p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'attack_comand_line_interface' into attack_powershell 

# Conflicts:
#	monkey/infection_monkey/exploit/__init__.py
#	monkey/infection_monkey/exploit/hadoop.py
#	monkey/monkey_island/cc/services/attack/attack_report.py
This commit is contained in:
VakarisZ 2019-06-25 15:51:44 +03:00
parent c4c53f732a 36f917bc8d
commit fea8567177
30 changed files with 94 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey/infection_monkey/control.py
View File

@ -123,11 +123,11 @@ class ControlClient(object):
return {} return {}
@staticmethod @staticmethod
def send_telemetry(telem_catagory, data): def send_telemetry(telem_category, data):
if not WormConfiguration.current_server: if not WormConfiguration.current_server:
return return
try: try:
telemetry = {'monkey_guid': GUID, 'telem_catagory': telem_catagory, 'data': data} telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': data}
reply = requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), reply = requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,),
data=json.dumps(telemetry), data=json.dumps(telemetry),
headers={'content-type': 'application/json'}, headers={'content-type': 'application/json'},

31
monkey/infection_monkey/exploit/__init__.py
View File

@ -25,7 +25,7 @@ class HostExploiter(object):
'finished': '', 'finished': '',
'vulnerable_urls': [], 'vulnerable_urls': [],
'vulnerable_ports': [], 'vulnerable_ports': [],
'executed_cmds': {}} 'executed_cmds': []}
self._exploit_attempts = [] self._exploit_attempts = []
self.host = host self.host = host
@ -49,8 +49,20 @@ class HostExploiter(object):
self._exploit_attempts.append({'result': result, 'user': user, 'password': password, self._exploit_attempts.append({'result': result, 'user': user, 'password': password,
'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key}) 'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key})
@abstractmethod
def exploit_host(self): def exploit_host(self):
self.pre_exploit()
result = self._exploit_host()
self.post_exploit()
return result
def pre_exploit(self):
self.set_start_time()
def post_exploit(self):
self.set_finish_time()
@abstractmethod
def _exploit_host(self):
raise NotImplementedError() raise NotImplementedError()
def add_vuln_url(self, url): def add_vuln_url(self, url):
@ -59,16 +71,13 @@ class HostExploiter(object):
def add_vuln_port(self, port): def add_vuln_port(self, port):
self._exploit_info['vulnerable_ports'].append(port) self._exploit_info['vulnerable_ports'].append(port)
def set_example_cmd(self, cmd): def add_executed_cmd(self, cmd):
"""
Appends command to exploiter's info.
:param cmd: String of executed command. e.g. 'echo Example'
"""
powershell = True if "powershell" in cmd.lower() else False powershell = True if "powershell" in cmd.lower() else False
self._exploit_info['executed_cmds']['example'].append({'command': cmd, 'powershell': powershell}) self._exploit_info['executed_cmds'].append({'cmd': cmd, 'powershell': powershell})
def add_powershell_cmd(self, cmd):
"""
Determines if command uses powershell and if so adds that command to exploiter info
:param cmd: Command used
:return: None
"""
from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter

5
monkey/infection_monkey/exploit/hadoop.py
View File

@ -31,7 +31,7 @@ class HadoopExploiter(WebRCE):
def __init__(self, host): def __init__(self, host):
super(HadoopExploiter, self).__init__(host) super(HadoopExploiter, self).__init__(host)
def exploit_host(self): def _exploit_host(self):
# Try to get exploitable url # Try to get exploitable url
urls = self.build_potential_urls(self.HADOOP_PORTS) urls = self.build_potential_urls(self.HADOOP_PORTS)
self.add_vulnerable_urls(urls, True) self.add_vulnerable_urls(urls, True)
@ -49,8 +49,7 @@ class HadoopExploiter(WebRCE):
return False return False
http_thread.join(self.DOWNLOAD_TIMEOUT) http_thread.join(self.DOWNLOAD_TIMEOUT)
http_thread.stop() http_thread.stop()
self.add_powershell_cmd(command) self.add_executed_cmd(command)
self.set_example_cmd(command)
return True return True
def exploit(self, url, command): def exploit(self, url, command):

