Added node and edge based on bootloader telemetry.

This commit is contained in:
VakarisZ 2020-02-12 11:09:11 +02:00
parent 0c157986b7
commit 72d266a1b8
4 changed files with 53 additions and 6 deletions

View File

@ -27,6 +27,7 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'initial'}) conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'initial'})
island_server_path = BootloaderHTTPRequestHandler.get_bootloader_resource_path_from_config(conf) island_server_path = BootloaderHTTPRequestHandler.get_bootloader_resource_path_from_config(conf)
r = requests.post(url=island_server_path, data=post_data, verify=False) r = requests.post(url=island_server_path, data=post_data, verify=False)
if r.status_code != 200: if r.status_code != 200:
self.send_response(404) self.send_response(404)
else: else:

View File

@ -1,6 +1,11 @@
import json
import flask_restful import flask_restful
from flask import request, make_response from flask import request, make_response
from monkey_island.cc.database import mongo
from monkey_island.cc.services.node import NodeService
WINDOWS_VERSIONS = { WINDOWS_VERSIONS = {
"5.0": "Windows 2000", "5.0": "Windows 2000",
"5.1": "Windows XP", "5.1": "Windows XP",
@ -17,9 +22,11 @@ class Bootloader(flask_restful.Resource):
# Used by monkey. can't secure. # Used by monkey. can't secure.
def post(self, **kw): def post(self, **kw):
os_version = request.data.decode().split(" ") data = json.loads(request.data.decode().replace("\n", ""))
if (os_version[0][0] == "W"): local_addr = [i for i in data["ips"] if i.startswith("127")]
os_type = "windows" if local_addr:
os_version = os_version[1:] data["ips"].remove(local_addr[0])
mongo.db.bootloader_telems.insert(data)
node_id = NodeService.get_or_create_node_from_bootloader_telem(data)
return make_response({"status": "OK"}, 200) return make_response({"status": "OK"}, 200)

View File

@ -2,7 +2,7 @@ from bson import ObjectId
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
import monkey_island.cc.services.node import monkey_island.cc.services.node
from monkey_island.cc.models import Monkey from monkey_island.cc.models.monkey import Monkey, MonkeyNotFoundError
__author__ = "itay.mizeretz" __author__ = "itay.mizeretz"
@ -145,7 +145,10 @@ class EdgeService:
from_id = edge["from"] from_id = edge["from"]
to_id = edge["to"] to_id = edge["to"]
from_label = Monkey.get_label_by_id(from_id) try:
from_label = Monkey.get_label_by_id(from_id)
except MonkeyNotFoundError:
from_label = node_service.get_node_by_id(from_id)['domain_name']
if to_id == ObjectId("000000000000000000000000"): if to_id == ObjectId("000000000000000000000000"):
to_label = 'MonkeyIsland' to_label = 'MonkeyIsland'

View File

@ -207,6 +207,42 @@ class NodeService:
}) })
return mongo.db.node.find_one({"_id": new_node_insert_result.inserted_id}) return mongo.db.node.find_one({"_id": new_node_insert_result.inserted_id})
@staticmethod
def create_node_from_bootloader_telem(bootloader_telem):
new_node_insert_result = mongo.db.node.insert_one(
{
"ip_addresses": bootloader_telem['ips'],
"domain_name": bootloader_telem['hostname'],
"exploited": False,
"creds": [],
"os":
{
"type": bootloader_telem['system'],
"version": bootloader_telem['os_version']
}
})
return mongo.db.node.find_one({"_id": new_node_insert_result.inserted_id})
@staticmethod
def get_or_create_node_from_bootloader_telem(bootloader_telem):
new_node = mongo.db.node.find_one({"domain_name": bootloader_telem['hostname'],
"ip_addresses": bootloader_telem['ips']})
if new_node is None:
new_node = NodeService.create_node_from_bootloader_telem(bootloader_telem)
if bootloader_telem['tunnel']:
dst_node = NodeService.get_node_or_monkey_by_ip(bootloader_telem['tunnel'])
else:
dst_node = NodeService.get_monkey_island_node()
edge = EdgeService.get_or_create_edge(new_node['_id'], dst_node['id'])
mongo.db.edge.update({"_id": edge["_id"]},
{'$set': {'tunnel': bool(bootloader_telem['tunnel']),
'exploited': (not bool(bootloader_telem['tunnel'])),
'ip_address': bootloader_telem['ips'][0],
'group': 'island'}},
upsert=False)
return new_node
@staticmethod @staticmethod
def get_or_create_node(ip_address, domain_name=''): def get_or_create_node(ip_address, domain_name=''):
new_node = mongo.db.node.find_one({"ip_addresses": ip_address}) new_node = mongo.db.node.find_one({"ip_addresses": ip_address})