From 484ed3c508dd8c27a4c06606b0a1186bfd9e49f0 Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Sun, 15 Oct 2017 16:01:39 +0300 Subject: [PATCH] Update node/edge's data regarding exploits --- monkey_island/cc/resources/telemetry.py | 27 ++++------ monkey_island/cc/services/edge.py | 50 +------------------ monkey_island/cc/services/node.py | 4 +- .../components/preview-pane/PreviewPane.js | 32 +++++++----- 4 files changed, 34 insertions(+), 79 deletions(-) diff --git a/monkey_island/cc/resources/telemetry.py b/monkey_island/cc/resources/telemetry.py index 25f45212d..ecf720678 100644 --- a/monkey_island/cc/resources/telemetry.py +++ b/monkey_island/cc/resources/telemetry.py @@ -1,15 +1,15 @@ import json -from datetime import datetime import traceback +from datetime import datetime import dateutil -from flask import request import flask_restful +from flask import request from cc.database import mongo +from cc.services.config import ConfigService from cc.services.edge import EdgeService from cc.services.node import NodeService -from cc.services.config import ConfigService __author__ = 'Barak' @@ -103,19 +103,16 @@ class Telemetry(flask_restful.Resource): def process_exploit_telemetry(self, telemetry_json): edge = self.get_edge_by_scan_or_exploit_telemetry(telemetry_json) - data = telemetry_json['data'] - data["machine"].pop("ip_addr") - new_exploit = \ - { - "timestamp": telemetry_json["timestamp"], - "data": data, - "exploiter": telemetry_json['data']['exploiter'] - } + new_exploit = telemetry_json['data'] + + new_exploit.pop('machine') + new_exploit['timestamp'] = telemetry_json['timestamp'] + mongo.db.edge.update( - {"_id": edge["_id"]}, - {"$push": {"exploits": new_exploit}} + {'_id': edge['_id']}, + {'$push': {'exploits': new_exploit}} ) - if data['result']: + if new_exploit['result']: EdgeService.set_edge_exploited(edge) def process_scan_telemetry(self, telemetry_json): @@ -158,5 +155,3 @@ class Telemetry(flask_restful.Resource): ConfigService.creds_add_lm_hash(creds[user]['lm_hash']) if 'ntlm_hash' in creds[user]: ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash']) - - diff --git a/monkey_island/cc/services/edge.py b/monkey_island/cc/services/edge.py index 96d676c0e..308a57e55 100644 --- a/monkey_island/cc/services/edge.py +++ b/monkey_island/cc/services/edge.py @@ -24,66 +24,20 @@ class EdgeService: def edge_to_displayed_edge(edge): services = [] os = {} - exploits = [] + if len(edge["scans"]) > 0: services = EdgeService.services_to_displayed_services(edge["scans"][-1]["data"]["services"]) os = edge["scans"][-1]["data"]["os"] - for exploit in edge["exploits"]: - new_exploit = EdgeService.exploit_to_displayed_exploit(exploit) - - if (len(exploits) > 0) and (exploits[-1]["exploiter"] == exploit["exploiter"]): - exploit_container = exploits[-1] - else: - exploit_container =\ - { - "exploiter": exploit["exploiter"], - "start_timestamp": exploit["timestamp"], - "end_timestamp": exploit["timestamp"], - "result": False, - "attempts": [] - } - - exploits.append(exploit_container) - - exploit_container["attempts"].append(new_exploit) - if new_exploit["result"]: - exploit_container["result"] = True - exploit_container["end_timestamp"] = new_exploit["timestamp"] - displayed_edge = EdgeService.edge_to_net_edge(edge) displayed_edge["ip_address"] = edge["ip_address"] displayed_edge["services"] = services displayed_edge["os"] = os - displayed_edge["exploits"] = exploits + displayed_edge["exploits"] = edge['exploits'] displayed_edge["_label"] = EdgeService.get_edge_label(displayed_edge) return displayed_edge - @staticmethod - def exploit_to_displayed_exploit(exploit): - user = "" - password = "" - - # TODO: The format that's used today to get the credentials is bad. Change it from monkey side and adapt. - result = exploit["data"]["result"] - if result: - if "creds" in exploit["data"]["machine"]: - user = exploit["data"]["machine"]["creds"].keys()[0] - password = exploit["data"]["machine"]["creds"][user] - else: - if ("user" in exploit["data"]) and ("password" in exploit["data"]): - user = exploit["data"]["user"] - password = exploit["data"]["password"] - - return \ - { - "timestamp": exploit["timestamp"], - "user": user, - "password": password, - "result": result, - } - @staticmethod def insert_edge(from_id, to_id): edge_insert_result = mongo.db.edge.insert_one( diff --git a/monkey_island/cc/services/node.py b/monkey_island/cc/services/node.py index f5dbcf37c..128ca344d 100644 --- a/monkey_island/cc/services/node.py +++ b/monkey_island/cc/services/node.py @@ -62,9 +62,9 @@ class NodeService: @staticmethod def _cmp_exploits_by_timestamp(exploit_1, exploit_2): - if exploit_1["start_timestamp"] == exploit_2["start_timestamp"]: + if exploit_1["timestamp"] == exploit_2["timestamp"]: return 0 - if exploit_1["start_timestamp"] > exploit_2["start_timestamp"]: + if exploit_1["timestamp"] > exploit_2["timestamp"]: return 1 return -1 diff --git a/monkey_island/cc/ui/src/components/preview-pane/PreviewPane.js b/monkey_island/cc/ui/src/components/preview-pane/PreviewPane.js index 020c769e1..109b326eb 100644 --- a/monkey_island/cc/ui/src/components/preview-pane/PreviewPane.js +++ b/monkey_island/cc/ui/src/components/preview-pane/PreviewPane.js @@ -91,9 +91,9 @@ class PreviewPaneComponent extends React.Component {

Timeline