4
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -30,7 +30,7 @@ class MSSQLExploiter(HostExploiter):
def __init__(self, host): def __init__(self, host):
super(MSSQLExploiter, self).__init__(host) super(MSSQLExploiter, self).__init__(host)
def exploit_host(self): def _exploit_host(self):
# Brute force to get connection # Brute force to get connection
username_passwords_pairs_list = self._config.get_exploit_user_password_pairs() username_passwords_pairs_list = self._config.get_exploit_user_password_pairs()
cursor = self.brute_force(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list) cursor = self.brute_force(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list)
@ -77,7 +77,7 @@ class MSSQLExploiter(HostExploiter):
commands.extend(monkey_args) commands.extend(monkey_args)
MSSQLExploiter.execute_command(cursor, commands) MSSQLExploiter.execute_command(cursor, commands)
MSSQLExploiter.run_file(cursor, tmp_file_path) MSSQLExploiter.run_file(cursor, tmp_file_path)
self.set_example_cmd(commands[-1]) self.add_executed_cmd(commands[-1])
return True return True
@staticmethod @staticmethod

4
monkey/infection_monkey/exploit/rdpgrinder.py
View File

@ -255,7 +255,7 @@ class RdpExploiter(HostExploiter):
return True return True
return False return False
def exploit_host(self): def _exploit_host(self):
global g_reactor global g_reactor
is_open, _ = check_tcp_port(self.host.ip_addr, RDP_PORT) is_open, _ = check_tcp_port(self.host.ip_addr, RDP_PORT)
@ -343,5 +343,5 @@ class RdpExploiter(HostExploiter):
LOG.info("Executed monkey '%s' on remote victim %r", LOG.info("Executed monkey '%s' on remote victim %r",
os.path.basename(src_path), self.host) os.path.basename(src_path), self.host)
self.set_example_cmd(command) self.add_executed_cmd(command)
return True return True

2
monkey/infection_monkey/exploit/sambacry.py
View File

@ -57,7 +57,7 @@ class SambaCryExploiter(HostExploiter):
def __init__(self, host): def __init__(self, host):
super(SambaCryExploiter, self).__init__(host) super(SambaCryExploiter, self).__init__(host)
def exploit_host(self): def _exploit_host(self):
if not self.is_vulnerable(): if not self.is_vulnerable():
return False return False

4
monkey/infection_monkey/exploit/shellshock.py
View File

@ -36,7 +36,7 @@ class ShellShockExploiter(HostExploiter):
) for _ in range(20)) ) for _ in range(20))
self.skip_exist = self._config.skip_exploit_if_file_exist self.skip_exist = self._config.skip_exploit_if_file_exist
def exploit_host(self): def _exploit_host(self):
# start by picking ports # start by picking ports
candidate_services = { candidate_services = {
service: self.host.services[service] for service in self.host.services if service: self.host.services[service] for service in self.host.services if
@ -144,7 +144,7 @@ class ShellShockExploiter(HostExploiter):
if not (self.check_remote_file_exists(url, header, exploit, self._config.monkey_log_path_linux)): if not (self.check_remote_file_exists(url, header, exploit, self._config.monkey_log_path_linux)):
LOG.info("Log file does not exist, monkey might not have run") LOG.info("Log file does not exist, monkey might not have run")
continue continue
self.set_example_cmd(cmdline) self.add_executed_cmd(cmdline)
return True return True
return False return False

2
monkey/infection_monkey/exploit/smbexec.py
View File

@ -43,7 +43,7 @@ class SmbExploiter(HostExploiter):
return self.host.os.get('type') in self._TARGET_OS_TYPE return self.host.os.get('type') in self._TARGET_OS_TYPE
return False return False
def exploit_host(self): def _exploit_host(self):
src_path = get_target_monkey(self.host) src_path = get_target_monkey(self.host)
if not src_path: if not src_path:

