forked from p34709852/monkey
parent
ee0b6a042d
commit
7e5aff1d21
|
@ -17,8 +17,6 @@ from infection_monkey.system_info import SystemInfoCollector
|
|||
from infection_monkey.system_singleton import SystemSingleton
|
||||
from infection_monkey.windows_upgrader import WindowsUpgrader
|
||||
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
||||
from infection_monkey.transport.attack_telems.base_telem import ScanStatus
|
||||
from infection_monkey.transport.attack_telems.victim_host_telem import VictimHostTelem
|
||||
|
||||
__author__ = 'itamar'
|
||||
|
||||
|
@ -181,11 +179,9 @@ class InfectionMonkey(object):
|
|||
for exploiter in [exploiter(machine) for exploiter in self._exploiters]:
|
||||
if self.try_exploiting(machine, exploiter):
|
||||
host_exploited = True
|
||||
VictimHostTelem('T1210', ScanStatus.USED.value, machine=machine).send()
|
||||
break
|
||||
if not host_exploited:
|
||||
self._fail_exploitation_machines.add(machine)
|
||||
VictimHostTelem('T1210', ScanStatus.SCANNED.value, machine=machine).send()
|
||||
if not self._keep_running:
|
||||
break
|
||||
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
from enum import Enum
|
||||
from infection_monkey.config import WormConfiguration
|
||||
from infection_monkey.config import WormConfiguration, GUID
|
||||
import requests
|
||||
import json
|
||||
from infection_monkey.control import ControlClient
|
||||
import logging
|
||||
from infection_monkey.utils import get_host_info
|
||||
|
||||
__author__ = "VakarisZ"
|
||||
|
||||
|
@ -22,31 +21,17 @@ class ScanStatus(Enum):
|
|||
|
||||
class AttackTelem(object):
|
||||
|
||||
def __init__(self, technique, status, data=None, machine=False):
|
||||
"""
|
||||
Default ATT&CK telemetry constructor
|
||||
:param technique: Technique ID. E.g. T111
|
||||
:param status: int from ScanStatus Enum
|
||||
:param data: Other data relevant to the attack technique
|
||||
:param machine: Boolean. Should we pass current machine's info or not
|
||||
"""
|
||||
def __init__(self, technique, status, data, machine=None):
|
||||
self.technique = technique
|
||||
self.result = status
|
||||
self.data = {'status': status}
|
||||
if data:
|
||||
self.data = {'machine': machine, 'status': status, 'monkey_guid': GUID}
|
||||
self.data.update(data)
|
||||
if machine:
|
||||
self.data.update({'machine': get_host_info()})
|
||||
|
||||
def send(self):
|
||||
"""
|
||||
Sends telemetry to island
|
||||
:return:
|
||||
"""
|
||||
if not WormConfiguration.current_server:
|
||||
return
|
||||
try:
|
||||
requests.post("https://%s/api/attack/%s" % (WormConfiguration.current_server, self.technique),
|
||||
reply = requests.post("https://%s/api/%s" % (WormConfiguration.current_server, self.technique),
|
||||
data=json.dumps(self.data),
|
||||
headers={'content-type': 'application/json'},
|
||||
verify=False,
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
from infection_monkey.transport.attack_telems.base_telem import AttackTelem
|
||||
|
||||
__author__ = "VakarisZ"
|
||||
|
||||
|
||||
class VictimHostTelem(AttackTelem):
|
||||
|
||||
def __init__(self, technique, status, machine, data=None):
|
||||
"""
|
||||
ATT&CK telemetry that parses and sends VictimHost telemetry
|
||||
:param technique: Technique ID. E.g. T111
|
||||
:param status: int from ScanStatus Enum
|
||||
:param machine: VictimHost obj from model/host.py
|
||||
:param data: Other data relevant to the attack technique
|
||||
"""
|
||||
super(VictimHostTelem, self).__init__(technique, status, data, machine=False)
|
||||
