From 8d0fa3faef58c24f512fe15aae367d8d84a1dbb8 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 21 Feb 2022 13:18:53 +0530 Subject: [PATCH 01/12] Agent: Modify ExploiterResultData to have more details --- monkey/infection_monkey/i_puppet/i_puppet.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/i_puppet/i_puppet.py b/monkey/infection_monkey/i_puppet/i_puppet.py index cafc24f4d..0372b2910 100644 --- a/monkey/infection_monkey/i_puppet/i_puppet.py +++ b/monkey/infection_monkey/i_puppet/i_puppet.py @@ -17,7 +17,8 @@ class UnknownPluginError(Exception): ExploiterResultData = namedtuple( - "ExploiterResultData", ["success", "info", "attempts", "error_message"] + "ExploiterResultData", + ["exploit_success", "propagation_success", "os", "info", "attempts", "error_message"], ) PingScanData = namedtuple("PingScanData", ["response_received", "os"]) PortScanData = namedtuple("PortScanData", ["port", "status", "banner", "service"]) From add9c3a4fe8468e03bb1ae248108f19e84ce6277 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 21 Feb 2022 13:26:25 +0530 Subject: [PATCH 02/12] Agent: Modify mock puppet to conform to modified ExploiterResultData --- monkey/infection_monkey/puppet/mock_puppet.py | 32 +++++++++++++++---- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/monkey/infection_monkey/puppet/mock_puppet.py b/monkey/infection_monkey/puppet/mock_puppet.py index 8b76d175a..453265f55 100644 --- a/monkey/infection_monkey/puppet/mock_puppet.py +++ b/monkey/infection_monkey/puppet/mock_puppet.py @@ -177,25 +177,43 @@ class MockPuppet(IPuppet): "vulnerable_ports": [22], "executed_cmds": [], } + os_windows = "windows" + os_linux = "linux" + successful_exploiters = { DOT_1: { - "PowerShellExploiter": ExploiterResultData(True, info_powershell, attempts, None), - "ZerologonExploiter": ExploiterResultData(False, {}, [], "Zerologon failed"), - "SSHExploiter": ExploiterResultData(False, info_ssh, attempts, "Failed exploiting"), + "PowerShellExploiter": ExploiterResultData( + True, True, os_windows, info_powershell, attempts, None + ), + "ZerologonExploiter": ExploiterResultData( + False, False, os_windows, {}, [], "Zerologon failed" + ), + "SSHExploiter": ExploiterResultData( + False, False, os_linux, info_ssh, attempts, "Failed exploiting" + ), }, DOT_3: { "PowerShellExploiter": ExploiterResultData( - False, info_powershell, attempts, "PowerShell Exploiter Failed" + False, + False, + os_windows, + info_powershell, + attempts, + "PowerShell Exploiter Failed", ), - "SSHExploiter": ExploiterResultData(False, info_ssh, attempts, "Failed exploiting"), - "ZerologonExploiter": ExploiterResultData(True, {}, [], None), + "SSHExploiter": ExploiterResultData( + False, False, os_linux, info_ssh, attempts, "Failed exploiting" + ), + "ZerologonExploiter": ExploiterResultData(True, False, os_windows, {}, [], None), }, } try: return successful_exploiters[host][name] except KeyError: - return ExploiterResultData(False, {}, [], f"{name} failed for host {host}") + return ExploiterResultData( + False, False, os_linux, {}, [], f"{name} failed for host {host}" + ) def run_payload(self, name: str, options: Dict, interrupt: threading.Event): logger.debug(f"run_payload({name}, {options})") From ae856383a949065a467ae6a059fac850ab3d0de6 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 21 Feb 2022 13:27:11 +0530 Subject: [PATCH 03/12] UT: Modify UTs to conform to modified ExploiterResultData --- .../master/test_propagator.py | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py index 0e54f2a4e..f8decace8 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py @@ -100,6 +100,10 @@ dot_3_services = { }, } +os_windows = "windows" + +os_linux = "linux" + @pytest.fixture def mock_ip_scanner(): @@ -184,34 +188,38 @@ class MockExploiter: results_callback( "PowerShellExploiter", host, - ExploiterResultData(True, {}, {}, None), + ExploiterResultData(True, True, os_windows, {}, {}, None), ) results_callback( "SSHExploiter", host, - ExploiterResultData(False, {}, {}, "SSH