4
monkey/infection_monkey/exploit/sshexec.py
View File

@ -94,7 +94,7 @@ class SSHExploiter(HostExploiter):
continue continue
return exploited return exploited
def exploit_host(self): def _exploit_host(self):
ssh = paramiko.SSHClient() ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.WarningPolicy()) ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
@ -178,7 +178,7 @@ class SSHExploiter(HostExploiter):
self._config.dropper_target_path_linux, self.host, cmdline) self._config.dropper_target_path_linux, self.host, cmdline)
ssh.close() ssh.close()
self.set_example_cmd(cmdline) self.add_executed_cmd(cmdline)
return True return True
except Exception as exc: except Exception as exc:

4
monkey/infection_monkey/exploit/vsftpd.py
View File

@ -60,7 +60,7 @@ class VSFTPDExploiter(HostExploiter):
LOG.error('Failed to send payload to %s', self.host.ip_addr) LOG.error('Failed to send payload to %s', self.host.ip_addr)
return False return False
def exploit_host(self): def _exploit_host(self):
LOG.info("Attempting to trigger the Backdoor..") LOG.info("Attempting to trigger the Backdoor..")
ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@ -138,7 +138,7 @@ class VSFTPDExploiter(HostExploiter):
if backdoor_socket.send(run_monkey): if backdoor_socket.send(run_monkey):
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", self._config.dropper_target_path_linux, LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", self._config.dropper_target_path_linux,
self.host, run_monkey) self.host, run_monkey)
self.set_example_cmd(run_monkey) self.add_executed_cmd(run_monkey)
return True return True
else: else:
return False return False

6
monkey/infection_monkey/exploit/web_rce.py
View File

@ -66,7 +66,7 @@ class WebRCE(HostExploiter):
return exploit_config return exploit_config
def exploit_host(self): def _exploit_host(self):
""" """
Method that contains default exploitation workflow Method that contains default exploitation workflow
:return: True if exploited, False otherwise :return: True if exploited, False otherwise
@ -408,7 +408,7 @@ class WebRCE(HostExploiter):
# If exploiter returns True / False # If exploiter returns True / False
if type(resp) is bool: if type(resp) is bool:
LOG.info("Execution attempt successfully finished") LOG.info("Execution attempt successfully finished")
self.set_example_cmd(command) self.add_executed_cmd(command)
return resp return resp
# If exploiter returns command output, we can check for execution errors # If exploiter returns command output, we can check for execution errors
if 'is not recognized' in resp or 'command not found' in resp: if 'is not recognized' in resp or 'command not found' in resp:
@ -422,7 +422,7 @@ class WebRCE(HostExploiter):
return False return False
LOG.info("Execution attempt finished") LOG.info("Execution attempt finished")
self.set_example_cmd(command) self.add_executed_cmd(command)
return resp return resp
def get_monkey_upload_path(self, url_to_monkey): def get_monkey_upload_path(self, url_to_monkey):

2
monkey/infection_monkey/exploit/win_ms08_067.py
View File

@ -175,7 +175,7 @@ class Ms08_067_Exploiter(HostExploiter):
self.host.os.get('version') in self._windows_versions.keys() self.host.os.get('version') in self._windows_versions.keys()
return False return False
def exploit_host(self): def _exploit_host(self):
src_path = get_target_monkey(self.host) src_path = get_target_monkey(self.host)
if not src_path: if not src_path:

4
monkey/infection_monkey/exploit/wmiexec.py
View File

@ -23,7 +23,7 @@ class WmiExploiter(HostExploiter):
super(WmiExploiter, self).__init__(host) super(WmiExploiter, self).__init__(host)
@WmiTools.dcom_wrap @WmiTools.dcom_wrap
def exploit_host(self): def _exploit_host(self):
src_path = get_target_monkey(self.host) src_path = get_target_monkey(self.host)
if not src_path: if not src_path:
@ -114,7 +114,7 @@ class WmiExploiter(HostExploiter):
result.RemRelease() result.RemRelease()
wmi_connection.close() wmi_connection.close()
self.set_example_cmd(cmdline) self.add_executed_cmd(cmdline)
return success return success
return False return False

2
monkey/infection_monkey/monkey.py
View File

@ -285,9 +285,7 @@ class InfectionMonkey(object):
result = False result = False
try: try:
exploiter.set_start_time()
result = exploiter.exploit_host() result = exploiter.exploit_host()
exploiter.set_finish_time()
if result: if result:
self.successfully_exploited(machine, exploiter) self.successfully_exploited(machine, exploiter)
return True return True

2
monkey/infection_monkey/telemetry/attack/attack_telem.py
View File

@ -15,7 +15,7 @@ class AttackTelem(BaseTelem):
self.technique = technique self.technique = technique
self.status = status self.status = status
telem_catagory = 'attack' telem_category = 'attack'
def get_data(self): def get_data(self):
return { return {

2
monkey/infection_monkey/telemetry/attack/test_victim_host_telem.py
View File

@ -13,7 +13,7 @@ class TestVictimHostTelem(TestCase):
telem = VictimHostTelem(technique, status, machine) telem = VictimHostTelem(technique, status, machine)
self.assertEqual(telem.telem_catagory, 'attack') self.assertEqual(telem.telem_category, 'attack')
expected_data = { expected_data = {
'machine': { 'machine': {

4
monkey/infection_monkey/telemetry/base_telem.py
View File

@ -19,10 +19,10 @@ class BaseTelem(object):
""" """
Sends telemetry to island Sends telemetry to island
""" """
ControlClient.send_telemetry(self.telem_catagory, self.get_data()) ControlClient.send_telemetry(self.telem_category, self.get_data())
@abc.abstractproperty @abc.abstractproperty
def telem_catagory(self): def telem_category(self):
""" """
:return: Telemetry type :return: Telemetry type
""" """

9
monkey/infection_monkey/transport/http.py
View File

@ -49,7 +49,8 @@ class FileServHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
start_range += chunk start_range += chunk
if f.tell() == monkeyfs.getsize(self.filename): if f.tell() == monkeyfs.getsize(self.filename):
self.report_download(self.client_address) if self.report_download(self.client_address):
self.close_connection = 1
f.close() f.close()
@ -171,7 +172,8 @@ class HTTPServer(threading.Thread):
LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1])) LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1]))
self.downloads += 1 self.downloads += 1
if not self.downloads < self.max_downloads: if not self.downloads < self.max_downloads:
self.close_connection = 1 return True
return False
httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler) httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
httpd.timeout = 0.5 # this is irrelevant? httpd.timeout = 0.5 # this is irrelevant?
@ -217,7 +219,8 @@ class LockedHTTPServer(threading.Thread):
LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1])) LOG.info('File downloaded from (%s,%s)' % (dest[0], dest[1]))
self.downloads += 1 self.downloads += 1
if not self.downloads < self.max_downloads: if not self.downloads < self.max_downloads:
self.close_connection = 1 return True
return False
httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler) httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
self.lock.release() self.lock.release()

4
monkey/monkey_island/cc/resources/monkey.py
View File

@ -95,7 +95,7 @@ class Monkey(flask_restful.Resource):
parent_to_add = (monkey_json.get('guid'), None) # default values in case of manual run parent_to_add = (monkey_json.get('guid'), None) # default values in case of manual run
if parent and parent != monkey_json.get('guid'): # current parent is known if parent and parent != monkey_json.get('guid'): # current parent is known
exploit_telem = [x for x in exploit_telem = [x for x in
mongo.db.telemetry.find({'telem_catagory': {'$eq': 'exploit'}, 'data.result': {'$eq': True}, mongo.db.telemetry.find({'telem_category': {'$eq': 'exploit'}, 'data.result': {'$eq': True},
'data.machine.ip_addr': {'$in': monkey_json['ip_addresses']}, 'data.machine.ip_addr': {'$in': monkey_json['ip_addresses']},
'monkey_guid': {'$eq': parent}})] 'monkey_guid': {'$eq': parent}})]
if 1 == len(exploit_telem): if 1 == len(exploit_telem):
@ -104,7 +104,7 @@ class Monkey(flask_restful.Resource):
parent_to_add = (parent, None) parent_to_add = (parent, None)
elif (not parent or parent == monkey_json.get('guid')) and 'ip_addresses' in monkey_json: elif (not parent or parent == monkey_json.get('guid')) and 'ip_addresses' in monkey_json:
exploit_telem = [x for x in exploit_telem = [x for x in
mongo.db.telemetry.find({'telem_catagory': {'$eq': 'exploit'}, 'data.result': {'$eq': True}, mongo.db.telemetry.find({'telem_category': {'$eq': 'exploit'}, 'data.result': {'$eq': True},
'data.machine.ip_addr': {'$in': monkey_json['ip_addresses']}})] 'data.machine.ip_addr': {'$in': monkey_json['ip_addresses']}})]
if 1 == len(exploit_telem): if 1 == len(exploit_telem):

16
monkey/monkey_island/cc/resources/telemetry.py
View File

@ -26,7 +26,7 @@ class Telemetry(flask_restful.Resource):
@jwt_required() @jwt_required()
def get(self, **kw): def get(self, **kw):
monkey_guid = request.args.get('monkey_guid') monkey_guid = request.args.get('monkey_guid')
telem_catagory = request.args.get('telem_catagory') telem_category = request.args.get('telem_category')
timestamp = request.args.get('timestamp') timestamp = request.args.get('timestamp')
if "null" == timestamp: # special case to avoid ugly JS code... if "null" == timestamp: # special case to avoid ugly JS code...
timestamp = None timestamp = None
@ -36,8 +36,8 @@ class Telemetry(flask_restful.Resource):
if monkey_guid: if monkey_guid:
find_filter["monkey_guid"] = {'$eq': monkey_guid} find_filter["monkey_guid"] = {'$eq': monkey_guid}
if telem_catagory: if telem_category:
find_filter["telem_catagory"] = {'$eq': telem_catagory} find_filter["telem_category"] = {'$eq': telem_category}
if timestamp: if timestamp:
find_filter['timestamp'] = {'$gt': dateutil.parser.parse(timestamp)} find_filter['timestamp'] = {'$gt': dateutil.parser.parse(timestamp)}
@ -53,11 +53,11 @@ class Telemetry(flask_restful.Resource):
try: try:
NodeService.update_monkey_modify_time(monkey["_id"]) NodeService.update_monkey_modify_time(monkey["_id"])
telem_catagory = telemetry_json.get('telem_catagory') telem_category = telemetry_json.get('telem_category')
if telem_catagory in TELEM_PROCESS_DICT: if telem_category in TELEM_PROCESS_DICT:
TELEM_PROCESS_DICT[telem_catagory](telemetry_json) TELEM_PROCESS_DICT[telem_category](telemetry_json)
else: else:
logger.info('Got unknown type of telemetry: %s' % telem_catagory) logger.info('Got unknown type of telemetry: %s' % telem_category)
except Exception as ex: except Exception as ex:
logger.error("Exception caught while processing telemetry", exc_info=True) logger.error("Exception caught while processing telemetry", exc_info=True)
@ -79,7 +79,7 @@ class Telemetry(flask_restful.Resource):
monkey_label = telem_monkey_guid monkey_label = telem_monkey_guid
x["monkey"] = monkey_label x["monkey"] = monkey_label
objects.append(x) objects.append(x)
if x['telem_catagory'] == 'system_info_collection' and 'credentials' in x['data']: if x['telem_category'] == 'system_info_collection' and 'credentials' in x['data']:
for user in x['data']['credentials']: for user in x['data']['credentials']:
if -1 != user.find(','): if -1 != user.find(','):
new_user = user.replace(',', '.') new_user = user.replace(',', '.')

2
monkey/monkey_island/cc/resources/telemetry_feed.py
View File

@ -38,7 +38,7 @@ class TelemetryFeed(flask_restful.Resource):
'id': telem['_id'], 'id': telem['_id'],
'timestamp': telem['timestamp'].strftime('%d/%m/%Y %H:%M:%S'), 'timestamp': telem['timestamp'].strftime('%d/%m/%Y %H:%M:%S'),
'hostname': monkey.get('hostname', default_hostname) if monkey else default_hostname, 'hostname': monkey.get('hostname', default_hostname) if monkey else default_hostname,
'brief': TELEM_PROCESS_DICT[telem['telem_catagory']](telem) 'brief': TELEM_PROCESS_DICT[telem['telem_category']](telem)
} }
@staticmethod @staticmethod

