forked from p34709852/monkey
parent
ee0b6a042d
commit
7e5aff1d21
|
@ -17,8 +17,6 @@ from infection_monkey.system_info import SystemInfoCollector
|
||||||
from infection_monkey.system_singleton import SystemSingleton
|
from infection_monkey.system_singleton import SystemSingleton
|
||||||
from infection_monkey.windows_upgrader import WindowsUpgrader
|
from infection_monkey.windows_upgrader import WindowsUpgrader
|
||||||
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
||||||
from infection_monkey.transport.attack_telems.base_telem import ScanStatus
|
|
||||||
from infection_monkey.transport.attack_telems.victim_host_telem import VictimHostTelem
|
|
||||||
|
|
||||||
__author__ = 'itamar'
|
__author__ = 'itamar'
|
||||||
|
|
||||||
|
@ -181,11 +179,9 @@ class InfectionMonkey(object):
|
||||||
for exploiter in [exploiter(machine) for exploiter in self._exploiters]:
|
for exploiter in [exploiter(machine) for exploiter in self._exploiters]:
|
||||||
if self.try_exploiting(machine, exploiter):
|
if self.try_exploiting(machine, exploiter):
|
||||||
host_exploited = True
|
host_exploited = True
|
||||||
VictimHostTelem('T1210', ScanStatus.USED.value, machine=machine).send()
|
|
||||||
break
|
break
|
||||||
if not host_exploited:
|
if not host_exploited:
|
||||||
self._fail_exploitation_machines.add(machine)
|
self._fail_exploitation_machines.add(machine)
|
||||||
VictimHostTelem('T1210', ScanStatus.SCANNED.value, machine=machine).send()
|
|
||||||
if not self._keep_running:
|
if not self._keep_running:
|
||||||
break
|
break
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
from enum import Enum
|
from enum import Enum
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration, GUID
|
||||||
import requests
|
import requests
|
||||||
import json
|
import json
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
import logging
|
import logging
|
||||||
from infection_monkey.utils import get_host_info
|
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
|
||||||
|
@ -22,31 +21,17 @@ class ScanStatus(Enum):
|
||||||
|
|
||||||
class AttackTelem(object):
|
class AttackTelem(object):
|
||||||
|
|
||||||
def __init__(self, technique, status, data=None, machine=False):
|
def __init__(self, technique, status, data, machine=None):
|
||||||
"""
|
|
||||||
Default ATT&CK telemetry constructor
|
|
||||||
:param technique: Technique ID. E.g. T111
|
|
||||||
:param status: int from ScanStatus Enum
|
|
||||||
:param data: Other data relevant to the attack technique
|
|
||||||
:param machine: Boolean. Should we pass current machine's info or not
|
|
||||||
"""
|
|
||||||
self.technique = technique
|
self.technique = technique
|
||||||
self.result = status
|
self.result = status
|
||||||
self.data = {'status': status}
|
self.data = {'machine': machine, 'status': status, 'monkey_guid': GUID}
|
||||||
if data:
|
|
||||||
self.data.update(data)
|
self.data.update(data)
|
||||||
if machine:
|
|
||||||
self.data.update({'machine': get_host_info()})
|
|
||||||
|
|
||||||
def send(self):
|
def send(self):
|
||||||
"""
|
|
||||||
Sends telemetry to island
|
|
||||||
:return:
|
|
||||||
"""
|
|
||||||
if not WormConfiguration.current_server:
|
if not WormConfiguration.current_server:
|
||||||
return
|
return
|
||||||
try:
|
try:
|
||||||
requests.post("https://%s/api/attack/%s" % (WormConfiguration.current_server, self.technique),
|
reply = requests.post("https://%s/api/%s" % (WormConfiguration.current_server, self.technique),
|
||||||
data=json.dumps(self.data),
|
data=json.dumps(self.data),
|
||||||
headers={'content-type': 'application/json'},
|
headers={'content-type': 'application/json'},
|
||||||
verify=False,
|
verify=False,
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
from infection_monkey.transport.attack_telems.base_telem import AttackTelem
|
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
|
||||||
|
|
||||||
|
|
||||||
class VictimHostTelem(AttackTelem):
|
|
||||||
|
|
||||||
def __init__(self, technique, status, machine, data=None):
|
|
||||||
"""
|
|
||||||
ATT&CK telemetry that parses and sends VictimHost telemetry
|
|
||||||
:param technique: Technique ID. E.g. T111
|
|
||||||
:param status: int from ScanStatus Enum
|
|
||||||
:param machine: VictimHost obj from model/host.py
|
|
||||||
:param data: Other data relevant to the attack technique
|
|
||||||
"""
|
|
||||||
super(VictimHostTelem, self).__init__(technique, status, data, machine=False)
|
|
||||||
victim_host = {'hostname': machine.domain_name, 'ip': machine.ip_addr}
|
|
||||||
if data:
