From 8d9068fe40025f597c710e892bb69e0c0d994584 Mon Sep 17 00:00:00 2001
From: Itay Mizeretz <itay.mizeretz@guardicore.com>
Date: Tue, 7 Nov 2017 14:52:13 +0200
Subject: [PATCH] Add known credentials to monkey documents

---
 monkey_island/cc/resources/monkey.py    |  3 +++
 monkey_island/cc/resources/telemetry.py | 11 +++++++++++
 monkey_island/cc/services/node.py       | 15 +++++++++++++++
 3 files changed, 29 insertions(+)

diff --git a/monkey_island/cc/resources/monkey.py b/monkey_island/cc/resources/monkey.py
index 2e2da8a5d..0c6a8ddf1 100644
--- a/monkey_island/cc/resources/monkey.py
+++ b/monkey_island/cc/resources/monkey.py
@@ -53,6 +53,7 @@ class Monkey(flask_restful.Resource):
 
     def post(self, **kw):
         monkey_json = json.loads(request.data)
+        monkey_json['creds'] = {}
         if 'keepalive' in monkey_json:
             monkey_json['keepalive'] = dateutil.parser.parse(monkey_json['keepalive'])
         else:
@@ -119,6 +120,8 @@ class Monkey(flask_restful.Resource):
             node_id = existing_node["_id"]
             for edge in mongo.db.edge.find({"to": node_id}):
                 mongo.db.edge.update({"_id": edge["_id"]}, {"$set": {"to": new_monkey_id}})
+            for user in existing_node['creds']:
+                NodeService.add_credentials_to_monkey(new_monkey_id, user, existing_node['creds'][user])
             mongo.db.node.remove({"_id": node_id})
 
         return {"id": new_monkey_id}
diff --git a/monkey_island/cc/resources/telemetry.py b/monkey_island/cc/resources/telemetry.py
index 88b144333..6df6649fa 100644
--- a/monkey_island/cc/resources/telemetry.py
+++ b/monkey_island/cc/resources/telemetry.py
@@ -115,6 +115,15 @@ class Telemetry(flask_restful.Resource):
         if new_exploit['result']:
             EdgeService.set_edge_exploited(edge)
 
+        for attempt in telemetry_json['data']['attempts']:
+            if attempt['result']:
+                attempt.pop('result')
+                user = attempt.pop('user')
+                for field in ['password', 'lm_hash', 'ntlm_hash']:
+                    if len(attempt[field]) == 0:
+                        attempt.pop(field)
+                NodeService.add_credentials_to_node(edge['to'], user, attempt)
+
     @staticmethod
     def process_scan_telemetry(telemetry_json):
         edge = Telemetry.get_edge_by_scan_or_exploit_telemetry(telemetry_json)
@@ -151,6 +160,8 @@ class Telemetry(flask_restful.Resource):
             creds = telemetry_json['data']['credentials']
             for user in creds:
                 ConfigService.creds_add_username(user)
+                NodeService.add_credentials_to_monkey(
+                    NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])['_id'], user, creds[user])
                 if 'password' in creds[user]:
                     ConfigService.creds_add_password(creds[user]['password'])
                 if 'lm_hash' in creds[user]:
diff --git a/monkey_island/cc/services/node.py b/monkey_island/cc/services/node.py
index af92eaa42..5777bcc36 100644
--- a/monkey_island/cc/services/node.py
+++ b/monkey_island/cc/services/node.py
@@ -170,6 +170,7 @@ class NodeService:
             {
                 "ip_addresses": [ip_address],
                 "exploited": False,
+                "creds": {},
                 "os":
                     {
                         "type": "unknown",
@@ -277,3 +278,17 @@ class NodeService:
     @staticmethod
     def is_any_monkey_exists():
         return mongo.db.monkey.find_one({}) is not None
+
+    @staticmethod
+    def add_credentials_to_monkey(monkey_id, user, creds):
+        mongo.db.monkey.update(
+            {'_id': monkey_id},
+            {'$set': {'creds.' + user: creds}}
+        )
+
+    @staticmethod
+    def add_credentials_to_node(node_id, user, creds):
+        mongo.db.node.update(
+            {'_id': node_id},
+            {'$set': {'creds.' + user: creds}}
+        )