diff --git a/monkey/common/utils/attack_utils.py b/monkey/common/utils/attack_utils.py index a372661ca..b7f3346b3 100644 --- a/monkey/common/utils/attack_utils.py +++ b/monkey/common/utils/attack_utils.py @@ -9,5 +9,5 @@ class ScanStatus(Enum): # Technique was attempted and succeeded USED = 2 - -BITS_UPLOAD_STRING = {"usage": "Bits job was used to upload monkey to a remote system."} +# Dict that describes what BITS job was used for +BITS_UPLOAD_STRING = {"usage": "BITS job was used to upload monkey to a remote system."} diff --git a/monkey/infection_monkey/transport/attack_telems/base_telem.py b/monkey/infection_monkey/transport/attack_telems/base_telem.py index 93d5bbbf7..d42bbd242 100644 --- a/monkey/infection_monkey/transport/attack_telems/base_telem.py +++ b/monkey/infection_monkey/transport/attack_telems/base_telem.py @@ -3,6 +3,7 @@ import requests import json from infection_monkey.control import ControlClient import logging +import datetime __author__ = "VakarisZ" @@ -20,7 +21,7 @@ class AttackTelem(object): """ self.technique = technique self.result = status - self.data = {'status': status, 'id': GUID} + self.data = {'status': status, 'id': GUID, 'time': AttackTelem.get_current_time_string()} if data: self.data.update(data) @@ -39,3 +40,13 @@ class AttackTelem(object): except Exception as exc: LOG.warn("Error connecting to control server %s: %s", WormConfiguration.current_server, exc) + + @staticmethod + def get_current_time_string(): + time = datetime.datetime.now() + return "%s-%s-%s %s:%s:%s" % (time.date().year, + time.date().month, + time.date().day, + time.time().hour, + time.time().minute, + time.time().second) diff --git a/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py b/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py index ecab5a648..fc0da7fbf 100644 --- a/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py +++ b/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py @@ -14,5 +14,5 @@ class VictimHostTelem(AttackTelem): :param data: Other data relevant to the attack technique """ super(VictimHostTelem, self).__init__(technique, status, data) - victim_host = {'hostname': machine.domain_name, 'ip': machine.ip_addr} + victim_host = {'domain_name': machine.domain_name, 'ip_addr': machine.ip_addr} self.data.update({'machine': victim_host}) diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index 52d4d6529..ebf280b00 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -1,5 +1,5 @@ import logging -from cc.services.attack.technique_reports import T1210 +from cc.services.attack.technique_reports import T1210, T1197 from cc.services.attack.attack_telem import get_latest_telem from cc.services.attack.attack_config import get_technique_values from cc.database import mongo @@ -9,7 +9,8 @@ __author__ = "VakarisZ" LOG = logging.getLogger(__name__) -TECHNIQUES = {'T1210': T1210} +TECHNIQUES = {'T1210': T1210, + 'T1197': T1197} REPORT_NAME = 'new_report' @@ -44,7 +45,7 @@ class AttackReportService: if AttackReportService.is_report_generated(): telem_time = get_latest_telem() latest_report = mongo.db.attack_report.find_one({'name': REPORT_NAME}) - if telem_time and telem_time['timestamp'] == latest_report['meta']['timestamp']: + if telem_time and latest_report['meta'] and telem_time['time'] == latest_report['meta']['time']: return latest_report return AttackReportService.generate_new_report() diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py index 3cab5b620..227c03223 100644 --- a/monkey/monkey_island/cc/services/attack/attack_schema.py +++ b/monkey/monkey_island/cc/services/attack/attack_schema.py @@ -74,7 +74,7 @@ SCHEMA = { "type": "object", "properties": { "T1197": { - "title": "T1197 Bits jobs", + "title": "T1197 BITS jobs", "type": "bool", "value": True, "necessary": True, diff --git a/monkey/monkey_island/cc/services/attack/attack_telem.py b/monkey/monkey_island/cc/services/attack/attack_telem.py index 139837835..8d7e08960 100644 --- a/monkey/monkey_island/cc/services/attack/attack_telem.py +++ b/monkey/monkey_island/cc/services/attack/attack_telem.py @@ -18,7 +18,7 @@ def set_results(technique, data): """ data.update({'technique': technique}) mongo.db.attack_results.insert(data) - mongo.db.attack_results.update({'name': 'latest'}, {'name': 'latest', 'timestamp': time()}, upsert=True) + mongo.db.attack_results.update({'name': 'latest'}, {'name': 'latest', 'time': data['time']}, upsert=True) def get_latest_telem(): diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py index 6121c46e3..1b3b9e708 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1197.py @@ -1,5 +1,5 @@ from monkey_island.cc.services.attack.technique_reports.technique_service import * -from cc.services.report import ReportService +from cc.database import mongo __author__ = "VakarisZ" @@ -13,6 +13,13 @@ MESSAGES = { def get_report_data(): data = get_tech_base_data(TECHNIQUE, MESSAGES) - - data.update() + bits_results = mongo.db.attack_results.aggregate([{'$match': {'technique': TECHNIQUE}}, + {'$group': {'_id': {'ip_addr': '$machine.ip_addr', 'usage': '$usage'}, + 'ip_addr': {'$first': '$machine.ip_addr'}, + 'domain_name': {'$first': '$machine.domain_name'}, + 'usage': {'$first': '$usage'}, + 'time': {'$first': '$time'}} + }]) + bits_results = list(bits_results) + data.update({'bits_jobs': bits_results}) return data diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/technique_service.py b/monkey/monkey_island/cc/services/attack/technique_reports/technique_service.py index b59c1838d..e412bea8f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/technique_service.