forked from p15670423/monkey
Fixed windows bootloader telem parsing for windows
This commit is contained in:
parent
056c260c12
commit
d8aa63d1cb
|
@ -27,7 +27,7 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
|
||||||
if not conf:
|
if not conf:
|
||||||
conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'initial'})
|
conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'initial'})
|
||||||
island_server_path = BootloaderHTTPRequestHandler.get_bootloader_resource_path_from_config(conf)
|
island_server_path = BootloaderHTTPRequestHandler.get_bootloader_resource_path_from_config(conf)
|
||||||
island_server_path = parse.urljoin(island_server_path, self.path)
|
island_server_path = parse.urljoin(island_server_path, self.path[1:])
|
||||||
r = requests.post(url=island_server_path, data=post_data, verify=False)
|
r = requests.post(url=island_server_path, data=post_data, verify=False)
|
||||||
|
|
||||||
if r.status_code != 200:
|
if r.status_code != 200:
|
||||||
|
@ -41,4 +41,4 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_bootloader_resource_path_from_config(config):
|
def get_bootloader_resource_path_from_config(config):
|
||||||
address = config['cnc']['servers']['current_server']
|
address = config['cnc']['servers']['current_server']
|
||||||
return parse.urljoin("https://"+address, "api/bootloader")
|
return parse.urljoin("https://"+address, "api/bootloader/")
|
||||||
|
|
|
@ -3,19 +3,7 @@ from typing import Dict, List
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
from monkey_island.cc.services.utils.node_groups import NodeGroups
|
from monkey_island.cc.services.utils.node_groups import NodeGroups
|
||||||
|
from monkey_island.cc.services.utils.bootloader_config import SUPPORTED_WINDOWS_VERSIONS, MIN_GLIBC_VERSION
|
||||||
WINDOWS_VERSIONS = {
|
|
||||||
"5.0": "Windows 2000",
|
|
||||||
"5.1": "Windows XP",
|
|
||||||
"5.2": "Windows XP/server 2003",
|
|
||||||
"6.0": "Windows Vista/server 2008",
|
|
||||||
"6.1": "Windows 7/server 2008R2",
|
|
||||||
"6.2": "Windows 8/server 2012",
|
|
||||||
"6.3": "Windows 8.1/server 2012R2",
|
|
||||||
"10.0": "Windows 10/server 2016-2019"
|
|
||||||
}
|
|
||||||
|
|
||||||
MIN_GLIBC_VERSION = 2.14
|
|
||||||
|
|
||||||
|
|
||||||
class BootloaderService:
|
class BootloaderService:
|
||||||
|
@ -26,13 +14,25 @@ class BootloaderService:
|
||||||
if data['os_version'] == "":
|
if data['os_version'] == "":
|
||||||
data['os_version'] = "Unknown OS"
|
data['os_version'] = "Unknown OS"
|
||||||
mongo.db.bootloader_telems.insert(data)
|
mongo.db.bootloader_telems.insert(data)
|
||||||
will_monkey_run = BootloaderService.is_glibc_supported(data['glibc_version'])
|
will_monkey_run = BootloaderService.is_os_compatible(data)
|
||||||
node = NodeService.get_or_create_node_from_bootloader_data(data, will_monkey_run)
|
node = NodeService.get_or_create_node_from_bootloader_data(data, will_monkey_run)
|
||||||
group_keywords = [data['system'], 'monkey']
|
group_keywords = [data['system'], 'monkey']
|
||||||
group_keywords.append('starting') if will_monkey_run else group_keywords.append('old')
|
group_keywords.append('starting') if will_monkey_run else group_keywords.append('old')
|
||||||
NodeService.set_node_group(node['_id'], NodeGroups.get_group_by_keywords(group_keywords))
|
NodeService.set_node_group(node['_id'], NodeGroups.get_group_by_keywords(group_keywords))
|
||||||
return will_monkey_run
|
return will_monkey_run
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def is_os_compatible(bootloader_data) -> bool:
|
||||||
|
if bootloader_data['system'] == 'windows':
|
||||||
|
return BootloaderService.is_windows_version_supported(bootloader_data['os_version'])
|
||||||
|
elif bootloader_data['system'] == 'linux':
|
||||||
|
return BootloaderService.is_glibc_supported(bootloader_data['glibc_version'])
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def is_windows_version_supported(windows_version) -> bool:
|
||||||
|
return SUPPORTED_WINDOWS_VERSIONS.get(windows_version)
|
||||||
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def is_glibc_supported(glibc_version_string) -> bool:
|
def is_glibc_supported(glibc_version_string) -> bool:
|
||||||
glibc_version_string = glibc_version_string.lower()
|
glibc_version_string = glibc_version_string.lower()
|
||||||
|
|
|
@ -138,7 +138,7 @@ class NodeService:
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_node_group(node) -> str:
|
def get_node_group(node) -> str:
|
||||||
if node['group']:
|
if 'group' in node and node['group']:
|
||||||
return node['group']
|
return node['group']
|
||||||
node_type = "exploited" if node.get("exploited") else "clean"
|
node_type = "exploited" if node.get("exploited") else "clean"
|
||||||
node_os = NodeService.get_node_os(node)
|
node_os = NodeService.get_node_os(node)
|
||||||
|
@ -250,7 +250,6 @@ class NodeService:
|
||||||
edge = EdgeService.get_or_create_edge(new_node['_id'], dst_node['id'])
|
edge = EdgeService.get_or_create_edge(new_node['_id'], dst_node['id'])
|
||||||
mongo.db.edge.update({"_id": edge["_id"]},
|
mongo.db.edge.update({"_id": edge["_id"]},
|
||||||
{'$set': {'tunnel': bool(bootloader_data['tunnel']),
|
{'$set': {'tunnel': bool(bootloader_data['tunnel']),
|
||||||
# 'exploited': (not bool(bootloader_data['tunnel'])),
|
|
||||||
'ip_address': bootloader_data['ips'][0],
|
'ip_address': bootloader_data['ips'][0],
|
||||||
'group': NodeGroups.get_group_by_keywords(['island']).value}},
|
'group': NodeGroups.get_group_by_keywords(['island']).value}},
|
||||||
upsert=False)
|
upsert=False)
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
MIN_GLIBC_VERSION = 2.14
|
||||||
|
|
||||||
|
SUPPORTED_WINDOWS_VERSIONS = {
|
||||||
|
"xp_or_lower": False,
|
||||||
|
"vista": False,
|
||||||
|
"vista_sp1": False,
|
||||||
|
"vista_sp2": True,
|
||||||
|
"windows7": True,
|
||||||
|
"windows7_sp1": True,
|
||||||
|
"windows8_or_greater": True,
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue