Merge pull request #376 from VakarisZ/attack_bugfixes

Attack report improvements
2019-08-19 14:32:19 +03:00 · 2019-08-19 14:32:19 +03:00 · 97ab71b694
parent 6234e35185 c6da2cce07
commit 97ab71b694
8 changed files with 24 additions and 19 deletions
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@ -172,8 +172,8 @@ class SSHExploiter(HostExploiter):
            status = ScanStatus.SCANNED

        T1105Telem(status,
-                   get_interface_to_target(self.host.ip_addr[0]),
-                   self.host.ip_addr[0],
+                   get_interface_to_target(self.host.ip_addr),
+                   self.host.ip_addr,
                   src_path).send()
        if status == ScanStatus.SCANNED:
            return False
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@ -184,7 +184,7 @@ class InfectionMonkey(object):
                                                   (':'+self._default_server_port if self._default_server_port else ''))
                    else:
                        machine.set_default_server(self._default_server)
-                    LOG.debug("Default server: %s set to machine: %r" % (self._default_server, machine))
+                    LOG.debug("Default server for machine: %r set to %s" % (machine, machine.default_server))

                # Order exploits according to their type
                if WormConfiguration.should_exploit:
--- a/monkey/infection_monkey/telemetry/attack/usage_telem.py
+++ b/monkey/infection_monkey/telemetry/attack/usage_telem.py
@ -7,10 +7,10 @@ class UsageTelem(AttackTelem):
        """
        :param technique: Id of technique
        :param status: ScanStatus of technique
-        :param usage: Usage string
+        :param usage: Enum of UsageEnum type
        """
        super(UsageTelem, self).__init__(technique, status)
-        self.usage = usage
+        self.usage = usage.name

    def get_data(self):
        data = super(UsageTelem, self).get_data()
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1003.py
@ -12,9 +12,9 @@ class T1003(AttackTechnique):
    scanned_msg = ""
    used_msg = "Monkey successfully obtained some credentials from systems on the network."

-    query = {'telem_category': 'system_info_collection', '$and': [{'data.credentials': {'$exists': True}},
-                                                                  # $gt: {} checks if field is not an empty object
-                                                                  {'data.credentials': {'$gt': {}}}]}
+    query = {'telem_category': 'system_info', '$and': [{'data.credentials': {'$exists': True}},
+                                                       # $gt: {} checks if field is not an empty object
+                                                       {'data.credentials': {'$gt': {}}}]}

    @staticmethod
    def get_report_data():
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py
@ -12,7 +12,7 @@ class T1082(AttackTechnique):
    scanned_msg = ""
    used_msg = "Monkey gathered system info from machines in the network."

-    query = [{'$match': {'telem_category': 'system_info_collection'}},
+    query = [{'$match': {'telem_category': 'system_info'}},
             {'$project': {'machine': {'hostname': '$data.hostname', 'ips': '$data.network_info.networks'},
                           'aws': '$data.aws',
                           'netstat': '$data.network_info.netstat',
@ -32,7 +32,9 @@ class T1082(AttackTechnique):
                              'name': {'$literal': 'SSH info'}},
                             {'used': {'$and': [{'$ifNull': ['$azure_info', False]}, {'$ne': ['$azure_info', []]}]},
                              'name': {'$literal': 'Azure info'}}
-                             ]}}]
+                             ]}},
+             {'$group': {'_id': {'machine': '$machine', 'collections': '$collections'}}},
+             {"$replaceRoot": {"newRoot": "$_id"}}]

    @staticmethod
    def get_report_data():
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1105.py
@ -16,7 +16,9 @@ class T1105(AttackTechnique):
             {'$project': {'_id': 0,
                           'src': '$data.src',
                           'dst': '$data.dst',
-                           'filename': '$data.filename'}}]
+                           'filename': '$data.filename'}},
+             {'$group': {'_id': {'src': '$src', 'dst': '$dst', 'filename': '$filename'}}},
+             {"$replaceRoot": {"newRoot": "$_id"}}]

    @staticmethod
    def get_report_data():
--- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js
+++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1105.js
@ -1,7 +1,7 @@
 import React from 'react';
 import '../../../styles/Collapse.scss'
 import ReactTable from "react-table";
-import { scanStatus } from "./Helpers"
+import { ScanStatus } from "./Helpers"


 class T1105 extends React.Component {
@ -25,7 +25,7 @@ class T1105 extends React.Component {
      <div>
        <div>{this.props.data.message}</div>
        <br/>
-        {this.props.data.status !== scanStatus.UNSCANNED ?
+        {this.props.data.status !== ScanStatus.UNSCANNED ?
          <ReactTable
              columns={T1105.getFilesColumns()}
              data={this.props.data.files}
--- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js
+++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1210.js
@ -12,22 +12,25 @@ class T1210 extends React.Component {

  static getScanColumns() {
    return ([{
+      Header: "Found services",
      columns: [
        {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine),
          style: { 'whiteSpace': 'unset' }, width: 200},
-        {Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }, width: 170},
-        {Header: 'Port', id: 'port', accessor: x =>x.service.port, style: { 'whiteSpace': 'unset' }},
+        {Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }},
+        {Header: 'Port', id: 'port', accessor: x =>x.service.port, style: { 'whiteSpace': 'unset' }, width: 100},
        {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: { 'whiteSpace': 'unset' }}
        ]
  }])}

  static getExploitColumns() {
    return ([{
+      Header: "Exploited services",
      columns: [
        {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine),
          style: { 'whiteSpace': 'unset' }, width: 200},
-        {Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }, width: 170},
-        {Header: 'Port/url', id: 'port', accessor: x =>this.renderEndpoint(x.service), style: { 'whiteSpace': 'unset' }},
+        {Header: 'Time', id: 'time', accessor: x => x.time, style: { 'whiteSpace': 'unset' }},
+        {Header: 'Port/url', id: 'port', accessor: x =>this.renderEndpoint(x.service), style: { 'whiteSpace': 'unset' },
+        width: 170},
        {Header: 'Service', id: 'service', accessor: x => x.service.display_name, style: { 'whiteSpace': 'unset' }}
        ]
    }])};
@ -54,7 +57,6 @@ class T1210 extends React.Component {
    return (
      <div>
        <br/>
-        <div>Found services: </div>
        <ReactTable
            columns={T1210.getScanColumns()}
            data={data}
@ -68,7 +70,6 @@ class T1210 extends React.Component {
    return (
      <div>
        <br/>
-        <div>Exploited services: </div>
        <ReactTable
            columns={T1210.getExploitColumns()}
            data={data}