210 lines
10 KiB
Plaintext
210 lines
10 KiB
Plaintext
{
|
|
"id": "OwcKMnALpn7tuBaJY1US",
|
|
"name": "Add a new System Info Collector",
|
|
"task": {
|
|
"dod": "Add a system info collector that collects the machine hostname.",
|
|
"tests": [],
|
|
"hints": [
|
|
"First thing you should do is take a look at a different collector (like EnvironmentCollector) and 100% understand how it runs, how results are relayed back to the server, and how the server processes the data.",
|
|
"Try to run \"socket.getfqdn()\".",
|
|
"Take a look at SystemInfoCollector - that's the base class you'll need to implement.",
|
|
"Make sure you add the new collector to the configuration in all relevant places, including making it ON by default!"
|
|
]
|
|
},
|
|
"content": [
|
|
{
|
|
"type": "text",
|
|
"text": "# What are system info collectors?\n\nWell, the name pretty much explains it. They are Monkey classes which collect various information regarding the victim system, such as Environment, SSH Info, Process List, Netstat and more. \n\n## What should I add? \n\nA system info collector which collects the hostname of the system.\n\n## Test manually\n\nOnce you're done, make sure that your collector:\n* Appears in the Island configuration, and is enabled by default\n* The collector actually runs when executing a Monkey.\n* Results show up in the relevant places:\n * The infection map.\n * The security report.\n * The relevant MITRE techniques.\n\n**There are a lot of hints for this unit - don't be afraid to use them!**"
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/common/common_consts/system_info_collectors_names.py",
|
|
"comments": [],
|
|
"firstLineNumber": 1,
|
|
"lines": [
|
|
" AWS_COLLECTOR = \"AwsCollector\"",
|
|
"*HOSTNAME_COLLECTOR = \"HostnameCollector\"",
|
|
"+# SWIMMER: Collector name goes here.",
|
|
" ENVIRONMENT_COLLECTOR = \"EnvironmentCollector\"",
|
|
" PROCESS_LIST_COLLECTOR = \"ProcessListCollector\"",
|
|
" MIMIKATZ_COLLECTOR = \"MimikatzCollector\""
|
|
]
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/infection_monkey/system_info/collectors/hostname_collector.py",
|
|
"comments": [],
|
|
"firstLineNumber": 1,
|
|
"lines": [
|
|
" import logging",
|
|
"*import socket",
|
|
"*",
|
|
"*from common.common_consts.system_info_collectors_names import HOSTNAME_COLLECTOR",
|
|
"*from infection_monkey.system_info.system_info_collector import SystemInfoCollector",
|
|
" ",
|
|
" logger = logging.getLogger(__name__)",
|
|
" ",
|
|
"*",
|
|
"+# SWIMMER: The collector class goes here.",
|
|
"*class HostnameCollector(SystemInfoCollector):",
|
|
"* def __init__(self):",
|
|
"* super().__init__(name=HOSTNAME_COLLECTOR)",
|
|
"*",
|
|
"* def collect(self) -> dict:",
|
|
"* return {\"hostname\": socket.getfqdn()}"
|
|
]
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
|
|
"comments": [],
|
|
"firstLineNumber": 4,
|
|
"lines": [
|
|
" ENVIRONMENT_COLLECTOR,",
|
|
"* HOSTNAME_COLLECTOR,",
|
|
" MIMIKATZ_COLLECTOR,",
|
|
" PROCESS_LIST_COLLECTOR,",
|
|
" )"
|
|
]
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py",
|
|
"comments": [],
|
|
"firstLineNumber": 36,
|
|
"lines": [
|
|
" \"info\": \"If on AWS, collects more information about the AWS instance currently running on.\",",
|
|
" \"attack_techniques\": [\"T1082\"],",
|
|
" },",
|
|
"* {",
|
|
"+ # SWIMMER: Collector config goes here. Tip: Hostname collection relates to the T1082 and T1016 techniques.",
|
|
"* \"type\": \"string\",",
|
|
"* \"enum\": [HOSTNAME_COLLECTOR],",
|
|
"* \"title\": \"Hostname collector\",",
|
|
"* \"safe\": True,",
|
|
"* \"info\": \"Collects machine's hostname.\",",
|
|
"* \"attack_techniques\": [\"T1082\", \"T1016\"],",
|
|
"* },",
|
|
" {",
|
|
" \"type\": \"string\",",
|
|