victim_host = {'hostname': machine.domain_name, 'ip': machine.ip_addr}
|
||||
if data:
|
||||
self.data.update(data)
|
||||
if machine:
|
||||
self.data.update({'machine': victim_host})
|
|
@ -2,13 +2,9 @@ import os
|
|||
import sys
|
||||
import shutil
|
||||
import struct
|
||||
import socket
|
||||
|
||||
from infection_monkey.config import WormConfiguration
|
||||
|
||||
LOCAL_IP = '127.0.0.1'
|
||||
MOCK_IP = '10.255.255.255'
|
||||
|
||||
|
||||
def get_monkey_log_path():
|
||||
return os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" \
|
||||
|
@ -36,26 +32,6 @@ def is_windows_os():
|
|||
return sys.platform.startswith("win")
|
||||
|
||||
|
||||
def get_host_info():
|
||||
return {'hostname': socket.gethostname(), 'ip': get_primary_ip()}
|
||||
|
||||
|
||||
def get_primary_ip():
|
||||
"""
|
||||
:return: Primary (default route) IP address
|
||||
"""
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
try:
|
||||
# doesn't even have to be reachable
|
||||
s.connect((MOCK_IP, 1))
|
||||
ip = s.getsockname()[0]
|
||||
except:
|
||||
ip = LOCAL_IP
|
||||
finally:
|
||||
s.close()
|
||||
return ip
|
||||
|
||||
|
||||
def utf_to_ascii(string):
|
||||
# Converts utf string to ascii. Safe to use even if string is already ascii.
|
||||
udata = string.decode("utf-8")
|
||||
|
|
|
@ -30,7 +30,6 @@ from cc.resources.telemetry_feed import TelemetryFeed
|
|||
from cc.resources.pba_file_download import PBAFileDownload
|
||||
from cc.services.config import ConfigService
|
||||
from cc.resources.pba_file_upload import FileUpload
|
||||
from cc.resources.attack import Attack
|
||||
|
||||
__author__ = 'Barak'
|
||||
|
||||
|
@ -124,6 +123,5 @@ def init_app(mongo_url):
|
|||
'/api/fileUpload/<string:file_type>?load=<string:filename>',
|
||||
'/api/fileUpload/<string:file_type>?restore=<string:filename>')
|
||||
api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/')
|
||||
api.add_resource(Attack, '/api/attack/<string:technique>')
|
||||
|
||||
return app
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
import flask_restful
|
||||
from flask import request
|
||||
import json
|
||||
from cc.services.attck.attack_results import set_results
|
||||
from flask import request, send_from_directory, Response
|
||||
from cc.services.config import ConfigService, PBA_WINDOWS_FILENAME_PATH, PBA_LINUX_FILENAME_PATH, UPLOADS_DIR
|
||||
from cc.auth import jwt_required
|
||||
import os
|
||||
from werkzeug.utils import secure_filename
|
||||
import logging
|
||||
import copy
|
||||
|
||||
__author__ = 'VakarisZ'
|
||||
|
||||
|
@ -11,14 +14,9 @@ LOG = logging.getLogger(__name__)
|
|||
|
||||
class Attack(flask_restful.Resource):
|
||||
"""
|
||||
ATT&CK endpoint used to retrieve matrix related info from monkey
|
||||
ATT&CK endpoint used to retrieve matrix related info
|
||||
"""
|
||||
|
||||
def post(self, technique):
|
||||
"""
|
||||
Gets ATT&CK telemetry data and stores it in the database
|
||||
:param technique: Technique ID, e.g. T1111
|
||||
"""
|
||||
data = json.loads(request.data)
|
||||
set_results(technique, data)
|
||||
return {}
|
||||
@jwt_required()
|
||||
def post(self, attack_type):
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
__author__ = 'VakarisZ'
|
|
@ -1,11 +0,0 @@
|
|||
import logging
|
||||
from cc.database import mongo
|
||||
|
||||
__author__ = "VakarisZ"
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def set_results(technique, data):
|
||||
data.update({'technique': technique})
|
||||
mongo.db.attack_results.insert(data)
|
Loading…
Reference in New Issue