Refactoring T1197 to display time and use tables

This commit is contained in:
VakarisZ 2019-04-10 17:27:40 +03:00
parent 8ee7a06769
commit 1eac9856c4
11 changed files with 75 additions and 66 deletions

View File

@ -9,5 +9,5 @@ class ScanStatus(Enum):
# Technique was attempted and succeeded # Technique was attempted and succeeded
USED = 2 USED = 2
# Dict that describes what BITS job was used for
BITS_UPLOAD_STRING = {"usage": "Bits job was used to upload monkey to a remote system."} BITS_UPLOAD_STRING = {"usage": "BITS job was used to upload monkey to a remote system."}

View File

@ -3,6 +3,7 @@ import requests
import json import json
from infection_monkey.control import ControlClient from infection_monkey.control import ControlClient
import logging import logging
import datetime
__author__ = "VakarisZ" __author__ = "VakarisZ"
@ -20,7 +21,7 @@ class AttackTelem(object):
""" """
self.technique = technique self.technique = technique
self.result = status self.result = status
self.data = {'status': status, 'id': GUID} self.data = {'status': status, 'id': GUID, 'time': AttackTelem.get_current_time_string()}
if data: if data:
self.data.update(data) self.data.update(data)
@ -39,3 +40,13 @@ class AttackTelem(object):
except Exception as exc: except Exception as exc:
LOG.warn("Error connecting to control server %s: %s", LOG.warn("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc) WormConfiguration.current_server, exc)
@staticmethod
def get_current_time_string():
time = datetime.datetime.now()
return "%s-%s-%s %s:%s:%s" % (time.date().year,
time.date().month,
time.date().day,
time.time().hour,
time.time().minute,
time.time().second)

View File

@ -14,5 +14,5 @@ class VictimHostTelem(AttackTelem):
:param data: Other data relevant to the attack technique :param data: Other data relevant to the attack technique
""" """
super(VictimHostTelem, self).__init__(technique, status, data) super(VictimHostTelem, self).__init__(technique, status, data)
victim_host = {'hostname': machine.domain_name, 'ip': machine.ip_addr} victim_host = {'domain_name': machine.domain_name, 'ip_addr': machine.ip_addr}
self.data.update({'machine': victim_host}) self.data.update({'machine': victim_host})

View File

@ -1,5 +1,5 @@
import logging import logging
from cc.services.attack.technique_reports import T1210 from cc.services.attack.technique_reports import T1210, T1197
from cc.services.attack.attack_telem import get_latest_telem from cc.services.attack.attack_telem import get_latest_telem
from cc.services.attack.attack_config import get_technique_values from cc.services.attack.attack_config import get_technique_values
from cc.database import mongo from cc.database import mongo
@ -9,7 +9,8 @@ __author__ = "VakarisZ"
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
TECHNIQUES = {'T1210': T1210} TECHNIQUES = {'T1210': T1210,
'T1197': T1197}
REPORT_NAME = 'new_report' REPORT_NAME = 'new_report'
@ -44,7 +45,7 @@ class AttackReportService:
if AttackReportService.is_report_generated(): if AttackReportService.is_report_generated():
telem_time = get_latest_telem() telem_time = get_latest_telem()
latest_report = mongo.db.attack_report.find_one({'name': REPORT_NAME}) latest_report = mongo.db.attack_report.find_one({'name': REPORT_NAME})
if telem_time and telem_time['timestamp'] == latest_report['meta']['timestamp']: if telem_time and latest_report['meta'] and telem_time['time'] == latest_report['meta']['time']:
return latest_report return latest_report
return AttackReportService.generate_new_report() return AttackReportService.generate_new_report()

View File

@ -74,7 +74,7 @@ SCHEMA = {
"type": "object", "type": "object",
"properties": { "properties": {
"T1197": { "T1197": {
"title": "T1197 Bits jobs", "title": "T1197 BITS jobs",
"type": "bool", "type": "bool",
"value": True, "value": True,
"necessary": True, "necessary": True,

