYSTEM_INFO: process_system_info_telemetry,
|
|
||||||
TelemCategoryEnum.POST_BREACH: process_post_breach_telemetry,
|
TelemCategoryEnum.POST_BREACH: process_post_breach_telemetry,
|
||||||
TelemCategoryEnum.AWS_INFO: process_aws_telemetry,
|
TelemCategoryEnum.AWS_INFO: process_aws_telemetry,
|
||||||
# `lambda *args, **kwargs: None` is a no-op.
|
# `lambda *args, **kwargs: None` is a no-op.
|
||||||
|
|
|
@ -1,95 +0,0 @@
|
||||||
import logging
|
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
|
||||||
from monkey_island.cc.services.config import ConfigService
|
|
||||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501
|
|
||||||
SystemInfoTelemetryDispatcher,
|
|
||||||
)
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
def process_system_info_telemetry(telemetry_json):
|
|
||||||
dispatcher = SystemInfoTelemetryDispatcher()
|
|
||||||
telemetry_processing_stages = [
|
|
||||||
process_ssh_info,
|
|
||||||
process_credential_info,
|
|
||||||
dispatcher.dispatch_collector_results_to_relevant_processors,
|
|
||||||
]
|
|
||||||
|
|
||||||
# Calling safe_process_telemetry so if one of the stages fail, we log and move on instead of
|
|
||||||
# failing the rest of
|
|
||||||
# them, as they are independent.
|
|
||||||
for stage in telemetry_processing_stages:
|
|
||||||
safe_process_telemetry(stage, telemetry_json)
|
|
||||||
|
|
||||||
|
|
||||||
def safe_process_telemetry(processing_function, telemetry_json):
|
|
||||||
# noinspection PyBroadException
|
|
||||||
try:
|
|
||||||
processing_function(telemetry_json)
|
|
||||||
except Exception as err:
|
|
||||||
logger.error(
|
|
||||||
"Error {} while in {} stage of processing telemetry.".format(
|
|
||||||
str(err), processing_function.__name__
|
|
||||||
),
|
|
||||||
exc_info=True,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def process_ssh_info(telemetry_json):
|
|
||||||
if "ssh_info" in telemetry_json["data"]:
|
|
||||||
ssh_info = telemetry_json["data"]["ssh_info"]
|
|
||||||
encrypt_system_info_ssh_keys(ssh_info)
|
|
||||||
if telemetry_json["data"]["network_info"]["networks"]:
|
|
||||||
# We use user_name@machine_ip as the name of the ssh key stolen, thats why we need ip
|
|
||||||
# from telemetry
|
|
||||||
add_ip_to_ssh_keys(telemetry_json["data"]["network_info"]["networks"][0], ssh_info)
|
|
||||||
add_system_info_ssh_keys_to_config(ssh_info)
|
|
||||||
|
|
||||||
|
|
||||||
def add_system_info_ssh_keys_to_config(ssh_info):
|
|
||||||
for user in ssh_info:
|
|
||||||
ConfigService.creds_add_username(user["name"])
|
|
||||||
# Public key is useless without private key
|
|
||||||
if user["public_key"] and user["private_key"]:
|
|
||||||
ConfigService.ssh_add_keys(
|
|
||||||
user["public_key"], user["private_key"], user["name"], user["ip"]
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def add_ip_to_ssh_keys(ip, ssh_info):
|
|
||||||
for key in ssh_info:
|
|
||||||
key["ip"] = ip["addr"]
|
|
||||||
|
|
||||||
|
|
||||||
def encrypt_system_info_ssh_keys(ssh_info):
|
|
||||||
for idx, user in enumerate(ssh_info):
|
|
||||||
for field in ["public_key", "private_key", "known_hosts"]:
|
|
||||||
if ssh_info[idx][field]:
|
|
||||||
ssh_info[idx][field] = get_datastore_encryptor().encrypt(ssh_info[idx][field])
|
|
||||||
|
|
||||||
|
|
||||||
def process_credential_info(telemetry_json):
|
|
||||||
if "credentials" in telemetry_json["data"]:
|
|
||||||
creds = telemetry_json["data"]["credentials"]
|
|
||||||
add_system_info_creds_to_config(creds)
|
|
||||||
replace_user_dot_with_comma(creds)
|
|
||||||
|
|
||||||
|
|
||||||
def replace_user_dot_with_comma(creds):
|
|
||||||
for user in creds:
|
|
||||||
if -1 != user.find("."):
|
|
||||||
new_user = user.replace(".", ",")
|
|
||||||
creds[new_user] = creds.pop(user)
|
|
||||||
|
|
||||||
|
|
||||||
def add_system_info_creds_to_config(creds):
|
|
||||||
for user in creds:
|
|
||||||
ConfigService.creds_add_username(creds[user]["username"])
|
|
||||||
if "password" in creds[user] and creds[user]["password"]:
|
|
||||||
ConfigService.creds_add_password(creds[user]["password"])
|
|
||||||
if "lm_hash" in creds[user] and creds[user]["lm_hash"]:
|
|
||||||
ConfigService.creds_add_lm_hash(creds[user]["lm_hash"])
|
|
||||||
if "ntlm_hash" in creds[user] and creds[user]["ntlm_hash"]:
|
|
||||||
ConfigService.creds_add_ntlm_hash(creds[user]["ntlm_hash"])
|
|
Loading…
Reference in New Issue