diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 4d5d8f016..e80e15396 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -17,8 +17,6 @@ from infection_monkey.system_info import SystemInfoCollector from infection_monkey.system_singleton import SystemSingleton from infection_monkey.windows_upgrader import WindowsUpgrader from infection_monkey.post_breach.post_breach_handler import PostBreach -from infection_monkey.transport.attack_telems.base_telem import ScanStatus -from infection_monkey.transport.attack_telems.victim_host_telem import VictimHostTelem __author__ = 'itamar' @@ -181,11 +179,9 @@ class InfectionMonkey(object): for exploiter in [exploiter(machine) for exploiter in self._exploiters]: if self.try_exploiting(machine, exploiter): host_exploited = True - VictimHostTelem('T1210', ScanStatus.USED.value, machine=machine).send() break if not host_exploited: self._fail_exploitation_machines.add(machine) - VictimHostTelem('T1210', ScanStatus.SCANNED.value, machine=machine).send() if not self._keep_running: break diff --git a/monkey/infection_monkey/transport/attack_telems/base_telem.py b/monkey/infection_monkey/transport/attack_telems/base_telem.py index f90a53256..ad1908e95 100644 --- a/monkey/infection_monkey/transport/attack_telems/base_telem.py +++ b/monkey/infection_monkey/transport/attack_telems/base_telem.py @@ -1,10 +1,9 @@ from enum import Enum -from infection_monkey.config import WormConfiguration +from infection_monkey.config import WormConfiguration, GUID import requests import json from infection_monkey.control import ControlClient import logging -from infection_monkey.utils import get_host_info __author__ = "VakarisZ" @@ -22,35 +21,21 @@ class ScanStatus(Enum): class AttackTelem(object): - def __init__(self, technique, status, data=None, machine=False): - """ - Default ATT&CK telemetry constructor - :param technique: Technique ID. E.g. T111 - :param status: int from ScanStatus Enum - :param data: Other data relevant to the attack technique - :param machine: Boolean. Should we pass current machine's info or not - """ + def __init__(self, technique, status, data, machine=None): self.technique = technique self.result = status - self.data = {'status': status} - if data: - self.data.update(data) - if machine: - self.data.update({'machine': get_host_info()}) + self.data = {'machine': machine, 'status': status, 'monkey_guid': GUID} + self.data.update(data) def send(self): - """ - Sends telemetry to island - :return: - """ if not WormConfiguration.current_server: return try: - requests.post("https://%s/api/attack/%s" % (WormConfiguration.current_server, self.technique), - data=json.dumps(self.data), - headers={'content-type': 'application/json'}, - verify=False, - proxies=ControlClient.proxies) + reply = requests.post("https://%s/api/%s" % (WormConfiguration.current_server, self.technique), + data=json.dumps(self.data), + headers={'content-type': 'application/json'}, + verify=False, + proxies=ControlClient.proxies) except Exception as exc: LOG.warn("Error connecting to control server %s: %s", WormConfiguration.current_server, exc) diff --git a/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py b/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py deleted file mode 100644 index e70c03c2c..000000000 --- a/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py +++ /dev/null @@ -1,21 +0,0 @@ -from infection_monkey.transport.attack_telems.base_telem import AttackTelem - -__author__ = "VakarisZ" - - -class VictimHostTelem(AttackTelem): - - def __init__(self, technique, status, machine, data=None): - """ - ATT&CK telemetry that parses and sends VictimHost telemetry - :param technique: Technique ID. E.g. T111 - :param status: int from ScanStatus Enum - :param machine: VictimHost obj from model/host.py - :param data: Other data relevant to the attack technique - """ - super(VictimHostTelem, self).__init__(technique, status, data, machine=False) - victim_host = {'hostname': machine.domain_name, 'ip': machine.ip_addr} - if data: - self.data.update(data) - if machine: - self.data.update({'machine': victim_host}) diff --git a/monkey/infection_monkey/utils.py b/monkey/infection_monkey/utils.py index 05d0cf807..741d7c950 100644 --- a/monkey/infection_monkey/utils.py +++ b/monkey/infection_monkey/utils.py @@ -2,13 +2,9 @@ import os import sys import shutil import struct -import socket from infection_monkey.config import WormConfiguration -LOCAL_IP = '127.0.0.1' -MOCK_IP = '10.255.255.255' - def get_monkey_log_path(): return os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" \ @@ -36,26 +32,6 @@ def is_windows_os(): return sys.platform.startswith("win") -def get_host_info(): - return {'hostname': socket.gethostname(), 'ip': get_primary_ip()} - - -def get_primary_ip(): - """ - :return: Primary (default route) IP address - """ - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - try: - # doesn't even have to be reachable - s.connect((MOCK_IP, 1)) - ip = s.getsockname()[0] - except: - ip = LOCAL_IP - finally: - s.close() - return ip - - def utf_to_ascii(string): # Converts utf string to ascii. Safe to use even if string is already ascii. udata = string.decode("utf-8") diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 88d7c9f5d..d43930206 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -30,7 +30,6 @@ from cc.resources.telemetry_feed import TelemetryFeed from cc.resources.pba_file_download import PBAFileDownload from cc.services.config import ConfigService from cc.resources.pba_file_upload import FileUpload -from cc.resources.attack import Attack __author__ = 'Barak' @@ -124,6 +123,5 @@ def init_app(mongo_url): '/api/fileUpload/?load=', '/api/fileUpload/?restore=') api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/') - api.add_resource(Attack, '/api/attack/') return app diff --git a/monkey/monkey_island/cc/resources/attack.py b/monkey/monkey_island/cc/resources/attack.py index 681c54274..457e6bfff 100644 --- a/monkey/monkey_island/cc/resources/attack.py +++ b/monkey/monkey_island/cc/resources/attack.py @@ -1,8 +1,11 @@ import flask_restful -from flask import request -import json -from cc.services.attck.attack_results import set_results +from flask import request, send_from_directory, Response +from cc.services.config import ConfigService, PBA_WINDOWS_FILENAME_PATH, PBA_LINUX_FILENAME_PATH, UPLOADS_DIR +from cc.auth import jwt_required +import os +from werkzeug.utils import secure_filename import logging +import copy __author__ = 'VakarisZ' @@ -11,14 +14,9 @@ LOG = logging.getLogger(__name__) class Attack(flask_restful.Resource): """ - ATT&CK endpoint used to retrieve matrix related info from monkey + ATT&CK endpoint used to retrieve matrix related info """ - def post(self, technique): - """ - Gets ATT&CK telemetry data and stores it in the database - :param technique: Technique ID, e.g. T1111 - """ - data = json.loads(request.data) - set_results(technique, data) - return {} + @jwt_required() + def post(self, attack_type): + diff --git a/monkey/monkey_island/cc/services/attck/__init__.py b/monkey/monkey_island/cc/services/attck/__init__.py deleted file mode 100644 index 98867ed4d..000000000 --- a/monkey/monkey_island/cc/services/attck/__init__.py +++ /dev/null @@ -1 +0,0 @@ -__author__ = 'VakarisZ' diff --git a/monkey/monkey_island/cc/services/attck/attack_results.py b/monkey/monkey_island/cc/services/attck/attack_results.py deleted file mode 100644 index fb8b1cd82..000000000 --- a/monkey/monkey_island/cc/services/attck/attack_results.py +++ /dev/null @@ -1,11 +0,0 @@ -import logging -from cc.database import mongo - -__author__ = "VakarisZ" - -logger = logging.getLogger(__name__) - - -def set_results(technique, data): - data.update({'technique': technique}) - mongo.db.attack_results.insert(data)