4
monkey/monkey_island/cc/services/attack/attack_report.py
View File

@ -1,5 +1,5 @@
import logging import logging
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086 from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059
from monkey_island.cc.services.attack.attack_telem import AttackTelemService from monkey_island.cc.services.attack.attack_telem import AttackTelemService
from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.services.attack.attack_config import AttackConfig
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
@ -47,7 +47,7 @@ class AttackReportService:
Gets timestamp of latest attack telem Gets timestamp of latest attack telem
:return: timestamp of latest attack telem :return: timestamp of latest attack telem
""" """
return [x['timestamp'] for x in mongo.db.telemetry.find({'telem_catagory': 'attack'}).sort('timestamp', -1).limit(1)][0] return [x['timestamp'] for x in mongo.db.telemetry.find({'telem_category': 'attack'}).sort('timestamp', -1).limit(1)][0]
@staticmethod @staticmethod
def get_latest_report(): def get_latest_report():

3
monkey/monkey_island/cc/services/attack/technique_reports/T1003.py
View File

@ -12,7 +12,8 @@ class T1003(AttackTechnique):
scanned_msg = "" scanned_msg = ""
used_msg = "Monkey successfully obtained some credentials from systems on the network." used_msg = "Monkey successfully obtained some credentials from systems on the network."
query = {'telem_type': 'system_info_collection', '$and': [{'data.credentials': {'$exists': True}}, query = {'telem_category': 'system_info_collection', '$and': [{'data.credentials': {'$exists': True}},
# $gt: {} checks if field is not an empty object
{'data.credentials': {'$gt': {}}}]} {'data.credentials': {'$gt': {}}}]}
@staticmethod @staticmethod

4
monkey/monkey_island/cc/services/attack/technique_reports/T1059.py
View File

@ -12,8 +12,8 @@ class T1059(AttackTechnique):
scanned_msg = "" scanned_msg = ""
used_msg = "Monkey successfully ran commands on exploited machines in the network." used_msg = "Monkey successfully ran commands on exploited machines in the network."
query = [{'$match': {'telem_type': 'exploit', query = [{'$match': {'telem_category': 'exploit',
'data.info.executed_cmds.example': {'$exists': True}}}, 'data.info.executed_cmds': {'$exists': True, '$ne': []}}},
{'$project': {'_id': 0, {'$project': {'_id': 0,
'machine': '$data.machine', 'machine': '$data.machine',
'info': '$data.info'}}, 'info': '$data.info'}},

2
monkey/monkey_island/cc/services/attack/technique_reports/T1110.py
View File

@ -13,7 +13,7 @@ class T1110(AttackTechnique):
used_msg = "Monkey successfully used brute force in the network." used_msg = "Monkey successfully used brute force in the network."
# Gets data about brute force attempts # Gets data about brute force attempts
query = [{'$match': {'telem_type': 'exploit', query = [{'$match': {'telem_category': 'exploit',
'data.attempts': {'$not': {'$size': 0}}}}, 'data.attempts': {'$not': {'$size': 0}}}},
{'$project': {'_id': 0, {'$project': {'_id': 0,
'machine': '$data.machine', 'machine': '$data.machine',

16
monkey/monkey_island/cc/services/attack/technique_reports/T1197.py
View File

@ -13,13 +13,15 @@ class T1197(AttackTechnique):
@staticmethod @staticmethod
def get_report_data(): def get_report_data():
data = T1197.get_tech_base_data() data = T1197.get_tech_base_data()
bits_results = mongo.db.telemetry.aggregate([{'$match': {'telem_catagory': 'attack', 'data.technique': T1197.tech_id}}, bits_results = mongo.db.telemetry.aggregate([{'$match': {'telem_category': 'attack',
{'$group': {'_id': {'ip_addr': '$data.machine.ip_addr', 'usage': '$data.usage'}, 'data.technique': T1197.tech_id}},
'ip_addr': {'$first': '$data.machine.ip_addr'}, {'$group': {'_id': {'ip_addr': '$data.machine.ip_addr',
'domain_name': {'$first': '$data.machine.domain_name'}, 'usage': '$data.usage'},
'usage': {'$first': '$data.usage'}, 'ip_addr': {'$first': '$data.machine.ip_addr'},
'time': {'$first': '$timestamp'}} 'domain_name': {'$first': '$data.machine.domain_name'},
}]) 'usage': {'$first': '$data.usage'},
'time': {'$first': '$timestamp'}}
}])
bits_results = list(bits_results) bits_results = list(bits_results)
data.update({'bits_jobs': bits_results}) data.update({'bits_jobs': bits_results})
return data return data

