Merge branch 'attack_exfiltration_c2_channel' into attack_file_perm_mod

monkey/monkey_island/cc/models/monkey.py

@@ -82,22 +82,20 @@ class Monkey(Document):
             os = "windows"
         return os
 
-    def renew_ttl(self, duration=DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS):
+    def get_network_info(self):
-        self.ttl_ref = create_monkey_ttl_document(duration)
+        """
-        self.save()
+        Formats network info from monkey's model
+        :return: dictionary with an array of IP's and a hostname
+        """
+        return {'ips': self.ip_addresses, 'hostname': self.hostname}
 
     @staticmethod
     def get_tunneled_monkeys():
         return Monkey.objects(tunnel__exists=True)
 
-    @staticmethod
+    def renew_ttl(self, duration=DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS):
-    def get_network_info(monkey):
+        self.ttl_ref = create_monkey_ttl_document(duration)
-        """
+        self.save()
-        Formats network info from monkey's model
-        :param monkey: monkey model
-        :return: dictionary with an array of IP's and a hostname
-        """
-        return {'ips': monkey.ip_addresses, 'hostname': monkey.hostname}
 
 
 class MonkeyNotFoundError(Exception):

monkey/monkey_island/cc/models/test_monkey.py

@@ -9,11 +9,11 @@ from monkey_ttl import MonkeyTtl
 
 class TestMonkey(IslandTestCase):
     """
-    Make sure to set server environment to `testing` in server.json! Otherwise this will mess up your mongo instance and
+    Make sure to set server environment to `testing` in server_config.json! Otherwise this will mess up your mongo instance and
     won't work.
 
     Also, the working directory needs to be the working directory from which you usually run the island so the
-    server.json file is found and loaded.
+    server_config.json file is found and loaded.
     """
 
     def test_is_dead(self):
@@ -90,3 +90,25 @@ class TestMonkey(IslandTestCase):
         self.assertEquals(1, len(filter(lambda m: m.get_os() == "windows", Monkey.objects())))
         self.assertEquals(1, len(filter(lambda m: m.get_os() == "linux", Monkey.objects())))
         self.assertEquals(1, len(filter(lambda m: m.get_os() == "unknown", Monkey.objects())))
+
+    def test_get_tunneled_monkeys(self):
+        self.fail_if_not_testing_env()
+        self.clean_monkey_db()
+
+        linux_monkey = Monkey(guid=str(uuid.uuid4()),
+                              description="Linux shay-Virtual-Machine")
+        windows_monkey = Monkey(guid=str(uuid.uuid4()),
+                                description="Windows bla bla bla",
+                                tunnel=linux_monkey)
+        unknown_monkey = Monkey(guid=str(uuid.uuid4()),
+                                description="bla bla bla",
+                                tunnel=windows_monkey)
+        linux_monkey.save()
+        windows_monkey.save()
+        unknown_monkey.save()
+        tunneled_monkeys = Monkey.get_tunneled_monkeys()
+        test = bool(windows_monkey in tunneled_monkeys
+                    and unknown_monkey in tunneled_monkeys
+                    and linux_monkey not in tunneled_monkeys
+                    and len(tunneled_monkeys) == 2)
+        self.assertTrue(test, "Tunneling test")

monkey/monkey_island/cc/services/attack/technique_reports/T1090.py

@@ -15,11 +15,8 @@ class T1090(AttackTechnique):
     @staticmethod
     def get_report_data():
         monkeys = Monkey.get_tunneled_monkeys()
-        monkeys = [Monkey.get_network_info(monkey) for monkey in monkeys]
+        monkeys = [monkey.get_network_info() for monkey in monkeys]
-        if monkeys:
+        status = ScanStatus.USED.value if monkeys else ScanStatus.UNSCANNED.value
-            status = ScanStatus.USED.value
-        else:
-            status = ScanStatus.UNSCANNED.value
         data = T1090.get_base_data_by_status(status)
         data.update({'proxies': monkeys})
         return data

monkey/monkey_island/cc/services/attack/technique_reports/T1188.py

@@ -23,13 +23,10 @@ class T1188(AttackTechnique):
                 proxy_count += 1
                 proxy = proxy.tunnel
             if proxy_count > 1:
-                hops.append({'from': Monkey.get_network_info(initial),
+                hops.append({'from': initial.get_network_info(),
-                             'to': Monkey.get_network_info(proxy),
+                             'to': proxy.get_network_info(),
                              'count': proxy_count})
-        if hops:
+        status = ScanStatus.USED.value if hops else ScanStatus.UNSCANNED.value
-            status = ScanStatus.USED.value
-        else:
-            status = ScanStatus.UNSCANNED.value
         data = T1188.get_base_data_by_status(status)
         data.update({'hops': hops})
         return data

monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js

@@ -17,6 +17,7 @@ export function renderMachineFromSystemData(data) {
          machineStr += ipInfo + ", ";
       }
     });
+    // Replaces " ," with " )" to finish a list of IP's
     return machineStr.slice(0, -2) + " )"
 }
 

monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js

@@ -12,7 +12,6 @@ class T1090 extends React.Component {
 
   static getProxyColumns() {
     return ([{
-      Header: "Proxies were used to communicate with:",
       columns: [
         {Header: 'Machines',
           id: 'machine',

monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js

@@ -12,7 +12,7 @@ class T1188 extends React.Component {
 
   static getHopColumns() {
     return ([{
-      Header: "Communications trough multi-hop proxies",
+      Header: "Communications through multi-hop proxies",
       columns: [
         {Header: 'From',
           id: 'from',