FAILED for .1"), + ExploiterResultData(False, False, os_linux, {}, {}, "SSH FAILED for .1"), ) elif host.ip_addr.endswith(".2"): results_callback( "PowerShellExploiter", host, - ExploiterResultData(False, {}, {}, "POWERSHELL FAILED for .2"), + ExploiterResultData( + False, False, os_windows, {}, {}, "POWERSHELL FAILED for .2" + ), ) results_callback( "SSHExploiter", host, - ExploiterResultData(False, {}, {}, "SSH FAILED for .2"), + ExploiterResultData(False, False, os_linux, {}, {}, "SSH FAILED for .2"), ) elif host.ip_addr.endswith(".3"): results_callback( "PowerShellExploiter", host, - ExploiterResultData(False, {}, {}, "POWERSHELL FAILED for .3"), + ExploiterResultData( + False, False, os_windows, {}, {}, "POWERSHELL FAILED for .3" + ), ) results_callback( "SSHExploiter", host, - ExploiterResultData(True, {}, {}, None), + ExploiterResultData(True, True, os_linux, {}, {}, None), ) From 9f01aa0a0d0af57e3a63f7b9ed44e56a00164893 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 21 Feb 2022 13:49:40 +0530 Subject: [PATCH 04/12] Agent: Add try/except for importing pwd (can't do it on Windows) --- .../credential_collectors/ssh_collector/ssh_handler.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py index ce3b17311..2e799e0c4 100644 --- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py +++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py @@ -1,7 +1,11 @@ import glob import logging import os -import pwd + +try: # can't import on Windows + import pwd +except ModuleNotFoundError: + pass from typing import Dict, Iterable from common.utils.attack_utils import ScanStatus From a9e000f10071952cbfa27ebe2462ea06f1cdce2e Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 21 Feb 2022 14:38:12 +0530 Subject: [PATCH 05/12] Agent: Modify ExploitTelem based on ExploiterResultData changes --- .../infection_monkey/exploit/HostExploiter.py | 2 +- monkey/infection_monkey/master/exploiter.py | 2 +- monkey/infection_monkey/master/mock_master.py | 40 +++++++++++++++---- monkey/infection_monkey/master/propagator.py | 18 +++++++-- .../telemetry/exploit_telem.py | 19 +++++++-- 5 files changed, 64 insertions(+), 17 deletions(-) diff --git a/monkey/infection_monkey/exploit/HostExploiter.py b/monkey/infection_monkey/exploit/HostExploiter.py index ed7d29d18..744ea57e8 100644 --- a/monkey/infection_monkey/exploit/HostExploiter.py +++ b/monkey/infection_monkey/exploit/HostExploiter.py @@ -51,7 +51,7 @@ class HostExploiter: def send_exploit_telemetry(self, name: str, result: bool): from infection_monkey.telemetry.exploit_telem import ExploitTelem - ExploitTelem( + ExploitTelem( # stale code name=name, host=self.host, result=result, diff --git a/monkey/infection_monkey/master/exploiter.py b/monkey/infection_monkey/master/exploiter.py index 4355ecc16..f0256ed74 100644 --- a/monkey/infection_monkey/master/exploiter.py +++ b/monkey/infection_monkey/master/exploiter.py @@ -86,7 +86,7 @@ class Exploiter: exploiter_results = self._run_exploiter(exploiter_name, victim_host, stop) results_callback(exploiter_name, victim_host, exploiter_results) - if exploiter_name != "ZerologonExploiter" and exploiter_results.success: + if exploiter_results.propagation_success: break def _run_exploiter( diff --git a/monkey/infection_monkey/master/mock_master.py b/monkey/infection_monkey/master/mock_master.py index 5c522a565..e75f3caf2 100644 --- a/monkey/infection_monkey/master/mock_master.py +++ b/monkey/infection_monkey/master/mock_master.py @@ -101,20 +101,44 @@ class MockMaster(IMaster): def _exploit(self): logger.info("Exploiting victims") - result, info, attempts, error_message = self._puppet.exploit_host( - "PowerShellExploiter", "10.0.0.1", {}, None - ) + ( + exploit_result, + propagation_result, + os, + info, + attempts, + error_message, + ) = self._puppet.exploit_host("PowerShellExploiter", "10.0.0.1", {}, None) logger.info(f"Attempts