refactor exploit telem

This commit is contained in:
itay 2019-06-23 14:57:57 +03:00
parent 78b8ef4bd3
commit 06c14bee67
5 changed files with 47 additions and 21 deletions

View File

@ -20,32 +20,31 @@ class HostExploiter(object):
def __init__(self, host):
self._config = infection_monkey.config.WormConfiguration
self._exploit_info = {'display_name': self._EXPLOITED_SERVICE,
self.exploit_info = {
'display_name': self._EXPLOITED_SERVICE,
'started': '',
'finished': '',
'vulnerable_urls': [],
'vulnerable_ports': []}
self._exploit_attempts = []
'vulnerable_ports': []
}
self.exploit_attempts = []
self.host = host
def set_start_time(self):
self._exploit_info['started'] = datetime.now().isoformat()
self.exploit_info['started'] = datetime.now().isoformat()
def set_finish_time(self):
self._exploit_info['finished'] = datetime.now().isoformat()
self.exploit_info['finished'] = datetime.now().isoformat()
def is_os_supported(self):
return self.host.os.get('type') in self._TARGET_OS_TYPE
def send_exploit_telemetry(self, result):
from infection_monkey.control import ControlClient
ControlClient.send_telemetry(
'exploit',
{'result': result, 'machine': self.host.__dict__, 'exploiter': self.__class__.__name__,
'info': self._exploit_info, 'attempts': self._exploit_attempts})
from infection_monkey.telemetry.exploit_telem import ExploitTelem
ExploitTelem(self, result).send()
def report_login_attempt(self, result, user, password='', lm_hash='', ntlm_hash='', ssh_key=''):
self._exploit_attempts.append({'result': result, 'user': user, 'password': password,
self.exploit_attempts.append({'result': result, 'user': user, 'password': password,
'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key})
def exploit_host(self):
@ -65,10 +64,10 @@ class HostExploiter(object):
raise NotImplementedError()
def add_vuln_url(self, url):
self._exploit_info['vulnerable_urls'].append(url)
self.exploit_info['vulnerable_urls'].append(url)
def add_vuln_port(self, port):
self._exploit_info['vulnerable_ports'].append(port)
self.exploit_info['vulnerable_ports'].append(port)
from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter

View File

@ -65,9 +65,9 @@ class SambaCryExploiter(HostExploiter):
LOG.info("Writable shares and their credentials on host %s: %s" %
(self.host.ip_addr, str(writable_shares_creds_dict)))
self._exploit_info["shares"] = {}
self.exploit_info["shares"] = {}
for share in writable_shares_creds_dict:
self._exploit_info["shares"][share] = {"creds": writable_shares_creds_dict[share]}
self.exploit_info["shares"][share] = {"creds": writable_shares_creds_dict[share]}
self.try_exploit_share(share, writable_shares_creds_dict[share])
# Wait for samba server to load .so, execute code and create result file.
@ -90,7 +90,7 @@ class SambaCryExploiter(HostExploiter):
self.clean_share(self.host.ip_addr, share, writable_shares_creds_dict[share])
for share, fullpath in successfully_triggered_shares:
self._exploit_info["shares"][share]["fullpath"] = fullpath
self.exploit_info["shares"][share]["fullpath"] = fullpath
if len(successfully_triggered_shares) > 0:
LOG.info(

View File

@ -66,7 +66,7 @@ class ShellShockExploiter(HostExploiter):
exploitable_urls = [url for url in exploitable_urls if url[0] is True]
# we want to report all vulnerable URLs even if we didn't succeed
self._exploit_info['vulnerable_urls'] = [url[1] for url in exploitable_urls]
self.exploit_info['vulnerable_urls'] = [url[1] for url in exploitable_urls]
# now try URLs until we install something on victim
for _, url, header, exploit in exploitable_urls:

View File

@ -91,7 +91,7 @@ class WebLogicExploiter(WebRCE):
if httpd.get_requests > 0:
# Add all urls because we don't know which one is vulnerable
self.vulnerable_urls.extend(urls)
self._exploit_info['vulnerable_urls'] = self.vulnerable_urls
self.exploit_info['vulnerable_urls'] = self.vulnerable_urls
else:
LOG.info("No vulnerable urls found, skipping.")

View File

@ -0,0 +1,27 @@
from infection_monkey.telemetry.base_telem import BaseTelem
__author__ = "itay.mizeretz"
class ExploitTelem(BaseTelem):
def __init__(self, exploiter, result):
"""
Default exploit telemetry constructor
:param exploiter: The instance of exploiter used
:param result: The result from the 'exploit_host' method.
"""
super(ExploitTelem, self).__init__()
self.exploiter = exploiter
self.result = result
telem_category = 'attack'
def get_data(self):
return {
'result': self.result,
'machine': self.exploiter.host.__dict__,
'exploiter': self.exploiter.__class__.__name__,
'info': self.exploiter.exploit_info,
'attempts': self.exploiter.exploit_attempts
}