6
monkey/monkey_island/cc/services/attack/technique_reports/T1210.py
View File

@ -22,14 +22,14 @@ class T1210(AttackTechnique):
elif scanned_services: elif scanned_services:
status = ScanStatus.SCANNED status = ScanStatus.SCANNED
else: else:
status = ScanStatus.UNSCANNED.name status = ScanStatus.UNSCANNED
data.update(T1210.get_message_and_status(status)) data.update(T1210.get_message_and_status(status))
data.update({'scanned_services': scanned_services, 'exploited_services': exploited_services}) data.update({'scanned_services': scanned_services, 'exploited_services': exploited_services})
return data return data
@staticmethod @staticmethod
def get_scanned_services(): def get_scanned_services():
results = mongo.db.telemetry.aggregate([{'$match': {'telem_catagory': 'scan'}}, results = mongo.db.telemetry.aggregate([{'$match': {'telem_category': 'scan'}},
{'$sort': {'data.service_count': -1}}, {'$sort': {'data.service_count': -1}},
{'$group': { {'$group': {
'_id': {'ip_addr': '$data.machine.ip_addr'}, '_id': {'ip_addr': '$data.machine.ip_addr'},
@ -39,7 +39,7 @@ class T1210(AttackTechnique):
@staticmethod @staticmethod
def get_exploited_services(): def get_exploited_services():
results = mongo.db.telemetry.aggregate([{'$match': {'telem_catagory': 'exploit', 'data.result': True}}, results = mongo.db.telemetry.aggregate([{'$match': {'telem_category': 'exploit', 'data.result': True}},
{'$group': { {'$group': {
'_id': {'ip_addr': '$data.machine.ip_addr'}, '_id': {'ip_addr': '$data.machine.ip_addr'},
'service': {'$first': '$data.info'}, 'service': {'$first': '$data.info'},

4
monkey/monkey_island/cc/services/attack/technique_reports/__init__.py
View File

@ -52,11 +52,11 @@ class AttackTechnique(object):
Gets the status of a certain attack technique. Gets the status of a certain attack technique.
:return: ScanStatus Enum object :return: ScanStatus Enum object
""" """
if mongo.db.attack_results.find_one({'telem_catagory': 'attack', if mongo.db.attack_results.find_one({'telem_category': 'attack',
'status': ScanStatus.USED.value, 'status': ScanStatus.USED.value,
'technique': cls.tech_id}): 'technique': cls.tech_id}):
return ScanStatus.USED return ScanStatus.USED
elif mongo.db.attack_results.find_one({'telem_catagory': 'attack', elif mongo.db.attack_results.find_one({'telem_category': 'attack',
'status': ScanStatus.SCANNED.value, 'status': ScanStatus.SCANNED.value,
'technique': cls.tech_id}): 'technique': cls.tech_id}):
return ScanStatus.SCANNED return ScanStatus.SCANNED