for exploiting {attempts}") self._telemetry_messenger.send_telemetry( - ExploitTelem("PowerShellExploiter", self._hosts["10.0.0.1"], result, info, attempts) + ExploitTelem( + "PowerShellExploiter", + self._hosts["10.0.0.1"], + exploit_result, + propagation_result, + info, + attempts, + ) ) - result, info, attempts, error_message = self._puppet.exploit_host( - "SSHExploiter", "10.0.0.3", {}, None - ) + ( + exploit_result, + propagation_result, + os, + info, + attempts, + error_message, + ) = self._puppet.exploit_host("SSHExploiter", "10.0.0.3", {}, None) logger.info(f"Attempts for exploiting {attempts}") self._telemetry_messenger.send_telemetry( - ExploitTelem("SSHExploiter", self._hosts["10.0.0.3"], result, info, attempts) + ExploitTelem( + "SSHExploiter", + self._hosts["10.0.0.3"], + exploit_result, + propagation_result, + info, + attempts, + ) ) logger.info("Finished exploiting victims") diff --git a/monkey/infection_monkey/master/propagator.py b/monkey/infection_monkey/master/propagator.py index 87f9a1896..870d47d8e 100644 --- a/monkey/infection_monkey/master/propagator.py +++ b/monkey/infection_monkey/master/propagator.py @@ -153,13 +153,25 @@ class Propagator: def _process_exploit_attempts( self, exploiter_name: str, host: VictimHost, result: ExploiterResultData ): - if result.success: + if result.propagation_success: logger.info(f"Successfully propagated to {host} using {exploiter_name}") + elif result.exploit_success: + logger.info( + f"Successfully exploited (but did not propagate to) {host} using {exploiter_name}" + ) else: logger.info( - f"Failed to propagate to {host} using {exploiter_name}: {result.error_message}" + f"Failed to exploit or propagate to {host} using {exploiter_name}: " + f"{result.error_message}" ) self._telemetry_messenger.send_telemetry( - ExploitTelem(exploiter_name, host, result.success, result.info, result.attempts) + ExploitTelem( + exploiter_name, + host, + result.exploit_success, + result.propagation_success, + result.info, + result.attempts, + ) ) diff --git a/monkey/infection_monkey/telemetry/exploit_telem.py b/monkey/infection_monkey/telemetry/exploit_telem.py index a34b4e861..898df4b3e 100644 --- a/monkey/infection_monkey/telemetry/exploit_telem.py +++ b/monkey/infection_monkey/telemetry/exploit_telem.py @@ -6,12 +6,21 @@ from infection_monkey.telemetry.base_telem import BaseTelem class ExploitTelem(BaseTelem): - def __init__(self, name: str, host: VictimHost, result: bool, info: Dict, attempts: List): + def __init__( + self, + name: str, + host: VictimHost, + exploit_result: bool, + propagation_result: bool, + info: Dict, + attempts: List, + ): """ Default exploit telemetry constructor :param name: The name of exploiter used :param host: The host machine - :param result: The result from the 'exploit_host' method + :param exploit_result: The result of exploitation from the 'exploit_host' method + :param propagation_result: The result of propagation from the 'exploit_host' method :param info: Information about the exploiter :param attempts: Information about the exploiter's attempts """ @@ -19,7 +28,8 @@ class ExploitTelem(BaseTelem): self.name = name self.host = host.__dict__ - self.result = result + self.exploit_result = exploit_result + self.propagation_result = propagation_result self.info = info self.attempts = attempts @@ -27,7 +37,8 @@ class ExploitTelem(BaseTelem): def get_data(self) -> Dict: return { - "result": self.result, + "exploit_result": self.exploit_result, + "propagation_result": self.propagation_result, "machine": self.host, "exploiter": self.name, "info": self.info, From 125412ee189d23de60f4bd7f773c78137416a642 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 21 Feb 2022 14:50:33 +0530 Subject: [PATCH 06/12] Agent: Rename variables to make more sense --- monkey/infection_monkey/i_puppet/i_puppet.py | 2 +- monkey/infection_monkey/master/mock_master.py | 8 ++++---- monkey/infection_monkey/master/propagator.py | 4 ++-- monkey/infection_monkey/telemetry/exploit_telem.py | 12 +++++++----- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/monkey/infection_monkey/i_puppet/i_puppet.py b/monkey/infection_monkey/i_puppet/i_puppet.py index 0372b2910..79bd3b4fe 100644 --- a/monkey/infection_monkey/i_puppet/i_puppet.py +++ b/monkey/infection_monkey/i_puppet/i_puppet.py @@ -18,7 +18,7 @@ class UnknownPluginError(Exception): ExploiterResultData = namedtuple( "ExploiterResultData", - ["exploit_success", "propagation_success", "os", "info", "attempts", "error_message"], + ["exploitation_success", "propagation_success", "os", "info", "attempts", "error_message"], ) PingScanData = namedtuple("PingScanData", ["response_received", "os"]) PortScanData = namedtuple("PortScanData", ["port", "status", "banner", "service"]) diff --git a/monkey/infection_monkey/master/mock_master.py b/monkey/infection_monkey/master/mock_master.py index e75f3caf2..a7b62b1fd 100644 --- a/monkey/infection_monkey/master/mock_master.py +++ b/monkey/infection_monkey/master/mock_master.py @@ -102,7 +102,7 @@ class MockMaster(IMaster): def _exploit(self): logger.info("Exploiting victims") ( - exploit_result, + exploitation_result, propagation_result, os, info, @@ -114,7 +114,7 @@ class MockMaster(IMaster): ExploitTelem( "PowerShellExploiter", self._hosts["10.0.0.1"], - exploit_result, + exploitation_result, propagation_result, info, attempts, @@ -122,7 +122,7 @@ class MockMaster(IMaster): ) ( - exploit_result, + exploitation_result, propagation_result, os, info, @@ -134,7 +134,7 @@ class MockMaster(IMaster): ExploitTelem( "SSHExploiter", self._hosts["10.0.0.3"], - exploit_result, + exploitation_result, propagation_result, info, attempts, diff --git a/monkey/infection_monkey/master/propagator.py b/monkey/infection_monkey/master/propagator.py index 870d47d8e..e093c259c 100644 --- a/monkey/infection_monkey/master/propagator.py +++ b/monkey/infection_monkey/master/propagator.py @@ -155,7 +155,7 @@ class Propagator: ): if result.propagation_success: logger.info(f"Successfully propagated to {host} using {exploiter_name}") - elif result.exploit_success: + elif result.exploitation_success: logger.info( f"Successfully exploited (but did not propagate to) {host} using {exploiter_name}" ) @@ -169,7 +169,7 @@ class Propagator: ExploitTelem( exploiter_name, host, - result.exploit_success, + result.exploitation_success, result.propagation_success, result.info, result.attempts, diff --git a/monkey/infection_monkey/telemetry/exploit_telem.py b/monkey/infection_monkey/telemetry/exploit_telem.py index 898df4b3e..312a34592 100644 --- a/monkey/infection_monkey/telemetry/exploit_telem.py +++ b/monkey/infection_monkey/telemetry/exploit_telem.py @@ -10,7 +10,7 @@ class ExploitTelem(BaseTelem): self, name: str, host: VictimHost, - exploit_result: bool, + exploitation_result: bool, propagation_result: bool, info: Dict, attempts: List, @@ -19,8 +19,10 @@ class ExploitTelem(BaseTelem): Default exploit telemetry constructor :param name: The name of exploiter used :param host: The host machine - :param exploit_result: The result of exploitation from the 'exploit_host' method - :param propagation_result: The result of propagation from the 'exploit_host' method + :param exploitation_result: The result of the exploitation attempt from the 'exploit_host' + method + :param propagation_result: The result of the propagation attempt from the 'exploit_host' + method :param info: Information about the exploiter :param attempts: Information about the exploiter's attempts """ @@ -28,7 +30,7 @@ class ExploitTelem(BaseTelem): self.name = name self.host = host.