p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cc: Add another table for T1086 (PowerShell) used as PBAs

This commit is contained in:
Shreya Malviya 2021-10-11 17:21:40 +05:30
parent d82f61d524
commit 7fa917581c
2 changed files with 53 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
View File

@ -48,7 +48,7 @@ class T1086(AttackTechnique):
"_id": 0, "_id": 0,
"telem_category": 1, "telem_category": 1,
"machine.hostname": "$data.hostname", "machine.hostname": "$data.hostname",
"machine.ips": "$data.ip", "machine.ips": [{"$arrayElemAt": ["$data.ip", 0]}],
"info": "$data.result", "info": "$data.result",
} }
}, },

59
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js
View File

@ -1,6 +1,6 @@
import React from 'react'; import React from 'react';
import ReactTable from 'react-table'; import ReactTable from 'react-table';
import {renderMachine, ScanStatus} from './Helpers' import {renderMachine, renderMachineFromSystemData, ScanStatus} from './Helpers'
import MitigationsComponent from './MitigationsComponent'; import MitigationsComponent from './MitigationsComponent';
@ -10,9 +10,9 @@ class T1086 extends React.Component {
super(props); super(props);
} }
static getPowershellColumns() { static getPowershellColumnsForExploits() {
return ([{ return ([{
Header: 'Example Powershell commands used', Header: 'PowerShell commands used on exploited machines',
columns: [ columns: [
{ {
Header: 'Machine', Header: 'Machine',
@ -32,18 +32,63 @@ class T1086 extends React.Component {
}]) }])
} }
static getPowershellColumnsForPBAs() {
return ([{
Header: 'PowerShell commands or scripts used as PBAs',
columns: [
{
Header: 'Machine',
id: 'machine',
accessor: x => renderMachineFromSystemData(x.machine),
style: {'whiteSpace': 'unset'},
},
{
Header: 'Information',
id: 'information',
accessor: x => x.info,
style: {'whiteSpace': 'unset'}
}
]
}])
}
getPowershellDataPerCategory(category) {
let data = [];
for (let rowIdx in this.props.data.cmds) {
let row = this.props.data.cmds[rowIdx];
if (row.telem_category == category) {
data.push(row);
}
}
return data
}
render() { render() {
let data_from_exploits = this.getPowershellDataPerCategory("exploit");
let data_from_pbas = this.getPowershellDataPerCategory("post_breach");
return ( return (
<div> <div>
<div>{this.props.data.message_html}</div> <div>{this.props.data.message_html}</div>
<br/> <br/>
{this.props.data.status === ScanStatus.USED ? {this.props.data.status === ScanStatus.USED ?
<div>
<ReactTable <ReactTable
columns={T1086.getPowershellColumns()} columns={T1086.getPowershellColumnsForExploits()}
data={this.props.data.cmds} data={data_from_exploits}
showPagination={false} showPagination={false}
defaultPageSize={this.props.data.cmds.length} defaultPageSize={data_from_exploits.length}
/> : ''} />
<br/>
<br/>
<ReactTable
columns={T1086.getPowershellColumnsForPBAs()}
data={data_from_pbas}
showPagination={false}
defaultPageSize={data_from_pbas.length}
/>
</div> : ''}
<MitigationsComponent mitigations={this.props.data.mitigations}/> <MitigationsComponent mitigations={this.props.data.mitigations}/>
</div> </div>
); );