View File

@ -18,7 +18,7 @@ def set_results(technique, data):
""" """
data.update({'technique': technique}) data.update({'technique': technique})
mongo.db.attack_results.insert(data) mongo.db.attack_results.insert(data)
mongo.db.attack_results.update({'name': 'latest'}, {'name': 'latest', 'timestamp': time()}, upsert=True) mongo.db.attack_results.update({'name': 'latest'}, {'name': 'latest', 'time': data['time']}, upsert=True)
def get_latest_telem(): def get_latest_telem():

View File

@ -1,5 +1,5 @@
from monkey_island.cc.services.attack.technique_reports.technique_service import * from monkey_island.cc.services.attack.technique_reports.technique_service import *
from cc.services.report import ReportService from cc.database import mongo
__author__ = "VakarisZ" __author__ = "VakarisZ"
@ -13,6 +13,13 @@ MESSAGES = {
def get_report_data(): def get_report_data():
data = get_tech_base_data(TECHNIQUE, MESSAGES) data = get_tech_base_data(TECHNIQUE, MESSAGES)
bits_results = mongo.db.attack_results.aggregate([{'$match': {'technique': TECHNIQUE}},
data.update() {'$group': {'_id': {'ip_addr': '$machine.ip_addr', 'usage': '$usage'},
'ip_addr': {'$first': '$machine.ip_addr'},
'domain_name': {'$first': '$machine.domain_name'},
'usage': {'$first': '$usage'},
'time': {'$first': '$time'}}
}])
bits_results = list(bits_results)
data.update({'bits_jobs': bits_results})
return data return data

View File

@ -6,6 +6,11 @@ __author__ = "VakarisZ"
def technique_status(technique): def technique_status(technique):
"""
Gets status of certain attack technique. If
:param technique:
:return:
"""
if mongo.db.attack_results.find_one({'status': ScanStatus.USED.value, 'technique': technique}): if mongo.db.attack_results.find_one({'status': ScanStatus.USED.value, 'technique': technique}):
return ScanStatus.USED return ScanStatus.USED
elif mongo.db.attack_results.find_one({'status': ScanStatus.SCANNED.value, 'technique': technique}): elif mongo.db.attack_results.find_one({'status': ScanStatus.SCANNED.value, 'technique': technique}):

View File

@ -1,60 +1,43 @@
import React from 'react'; import React from 'react';
import '../../styles/Collapse.scss' import '../../styles/Collapse.scss'
import {Link} from "react-router-dom"; import ReactTable from "react-table";
let renderArray = function(val) { let renderMachine = function (val) {
return <span>{val.map(x => <span key={x.toString()}>{x} </span>)}</span>;
};
let renderMachine = function (val, index, exploited=false) {
return ( return (
<div key={index}> <span>{val.ip_addr} {(val.domain_name ? " (".concat(val.domain_name, ")") : "")}</span>
{renderArray(val.ip_addresses)}
{(val.domain_name ? " (".concat(val.domain_name, ")") : " (".concat(val.label, ")"))} :
{exploited ? renderArray(val.exploits) : renderArray(val.services)}
</div>
) )
}; };
const columns = [
{
columns: [
{Header: 'Machine', id: 'machine', accessor: x => renderMachine(x), style: { 'whiteSpace': 'unset' }, width: 200},
{Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }, width: 170},
{Header: 'Usage', id: 'usage', accessor: x => x.usage, style: { 'whiteSpace': 'unset' }}
]
}
];
class T1210 extends React.Component { class T1210 extends React.Component {
renderScannedMachines = (machines) => {
let content = [];
for (let i = 0; i < machines.length; i++ ){
if (machines[i].services.length !== 0){
content.push(renderMachine(machines[i], i))
}
}
return <div>{content}</div>;
};
renderExploitedMachines = (machines) => {
let content = [];
for (let i = 0; i < machines.length; i++ ){
if (machines[i].exploits.length !== 0){
content.push(renderMachine(machines[i], i, true))
}
}
return <div>{content}</div>;
};
constructor(props) { constructor(props) {
super(props); super(props);
} }
render() { render() {
console.log(this.props);
return ( return (
<div> <div className="data-table-container">
<div>{this.props.data.message}</div> <div>
<div>Found services: </div> <div>{this.props.data.message}</div>
{this.renderScannedMachines(this.props.data.scanned_machines)} {this.props.data.bits_jobs.length > 0 ? <div>BITS jobs were used in these machines: </div> : ''}
<div>Successful exploiters:</div>
{this.renderExploitedMachines(this.props.data.exploited_machines)}
<div className="attack-report footer-text">
To get more info about scanned and exploited machines view <Link to="/report">standard report.</Link>
</div> </div>
<br/>
<ReactTable
columns={columns}
data={this.props.data.bits_jobs}
showPagination={false}
defaultPageSize={this.props.data.bits_jobs.length}
/>
</div> </div>
); );
} }

