p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

CLI implementation started

This commit is contained in:
VakarisZ 2019-06-10 08:46:35 +03:00
parent c99ceff21d
commit 9b08e606f8
14 changed files with 100 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
monkey/infection_monkey/exploit/__init__.py
View File

@ -24,7 +24,8 @@ class HostExploiter(object):
'started': '',
'finished': '',
'vulnerable_urls': [],
'vulnerable_ports': []}
'vulnerable_ports': [],
'executed_cmds': []}
self._exploit_attempts = []
self.host = host

1
monkey/infection_monkey/exploit/hadoop.py
View File

@ -49,6 +49,7 @@ class HadoopExploiter(WebRCE):
return False
http_thread.join(self.DOWNLOAD_TIMEOUT)
http_thread.stop()
self._exploit_info['executed_cmds'].append(command)
return True
def exploit(self, url, command):

2
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -76,7 +76,7 @@ class MSSQLExploiter(HostExploiter):
commands.extend(monkey_args)
MSSQLExploiter.execute_command(cursor, commands)
MSSQLExploiter.run_file(cursor, tmp_file_path)
self._exploit_info['executed_cmds'].append(commands[-1])
return True
@staticmethod

2
monkey/infection_monkey/exploit/rdpgrinder.py
View File

@ -343,5 +343,5 @@ class RdpExploiter(HostExploiter):
LOG.info("Executed monkey '%s' on remote victim %r",
os.path.basename(src_path), self.host)
self._exploit_info['executed_cmds'].append(command)
return True

1
monkey/infection_monkey/exploit/shellshock.py
View File

@ -144,6 +144,7 @@ class ShellShockExploiter(HostExploiter):
if not (self.check_remote_file_exists(url, header, exploit, self._config.monkey_log_path_linux)):
LOG.info("Log file does not exist, monkey might not have run")
continue
self._exploit_info['executed_cmds'].append(cmdline)
return True
return False

1
monkey/infection_monkey/exploit/sshexec.py
View File

@ -178,6 +178,7 @@ class SSHExploiter(HostExploiter):
self._config.dropper_target_path_linux, self.host, cmdline)
ssh.close()
self._exploit_info['executed_cmds'].append(cmdline)
return True
except Exception as exc:

1
monkey/infection_monkey/exploit/vsftpd.py
View File

@ -138,6 +138,7 @@ class VSFTPDExploiter(HostExploiter):
if backdoor_socket.send(run_monkey):
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", self._config.dropper_target_path_linux,
self.host, run_monkey)
self._exploit_info['executed_cmds'].append(run_monkey)
return True
else:
return False

2
monkey/infection_monkey/exploit/web_rce.py
View File

@ -419,6 +419,8 @@ class WebRCE(HostExploiter):
LOG.error("Something went wrong when trying to execute remote monkey: %s" % e)
return False
LOG.info("Execution attempt finished")
self._exploit_info['executed_cmds'].append(command)
return resp
def get_monkey_upload_path(self, url_to_monkey):

5
monkey/infection_monkey/exploit/win_ms08_067.py
View File

@ -92,7 +92,7 @@ class SRVSVC_Exploit(object):
def get_telnet_port(self):
"""get_telnet_port()
The port on which the Telnet service will listen.
"""
@ -100,7 +100,7 @@ class SRVSVC_Exploit(object):
def start(self):
"""start() -> socket
Exploit the target machine and return a socket connected to it's
listening Telnet service.
"""
@ -153,6 +153,7 @@ class SRVSVC_Exploit(object):
class Ms08_067_Exploiter(HostExploiter):
_TARGET_OS_TYPE = ['windows']
_EXPLOITED_SERVICE = 'Microsoft Server Service'
_windows_versions = {'Windows Server 2003 3790 Service Pack 2': WindowsVersion.Windows2003_SP2,
'Windows Server 2003 R2 3790 Service Pack 2': WindowsVersion.Windows2003_SP2}