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/technique_service.py @@ -6,6 +6,11 @@ __author__ = "VakarisZ" def technique_status(technique): + """ + Gets status of certain attack technique. If + :param technique: + :return: + """ if mongo.db.attack_results.find_one({'status': ScanStatus.USED.value, 'technique': technique}): return ScanStatus.USED elif mongo.db.attack_results.find_one({'status': ScanStatus.SCANNED.value, 'technique': technique}): diff --git a/monkey/monkey_island/cc/ui/src/components/attack/T1197.js b/monkey/monkey_island/cc/ui/src/components/attack/T1197.js index a5156c3f4..3b0e09e7c 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/T1197.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/T1197.js @@ -1,60 +1,43 @@ import React from 'react'; import '../../styles/Collapse.scss' -import {Link} from "react-router-dom"; +import ReactTable from "react-table"; -let renderArray = function(val) { - return {val.map(x => {x} )}; -}; - - -let renderMachine = function (val, index, exploited=false) { +let renderMachine = function (val) { return ( -
- {renderArray(val.ip_addresses)} - {(val.domain_name ? " (".concat(val.domain_name, ")") : " (".concat(val.label, ")"))} : - {exploited ? renderArray(val.exploits) : renderArray(val.services)} -
+ {val.ip_addr} {(val.domain_name ? " (".concat(val.domain_name, ")") : "")} ) }; +const columns = [ + { + columns: [ + {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x), style: { 'whiteSpace': 'unset' }, width: 200}, + {Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }, width: 170}, + {Header: 'Usage', id: 'usage', accessor: x => x.usage, style: { 'whiteSpace': 'unset' }} + ] + } +]; + class T1210 extends React.Component { - renderScannedMachines = (machines) => { - let content = []; - for (let i = 0; i < machines.length; i++ ){ - if (machines[i].services.length !== 0){ - content.push(renderMachine(machines[i], i)) - } - } - return
{content}
; - }; - - renderExploitedMachines = (machines) => { - let content = []; - for (let i = 0; i < machines.length; i++ ){ - if (machines[i].exploits.length !== 0){ - content.push(renderMachine(machines[i], i, true)) - } - } - return
{content}
; - }; - constructor(props) { super(props); } render() { - console.log(this.props); return ( -
-
{this.props.data.message}
-
Found services:
- {this.renderScannedMachines(this.props.data.scanned_machines)} -
Successful exploiters:
- {this.renderExploitedMachines(this.props.data.exploited_machines)} -
- To get more info about scanned and exploited machines view standard report. +
+
+
{this.props.data.message}
+ {this.props.data.bits_jobs.length > 0 ?
BITS jobs were used in these machines:
: ''}
+
+
); } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/T1210.js b/monkey/monkey_island/cc/ui/src/components/attack/T1210.js index 63e0222f6..8b688df7a 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/T1210.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/T1210.js @@ -44,7 +44,6 @@ class T1210 extends React.Component { } render() { - console.log(this.props); return (
{this.props.data.message}
diff --git a/monkey/monkey_island/cc/ui/src/components/pages/AttackReportPage.js b/monkey/monkey_island/cc/ui/src/components/pages/AttackReportPage.js index b35fba619..86866e700 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/AttackReportPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/AttackReportPage.js @@ -5,10 +5,12 @@ import {edgeGroupToColor, options} from 'components/map/MapOptions'; import AuthComponent from '../AuthComponent'; import Collapse from '@kunukn/react-collapse'; import T1210 from '../attack/T1210'; +import T1197 from '../attack/T1197'; import '../../styles/Collapse.scss' const tech_components = { - 'T1210': T1210 + 'T1210': T1210, + 'T1197': T1197 }; const classNames = require('classnames'); @@ -21,7 +23,7 @@ class AttackReportPageComponent extends AuthComponent { report: false, allMonkeysAreDead: false, runStarted: true, - index: 1 + collapseOpen: '' }; } @@ -54,8 +56,8 @@ class AttackReportPageComponent extends AuthComponent { } } - onToggle = index => - this.setState(state => ({ index: state.index === index ? null : index })); + onToggle = technique => + this.setState(state => ({ collapseOpen: state.collapseOpen === technique ? null : technique })); getTechniqueCollapse(tech_id){ switch (this.state.report[tech_id].status) { @@ -70,21 +72,21 @@ class AttackReportPageComponent extends AuthComponent { } return ( -
- { - this.setState({ item1: collapseState }); + this.setState({ tech_id: collapseState }); }} onInit={({ collapseState }) => { - this.setState({ item1: collapseState }); + this.setState({ tech_id: collapseState }); }} render={collapseState => this.createTechniqueContent(collapseState, tech_id)}/>
@@ -101,9 +103,10 @@ class AttackReportPageComponent extends AuthComponent { } generateReportContent(){ - let content = ''; + let content = []; + console.log(this.state.report); Object.keys(this.state.report).forEach((tech_id) => { - content = this.getTechniqueCollapse(tech_id) + content.push(this.getTechniqueCollapse(tech_id)) }); return (