From b0f03179c1058797b85f9a3f5ea9e32f9fe61482 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 21 Mar 2022 08:59:17 -0400 Subject: [PATCH] Agent: Add `interrupted` boolean to ExploiterResultData Setting an interrupted flag on the ExploiterResultData is a more useful way to present the information to anything that uses it. If decisions need to be made based on whether or not something was interrupted, a flag can be checked instead of parsing an error message. --- monkey/infection_monkey/exploit/HostExploiter.py | 2 +- monkey/infection_monkey/i_puppet/i_puppet.py | 1 + monkey/infection_monkey/puppet/mock_puppet.py | 15 +++++++++------ .../infection_monkey/telemetry/exploit_telem.py | 4 +++- .../infection_monkey/master/test_propagator.py | 12 ++++++------ .../telemetry/test_exploit_telem.py | 3 ++- 6 files changed, 22 insertions(+), 15 deletions(-) diff --git a/monkey/infection_monkey/exploit/HostExploiter.py b/monkey/infection_monkey/exploit/HostExploiter.py index 2e198ac4c..f791e7a9c 100644 --- a/monkey/infection_monkey/exploit/HostExploiter.py +++ b/monkey/infection_monkey/exploit/HostExploiter.py @@ -100,7 +100,7 @@ class HostExploiter: # Ideally the user should only do "check_for_interrupt()" if self.interrupt.is_set(): logger.info("Exploiter has been interrupted") - self.exploit_result.error_message = "Exploiter has been interrupted" + self.exploit_result.interrupted = True return self.interrupt.is_set() def post_exploit(self): diff --git a/monkey/infection_monkey/i_puppet/i_puppet.py b/monkey/infection_monkey/i_puppet/i_puppet.py index 0db62bae2..d68e42049 100644 --- a/monkey/infection_monkey/i_puppet/i_puppet.py +++ b/monkey/infection_monkey/i_puppet/i_puppet.py @@ -24,6 +24,7 @@ class UnknownPluginError(Exception): class ExploiterResultData: exploitation_success: bool = False propagation_success: bool = False + interrupted: bool = False os: str = "" info: Mapping = None attempts: Iterable = None diff --git a/monkey/infection_monkey/puppet/mock_puppet.py b/monkey/infection_monkey/puppet/mock_puppet.py index bd00c3acb..4ac6f3c2f 100644 --- a/monkey/infection_monkey/puppet/mock_puppet.py +++ b/monkey/infection_monkey/puppet/mock_puppet.py @@ -190,17 +190,18 @@ class MockPuppet(IPuppet): successful_exploiters = { DOT_1: { "PowerShellExploiter": ExploiterResultData( - True, True, os_windows, info_powershell, attempts, None + True, True, False, os_windows, info_powershell, attempts, None ), "ZerologonExploiter": ExploiterResultData( - False, False, os_windows, {}, [], "Zerologon failed" + False, False, False, os_windows, {}, [], "Zerologon failed" ), "SSHExploiter": ExploiterResultData( - False, False, os_linux, info_ssh, attempts, "Failed exploiting" + False, False, False, os_linux, info_ssh, attempts, "Failed exploiting" ), }, DOT_3: { "PowerShellExploiter": ExploiterResultData( + False, False, False, os_windows, @@ -209,9 +210,11 @@ class MockPuppet(IPuppet): "PowerShell Exploiter Failed", ), "SSHExploiter": ExploiterResultData( - False, False, os_linux, info_ssh, attempts, "Failed exploiting" + False, False, False, os_linux, info_ssh, attempts, "Failed exploiting" + ), + "ZerologonExploiter": ExploiterResultData( + True, False, False, os_windows, {}, [], None ), - "ZerologonExploiter": ExploiterResultData(True, False, os_windows, {}, [], None), }, } @@ -219,7 +222,7 @@ class MockPuppet(IPuppet): return successful_exploiters[host.ip_addr][name] except KeyError: return ExploiterResultData( - False, False, os_linux, {}, [], f"{name} failed for host {host}" + False, False, False, os_linux, {}, [], f"{name} failed