|
|
||||||
self.data.update(data)
|
|
||||||
if machine:
|
|
||||||
self.data.update({'machine': victim_host})
|
|
|
@ -2,13 +2,9 @@ import os
|
||||||
import sys
|
import sys
|
||||||
import shutil
|
import shutil
|
||||||
import struct
|
import struct
|
||||||
import socket
|
|
||||||
|
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
|
|
||||||
LOCAL_IP = '127.0.0.1'
|
|
||||||
MOCK_IP = '10.255.255.255'
|
|
||||||
|
|
||||||
|
|
||||||
def get_monkey_log_path():
|
def get_monkey_log_path():
|
||||||
return os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" \
|
return os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" \
|
||||||
|
@ -36,26 +32,6 @@ def is_windows_os():
|
||||||
return sys.platform.startswith("win")
|
return sys.platform.startswith("win")
|
||||||
|
|
||||||
|
|
||||||
def get_host_info():
|
|
||||||
return {'hostname': socket.gethostname(), 'ip': get_primary_ip()}
|
|
||||||
|
|
||||||
|
|
||||||
def get_primary_ip():
|
|
||||||
"""
|
|
||||||
:return: Primary (default route) IP address
|
|
||||||
"""
|
|
||||||
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
|
||||||
try:
|
|
||||||
# doesn't even have to be reachable
|
|
||||||
s.connect((MOCK_IP, 1))
|
|
||||||
ip = s.getsockname()[0]
|
|
||||||
except:
|
|
||||||
ip = LOCAL_IP
|
|
||||||
finally:
|
|
||||||
s.close()
|
|
||||||
return ip
|
|
||||||
|
|
||||||
|
|
||||||
def utf_to_ascii(string):
|
def utf_to_ascii(string):
|
||||||
# Converts utf string to ascii. Safe to use even if string is already ascii.
|
# Converts utf string to ascii. Safe to use even if string is already ascii.
|
||||||
udata = string.decode("utf-8")
|
udata = string.decode("utf-8")
|
||||||
|
|
|
@ -30,7 +30,6 @@ from cc.resources.telemetry_feed import TelemetryFeed
|
||||||
from cc.resources.pba_file_download import PBAFileDownload
|
from cc.resources.pba_file_download import PBAFileDownload
|
||||||
from cc.services.config import ConfigService
|
from cc.services.config import ConfigService
|
||||||
from cc.resources.pba_file_upload import FileUpload
|
from cc.resources.pba_file_upload import FileUpload
|
||||||
from cc.resources.attack import Attack
|
|
||||||
|
|
||||||
__author__ = 'Barak'
|
__author__ = 'Barak'
|
||||||
|
|
||||||
|
@ -124,6 +123,5 @@ def init_app(mongo_url):
|
||||||
'/api/fileUpload/<string:file_type>?load=<string:filename>',
|
'/api/fileUpload/<string:file_type>?load=<string:filename>',
|
||||||
'/api/fileUpload/<string:file_type>?restore=<string:filename>')
|
'/api/fileUpload/<string:file_type>?restore=<string:filename>')
|
||||||
api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/')
|
api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/')
|
||||||
api.add_resource(Attack, '/api/attack/<string:technique>')
|
|
||||||
|
|
||||||
return app
|
return app
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
import flask_restful
|
import flask_restful
|
||||||
from flask import request
|
from flask import request, send_from_directory, Response
|
||||||
import json
|
from cc.services.config import ConfigService, PBA_WINDOWS_FILENAME_PATH, PBA_LINUX_FILENAME_PATH, UPLOADS_DIR
|
||||||
from cc.services.attck.attack_results import set_results
|
from cc.auth import jwt_required
|
||||||
|
import os
|
||||||
|
from werkzeug.utils import secure_filename
|
||||||
import logging
|
import logging
|
||||||
|
import copy
|
||||||
|
|
||||||
__author__ = 'VakarisZ'
|
__author__ = 'VakarisZ'
|
||||||
|
|
||||||
|
@ -11,14 +14,9 @@ LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
class Attack(flask_restful.Resource):
|
class Attack(flask_restful.Resource):
|
||||||
"""
|
"""
|
||||||
ATT&CK endpoint used to retrieve matrix related info from monkey
|
ATT&CK endpoint used to retrieve matrix related info
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def post(self, technique):
|
@jwt_required()
|
||||||
"""
|
def post(self, attack_type):
|
||||||
Gets ATT&CK telemetry data and stores it in the database
|
|
||||||
:param technique: Technique ID, e.g. T1111
|
|
||||||
"""
|
|
||||||
data = json.loads(request.data)
|
|
||||||
set_results(technique, data)
|
|
||||||
return {}
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
__author__ = 'VakarisZ'
|
|
|
@ -1,11 +0,0 @@
|
||||||
import logging
|
|
||||||
from cc.database import mongo
|
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
def set_results(technique, data):
|
|
||||||
data.update({'technique': technique})
|
|
||||||
mongo.db.attack_results.insert(data)
|
|
Loading…
Reference in New Issue