__dict__ - self.exploit_result = exploit_result + self.exploitation_result = exploitation_result self.propagation_result = propagation_result self.info = info self.attempts = attempts @@ -37,7 +39,7 @@ class ExploitTelem(BaseTelem): def get_data(self) -> Dict: return { - "exploit_result": self.exploit_result, + "exploitation_result": self.exploitation_result, "propagation_result": self.propagation_result, "machine": self.host, "exploiter": self.name, From 1cce7426921568590d942988397b3709afd8d296 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 21 Feb 2022 16:02:00 +0530 Subject: [PATCH 07/12] UT: Fix UTs as per changes to ExploiterResultData and ExploitTelem --- .../unit_tests/infection_monkey/master/test_propagator.py | 8 ++++---- .../infection_monkey/telemetry/test_exploit_telem.py | 5 +++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py index f8decace8..06be41c71 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py @@ -254,14 +254,14 @@ def test_exploiter_result_processing( if ip.endswith(".1"): if data["exploiter"].startswith("PowerShell"): - assert data["result"] + assert data["propagation_result"] else: - assert not data["result"] + assert not data["propagation_result"] elif ip.endswith(".3"): if data["exploiter"].startswith("PowerShell"): - assert not data["result"] + assert not data["propagation_result"] else: - assert data["result"] + assert data["propagation_result"] def test_scan_target_generation(telemetry_messenger_spy, mock_ip_scanner, mock_victim_host_factory): diff --git a/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py b/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py index 982299947..0adf69651 100644 --- a/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py +++ b/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py @@ -34,13 +34,14 @@ RESULT = False @pytest.fixture def exploit_telem_test_instance(): - return ExploitTelem(EXPLOITER_NAME, HOST, RESULT, EXPLOITER_INFO, EXPLOITER_ATTEMPTS) + return ExploitTelem(EXPLOITER_NAME, HOST, RESULT, RESULT, EXPLOITER_INFO, EXPLOITER_ATTEMPTS) def test_exploit_telem_send(exploit_telem_test_instance, spy_send_telemetry): exploit_telem_test_instance.send() expected_data = { - "result": RESULT, + "exploitation_result": RESULT, + "propagation_result": RESULT, "machine": HOST_AS_DICT, "exploiter": EXPLOITER_NAME, "info": EXPLOITER_INFO, From afb721017967d6865d0fd0e76d5bcb928b666198 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 22 Feb 2022 12:47:42 +0530 Subject: [PATCH 08/12] Agent: Modify ExploitTelem to accept param of type ExploiterResultData --- monkey/infection_monkey/master/mock_master.py | 40 +++---------------- monkey/infection_monkey/master/propagator.py | 11 +---- .../telemetry/exploit_telem.py | 23 ++++------- 3 files changed, 15 insertions(+), 59 deletions(-) diff --git a/monkey/infection_monkey/master/mock_master.py b/monkey/infection_monkey/master/mock_master.py index a7b62b1fd..e7e8e6237 100644 --- a/monkey/infection_monkey/master/mock_master.py +++ b/monkey/infection_monkey/master/mock_master.py @@ -101,44 +101,16 @@ class MockMaster(IMaster): def _exploit(self): logger.info("Exploiting victims") - ( - exploitation_result, - propagation_result, - os, - info, - attempts, - error_message, - ) = self._puppet.exploit_host("PowerShellExploiter", "10.0.0.1", {}, None) - logger.info(f"Attempts for exploiting {attempts}") + result = self._puppet.exploit_host("PowerShellExploiter", "10.0.0.1", {}, None) + logger.info(f"Attempts for exploiting {result.attempts}") self._telemetry_messenger.send_telemetry( - ExploitTelem( - "PowerShellExploiter", - self._hosts["10.0.0.1"], - exploitation_result, - propagation_result, - info, - attempts, - ) + ExploitTelem("PowerShellExploiter", self._hosts["10.0.0.1"], result) ) - ( - exploitation_result, - propagation_result, - os, - info, - attempts, - error_message, - ) = self._puppet.exploit_host("SSHExploiter", "10.0.0.3", {}, None) - logger.info(f"Attempts for exploiting {attempts}") + result = self._puppet.exploit_host("SSHExploiter", "10.0.0.3", {}, None) + logger.info(f"Attempts for