From 69de938a378ffa1d137616687f0dc2d5bbe6d88f Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 17 Jul 2019 12:14:44 +0300 Subject: [PATCH] Bugfix: victimhost telem is sent instead of attack telem. --- monkey/infection_monkey/exploit/shellshock.py | 2 +- monkey/infection_monkey/exploit/sshexec.py | 2 +- monkey/infection_monkey/exploit/vsftpd.py | 2 +- monkey/infection_monkey/exploit/web_rce.py | 4 ++-- .../infection_monkey/telemetry/attack/t1222_telem.py | 8 ++++---- .../cc/services/attack/technique_reports/T1222.py | 12 +----------- .../cc/ui/src/components/attack/techniques/T1222.js | 4 ++-- 7 files changed, 12 insertions(+), 22 deletions(-) diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py index 4e81811d0..208af2f98 100644 --- a/monkey/infection_monkey/exploit/shellshock.py +++ b/monkey/infection_monkey/exploit/shellshock.py @@ -133,7 +133,7 @@ class ShellShockExploiter(HostExploiter): chmod = '/bin/chmod +x %s' % dropper_target_path_linux run_path = exploit + chmod self.attack_page(url, header, run_path) - T1222Telem(ScanStatus.USED, chmod).send() + T1222Telem(ScanStatus.USED, chmod, self.host).send() # run the monkey cmdline = "%s %s" % (dropper_target_path_linux, DROPPER_ARG) diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index eed36a30d..a08da4f45 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -165,7 +165,7 @@ class SSHExploiter(HostExploiter): ftp.putfo(file_obj, self._config.dropper_target_path_linux, file_size=monkeyfs.getsize(src_path), callback=self.log_transfer) ftp.chmod(self._config.dropper_target_path_linux, 0o777) - T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux).send() + T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux, self.host).send() T1105Telem(ScanStatus.USED, get_interface_to_target(self.host.ip_addr), self.host.ip_addr, diff --git a/monkey/infection_monkey/exploit/vsftpd.py b/monkey/infection_monkey/exploit/vsftpd.py index dd7e5080c..744853bdf 100644 --- a/monkey/infection_monkey/exploit/vsftpd.py +++ b/monkey/infection_monkey/exploit/vsftpd.py @@ -129,7 +129,7 @@ class VSFTPDExploiter(HostExploiter): change_permission = str.encode(str(change_permission) + '\n') LOG.info("change_permission command is %s", change_permission) backdoor_socket.send(change_permission) - T1222Telem(ScanStatus.USED, change_permission).send() + T1222Telem(ScanStatus.USED, change_permission, self.host).send() # Run monkey on the machine parameters = build_monkey_commandline(self.host, get_monkey_depth() - 1) diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index 35bcb2f9b..18a2dcee1 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -368,10 +368,10 @@ class WebRCE(HostExploiter): command = CHMOD_MONKEY % {'monkey_path': path} try: resp = self.exploit(url, command) - T1222Telem(ScanStatus.USED, command).send() + T1222Telem(ScanStatus.USED, command, self.host).send() except Exception as e: LOG.error("Something went wrong while trying to change permission: %s" % e) - T1222Telem(ScanStatus.SCANNED, "").send() + T1222Telem(ScanStatus.SCANNED, "", self.host).send() return False # If exploiter returns True / False if type(resp) is bool: diff --git a/monkey/infection_monkey/telemetry/attack/t1222_telem.py b/monkey/infection_monkey/telemetry/attack/t1222_telem.py index a9541a2ec..c8d16061e 100644 --- a/monkey/infection_monkey/telemetry/attack/t1222_telem.py +++ b/monkey/infection_monkey/telemetry/attack/t1222_telem.py @@ -1,14 +1,14 @@ -from infection_monkey.telemetry.attack.attack_telem import AttackTelem +from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem -class T1222Telem(AttackTelem): - def __init__(self, status, command): +class T1222Telem(VictimHostTelem): + def __init__(self, status, command, machine): """ T1222 telemetry. :param status: ScanStatus of technique :param command: command used to change permissions """ - super(T1222Telem, self).__init__('T1222', status) + super(T1222Telem, self).__init__('T1222', status, machine) self.command = command def get_data(self): diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1222.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1222.py index 9db288597..940c9e8ea 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1222.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1222.py @@ -14,17 +14,7 @@ class T1222(AttackTechnique): query = [{'$match': {'telem_category': 'attack', 'data.technique': 'T1222', 'data.status': ScanStatus.USED.value}}, - {'$lookup': {'from': 'monkey', - 'localField': 'monkey_guid', - 'foreignField': 'guid', - 'as': 'monkey'}}, - {'$project': {'monkey': {'$arrayElemAt': ['$monkey', 0]}, - 'status': '$data.status', - 'command': '$data.command'}}, - {'$addFields': {'_id': 0, - 'machine': {'hostname': '$monkey.hostname', 'ips': '$monkey.ip_addresses'}, - 'monkey': 0}}, - {'$group': {'_id': {'machine': '$machine', 'status': '$status', 'command': '$command'}}}, + {'$group': {'_id': {'machine': '$data.machine', 'status': '$data.status', 'command': '$data.command'}}}, {"$replaceRoot": {"newRoot": "$_id"}}] @staticmethod diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js index 3f3902343..e3ab74c2c 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1222.js @@ -1,7 +1,7 @@ import React from 'react'; import '../../../styles/Collapse.scss' import ReactTable from "react-table"; -import { renderMachineFromSystemData, scanStatus } from "./Helpers" +import { renderMachine, scanStatus } from "./Helpers" class T1222 extends React.Component { @@ -14,7 +14,7 @@ class T1222 extends React.Component { return ([{ Header: "Permission modification commands", columns: [ - {Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }}, + {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: { 'whiteSpace': 'unset' }}, {Header: 'Command', id: 'command', accessor: x => x.command, style: { 'whiteSpace': 'unset' }}, ] }])};