diff --git a/monkey/common/utils/attack_utils.py b/monkey/common/utils/attack_utils.py index a372661ca..b7f3346b3 100644 --- a/monkey/common/utils/attack_utils.py +++ b/monkey/common/utils/attack_utils.py @@ -9,5 +9,5 @@ class ScanStatus(Enum): # Technique was attempted and succeeded USED = 2 - -BITS_UPLOAD_STRING = {"usage": "Bits job was used to upload monkey to a remote system."} +# Dict that describes what BITS job was used for +BITS_UPLOAD_STRING = {"usage": "BITS job was used to upload monkey to a remote system."} diff --git a/monkey/infection_monkey/transport/attack_telems/base_telem.py b/monkey/infection_monkey/transport/attack_telems/base_telem.py index 93d5bbbf7..d42bbd242 100644 --- a/monkey/infection_monkey/transport/attack_telems/base_telem.py +++ b/monkey/infection_monkey/transport/attack_telems/base_telem.py @@ -3,6 +3,7 @@ import requests import json from infection_monkey.control import ControlClient import logging +import datetime __author__ = "VakarisZ" @@ -20,7 +21,7 @@ class AttackTelem(object): """ self.technique = technique self.result = status - self.data = {'status': status, 'id': GUID} + self.data = {'status': status, 'id': GUID, 'time': AttackTelem.get_current_time_string()} if data: self.data.update(data) @@ -39,3 +40,13 @@ class AttackTelem(object): except Exception as exc: LOG.warn("Error connecting to control server %s: %s", WormConfiguration.current_server, exc) + + @staticmethod + def get_current_time_string(): + time = datetime.datetime.now() + return "%s-%s-%s %s:%s:%s" % (time.date().year, + time.date().month, + time.date().day, + time.time().hour, + time.time().minute, + time.time().second) diff --git a/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py b/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py index ecab5a648..fc0da7fbf 100644 --- a/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py +++ b/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py @@ -14,5 +14,5 @@ class VictimHostTelem(AttackTelem): :param data: Other data relevant to the attack technique """ super(VictimHostTelem, self).__init__(technique, status, data) - victim_host = {'hostname': machine.domain_name, 'ip': machine.ip_addr} + victim_host = {'domain_name': machine.domain_name, 'ip_addr': machine.ip_addr} self.data.update({'machine': victim_host}) diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index 52d4d6529..ebf280b00 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -1,5 +1,5 @@ import logging -from cc.services.attack.technique_reports import T1210 +from cc.services.attack.technique_reports import T1210, T1197 from cc.services.attack.attack_telem import get_latest_telem from cc.services.attack.attack_config import get_technique_values from cc.database import mongo @@ -9,7 +9,8 @@ __author__ = "VakarisZ" LOG = logging.getLogger(__name__) -TECHNIQUES = {'T1210': T1210} +TECHNIQUES = {'T1210': T1210, + 'T1197': T1197} REPORT_NAME = 'new_report' @@ -44,7 +45,7 @@ class AttackReportService: if AttackReportService.is_report_generated(): telem_time = get_latest_telem() latest_report = mongo.db.attack_report.find_one({'name': REPORT_NAME}) - if telem_time and telem_time['timestamp'] == latest_report['meta']['timestamp']: + if telem_time and latest_report['meta'] and telem_time['time'] == latest_report['meta']['time']: return latest_report return AttackReportService.generate_new_report() diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py index 3cab5b620..227c03223 100644 --- a/monkey/monkey_island/cc/services/attack/attack_schema.py +++ b/monkey/monkey_island/cc/services/attack/attack_schema.py @@ -74,7 +74,7 @@ SCHEMA = { "type": "object", "properties": { "T1197": { - "title": "T1197 Bits jobs", + "title": "T1197 BITS jobs", "type": "bool", "value": True, "necessary": True, diff --git a/monkey/monkey_island/cc/services/attack/attack_telem.py b/monkey/monkey_island/cc/services/attack/attack_telem.py index 139837835..8d7e08960 100644 --- a/monkey/monkey_island/cc/services/attack/attack_telem.py +++ b/monkey/monkey_island/cc/services/attack/attack_telem.py @@ -18,7 +18,7 @@ def set_results(technique, data): """ data.update({'technique': technique}) mongo.db.attack_results.insert(data) - mongo.db.attack_results.update({'name': 'latest'}, {'name': 'latest', 'timestamp': time()}, upsert=True) + mongo.db.attack_results.update({'name': 'latest'}, {'name': 'latest', 'time': data['time']}, upsert=True) def get_latest_telem(): diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py index 6121c46e3..1b3b9e708 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py @@ -1,5 +1,5 @@ from monkey_island.cc.services.attack.technique_reports.technique_service import * -from cc.services.report import ReportService +from cc.database import mongo __author__ = "VakarisZ" @@ -13,6 +13,13 @@ MESSAGES = { def get_report_data(): data = get_tech_base_data(TECHNIQUE, MESSAGES) - - data.update() + bits_results = mongo.db.attack_results.aggregate([{'$match': {'technique': TECHNIQUE}}, + {'$group': {'_id': {'ip_addr': '$machine.ip_addr', 'usage': '$usage'}, + 'ip_addr': {'$first': '$machine.ip_addr'}, + 'domain_name': {'$first': '$machine.domain_name'}, + 'usage': {'$first': '$usage'}, + 'time': {'$first': '$time'}} + }]) + bits_results = list(bits_results) + data.update({'bits_jobs': bits_results}) return data diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/technique_service.py b/monkey/monkey_island/cc/services/attack/technique_reports/technique_service.py index b59c1838d..e412bea8f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/technique_service.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/technique_service.py @@ -6,6 +6,11 @@ __author__ = "VakarisZ" def technique_status(technique): + """ + Gets status of certain attack technique. If + :param technique: + :return: + """ if mongo.db.attack_results.find_one({'status': ScanStatus.USED.value, 'technique': technique}): return ScanStatus.USED elif mongo.db.attack_results.find_one({'status': ScanStatus.SCANNED.value, 'technique': technique}): diff --git a/monkey/monkey_island/cc/ui/src/components/attack/T1197.js b/monkey/monkey_island/cc/ui/src/components/attack/T1197.js index a5156c3f4..3b0e09e7c 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/T1197.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/T1197.js @@ -1,60 +1,43 @@ import React from 'react'; import '../../styles/Collapse.scss' -import {Link} from "react-router-dom"; +import ReactTable from "react-table"; -let renderArray = function(val) { - return {val.map(x => {x} )}; -}; - - -let renderMachine = function (val, index, exploited=false) { +let renderMachine = function (val) { return ( -