From 06c14bee67fb83a36b15836fa8ee57836120a4fd Mon Sep 17 00:00:00 2001
From: itay <itay.mizeretz@guardicore.com>
Date: Sun, 23 Jun 2019 14:57:57 +0300
Subject: [PATCH] refactor exploit telem

---
 monkey/infection_monkey/exploit/__init__.py   | 31 +++++++++----------
 monkey/infection_monkey/exploit/sambacry.py   |  6 ++--
 monkey/infection_monkey/exploit/shellshock.py |  2 +-
 monkey/infection_monkey/exploit/weblogic.py   |  2 +-
 .../telemetry/exploit_telem.py                | 27 ++++++++++++++++
 5 files changed, 47 insertions(+), 21 deletions(-)
 create mode 100644 monkey/infection_monkey/telemetry/exploit_telem.py

diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py
index 6aa77733c..97dfe511a 100644
--- a/monkey/infection_monkey/exploit/__init__.py
+++ b/monkey/infection_monkey/exploit/__init__.py
@@ -20,32 +20,31 @@ class HostExploiter(object):
 
     def __init__(self, host):
         self._config = infection_monkey.config.WormConfiguration
-        self._exploit_info = {'display_name': self._EXPLOITED_SERVICE,
-                              'started': '',
-                              'finished': '',
-                              'vulnerable_urls': [],
-                              'vulnerable_ports': []}
-        self._exploit_attempts = []
+        self.exploit_info = {
+            'display_name': self._EXPLOITED_SERVICE,
+            'started': '',
+            'finished': '',
+            'vulnerable_urls': [],
+            'vulnerable_ports': []
+        }
+        self.exploit_attempts = []
         self.host = host
 
     def set_start_time(self):
-        self._exploit_info['started'] = datetime.now().isoformat()
+        self.exploit_info['started'] = datetime.now().isoformat()
 
     def set_finish_time(self):
-        self._exploit_info['finished'] = datetime.now().isoformat()
+        self.exploit_info['finished'] = datetime.now().isoformat()
 
     def is_os_supported(self):
         return self.host.os.get('type') in self._TARGET_OS_TYPE
 
     def send_exploit_telemetry(self, result):
-        from infection_monkey.control import ControlClient
-        ControlClient.send_telemetry(
-            'exploit',
-            {'result': result, 'machine': self.host.__dict__, 'exploiter': self.__class__.__name__,
-             'info': self._exploit_info, 'attempts': self._exploit_attempts})
+        from infection_monkey.telemetry.exploit_telem import ExploitTelem
+        ExploitTelem(self, result).send()
 
     def report_login_attempt(self, result, user, password='', lm_hash='', ntlm_hash='', ssh_key=''):
-        self._exploit_attempts.append({'result': result, 'user': user, 'password': password,
+        self.exploit_attempts.append({'result': result, 'user': user, 'password': password,
                                        'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key})
 
     def exploit_host(self):
@@ -65,10 +64,10 @@ class HostExploiter(object):
         raise NotImplementedError()
 
     def add_vuln_url(self, url):
-        self._exploit_info['vulnerable_urls'].append(url)
+        self.exploit_info['vulnerable_urls'].append(url)
 
     def add_vuln_port(self, port):
-        self._exploit_info['vulnerable_ports'].append(port)
+        self.exploit_info['vulnerable_ports'].append(port)
 
 
 from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter
diff --git a/monkey/infection_monkey/exploit/sambacry.py b/monkey/infection_monkey/exploit/sambacry.py
index 7d9ed1010..b7c168f01 100644
--- a/monkey/infection_monkey/exploit/sambacry.py
+++ b/monkey/infection_monkey/exploit/sambacry.py
@@ -65,9 +65,9 @@ class SambaCryExploiter(HostExploiter):
         LOG.info("Writable shares and their credentials on host %s: %s" %
                  (self.host.ip_addr, str(writable_shares_creds_dict)))
 
-        self._exploit_info["shares"] = {}
+        self.exploit_info["shares"] = {}
         for share in writable_shares_creds_dict:
-            self._exploit_info["shares"][share] = {"creds": writable_shares_creds_dict[share]}
+            self.exploit_info["shares"][share] = {"creds": writable_shares_creds_dict[share]}
             self.try_exploit_share(share, writable_shares_creds_dict[share])
 
         # Wait for samba server to load .so, execute code and create result file.
@@ -90,7 +90,7 @@ class SambaCryExploiter(HostExploiter):
             self.clean_share(self.host.ip_addr, share, writable_shares_creds_dict[share])
 
         for share, fullpath in successfully_triggered_shares:
-            self._exploit_info["shares"][share]["fullpath"] = fullpath
+            self.exploit_info["shares"][share]["fullpath"] = fullpath
 
         if len(successfully_triggered_shares) > 0:
             LOG.info(
diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py
index 337e0ec03..77ffd4538 100644
--- a/monkey/infection_monkey/exploit/shellshock.py
+++ b/monkey/infection_monkey/exploit/shellshock.py
@@ -66,7 +66,7 @@ class ShellShockExploiter(HostExploiter):
         exploitable_urls = [url for url in exploitable_urls if url[0] is True]
 
         # we want to report all vulnerable URLs even if we didn't succeed
-        self._exploit_info['vulnerable_urls'] = [url[1] for url in exploitable_urls]
+        self.exploit_info['vulnerable_urls'] = [url[1] for url in exploitable_urls]
 
         # now try URLs until we install something on victim
         for _, url, header, exploit in exploitable_urls:
diff --git a/monkey/infection_monkey/exploit/weblogic.py b/monkey/infection_monkey/exploit/weblogic.py
index 4c99f82b9..3c6f7b2d2 100644
--- a/monkey/infection_monkey/exploit/weblogic.py
+++ b/monkey/infection_monkey/exploit/weblogic.py
@@ -91,7 +91,7 @@ class WebLogicExploiter(WebRCE):
         if httpd.get_requests > 0:
             # Add all urls because we don't know which one is vulnerable
             self.vulnerable_urls.extend(urls)
-            self._exploit_info['vulnerable_urls'] = self.vulnerable_urls
+            self.exploit_info['vulnerable_urls'] = self.vulnerable_urls
         else:
             LOG.info("No vulnerable urls found, skipping.")
 
diff --git a/monkey/infection_monkey/telemetry/exploit_telem.py b/monkey/infection_monkey/telemetry/exploit_telem.py
new file mode 100644
index 000000000..f6ec6fc9c
--- /dev/null
+++ b/monkey/infection_monkey/telemetry/exploit_telem.py
@@ -0,0 +1,27 @@
+from infection_monkey.telemetry.base_telem import BaseTelem
+
+__author__ = "itay.mizeretz"
+
+
+class ExploitTelem(BaseTelem):
+
+    def __init__(self, exploiter, result):
+        """
+        Default exploit telemetry constructor
+        :param exploiter: The instance of exploiter used
+        :param result: The result from the 'exploit_host' method.
+        """
+        super(ExploitTelem, self).__init__()
+        self.exploiter = exploiter
+        self.result = result
+
+    telem_category = 'attack'
+
+    def get_data(self):
+        return {
+            'result': self.result,
+            'machine': self.exploiter.host.__dict__,
+            'exploiter': self.exploiter.__class__.__name__,
+            'info': self.exploiter.exploit_info,
+            'attempts': self.exploiter.exploit_attempts
+        }