View File

@ -44,7 +44,6 @@ class T1210 extends React.Component {
} }
render() { render() {
console.log(this.props);
return ( return (
<div> <div>
<div>{this.props.data.message}</div> <div>{this.props.data.message}</div>

View File

@ -5,10 +5,12 @@ import {edgeGroupToColor, options} from 'components/map/MapOptions';
import AuthComponent from '../AuthComponent'; import AuthComponent from '../AuthComponent';
import Collapse from '@kunukn/react-collapse'; import Collapse from '@kunukn/react-collapse';
import T1210 from '../attack/T1210'; import T1210 from '../attack/T1210';
import T1197 from '../attack/T1197';
import '../../styles/Collapse.scss' import '../../styles/Collapse.scss'
const tech_components = { const tech_components = {
'T1210': T1210 'T1210': T1210,
'T1197': T1197
}; };
const classNames = require('classnames'); const classNames = require('classnames');
@ -21,7 +23,7 @@ class AttackReportPageComponent extends AuthComponent {
report: false, report: false,
allMonkeysAreDead: false, allMonkeysAreDead: false,
runStarted: true, runStarted: true,
index: 1 collapseOpen: ''
}; };
} }
@ -54,8 +56,8 @@ class AttackReportPageComponent extends AuthComponent {
} }
} }
onToggle = index => onToggle = technique =>
this.setState(state => ({ index: state.index === index ? null : index })); this.setState(state => ({ collapseOpen: state.collapseOpen === technique ? null : technique }));
getTechniqueCollapse(tech_id){ getTechniqueCollapse(tech_id){
switch (this.state.report[tech_id].status) { switch (this.state.report[tech_id].status) {
@ -70,21 +72,21 @@ class AttackReportPageComponent extends AuthComponent {
} }
return ( return (
<div className={classNames("collapse-item", { "item--active": this.state.index === 1 })}> <div key={tech_id} className={classNames("collapse-item", { "item--active": this.state.collapseOpen === tech_id })}>
<button className={classNames("btn-collapse", className)} onClick={() => this.onToggle(1)}> <button className={classNames("btn-collapse", className)} onClick={() => this.onToggle(tech_id)}>
<span>{this.state.report[tech_id].title}</span> <span>{this.state.report[tech_id].title}</span>
<span> <span>
<i className={classNames("fa", this.state.index === 1 ? "fa-chevron-down" : "fa-chevron-up")}></i> <i className={classNames("fa", this.state.collapseOpen === tech_id ? "fa-chevron-down" : "fa-chevron-up")}></i>
</span> </span>
</button> </button>
<Collapse <Collapse
className="collapse-comp" className="collapse-comp"
isOpen={this.state.index === 1} isOpen={this.state.collapseOpen === tech_id}
onChange={({ collapseState }) => { onChange={({ collapseState }) => {
this.setState({ item1: collapseState }); this.setState({ tech_id: collapseState });
}} }}
onInit={({ collapseState }) => { onInit={({ collapseState }) => {
this.setState({ item1: collapseState }); this.setState({ tech_id: collapseState });
}} }}
render={collapseState => this.createTechniqueContent(collapseState, tech_id)}/> render={collapseState => this.createTechniqueContent(collapseState, tech_id)}/>
</div> </div>
@ -101,9 +103,10 @@ class AttackReportPageComponent extends AuthComponent {
} }
generateReportContent(){ generateReportContent(){
let content = ''; let content = [];
console.log(this.state.report);
Object.keys(this.state.report).forEach((tech_id) => { Object.keys(this.state.report).forEach((tech_id) => {
content = this.getTechniqueCollapse(tech_id) content.push(this.getTechniqueCollapse(tech_id))
}); });
return ( return (
<div> <div>