12
monkey/monkey_island/cc/services/report.py
View File

@ -171,7 +171,7 @@ class ReportService:
PASS_TYPE_DICT = {'password': 'Clear Password', 'lm_hash': 'LM hash', 'ntlm_hash': 'NTLM hash'} PASS_TYPE_DICT = {'password': 'Clear Password', 'lm_hash': 'LM hash', 'ntlm_hash': 'NTLM hash'}
creds = [] creds = []
for telem in mongo.db.telemetry.find( for telem in mongo.db.telemetry.find(
{'telem_catagory': 'system_info_collection', 'data.credentials': {'$exists': True}}, {'telem_category': 'system_info_collection', 'data.credentials': {'$exists': True}},
{'data.credentials': 1, 'monkey_guid': 1} {'data.credentials': 1, 'monkey_guid': 1}
): ):
monkey_creds = telem['data']['credentials'] monkey_creds = telem['data']['credentials']
@ -199,7 +199,7 @@ class ReportService:
""" """
creds = [] creds = []
for telem in mongo.db.telemetry.find( for telem in mongo.db.telemetry.find(
{'telem_catagory': 'system_info_collection', 'data.ssh_info': {'$exists': True}}, {'telem_category': 'system_info_collection', 'data.ssh_info': {'$exists': True}},
{'data.ssh_info': 1, 'monkey_guid': 1} {'data.ssh_info': 1, 'monkey_guid': 1}
): ):
origin = NodeService.get_monkey_by_guid(telem['monkey_guid'])['hostname'] origin = NodeService.get_monkey_by_guid(telem['monkey_guid'])['hostname']
@ -220,7 +220,7 @@ class ReportService:
""" """
creds = [] creds = []
for telem in mongo.db.telemetry.find( for telem in mongo.db.telemetry.find(
{'telem_catagory': 'system_info_collection', 'data.Azure': {'$exists': True}}, {'telem_category': 'system_info_collection', 'data.Azure': {'$exists': True}},
{'data.Azure': 1, 'monkey_guid': 1} {'data.Azure': 1, 'monkey_guid': 1}
): ):
azure_users = telem['data']['Azure']['usernames'] azure_users = telem['data']['Azure']['usernames']
@ -373,7 +373,7 @@ class ReportService:
@staticmethod @staticmethod
def get_exploits(): def get_exploits():
exploits = [] exploits = []
for exploit in mongo.db.telemetry.find({'telem_catagory': 'exploit', 'data.result': True}): for exploit in mongo.db.telemetry.find({'telem_category': 'exploit', 'data.result': True}):
new_exploit = ReportService.process_exploit(exploit) new_exploit = ReportService.process_exploit(exploit)
if new_exploit not in exploits: if new_exploit not in exploits:
exploits.append(new_exploit) exploits.append(new_exploit)
@ -382,7 +382,7 @@ class ReportService:
@staticmethod @staticmethod
def get_monkey_subnets(monkey_guid): def get_monkey_subnets(monkey_guid):
network_info = mongo.db.telemetry.find_one( network_info = mongo.db.telemetry.find_one(
{'telem_catagory': 'system_info_collection', 'monkey_guid': monkey_guid}, {'telem_category': 'system_info_collection', 'monkey_guid': monkey_guid},
{'data.network_info.networks': 1} {'data.network_info.networks': 1}
) )
if network_info is None: if network_info is None:
@ -540,7 +540,7 @@ class ReportService:
@staticmethod @staticmethod
def get_cross_segment_issues(): def get_cross_segment_issues():
scans = mongo.db.telemetry.find({'telem_catagory': 'scan'}, scans = mongo.db.telemetry.find({'telem_category': 'scan'},
{'monkey_guid': 1, 'data.machine.ip_addr': 1, 'data.machine.services': 1}) {'monkey_guid': 1, 'data.machine.ip_addr': 1, 'data.machine.services': 1})
cross_segment_issues = [] cross_segment_issues = []

7
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js
View File

@ -1,7 +1,7 @@
import React from 'react'; import React from 'react';
import '../../../styles/Collapse.scss' import '../../../styles/Collapse.scss'
import ReactTable from "react-table"; import ReactTable from "react-table";
import { RenderMachine } from "./Helpers" import { renderMachine } from "./Helpers"
class T1059 extends React.Component { class T1059 extends React.Component {
@ -14,13 +14,14 @@ class T1059 extends React.Component {
return ([{ return ([{
Header: 'Example commands used', Header: 'Example commands used',
columns: [ columns: [
{Header: 'Machine', id: 'machine', accessor: x => RenderMachine(x.data[0].machine), style: { 'whiteSpace': 'unset'}, width: 160 }, {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.data[0].machine), style: { 'whiteSpace': 'unset'}, width: 160 },
{Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: { 'whiteSpace': 'unset' }}, {Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: { 'whiteSpace': 'unset' }},
{Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds.example, style: { 'whiteSpace': 'unset' }}, {Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds[0].cmd, style: { 'whiteSpace': 'unset' }},
] ]
}])}; }])};
render() { render() {
console.log(this.props.data);
return ( return (
<div> <div>
<div>{this.props.data.message}</div> <div>{this.props.data.message}</div>