exploiting {result.attempts}") self._telemetry_messenger.send_telemetry( - ExploitTelem( - "SSHExploiter", - self._hosts["10.0.0.3"], - exploitation_result, - propagation_result, - info, - attempts, - ) + ExploitTelem("SSHExploiter", self._hosts["10.0.0.3"], result) ) logger.info("Finished exploiting victims") diff --git a/monkey/infection_monkey/master/propagator.py b/monkey/infection_monkey/master/propagator.py index e093c259c..a8437cc94 100644 --- a/monkey/infection_monkey/master/propagator.py +++ b/monkey/infection_monkey/master/propagator.py @@ -165,13 +165,4 @@ class Propagator: f"{result.error_message}" ) - self._telemetry_messenger.send_telemetry( - ExploitTelem( - exploiter_name, - host, - result.exploitation_success, - result.propagation_success, - result.info, - result.attempts, - ) - ) + self._telemetry_messenger.send_telemetry(ExploitTelem(exploiter_name, host, result)) diff --git a/monkey/infection_monkey/telemetry/exploit_telem.py b/monkey/infection_monkey/telemetry/exploit_telem.py index 312a34592..c85dde798 100644 --- a/monkey/infection_monkey/telemetry/exploit_telem.py +++ b/monkey/infection_monkey/telemetry/exploit_telem.py @@ -1,8 +1,9 @@ -from typing import Dict, List +from typing import Dict from common.common_consts.telem_categories import TelemCategoryEnum from infection_monkey.model.host import VictimHost from infection_monkey.telemetry.base_telem import BaseTelem +from monkey.infection_monkey.i_puppet.i_puppet import ExploiterResultData class ExploitTelem(BaseTelem): @@ -10,30 +11,22 @@ class ExploitTelem(BaseTelem): self, name: str, host: VictimHost, - exploitation_result: bool, - propagation_result: bool, - info: Dict, - attempts: List, + result: ExploiterResultData, ): """ Default exploit telemetry constructor :param name: The name of exploiter used :param host: The host machine - :param exploitation_result: The result of the exploitation attempt from the 'exploit_host' - method - :param propagation_result: The result of the propagation attempt from the 'exploit_host' - method - :param info: Information about the exploiter - :param attempts: Information about the exploiter's attempts + :param result: Data about the exploitation attempt (success status, info, attempts, etc) """ super(ExploitTelem, self).__init__() self.name = name self.host = host.__dict__ - self.exploitation_result = exploitation_result - self.propagation_result = propagation_result - self.info = info - self.attempts = attempts + self.exploitation_result = result.exploitation_success + self.propagation_result = result.propagation_success + self.info = result.info + self.attempts = result.attempts telem_category = TelemCategoryEnum.EXPLOIT From dff5bde894050ce286257848944a70e2b962553d Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 22 Feb 2022 12:50:01 +0530 Subject: [PATCH 09/12] UT: Modify ExploitTelem calls in UTs --- .../infection_monkey/telemetry/test_exploit_telem.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py b/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py index 0adf69651..5d6c81f56 100644 --- a/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py +++ b/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py @@ -5,6 +5,7 @@ import pytest from infection_monkey.exploit.sshexec import SSHExploiter from infection_monkey.model.host import VictimHost from infection_monkey.telemetry.exploit_telem import ExploitTelem +from monkey.infection_monkey.i_puppet.i_puppet import ExploiterResultData DOMAIN_NAME = "domain-name" IP = "0.0.0.0" @@ -30,11 +31,13 @@ EXPLOITER_INFO = { } EXPLOITER_ATTEMPTS = [] RESULT = False +OS_LINUX = "linux" +ERROR_MSG = "failed because yolo" @pytest.fixture def exploit_telem_test_instance(): - return ExploitTelem(EXPLOITER_NAME, HOST, RESULT, RESULT, EXPLOITER_INFO, EXPLOITER_ATTEMPTS) + return ExploitTelem(EXPLOITER_NAME, HOST, ExploiterResultData(RESULT, RESULT, OS_LINUX, EXPLOITER_INFO, EXPLOITER_ATTEMPTS, ERROR_MSG)) def test_exploit_telem_send(exploit_telem_test_instance, spy_send_telemetry): From e47239f81cae806a9f0c5155f29eb1a450c27d00 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 22 Feb 2022 14:08:39 +0530 Subject: [PATCH 10/12] Island: Modify exploit telemetry processing to conform to changes to ExploiterResultData --- monkey/monkey_island/cc/services/edge/edge.py | 2 +- .../monkey_island/cc/services/telemetry/processing/exploit.