forked from p15670423/monkey
Modifications to get the telemetry feed and reports rendering properly
This commit is contained in:
parent
5a7e8a0b08
commit
90fe06e212
|
@ -1,3 +1,5 @@
|
|||
import subprocess
|
||||
|
||||
from common.data.post_breach_consts import \
|
||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
|
@ -17,7 +19,7 @@ class ModifyShellStartupFiles(PBA):
|
|||
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION)
|
||||
|
||||
def run(self):
|
||||
results = [pba.run(return_result=True) for pba in self.modify_shell_startup_PBA_list()]
|
||||
results = [pba.run() for pba in self.modify_shell_startup_PBA_list()]
|
||||
PostBreachTelem(self, results).send()
|
||||
|
||||
def modify_shell_startup_PBA_list(self):
|
||||
|
|
|
@ -98,9 +98,9 @@ class TelemetryFeed(flask_restful.Resource):
|
|||
|
||||
@staticmethod
|
||||
def get_post_breach_telem_brief(telem):
|
||||
return '%s post breach action executed on %s (%s) machine.' % (telem['data']['name'],
|
||||
telem['data']['hostname'],
|
||||
telem['data']['ip'])
|
||||
return '%s post breach action executed on %s (%s) machine.' % (telem['data'][0]['name'],
|
||||
telem['data'][0]['hostname'],
|
||||
telem['data'][0]['ip'])
|
||||
|
||||
@staticmethod
|
||||
def should_show_brief(telem):
|
||||
|
|
|
@ -18,7 +18,7 @@ class T1136(AttackTechnique):
|
|||
{'data.name': POST_BREACH_COMMUNICATE_AS_NEW_USER}]}},
|
||||
{'$project': {'_id': 0,
|
||||
'machine': {'hostname': '$data.hostname',
|
||||
'ips': ['$data.ip']},
|
||||
'ips': '$data.ip'},
|
||||
'result': '$data.result'}}]
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -16,7 +16,7 @@ class T1154(AttackTechnique):
|
|||
'data.name': POST_BREACH_TRAP_COMMAND}},
|
||||
{'$project': {'_id': 0,
|
||||
'machine': {'hostname': '$data.hostname',
|
||||
'ips': ['$data.ip']},
|
||||
'ips': '$data.ip'},
|
||||
'result': '$data.result'}}]
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -16,7 +16,7 @@ class T1158(AttackTechnique):
|
|||
'data.name': POST_BREACH_HIDDEN_FILES}},
|
||||
{'$project': {'_id': 0,
|
||||
'machine': {'hostname': '$data.hostname',
|
||||
'ips': ['$data.ip']},
|
||||
'ips': '$data.ip'},
|
||||
'result': '$data.result'}}]
|
||||
|
||||
@staticmethod
|
||||
|
@ -25,11 +25,11 @@ class T1158(AttackTechnique):
|
|||
|
||||
hidden_file_info = list(mongo.db.telemetry.aggregate(T1158.query))
|
||||
|
||||
status = []
|
||||
for pba_node in hidden_file_info:
|
||||
status.append(pba_node['result'][1])
|
||||
status = (ScanStatus.USED.value if any(status) else ScanStatus.SCANNED.value)\
|
||||
if status else ScanStatus.UNSCANNED.value
|
||||
status = ScanStatus.UNSCANNED.value
|
||||
if hidden_file_info:
|
||||
successful_PBAs = mongo.db.telemetry.count({'data.name': POST_BREACH_HIDDEN_FILES,
|
||||
'data.result.1': True})
|
||||
status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value
|
||||
|
||||
data.update(T1158.get_base_data_by_status(status))
|
||||
data.update({'info': hidden_file_info})
|
||||
|
|
|
@ -16,7 +16,7 @@ class T1166(AttackTechnique):
|
|||
'data.name': POST_BREACH_SETUID_SETGID}},
|
||||
{'$project': {'_id': 0,
|
||||
'machine': {'hostname': '$data.hostname',
|
||||
'ips': ['$data.ip']},
|
||||
'ips': '$data.ip'},
|
||||
'result': '$data.result'}}]
