Fix bug where stolen credentials had '.' in username

monkey_island/cc/resources/telemetry.py

@@ -39,7 +39,6 @@ class Telemetry(flask_restful.Resource):
         telemetry_json = json.loads(request.data)
         telemetry_json['timestamp'] = datetime.now()
 
-        telem_id = mongo.db.telemetry.insert(telemetry_json)
         monkey = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])
 
         try:
@@ -53,6 +52,7 @@ class Telemetry(flask_restful.Resource):
             print("Exception caught while processing telemetry: %s" % str(ex))
             traceback.print_exc()
 
+        telem_id = mongo.db.telemetry.insert(telemetry_json)
         return mongo.db.telemetry.find_one_or_404({"_id": telem_id})
 
     @staticmethod
@@ -70,6 +70,11 @@ class Telemetry(flask_restful.Resource):
                 monkey_label = telem_monkey_guid
             x["monkey"] = monkey_label
             objects.append(x)
+            if x['telem_type'] == 'system_info_collection' and 'credentials' in x['data']:
+                for user in x['data']['credentials']:
+                    if -1 != user.find(','):
+                        new_user = user.replace(',', '.')
+                        x['data']['credentials'][new_user] = x['data']['credentials'].pop(user)
 
         return objects
 
@@ -159,7 +164,6 @@ class Telemetry(flask_restful.Resource):
             creds = telemetry_json['data']['credentials']
             for user in creds:
                 ConfigService.creds_add_username(user)
-                creds[user]['user'] = user
                 if 'password' in creds[user]:
                     ConfigService.creds_add_password(creds[user]['password'])
                 if 'lm_hash' in creds[user]:
@@ -167,11 +171,17 @@ class Telemetry(flask_restful.Resource):
                 if 'ntlm_hash' in creds[user]:
                     ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash'])
 
+            for user in creds:
+                if -1 != user.find('.'):
+                    new_user = user.replace('.', ',')
+                    creds[new_user] = creds.pop(user)
+
     @staticmethod
     def process_trace_telemetry(telemetry_json):
         # Nothing to do
         return
 
+
 TELEM_PROCESS_DICT = \
     {
         'tunnel': Telemetry.process_tunnel_telemetry,

monkey_island/cc/services/report.py

@@ -117,7 +117,7 @@ class ReportService:
                 for pass_type in monkey_creds[user]:
                     creds.append(
                         {
-                            'username': user,
+                            'username': user.replace(',', '.'),
                             'type': PASS_TYPE_DICT[pass_type],
                             'origin': origin
                         }
@@ -231,14 +231,17 @@ class ReportService:
 
     @staticmethod
     def get_monkey_subnets(monkey_guid):
+        network_info = mongo.db.telemetry.find_one(
+                    {'telem_type': 'system_info_collection', 'monkey_guid': monkey_guid},
+                    {'data.network_info.networks': 1}
+                )
+        if network_info is None:
+            return []
+
         return \
             [
                 ipaddress.ip_interface(unicode(network['addr'] + '/' + network['netmask'])).network
-                for network in
+                for network in network_info['data']['network_info']['networks']
-                mongo.db.telemetry.find_one(
-                    {'telem_type': 'system_info_collection', 'monkey_guid': monkey_guid},
-                    {'data.network_info.networks': 1}
-                )['data']['network_info']['networks']
             ]
 
     @staticmethod