5
monkey/monkey_island/cc/services/attack/attack_report.py
View File

@ -1,5 +1,5 @@
import logging
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059
from monkey_island.cc.services.attack.attack_telem import AttackTelemService
from monkey_island.cc.services.attack.attack_config import AttackConfig
from monkey_island.cc.database import mongo
@ -13,7 +13,8 @@ TECHNIQUES = {'T1210': T1210.T1210,
'T1197': T1197.T1197,
'T1110': T1110.T1110,
'T1075': T1075.T1075,
'T1003': T1003.T1003}
'T1003': T1003.T1003,
'T1059': T1059.T1059}
REPORT_NAME = 'new_report'

14
monkey/monkey_island/cc/services/attack/attack_schema.py
View File

@ -84,5 +84,19 @@ SCHEMA = {
}
}
},
"execution": {
"title": "Execution",
"type": "object",
"properties": {
"T1059": {
"title": "T1059 Command line interface",
"type": "bool",
"value": True,
"necessary": True,
"description": "Adversaries may use command-line interfaces to interact with systems "
"and execute other software during the course of an operation.",
}
}
},
}
}

30
monkey/monkey_island/cc/services/attack/technique_reports/T1059.py Normal file
View File

@ -0,0 +1,30 @@
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
from common.utils.attack_utils import ScanStatus
from monkey_island.cc.database import mongo
__author__ = "VakarisZ"
class T1059(AttackTechnique):
tech_id = "T1059"
unscanned_msg = "Monkey didn't exploit any machines to run commands at."
scanned_msg = ""
used_msg = "Monkey successfully ran commands on exploited machines in the network."
query = [{'$match': {'telem_type': 'exploit',
'data.info.executed_cmds': {'$not': {'$size': 0}}}},
{'$project': {'_id': 0,
'machine': '$data.machine',
'info': '$data.info'}},
{'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}]
@staticmethod
def get_report_data():
cmd_data = list(mongo.db.telemetry.aggregate(T1059.query))
data = {'title': T1059.technique_title(T1059.tech_id), 'data': cmd_data}
if cmd_data:
data.update({'message': T1059.used_msg, 'status': ScanStatus.USED.name})
else:
data.update({'message': T1059.unscanned_msg, 'status': ScanStatus.UNSCANNED.name})
return data

38
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js Normal file
View File

@ -0,0 +1,38 @@
import React from 'react';
import '../../../styles/Collapse.scss'
import ReactTable from "react-table";
import { RenderMachine } from "./Helpers"
class T1059 extends React.Component {
constructor(props) {
super(props);
}
static getHashColumns() {
return ([{
columns: [
{Header: 'Machine', id: 'machine', accessor: x => RenderMachine(x.machine), style: { 'whiteSpace': 'unset' }},
{Header: 'Command', id: 'command', accessor: x => x.attempts[0].hashType, style: { 'whiteSpace': 'unset' }},
]
}])};
render() {
return (
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.status === 'USED' ?
<ReactTable
columns={T1059.getHashColumns()}
data={this.props.data.successful_logins}
showPagination={false}
defaultPageSize={this.props.data.successful_logins.length}
/> : ""}
</div>
);
}
}
export default T1059;

4
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1075.js
View File

@ -22,8 +22,8 @@ class T1075 extends React.Component {
columns: [
{Header: 'Machine', id: 'machine', accessor: x => RenderMachine(x.machine), style: { 'whiteSpace': 'unset' }},
{Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: { 'whiteSpace': 'unset' }},
{Header: 'Username', id: 'attempts', accessor: x => x.attempts[0].user, style: { 'whiteSpace': 'unset' }},
{Header: 'Hash type', id: 'credentials', accessor: x => x.attempts[0].hashType, style: { 'whiteSpace': 'unset' }},
{Header: 'Username', id: 'username', accessor: x => x.attempts[0].user, style: { 'whiteSpace': 'unset' }},
{Header: 'Hash type', id: 'hash', accessor: x => x.attempts[0].hashType, style: { 'whiteSpace': 'unset' }},
]
}])};