Fix bug where stolen credentials had '.' in username

2017-12-12 15:45:32 +02:00 · 2017-12-12 15:45:32 +02:00 · f2b631745d
parent 483394d7f5
commit f2b631745d
2 changed files with 21 additions and 8 deletions
--- a/monkey_island/cc/resources/telemetry.py
+++ b/monkey_island/cc/resources/telemetry.py
@ -39,7 +39,6 @@ class Telemetry(flask_restful.Resource):
        telemetry_json = json.loads(request.data)
        telemetry_json['timestamp'] = datetime.now()

-        telem_id = mongo.db.telemetry.insert(telemetry_json)
        monkey = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])

        try:
@ -53,6 +52,7 @@ class Telemetry(flask_restful.Resource):
            print("Exception caught while processing telemetry: %s" % str(ex))
            traceback.print_exc()

+        telem_id = mongo.db.telemetry.insert(telemetry_json)
        return mongo.db.telemetry.find_one_or_404({"_id": telem_id})

    @staticmethod
@ -70,6 +70,11 @@ class Telemetry(flask_restful.Resource):
                monkey_label = telem_monkey_guid
            x["monkey"] = monkey_label
            objects.append(x)
+            if x['telem_type'] == 'system_info_collection' and 'credentials' in x['data']:
+                for user in x['data']['credentials']:
+                    if -1 != user.find(','):
+                        new_user = user.replace(',', '.')
+                        x['data']['credentials'][new_user] = x['data']['credentials'].pop(user)

        return objects

@ -159,7 +164,6 @@ class Telemetry(flask_restful.Resource):
            creds = telemetry_json['data']['credentials']
            for user in creds:
                ConfigService.creds_add_username(user)
-                creds[user]['user'] = user
                if 'password' in creds[user]:
                    ConfigService.creds_add_password(creds[user]['password'])
                if 'lm_hash' in creds[user]:
@ -167,11 +171,17 @@ class Telemetry(flask_restful.Resource):
                if 'ntlm_hash' in creds[user]:
                    ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash'])

+            for user in creds:
+                if -1 != user.find('.'):
+                    new_user = user.replace('.', ',')
+                    creds[new_user] = creds.pop(user)
+
    @staticmethod
    def process_trace_telemetry(telemetry_json):
        # Nothing to do
        return

+
 TELEM_PROCESS_DICT = \
    {
        'tunnel': Telemetry.process_tunnel_telemetry,
--- a/monkey_island/cc/services/report.py
+++ b/monkey_island/cc/services/report.py
@ -117,7 +117,7 @@ class ReportService:
                for pass_type in monkey_creds[user]:
                    creds.append(
                        {
-                            'username': user,
+                            'username': user.replace(',', '.'),
                            'type': PASS_TYPE_DICT[pass_type],
                            'origin': origin
                        }
@ -231,14 +231,17 @@ class ReportService:

    @staticmethod
    def get_monkey_subnets(monkey_guid):
+        network_info = mongo.db.telemetry.find_one(
+                    {'telem_type': 'system_info_collection', 'monkey_guid': monkey_guid},
+                    {'data.network_info.networks': 1}
+                )
+        if network_info is None:
+            return []
+
        return \
            [
                ipaddress.ip_interface(unicode(network['addr'] + '/' + network['netmask'])).network
-                for network in
-                mongo.db.telemetry.find_one(
-                    {'telem_type': 'system_info_collection', 'monkey_guid': monkey_guid},
-                    {'data.network_info.networks': 1}
-                )['data']['network_info']['networks']
+                for network in network_info['data']['network_info']['networks']
            ]

    @staticmethod