From d8aa63d1cbaef0e67b593be2dca66e06a218e76a Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 25 Feb 2020 17:48:41 +0200 Subject: [PATCH] Fixed windows bootloader telem parsing for windows --- monkey/monkey_island/cc/bootloader_server.py | 4 +-- .../monkey_island/cc/services/bootloader.py | 28 +++++++++---------- monkey/monkey_island/cc/services/node.py | 3 +- .../cc/services/utils/bootloader_config.py | 12 ++++++++ 4 files changed, 29 insertions(+), 18 deletions(-) create mode 100644 monkey/monkey_island/cc/services/utils/bootloader_config.py diff --git a/monkey/monkey_island/cc/bootloader_server.py b/monkey/monkey_island/cc/bootloader_server.py index 3ba15b5e2..57ec26cef 100644 --- a/monkey/monkey_island/cc/bootloader_server.py +++ b/monkey/monkey_island/cc/bootloader_server.py @@ -27,7 +27,7 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler): if not conf: conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'initial'}) island_server_path = BootloaderHTTPRequestHandler.get_bootloader_resource_path_from_config(conf) - island_server_path = parse.urljoin(island_server_path, self.path) + island_server_path = parse.urljoin(island_server_path, self.path[1:]) r = requests.post(url=island_server_path, data=post_data, verify=False) if r.status_code != 200: @@ -41,4 +41,4 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler): @staticmethod def get_bootloader_resource_path_from_config(config): address = config['cnc']['servers']['current_server'] - return parse.urljoin("https://"+address, "api/bootloader") + return parse.urljoin("https://"+address, "api/bootloader/") diff --git a/monkey/monkey_island/cc/services/bootloader.py b/monkey/monkey_island/cc/services/bootloader.py index 92e852409..96ecbf640 100644 --- a/monkey/monkey_island/cc/services/bootloader.py +++ b/monkey/monkey_island/cc/services/bootloader.py @@ -3,19 +3,7 @@ from typing import Dict, List from monkey_island.cc.database import mongo from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.utils.node_groups import NodeGroups - -WINDOWS_VERSIONS = { - "5.0": "Windows 2000", - "5.1": "Windows XP", - "5.2": "Windows XP/server 2003", - "6.0": "Windows Vista/server 2008", - "6.1": "Windows 7/server 2008R2", - "6.2": "Windows 8/server 2012", - "6.3": "Windows 8.1/server 2012R2", - "10.0": "Windows 10/server 2016-2019" -} - -MIN_GLIBC_VERSION = 2.14 +from monkey_island.cc.services.utils.bootloader_config import SUPPORTED_WINDOWS_VERSIONS, MIN_GLIBC_VERSION class BootloaderService: @@ -26,13 +14,25 @@ class BootloaderService: if data['os_version'] == "": data['os_version'] = "Unknown OS" mongo.db.bootloader_telems.insert(data) - will_monkey_run = BootloaderService.is_glibc_supported(data['glibc_version']) + will_monkey_run = BootloaderService.is_os_compatible(data) node = NodeService.get_or_create_node_from_bootloader_data(data, will_monkey_run) group_keywords = [data['system'], 'monkey'] group_keywords.append('starting') if will_monkey_run else group_keywords.append('old') NodeService.set_node_group(node['_id'], NodeGroups.get_group_by_keywords(group_keywords)) return will_monkey_run + @staticmethod + def is_os_compatible(bootloader_data) -> bool: + if bootloader_data['system'] == 'windows': + return BootloaderService.is_windows_version_supported(bootloader_data['os_version']) + elif bootloader_data['system'] == 'linux': + return BootloaderService.is_glibc_supported(bootloader_data['glibc_version']) + + @staticmethod + def is_windows_version_supported(windows_version) -> bool: + return SUPPORTED_WINDOWS_VERSIONS.get(windows_version) + + @staticmethod def is_glibc_supported(glibc_version_string) -> bool: glibc_version_string = glibc_version_string.lower() diff --git a/monkey/monkey_island/cc/services/node.py b/monkey/monkey_island/cc/services/node.py index f6fa2a387..901df20ce 100644 --- a/monkey/monkey_island/cc/services/node.py +++ b/monkey/monkey_island/cc/services/node.py @@ -138,7 +138,7 @@ class NodeService: @staticmethod def get_node_group(node) -> str: - if node['group']: + if 'group' in node and node['group']: return node['group'] node_type = "exploited" if node.get("exploited") else "clean" node_os = NodeService.get_node_os(node) @@ -250,7 +250,6 @@ class NodeService: edge = EdgeService.get_or_create_edge(new_node['_id'], dst_node['id']) mongo.db.edge.update({"_id": edge["_id"]}, {'$set': {'tunnel': bool(bootloader_data['tunnel']), - # 'exploited': (not bool(bootloader_data['tunnel'])), 'ip_address': bootloader_data['ips'][0], 'group': NodeGroups.get_group_by_keywords(['island']).value}}, upsert=False) diff --git a/monkey/monkey_island/cc/services/utils/bootloader_config.py b/monkey/monkey_island/cc/services/utils/bootloader_config.py new file mode 100644 index 000000000..cb9ff04a6 --- /dev/null +++ b/monkey/monkey_island/cc/services/utils/bootloader_config.py @@ -0,0 +1,12 @@ +MIN_GLIBC_VERSION = 2.14 + +SUPPORTED_WINDOWS_VERSIONS = { + "xp_or_lower": False, + "vista": False, + "vista_sp1": False, + "vista_sp2": True, + "windows7": True, + "windows7_sp1": True, + "windows8_or_greater": True, +} +