forked from p15670423/monkey
Rename test victim host telem file
Create new T1197Telem class for new telemetries
This commit is contained in:
parent
93d6280d1a
commit
4d962feafe
|
@ -9,8 +9,9 @@ class ScanStatus(Enum):
|
||||||
# Technique was attempted and succeeded
|
# Technique was attempted and succeeded
|
||||||
USED = 2
|
USED = 2
|
||||||
|
|
||||||
|
|
||||||
# Dict that describes what BITS job was used for
|
# Dict that describes what BITS job was used for
|
||||||
BITS_UPLOAD_STRING = {"usage": "BITS job was used to upload monkey to a remote system."}
|
BITS_UPLOAD_STRING = "BITS job was used to upload monkey to a remote system."
|
||||||
|
|
||||||
|
|
||||||
def format_time(time):
|
def format_time(time):
|
||||||
|
|
|
@ -11,7 +11,7 @@ from infection_monkey.exploit.web_rce import WebRCE
|
||||||
from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\
|
from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\
|
||||||
DOWNLOAD_TIMEOUT
|
DOWNLOAD_TIMEOUT
|
||||||
from infection_monkey.network.elasticfinger import ES_PORT, ES_SERVICE
|
from infection_monkey.network.elasticfinger import ES_PORT, ES_SERVICE
|
||||||
from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
|
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||||
from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
|
from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
|
||||||
|
|
||||||
import re
|
import re
|
||||||
|
@ -64,7 +64,7 @@ class ElasticGroovyExploiter(WebRCE):
|
||||||
def upload_monkey(self, url, commands=None):
|
def upload_monkey(self, url, commands=None):
|
||||||
result = super(ElasticGroovyExploiter, self).upload_monkey(url, commands)
|
result = super(ElasticGroovyExploiter, self).upload_monkey(url, commands)
|
||||||
if 'windows' in self.host.os['type'] and result:
|
if 'windows' in self.host.os['type'] and result:
|
||||||
VictimHostTelem("T1197", ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
|
T1197Telem(ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
|
||||||
return result
|
return result
|
||||||
|
|
||||||
def get_results(self, response):
|
def get_results(self, response):
|
||||||
|
|
|
@ -15,9 +15,9 @@ from infection_monkey.exploit.tools import get_target_monkey
|
||||||
from infection_monkey.model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
|
from infection_monkey.model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
|
||||||
from infection_monkey.network.tools import check_tcp_port
|
from infection_monkey.network.tools import check_tcp_port
|
||||||
from infection_monkey.exploit.tools import build_monkey_commandline
|
from infection_monkey.exploit.tools import build_monkey_commandline
|
||||||
|
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||||
from infection_monkey.utils import utf_to_ascii
|
from infection_monkey.utils import utf_to_ascii
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
|
|
||||||
from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
|
from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
|
||||||
|
|
||||||
__author__ = 'hoffer'
|
__author__ = 'hoffer'
|
||||||
|
@ -316,7 +316,7 @@ class RdpExploiter(HostExploiter):
|
||||||
|
|
||||||
if client_factory.success:
|
if client_factory.success:
|
||||||
if not self._config.rdp_use_vbs_download:
|
if not self._config.rdp_use_vbs_download:
|
||||||
VictimHostTelem("T1197", ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
|
T1197Telem(ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
|
||||||
self.add_vuln_port(RDP_PORT)
|
self.add_vuln_port(RDP_PORT)
|
||||||
exploited = True
|
exploited = True
|
||||||
self.report_login_attempt(True, user, password)
|
self.report_login_attempt(True, user, password)
|
||||||
|
|
|
@ -7,7 +7,7 @@ from infection_monkey.exploit import HostExploiter
|
||||||
from infection_monkey.model import *
|
from infection_monkey.model import *
|
||||||
from infection_monkey.exploit.tools import get_target_monkey, get_monkey_depth, build_monkey_commandline, HTTPTools
|
from infection_monkey.exploit.tools import get_target_monkey, get_monkey_depth, build_monkey_commandline, HTTPTools
|
||||||
from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service
|
from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service
|
||||||
from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
|
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||||
from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
|
from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
|
||||||
|
|
||||||
__author__ = 'VakarisZ'
|
__author__ = 'VakarisZ'
|
||||||
|
@ -307,7 +307,7 @@ class WebRCE(HostExploiter):
|
||||||
if not isinstance(resp, bool) and POWERSHELL_NOT_FOUND in resp:
|
if not isinstance(resp, bool) and POWERSHELL_NOT_FOUND in resp:
|
||||||
LOG.info("Powershell not found in host. Using bitsadmin to download.")
|
LOG.info("Powershell not found in host. Using bitsadmin to download.")
|
||||||
backup_command = RDP_CMDLINE_HTTP % {'monkey_path': dest_path, 'http_path': http_path}
|
backup_command = RDP_CMDLINE_HTTP % {'monkey_path': dest_path, 'http_path': http_path}
|
||||||
VictimHostTelem("T1197", ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
|
T1197Telem(ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
|
||||||
resp = self.exploit(url, backup_command)
|
resp = self.exploit(url, backup_command)
|
||||||
return resp
|
return resp
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
|
||||||
|
|
||||||
|
__author__ = "itay.mizeretz"
|
||||||
|
|
||||||
|
|
||||||
|
class T1197Telem(VictimHostTelem):
|
||||||
|
def __init__(self, status, machine, usage):
|
||||||
|
"""
|
||||||
|
T1197 telemetry.
|
||||||
|
:param status: ScanStatus of technique
|
||||||
|
:param machine: VictimHost obj from model/host.py
|
||||||
|
:param usage: Usage string
|
||||||
|
"""
|
||||||
|
super(T1197Telem, self).__init__('T1197', status, machine)
|
||||||
|
self.usage = usage
|
||||||
|
|
||||||
|
def get_data(self):
|
||||||
|
data = super(T1197Telem, self).get_data()
|
||||||
|
data.update({
|
||||||
|
'usage': self.usage
|
||||||
|
})
|
||||||
|
return data
|
Loading…
Reference in New Issue