" \"enum\": [PROCESS_LIST_COLLECTOR],"
|
|
]
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
|
|
"comments": [],
|
|
"firstLineNumber": 1,
|
|
"lines": [
|
|
" from common.common_consts.system_info_collectors_names import (",
|
|
" AWS_COLLECTOR,",
|
|
" AZURE_CRED_COLLECTOR,",
|
|
"* HOSTNAME_COLLECTOR,",
|
|
" HOSTNAME_COLLECTOR,",
|
|
" MIMIKATZ_COLLECTOR,",
|
|
" PROCESS_LIST_COLLECTOR,"
|
|
]
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/monkey_island/cc/services/config_schema/monkey.py",
|
|
"comments": [],
|
|
"firstLineNumber": 92,
|
|
"lines": [
|
|
" \"default\": [",
|
|
" ENVIRONMENT_COLLECTOR,",
|
|
" AWS_COLLECTOR,",
|
|
"* HOSTNAME_COLLECTOR,",
|
|
" PROCESS_LIST_COLLECTOR,",
|
|
" MIMIKATZ_COLLECTOR,",
|
|
" AZURE_CRED_COLLECTOR,"
|
|
]
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py",
|
|
"comments": [],
|
|
"firstLineNumber": 1,
|
|
"lines": [
|
|
" import logging",
|
|
" ",
|
|
"*from monkey_island.cc.models.monkey import Monkey",
|
|
"+# SWIMMER: This will be useful :) monkey_island.cc.models.monkey.Monkey has the useful",
|
|
"+# \"get_single_monkey_by_guid\" and \"set_hostname\" methods.",
|
|
" ",
|
|
" logger = logging.getLogger(__name__)",
|
|
" ",
|
|
" ",
|
|
"*def process_hostname_telemetry(collector_results, monkey_guid):",
|
|
"+# SWIMMER: Processing function goes here.",
|
|
"* Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results[\"hostname\"])"
|
|
]
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
|
"comments": [],
|
|
"firstLineNumber": 1,
|
|
"lines": [
|
|
" import logging",
|
|
" import typing",
|
|
" ",
|
|
"*from common.common_consts.system_info_collectors_names import (",
|
|
" AWS_COLLECTOR,",
|
|
" ENVIRONMENT_COLLECTOR,",
|
|
" HOSTNAME_COLLECTOR,"
|
|
]
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
|
"comments": [],
|
|
"firstLineNumber": 25,
|
|
"lines": [
|
|
" SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {",
|
|
" AWS_COLLECTOR: [process_aws_telemetry],",
|
|
" ENVIRONMENT_COLLECTOR: [process_environment_telemetry],",
|
|
"* HOSTNAME_COLLECTOR: [process_hostname_telemetry],",
|
|
" PROCESS_LIST_COLLECTOR: [check_antivirus_existence],",
|
|
" }",
|
|
" "
|
|
]
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"lines": [
|
|
" )",
|
|
" from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import (",
|
|
" process_environment_telemetry,",
|
|
"*)",
|
|
"*from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import (",
|
|
"* process_hostname_telemetry,",
|
|
"*)",
|
|
" from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import (",
|
|
" check_antivirus_existence,",
|
|
" )"
|
|
],
|
|
"firstLineNumber": 12,
|
|
"path": "monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py",
|
|
"comments": []
|
|
},
|
|
{
|
|
"type": "text",
|
|
"text": "System info collectors are useful to get more data for various things, such as ZT tests or MITRE techniques. Take a look at some other techniques!"
|
|
}
|
|
],
|
|
"symbols": {},
|
|
"file_version": "2.0.1",
|
|
"meta": {
|
|
"app_version": "0.4.1-1",
|
|
"file_blobs": {
|
|
"monkey/common/common_consts/system_info_collectors_names.py": "c93cb2537ca94c9e46980d0cd06cc86a0ab34e29",
|
|
"monkey/infection_monkey/system_info/collectors/hostname_collector.py": "0aeecd9fb7bde83cccd4501ec03e0da199ec5fc3",
|
|
"monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py": "487166ec6f6d0559abd07e04d72fe55f230fc518",
|
|
"monkey/monkey_island/cc/services/config_schema/monkey.py": "0d69c5aa4fee48943f7847048942d257d27c2472",
|
|
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py": "e2de4519cbd71bba70e81cf3ff61817437d95a21",
|
|
"monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py": "894bdce75f0ae2b892bd5b3c6c70949be52b36e7"
|
|
}
|
|
}
|
|
}
|