Revert "Telemetry implemented"

This reverts commit f36ff73c9e.
This commit is contained in:
VakarisZ 2019-04-01 19:51:20 +03:00
parent ee0b6a042d
commit 7e5aff1d21
8 changed files with 19 additions and 99 deletions

View File

@ -17,8 +17,6 @@ from infection_monkey.system_info import SystemInfoCollector
from infection_monkey.system_singleton import SystemSingleton from infection_monkey.system_singleton import SystemSingleton
from infection_monkey.windows_upgrader import WindowsUpgrader from infection_monkey.windows_upgrader import WindowsUpgrader
from infection_monkey.post_breach.post_breach_handler import PostBreach from infection_monkey.post_breach.post_breach_handler import PostBreach
from infection_monkey.transport.attack_telems.base_telem import ScanStatus
from infection_monkey.transport.attack_telems.victim_host_telem import VictimHostTelem
__author__ = 'itamar' __author__ = 'itamar'
@ -181,11 +179,9 @@ class InfectionMonkey(object):
for exploiter in [exploiter(machine) for exploiter in self._exploiters]: for exploiter in [exploiter(machine) for exploiter in self._exploiters]:
if self.try_exploiting(machine, exploiter): if self.try_exploiting(machine, exploiter):
host_exploited = True host_exploited = True
VictimHostTelem('T1210', ScanStatus.USED.value, machine=machine).send()
break break
if not host_exploited: if not host_exploited:
self._fail_exploitation_machines.add(machine) self._fail_exploitation_machines.add(machine)
VictimHostTelem('T1210', ScanStatus.SCANNED.value, machine=machine).send()
if not self._keep_running: if not self._keep_running:
break break

View File

@ -1,10 +1,9 @@
from enum import Enum from enum import Enum
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration, GUID
import requests import requests
import json import json
from infection_monkey.control import ControlClient from infection_monkey.control import ControlClient
import logging import logging
from infection_monkey.utils import get_host_info
__author__ = "VakarisZ" __author__ = "VakarisZ"
@ -22,35 +21,21 @@ class ScanStatus(Enum):
class AttackTelem(object): class AttackTelem(object):
def __init__(self, technique, status, data=None, machine=False): def __init__(self, technique, status, data, machine=None):
"""
Default ATT&CK telemetry constructor
:param technique: Technique ID. E.g. T111
:param status: int from ScanStatus Enum
:param data: Other data relevant to the attack technique
:param machine: Boolean. Should we pass current machine's info or not
"""
self.technique = technique self.technique = technique
self.result = status self.result = status
self.data = {'status': status} self.data = {'machine': machine, 'status': status, 'monkey_guid': GUID}
if data: self.data.update(data)
self.data.update(data)
if machine:
self.data.update({'machine': get_host_info()})
def send(self): def send(self):
"""
Sends telemetry to island
:return:
"""
if not WormConfiguration.current_server: if not WormConfiguration.current_server:
return return
try: try:
requests.post("https://%s/api/attack/%s" % (WormConfiguration.current_server, self.technique), reply = requests.post("https://%s/api/%s" % (WormConfiguration.current_server, self.technique),
data=json.dumps(self.data), data=json.dumps(self.data),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},
verify=False, verify=False,
proxies=ControlClient.proxies) proxies=ControlClient.proxies)
except Exception as exc: except Exception as exc:
LOG.warn("Error connecting to control server %s: %s", LOG.warn("Error connecting to control server %s: %s",
WormConfiguration.current_server, exc) WormConfiguration.current_server, exc)

View File

@ -1,21 +0,0 @@
from infection_monkey.transport.attack_telems.base_telem import AttackTelem
__author__ = "VakarisZ"
class VictimHostTelem(AttackTelem):
def __init__(self, technique, status, machine, data=None):
"""
ATT&CK telemetry that parses and sends VictimHost telemetry
:param technique: Technique ID. E.g. T111
:param status: int from ScanStatus Enum
:param machine: VictimHost obj from model/host.py
:param data: Other data relevant to the attack technique
"""
super(VictimHostTelem, self).__init__(technique, status, data, machine=False)
victim_host = {'hostname': machine.domain_name, 'ip': machine.ip_addr}
if data:
self.data.update(data)
if machine:
self.data.update({'machine': victim_host})

View File

@ -2,13 +2,9 @@ import os
import sys import sys
import shutil import shutil
import struct import struct
import socket
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration
LOCAL_IP = '127.0.0.1'
MOCK_IP = '10.255.255.255'
def get_monkey_log_path(): def get_monkey_log_path():
return os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" \ return os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" \
@ -36,26 +32,6 @@ def is_windows_os():
return sys.platform.startswith("win") return sys.platform.startswith("win")
def get_host_info():
return {'hostname': socket.gethostname(), 'ip': get_primary_ip()}
def get_primary_ip():
"""
:return: Primary (default route) IP address
"""
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
try:
# doesn't even have to be reachable
s.connect((MOCK_IP, 1))
ip = s.getsockname()[0]
except:
ip = LOCAL_IP
finally:
s.close()
return ip
def utf_to_ascii(string): def utf_to_ascii(string):
# Converts utf string to ascii. Safe to use even if string is already ascii. # Converts utf string to ascii. Safe to use even if string is already ascii.
udata = string.decode("utf-8") udata = string.decode("utf-8")

View File

@ -30,7 +30,6 @@ from cc.resources.telemetry_feed import TelemetryFeed
from cc.resources.pba_file_download import PBAFileDownload from cc.resources.pba_file_download import PBAFileDownload
from cc.services.config import ConfigService from cc.services.config import ConfigService
from cc.resources.pba_file_upload import FileUpload from cc.resources.pba_file_upload import FileUpload
from cc.resources.attack import Attack
__author__ = 'Barak' __author__ = 'Barak'
@ -124,6 +123,5 @@ def init_app(mongo_url):
'/api/fileUpload/<string:file_type>?load=<string:filename>', '/api/fileUpload/<string:file_type>?load=<string:filename>',
'/api/fileUpload/<string:file_type>?restore=<string:filename>') '/api/fileUpload/<string:file_type>?restore=<string:filename>')
api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/') api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/')
api.add_resource(Attack, '/api/attack/<string:technique>')
return app return app

View File

@ -1,8 +1,11 @@
import flask_restful import flask_restful
from flask import request from flask import request, send_from_directory, Response
import json from cc.services.config import ConfigService, PBA_WINDOWS_FILENAME_PATH, PBA_LINUX_FILENAME_PATH, UPLOADS_DIR
from cc.services.attck.attack_results import set_results from cc.auth import jwt_required
import os
from werkzeug.utils import secure_filename
import logging import logging
import copy
__author__ = 'VakarisZ' __author__ = 'VakarisZ'
@ -11,14 +14,9 @@ LOG = logging.getLogger(__name__)
class Attack(flask_restful.Resource): class Attack(flask_restful.Resource):
""" """
ATT&CK endpoint used to retrieve matrix related info from monkey ATT&CK endpoint used to retrieve matrix related info
""" """
def post(self, technique): @jwt_required()
""" def post(self, attack_type):
Gets ATT&CK telemetry data and stores it in the database
:param technique: Technique ID, e.g. T1111
"""
data = json.loads(request.data)
set_results(technique, data)
return {}

View File

@ -1 +0,0 @@
__author__ = 'VakarisZ'

View File

@ -1,11 +0,0 @@
import logging
from cc.database import mongo
__author__ = "VakarisZ"
logger = logging.getLogger(__name__)
def set_results(technique, data):
data.update({'technique': technique})
mongo.db.attack_results.insert(data)