Merge branch 'attack_exfiltration_c2_channel' into attack_file_perm_mod

This commit is contained in:
VakarisZ 2019-08-21 09:06:33 +03:00
commit ba40f1a5c4
7 changed files with 40 additions and 26 deletions

View File

@ -82,22 +82,20 @@ class Monkey(Document):
os = "windows"
return os
def renew_ttl(self, duration=DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS):
self.ttl_ref = create_monkey_ttl_document(duration)
self.save()
def get_network_info(self):
"""
Formats network info from monkey's model
:return: dictionary with an array of IP's and a hostname
"""
return {'ips': self.ip_addresses, 'hostname': self.hostname}
@staticmethod
def get_tunneled_monkeys():
return Monkey.objects(tunnel__exists=True)
@staticmethod
def get_network_info(monkey):
"""
Formats network info from monkey's model
:param monkey: monkey model
:return: dictionary with an array of IP's and a hostname
"""
return {'ips': monkey.ip_addresses, 'hostname': monkey.hostname}
def renew_ttl(self, duration=DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS):
self.ttl_ref = create_monkey_ttl_document(duration)
self.save()
class MonkeyNotFoundError(Exception):

View File

@ -9,11 +9,11 @@ from monkey_ttl import MonkeyTtl
class TestMonkey(IslandTestCase):
"""
Make sure to set server environment to `testing` in server.json! Otherwise this will mess up your mongo instance and
Make sure to set server environment to `testing` in server_config.json! Otherwise this will mess up your mongo instance and
won't work.
Also, the working directory needs to be the working directory from which you usually run the island so the
server.json file is found and loaded.
server_config.json file is found and loaded.
"""
def test_is_dead(self):
@ -90,3 +90,25 @@ class TestMonkey(IslandTestCase):
self.assertEquals(1, len(filter(lambda m: m.get_os() == "windows", Monkey.objects())))
self.assertEquals(1, len(filter(lambda m: m.get_os() == "linux", Monkey.objects())))
self.assertEquals(1, len(filter(lambda m: m.get_os() == "unknown", Monkey.objects())))
def test_get_tunneled_monkeys(self):
self.fail_if_not_testing_env()
self.clean_monkey_db()
linux_monkey = Monkey(guid=str(uuid.uuid4()),
description="Linux shay-Virtual-Machine")
windows_monkey = Monkey(guid=str(uuid.uuid4()),
description="Windows bla bla bla",
tunnel=linux_monkey)
unknown_monkey = Monkey(guid=str(uuid.uuid4()),
description="bla bla bla",
tunnel=windows_monkey)
linux_monkey.save()
windows_monkey.save()
unknown_monkey.save()
tunneled_monkeys = Monkey.get_tunneled_monkeys()
test = bool(windows_monkey in tunneled_monkeys
and unknown_monkey in tunneled_monkeys
and linux_monkey not in tunneled_monkeys
and len(tunneled_monkeys) == 2)
self.assertTrue(test, "Tunneling test")

View File

@ -15,11 +15,8 @@ class T1090(AttackTechnique):
@staticmethod
def get_report_data():
monkeys = Monkey.get_tunneled_monkeys()
monkeys = [Monkey.get_network_info(monkey) for monkey in monkeys]
if monkeys:
status = ScanStatus.USED.value
else:
status = ScanStatus.UNSCANNED.value
monkeys = [monkey.get_network_info() for monkey in monkeys]
status = ScanStatus.USED.value if monkeys else ScanStatus.UNSCANNED.value
data = T1090.get_base_data_by_status(status)
data.update({'proxies': monkeys})
return data

View File

@ -23,13 +23,10 @@ class T1188(AttackTechnique):
proxy_count += 1
proxy = proxy.tunnel
if proxy_count > 1:
hops.append({'from': Monkey.get_network_info(initial),
'to': Monkey.get_network_info(proxy),
hops.append({'from': initial.get_network_info(),
'to': proxy.get_network_info(),
'count': proxy_count})
if hops:
status = ScanStatus.USED.value
else:
status = ScanStatus.UNSCANNED.value
status = ScanStatus.USED.value if hops else ScanStatus.UNSCANNED.value
data = T1188.get_base_data_by_status(status)
data.update({'hops': hops})
return data

View File

@ -17,6 +17,7 @@ export function renderMachineFromSystemData(data) {
machineStr += ipInfo + ", ";
}
});
// Replaces " ," with " )" to finish a list of IP's
return machineStr.slice(0, -2) + " )"
}

View File

@ -12,7 +12,6 @@ class T1090 extends React.Component {
static getProxyColumns() {
return ([{
Header: "Proxies were used to communicate with:",
columns: [
{Header: 'Machines',
id: 'machine',

View File

@ -12,7 +12,7 @@ class T1188 extends React.Component {
static getHopColumns() {
return ([{
Header: "Communications trough multi-hop proxies",
Header: "Communications through multi-hop proxies",
columns: [
{Header: 'From',
id: 'from',