Fixed host IP address retrieval and system_info_collection bugs

This commit is contained in:
VakarisZ 2019-07-10 08:40:31 +03:00
parent eb574c8fff
commit a91421aaf0
5 changed files with 14 additions and 14 deletions

View File

@ -270,8 +270,8 @@ class SambaCryExploiter(HostExploiter):
with monkeyfs.open(monkey_bin_64_src_path, "rb") as monkey_bin_file:
smb_client.putFile(share, "\\%s" % self.SAMBACRY_MONKEY_FILENAME_64, monkey_bin_file.read)
T1105Telem(ScanStatus.USED,
get_interface_to_target(self.host.ip_addr[0]),
self.host.ip_addr[0],
get_interface_to_target(self.host.ip_addr),
self.host.ip_addr,
monkey_bin_64_src_path).send()
smb_client.disconnectTree(tree_id)

View File

@ -165,15 +165,15 @@ class SSHExploiter(HostExploiter):
callback=self.log_transfer)
ftp.chmod(self._config.dropper_target_path_linux, 0o777)
T1105Telem(ScanStatus.USED,
get_interface_to_target(self.host.ip_addr[0]),
self.host.ip_addr[0],
get_interface_to_target(self.host.ip_addr),
self.host.ip_addr,
src_path).send()
ftp.close()
except Exception as exc:
LOG.debug("Error uploading file into victim %r: (%s)", self.host, exc)
T1105Telem(ScanStatus.SCANNED,
get_interface_to_target(self.host.ip_addr[0]),
self.host.ip_addr[0],
get_interface_to_target(self.host.ip_addr),
self.host.ip_addr,
src_path).send()
return False

View File

@ -140,8 +140,8 @@ class SmbTools(object):
file_uploaded = True
T1105Telem(ScanStatus.USED,
get_interface_to_target(host.ip_addr[0]),
host.ip_addr[0],
get_interface_to_target(host.ip_addr),
host.ip_addr,
dst_path).send()
LOG.info("Copied monkey file '%s' to remote share '%s' [%s] on victim %r",
src_path, share_name, share_path, host)
@ -151,8 +151,8 @@ class SmbTools(object):
LOG.debug("Error uploading monkey to share '%s' on victim %r: %s",
share_name, host, exc)
T1105Telem(ScanStatus.SCANNED,
get_interface_to_target(host.ip_addr[0]),
host.ip_addr[0],
get_interface_to_target(host.ip_addr),
host.ip_addr,
dst_path).send()
continue
finally:

View File

@ -12,7 +12,7 @@ class T1003(AttackTechnique):
scanned_msg = ""
used_msg = "Monkey successfully obtained some credentials from systems on the network."
query = {'telem_category': 'system_info_collection', '$and': [{'data.credentials': {'$exists': True}},
query = {'telem_category': 'system_info', '$and': [{'data.credentials': {'$exists': True}},
# $gt: {} checks if field is not an empty object
{'data.credentials': {'$gt': {}}}]}

View File

@ -12,7 +12,7 @@ class T1082(AttackTechnique):
scanned_msg = ""
used_msg = "Monkey gathered system info from machines in the network."
query = [{'$match': {'telem_category': 'system_info_collection'}},
query = [{'$match': {'telem_category': 'system_info'}},
{'$project': {'machine': {'hostname': '$data.hostname', 'ips': '$data.network_info.networks'},
'aws': '$data.aws',
'netstat': '$data.network_info.netstat',