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -17,7 +17,7 @@ class T1168(AttackTechnique):
|
|||
'data.command': {'$regex': 'crontab'}}},
|
||||
{'$project': {'_id': 0,
|
||||
'machine': {'hostname': '$data.hostname',
|
||||
'ips': ['$data.ip']},
|
||||
'ips': '$data.ip'},
|
||||
'result': '$data.result'}}]
|
||||
|
||||
@staticmethod
|
||||
|
@ -26,8 +26,11 @@ class T1168(AttackTechnique):
|
|||
|
||||
job_scheduling_info = list(mongo.db.telemetry.aggregate(T1168.query))
|
||||
|
||||
status = (ScanStatus.USED.value if job_scheduling_info[0]['result'][1]
|
||||
else ScanStatus.SCANNED.value) if job_scheduling_info else ScanStatus.UNSCANNED.value
|
||||
status = ScanStatus.UNSCANNED.value
|
||||
if job_scheduling_info:
|
||||
successful_PBAs = mongo.db.telemetry.count({'data.name': POST_BREACH_JOB_SCHEDULING,
|
||||
'data.result.1': True})
|
||||
status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value
|
||||
|
||||
data.update(T1168.get_base_data_by_status(status))
|
||||
data.update({'info': job_scheduling_info})
|
||||
|
|
|
@ -18,7 +18,9 @@ def process_communicate_as_new_user_telemetry(telemetry_json):
|
|||
test_new_user_communication(current_monkey, success, message)
|
||||
|
||||
|
||||
def process_shell_startup_file_modification_telemetry(telemetry_json):
|
||||
def modify_data(telemetry_json):
|
||||
modified_data = [telemetry_json['data']]
|
||||
if type(telemetry_json['data']['result'][0]) is list:
|
||||
modified_data = []
|
||||
for result in telemetry_json['data']['result']:
|
||||
temp = copy.deepcopy(telemetry_json['data'])
|
||||
|
@ -29,27 +31,25 @@ def process_shell_startup_file_modification_telemetry(telemetry_json):
|
|||
|
||||
POST_BREACH_TELEMETRY_PROCESSING_FUNCS = {
|
||||
POST_BREACH_COMMUNICATE_AS_NEW_USER: process_communicate_as_new_user_telemetry,
|
||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION: process_shell_startup_file_modification_telemetry,
|
||||
}
|
||||
|
||||
|
||||
def process_post_breach_telemetry(telemetry_json):
|
||||
def modify_blank_outputs(data):
|
||||
if not data['result'][0]:
|
||||
data['result'][0] = EXECUTION_WITHOUT_OUTPUT
|
||||
|
||||
def update_data(data):
|
||||
modify_blank_outputs(data)
|
||||
mongo.db.monkey.update(
|
||||
{'guid': telemetry_json['monkey_guid']},
|
||||
{'$push': {'pba_results': data}})
|
||||
|
||||
post_breach_action_name = telemetry_json["data"]["name"]
|
||||
if post_breach_action_name in POST_BREACH_TELEMETRY_PROCESSING_FUNCS:
|
||||
POST_BREACH_TELEMETRY_PROCESSING_FUNCS[post_breach_action_name](telemetry_json)
|
||||
|
||||
if type(telemetry_json['data']) is list:
|
||||
for pba_data in telemetry_json['data']:
|
||||
modify_blank_outputs(pba_data)
|
||||
mongo.db.monkey.update(
|
||||
{'guid': telemetry_json['monkey_guid']},
|
||||
{'$push': {'pba_results': pba_data}})
|
||||
else:
|
||||
modify_blank_outputs(telemetry_json['data'])
|
||||
mongo.db.monkey.update(
|
||||
{'guid': telemetry_json['monkey_guid']},
|
||||
{'$push': {'pba_results': telemetry_json['data']}})
|
||||
modify_data(telemetry_json)
|
||||
|
||||
def modify_blank_outputs(data):
|
||||
if not data['result']:
|
||||
data['result'] = EXECUTION_WITHOUT_OUTPUT
|
||||
for pba_data in telemetry_json['data']:
|
||||
update_data(pba_data)
|
||||
|
|
Loading…
Reference in New Issue