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/services/edge/edge.py b/monkey/monkey_island/cc/services/edge/edge.py index 461b0e8a5..1ec7462c3 100644 --- a/monkey/monkey_island/cc/services/edge/edge.py +++ b/monkey/monkey_island/cc/services/edge/edge.py @@ -78,7 +78,7 @@ class EdgeService(Edge): def update_based_on_exploit(self, exploit: Dict): self.exploits.append(exploit) self.save() - if exploit["result"]: + if exploit["exploitation_success"]: self.set_exploited() def set_exploited(self): diff --git a/monkey/monkey_island/cc/services/telemetry/processing/exploit.py b/monkey/monkey_island/cc/services/telemetry/processing/exploit.py index e302be5f5..6cd4bc4ae 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/exploit.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/exploit.py @@ -24,7 +24,7 @@ def process_exploit_telemetry(telemetry_json): check_machine_exploited( current_monkey=Monkey.get_single_monkey_by_guid(telemetry_json["monkey_guid"]), - exploit_successful=telemetry_json["data"]["result"], + exploit_successful=telemetry_json["data"]["exploitation_success"], exploiter=telemetry_json["data"]["exploiter"], target_ip=telemetry_json["data"]["machine"]["ip_addr"], timestamp=telemetry_json["timestamp"], @@ -65,7 +65,7 @@ def update_network_with_exploit(edge: EdgeService, telemetry_json): new_exploit.pop("machine") new_exploit["timestamp"] = telemetry_json["timestamp"] edge.update_based_on_exploit(new_exploit) - if new_exploit["result"]: + if new_exploit["exploitation_success"]: NodeService.set_node_exploited(edge.dst_node_id) From f0679ebb26ab1ca1757fd200b7298118c1586a39 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 22 Feb 2022 17:49:08 +0530 Subject: [PATCH 11/12] Agent: Move `pwd`'s import statement to avoid using try/except --- .../credential_collectors/ssh_collector/ssh_handler.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py index 2e799e0c4..98ca0df4a 100644 --- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py +++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py @@ -1,11 +1,6 @@ import glob import logging import os - -try: # can't import on Windows - import pwd -except ModuleNotFoundError: - pass from typing import Dict, Iterable from common.utils.attack_utils import ScanStatus @@ -34,6 +29,8 @@ def get_ssh_info(telemetry_messenger: ITelemetryMessenger) -> Iterable[Dict]: def _get_home_dirs() -> Iterable[Dict]: + import pwd + root_dir = _get_ssh_struct("root", "") home_dirs = [ _get_ssh_struct(x.pw_name, x.pw_dir) for x in pwd.getpwall() if x.pw_dir.startswith("/home") From b91f3b155152efeaca5182112886b9f5d45e5179 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 22 Feb 2022 17:54:31 +0530 Subject: [PATCH 12/12] Agent: Fix comment in ExploitTelem --- monkey/infection_monkey/telemetry/exploit_telem.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/telemetry/exploit_telem.py b/monkey/infection_monkey/telemetry/exploit_telem.py index c85dde798..5c131dc77 100644 --- a/monkey/infection_monkey/telemetry/exploit_telem.py +++ b/monkey/infection_monkey/telemetry/exploit_telem.py @@ -17,7 +17,7 @@ class ExploitTelem(BaseTelem): Default exploit telemetry constructor :param name: The name of exploiter used :param host: The host machine - :param result: Data about the exploitation attempt (success status, info, attempts, etc) + :param result: Data about the exploitation (success status, info, attempts, etc) """ super(ExploitTelem, self).__init__()