for host {host}" ) def run_payload(self, name: str, options: Dict, interrupt: threading.Event): diff --git a/monkey/infection_monkey/telemetry/exploit_telem.py b/monkey/infection_monkey/telemetry/exploit_telem.py index c276e1b8f..62f5d728f 100644 --- a/monkey/infection_monkey/telemetry/exploit_telem.py +++ b/monkey/infection_monkey/telemetry/exploit_telem.py @@ -1,9 +1,9 @@ from typing import Dict from common.common_consts.telem_categories import TelemCategoryEnum +from infection_monkey.i_puppet.i_puppet import ExploiterResultData from infection_monkey.model.host import VictimHost from infection_monkey.telemetry.base_telem import BaseTelem -from infection_monkey.i_puppet.i_puppet import ExploiterResultData class ExploitTelem(BaseTelem): @@ -25,6 +25,7 @@ class ExploitTelem(BaseTelem): self.host = host.__dict__ self.exploitation_result = result.exploitation_success self.propagation_result = result.propagation_success + self.interrupted = result.interrupted self.info = result.info self.attempts = result.attempts @@ -34,6 +35,7 @@ class ExploitTelem(BaseTelem): return { "exploitation_result": self.exploitation_result, "propagation_result": self.propagation_result, + "interrupted": self.interrupted, "machine": self.host, "exploiter": self.name, "info": self.info, diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py index 49cdd103a..3746e65eb 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py @@ -201,38 +201,38 @@ class MockExploiter: results_callback( "PowerShellExploiter", host, - ExploiterResultData(True, True, os_windows, {}, {}, None), + ExploiterResultData(True, True, False, os_windows, {}, {}, None), ) results_callback( "SSHExploiter", host, - ExploiterResultData(False, False, os_linux, {}, {}, "SSH FAILED for .1"), + ExploiterResultData(False, False, False, os_linux, {}, {}, "SSH FAILED for .1"), ) elif host.ip_addr.endswith(".2"): results_callback( "PowerShellExploiter", host, ExploiterResultData( - False, False, os_windows, {}, {}, "POWERSHELL FAILED for .2" + False, False, False, os_windows, {}, {}, "POWERSHELL FAILED for .2" ), ) results_callback( "SSHExploiter", host, - ExploiterResultData(False, False, os_linux, {}, {}, "SSH FAILED for .2"), + ExploiterResultData(False, False, False, os_linux, {}, {}, "SSH FAILED for .2"), ) elif host.ip_addr.endswith(".3"): results_callback( "PowerShellExploiter", host, ExploiterResultData( - False, False, os_windows, {}, {}, "POWERSHELL FAILED for .3" + False, False, False, os_windows, {}, {}, "POWERSHELL FAILED for .3" ), ) results_callback( "SSHExploiter", host, - ExploiterResultData(True, True, os_linux, {}, {}, None), + ExploiterResultData(True, True, False, os_linux, {}, {}, None), ) diff --git a/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py b/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py index 600e1db20..3255cc7b7 100644 --- a/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py +++ b/monkey/tests/unit_tests/infection_monkey/telemetry/test_exploit_telem.py @@ -40,7 +40,7 @@ def exploit_telem_test_instance(): EXPLOITER_NAME, HOST, ExploiterResultData( - RESULT, RESULT, OS_LINUX, EXPLOITER_INFO, EXPLOITER_ATTEMPTS, ERROR_MSG + RESULT, RESULT, False, OS_LINUX, EXPLOITER_INFO, EXPLOITER_ATTEMPTS, ERROR_MSG ), ) @@ -50,6 +50,7 @@ def test_exploit_telem_send(exploit_telem_test_instance, spy_send_telemetry): expected_data = { "exploitation_result": RESULT, "propagation_result": RESULT, + "interrupted": False, "machine": HOST_AS_DICT, "exploiter": EXPLOITER_NAME, "info": EXPLOITER_INFO,