Fixed windows bootloader telem parsing for windows

This commit is contained in:
VakarisZ 2020-02-25 17:48:41 +02:00
parent 056c260c12
commit d8aa63d1cb
4 changed files with 29 additions and 18 deletions

View File

@ -27,7 +27,7 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
if not conf: if not conf:
conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'initial'}) conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'initial'})
island_server_path = BootloaderHTTPRequestHandler.get_bootloader_resource_path_from_config(conf) island_server_path = BootloaderHTTPRequestHandler.get_bootloader_resource_path_from_config(conf)
island_server_path = parse.urljoin(island_server_path, self.path) island_server_path = parse.urljoin(island_server_path, self.path[1:])
r = requests.post(url=island_server_path, data=post_data, verify=False) r = requests.post(url=island_server_path, data=post_data, verify=False)
if r.status_code != 200: if r.status_code != 200:
@ -41,4 +41,4 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
@staticmethod @staticmethod
def get_bootloader_resource_path_from_config(config): def get_bootloader_resource_path_from_config(config):
address = config['cnc']['servers']['current_server'] address = config['cnc']['servers']['current_server']
return parse.urljoin("https://"+address, "api/bootloader") return parse.urljoin("https://"+address, "api/bootloader/")

View File

@ -3,19 +3,7 @@ from typing import Dict, List
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.utils.node_groups import NodeGroups from monkey_island.cc.services.utils.node_groups import NodeGroups
from monkey_island.cc.services.utils.bootloader_config import SUPPORTED_WINDOWS_VERSIONS, MIN_GLIBC_VERSION
WINDOWS_VERSIONS = {
"5.0": "Windows 2000",
"5.1": "Windows XP",
"5.2": "Windows XP/server 2003",
"6.0": "Windows Vista/server 2008",
"6.1": "Windows 7/server 2008R2",
"6.2": "Windows 8/server 2012",
"6.3": "Windows 8.1/server 2012R2",
"10.0": "Windows 10/server 2016-2019"
}
MIN_GLIBC_VERSION = 2.14
class BootloaderService: class BootloaderService:
@ -26,13 +14,25 @@ class BootloaderService:
if data['os_version'] == "": if data['os_version'] == "":
data['os_version'] = "Unknown OS" data['os_version'] = "Unknown OS"
mongo.db.bootloader_telems.insert(data) mongo.db.bootloader_telems.insert(data)
will_monkey_run = BootloaderService.is_glibc_supported(data['glibc_version']) will_monkey_run = BootloaderService.is_os_compatible(data)
node = NodeService.get_or_create_node_from_bootloader_data(data, will_monkey_run) node = NodeService.get_or_create_node_from_bootloader_data(data, will_monkey_run)
group_keywords = [data['system'], 'monkey'] group_keywords = [data['system'], 'monkey']
group_keywords.append('starting') if will_monkey_run else group_keywords.append('old') group_keywords.append('starting') if will_monkey_run else group_keywords.append('old')
NodeService.set_node_group(node['_id'], NodeGroups.get_group_by_keywords(group_keywords)) NodeService.set_node_group(node['_id'], NodeGroups.get_group_by_keywords(group_keywords))
return will_monkey_run return will_monkey_run
@staticmethod
def is_os_compatible(bootloader_data) -> bool:
if bootloader_data['system'] == 'windows':
return BootloaderService.is_windows_version_supported(bootloader_data['os_version'])
elif bootloader_data['system'] == 'linux':
return BootloaderService.is_glibc_supported(bootloader_data['glibc_version'])
@staticmethod
def is_windows_version_supported(windows_version) -> bool:
return SUPPORTED_WINDOWS_VERSIONS.get(windows_version)
@staticmethod @staticmethod
def is_glibc_supported(glibc_version_string) -> bool: def is_glibc_supported(glibc_version_string) -> bool:
glibc_version_string = glibc_version_string.lower() glibc_version_string = glibc_version_string.lower()

View File

@ -138,7 +138,7 @@ class NodeService:
@staticmethod @staticmethod
def get_node_group(node) -> str: def get_node_group(node) -> str:
if node['group']: if 'group' in node and node['group']:
return node['group'] return node['group']
node_type = "exploited" if node.get("exploited") else "clean" node_type = "exploited" if node.get("exploited") else "clean"
node_os = NodeService.get_node_os(node) node_os = NodeService.get_node_os(node)
@ -250,7 +250,6 @@ class NodeService:
edge = EdgeService.get_or_create_edge(new_node['_id'], dst_node['id']) edge = EdgeService.get_or_create_edge(new_node['_id'], dst_node['id'])
mongo.db.edge.update({"_id": edge["_id"]}, mongo.db.edge.update({"_id": edge["_id"]},
{'$set': {'tunnel': bool(bootloader_data['tunnel']), {'$set': {'tunnel': bool(bootloader_data['tunnel']),
# 'exploited': (not bool(bootloader_data['tunnel'])),
'ip_address': bootloader_data['ips'][0], 'ip_address': bootloader_data['ips'][0],
'group': NodeGroups.get_group_by_keywords(['island']).value}}, 'group': NodeGroups.get_group_by_keywords(['island']).value}},
upsert=False) upsert=False)

View File

@ -0,0 +1,12 @@
MIN_GLIBC_VERSION = 2.14
SUPPORTED_WINDOWS_VERSIONS = {
"xp_or_lower": False,
"vista": False,
"vista_sp1": False,
"vista_sp2": True,
"windows7": True,
"windows7_sp1": True,
"windows8_or_greater": True,
}