From a9b62fdd7523dda6cea9feebaee412461d6aed62 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 12 Jul 2019 11:12:34 +0300 Subject: [PATCH 1/6] Proxy attack techniques implemented --- .../cc/services/attack/attack_report.py | 5 ++- .../cc/services/attack/attack_schema.py | 16 ++++++++ .../attack/technique_reports/T1090.py | 34 ++++++++++++++++ .../attack/technique_reports/T1188.py | 39 +++++++++++++++++++ 4 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 monkey/monkey_island/cc/services/attack/technique_reports/T1090.py create mode 100644 monkey/monkey_island/cc/services/attack/technique_reports/T1188.py diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index 1711059a0..2321a37c5 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -1,7 +1,7 @@ import logging from monkey_island.cc.models import Monkey from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082 -from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107 +from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188 from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.database import mongo @@ -24,7 +24,8 @@ TECHNIQUES = {'T1210': T1210.T1210, 'T1035': T1035.T1035, 'T1129': T1129.T1129, 'T1106': T1106.T1106, - 'T1107': T1107.T1107} + 'T1107': T1107.T1107, + 'T1188': T1188.T1188} REPORT_NAME = 'new_report' diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py index 363541fdd..891db84e8 100644 --- a/monkey/monkey_island/cc/services/attack/attack_schema.py +++ b/monkey/monkey_island/cc/services/attack/attack_schema.py @@ -186,6 +186,22 @@ SCHEMA = { "necessary": True, "description": "Adversaries may conduct C2 communications over a non-standard " "port to bypass proxies and firewalls that have been improperly configured." + }, + "T1090": { + "title": "T1090 Connection proxy", + "type": "bool", + "value": True, + "necessary": True, + "description": "A connection proxy is used to direct network traffic between systems " + "or act as an intermediary for network communications." + }, + "T1188": { + "title": "T1188 Multi-hop proxy", + "type": "bool", + "value": True, + "necessary": True, + "description": "To disguise the source of malicious traffic, " + "adversaries may chain together multiple proxies." } } }, diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py new file mode 100644 index 000000000..fc9969d9b --- /dev/null +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py @@ -0,0 +1,34 @@ +from monkey_island.cc.services.attack.technique_reports import AttackTechnique +from common.utils.attack_utils import ScanStatus +from monkey_island.cc.database import mongo + +__author__ = "VakarisZ" + + +class T1090(AttackTechnique): + + tech_id = "T1090" + unscanned_msg = "Monkey didn't use connection proxy." + scanned_msg = "" + used_msg = "Monkey used connection proxy." + + query = [{'$match': {'telem_category': 'exploit', + 'data.info.executed_cmds': {'$exists': True, '$ne': []}}}, + {'$unwind': '$data.info.executed_cmds'}, + {'$sort': {'data.info.executed_cmds.powershell': 1}}, + {'$project': {'_id': 0, + 'machine': '$data.machine', + 'info': '$data.info'}}, + {'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}, + {'$project': {'_id': 0, 'data': {'$arrayElemAt': ['$data', 0]}}}] + + @staticmethod + def get_report_data(): + cmd_data = list(mongo.db.telemetry.aggregate(T1090.query)) + data = {'title': T1090.technique_title(), 'cmds': cmd_data} + if cmd_data: + status = ScanStatus.USED.value + else: + status = ScanStatus.UNSCANNED.value + data.update(T1090.get_message_and_status(status)) + return data diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py new file mode 100644 index 000000000..9fdc1ba32 --- /dev/null +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -0,0 +1,39 @@ +from monkey_island.cc.services.attack.technique_reports import AttackTechnique +from monkey_island.cc.models.monkey import Monkey + +__author__ = "VakarisZ" + + +class T1188(AttackTechnique): + + tech_id = "T1188" + unscanned_msg = "Monkey didn't use multi-hop proxy." + scanned_msg = "" + used_msg = "Monkey used multi-hop proxy." + + query = [{'$match': {'telem_category': 'exploit', + 'data.info.executed_cmds': {'$exists': True, '$ne': []}}}, + {'$unwind': '$data.info.executed_cmds'}, + {'$sort': {'data.info.executed_cmds.powershell': 1}}, + {'$project': {'_id': 0, + 'machine': '$data.machine', + 'info': '$data.info'}}, + {'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}, + {'$project': {'_id': 0, 'data': {'$arrayElemAt': ['$data', 0]}}}] + + @staticmethod + def get_report_data(): + monkeys = T1188.get_tunneled_monkeys() + for monkey in monkeys: + proxy_chain = 0 + proxy = Monkey.objects(id=monkey.tunnel) + while proxy: + proxy_chain += 1 + proxy = Monkey.objects(id=monkey.tunnel) + + data = {'title': T1188.technique_title()} + return data + + @staticmethod + def get_tunneled_monkeys(): + return Monkey.objects(tunnel__exists=True) From eabfbf7941dfb89fe0a51f20b35672a14056476c Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 15 Jul 2019 09:15:32 +0300 Subject: [PATCH 2/6] Multi-hop proxy attack technique finished --- monkey/monkey_island/cc/models/monkey.py | 4 ++ .../attack/technique_reports/T1188.py | 40 +++++++-------- .../src/components/attack/techniques/T1188.js | 49 +++++++++++++++++++ .../report-components/AttackReport.js | 4 +- 4 files changed, 76 insertions(+), 21 deletions(-) create mode 100644 monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 0b910c84b..56b78bc3b 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -68,6 +68,10 @@ class Monkey(Document): os = "windows" return os + @staticmethod + def get_tunneled_monkeys(): + return Monkey.objects(tunnel__exists=True) + class MonkeyNotFoundError(Exception): pass diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py index 9fdc1ba32..30e621065 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -1,5 +1,6 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.models.monkey import Monkey +from common.utils.attack_utils import ScanStatus __author__ = "VakarisZ" @@ -11,29 +12,28 @@ class T1188(AttackTechnique): scanned_msg = "" used_msg = "Monkey used multi-hop proxy." - query = [{'$match': {'telem_category': 'exploit', - 'data.info.executed_cmds': {'$exists': True, '$ne': []}}}, - {'$unwind': '$data.info.executed_cmds'}, - {'$sort': {'data.info.executed_cmds.powershell': 1}}, - {'$project': {'_id': 0, - 'machine': '$data.machine', - 'info': '$data.info'}}, - {'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}, - {'$project': {'_id': 0, 'data': {'$arrayElemAt': ['$data', 0]}}}] - @staticmethod def get_report_data(): - monkeys = T1188.get_tunneled_monkeys() + monkeys = Monkey.get_tunneled_monkeys() + hops = [] for monkey in monkeys: - proxy_chain = 0 - proxy = Monkey.objects(id=monkey.tunnel) - while proxy: - proxy_chain += 1 - proxy = Monkey.objects(id=monkey.tunnel) - - data = {'title': T1188.technique_title()} + proxy_count = 0 + proxy = initial = monkey + while proxy.tunnel: + proxy_count += 1 + proxy = proxy.tunnel + if proxy_count > 1: + hops.append({'from': T1188.get_network_info(initial), + 'to': T1188.get_network_info(proxy), + 'count': proxy_count}) + if hops: + status = ScanStatus.USED.value + else: + status = ScanStatus.UNSCANNED.value + data = T1188.get_base_data_by_status(status) + data.update({'hops': hops}) return data @staticmethod - def get_tunneled_monkeys(): - return Monkey.objects(tunnel__exists=True) + def get_network_info(monkey): + return {'ips': monkey.ip_addresses, 'hostname': monkey.hostname} diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js new file mode 100644 index 000000000..f938c5e3f --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js @@ -0,0 +1,49 @@ +import React from 'react'; +import '../../../styles/Collapse.scss' +import ReactTable from "react-table"; +import { renderMachineFromSystemData, scanStatus } from "./Helpers" + + +class T1188 extends React.Component { + + constructor(props) { + super(props); + } + + static getHopColumns() { + return ([{ + Header: "Communications trough multi-hop proxies", + columns: [ + {Header: 'From', + id: 'from', + accessor: x => renderMachineFromSystemData(x.from), + style: { 'whiteSpace': 'unset' }}, + {Header: 'To', + id: 'to', + accessor: x => renderMachineFromSystemData(x.to), + style: { 'whiteSpace': 'unset' }}, + {Header: 'Hops', + id: 'hops', + accessor: x => x.count, + style: { 'whiteSpace': 'unset' }}, + ] + }])}; + + render() { + return ( +
+
{this.props.data.message}
+
+ {this.props.data.status === scanStatus.USED ? + : ""} +
+ ); + } +} + +export default T1188; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js index dc3f1c654..b5217a56a 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js @@ -21,6 +21,7 @@ import T1065 from "../attack/techniques/T1065"; import T1035 from "../attack/techniques/T1035"; import T1129 from "../attack/techniques/T1129"; import T1106 from "../attack/techniques/T1106"; +import T1188 from "../attack/techniques/T1188"; const tech_components = { 'T1210': T1210, @@ -37,7 +38,8 @@ const tech_components = { 'T1035': T1035, 'T1129': T1129, 'T1106': T1106, - 'T1107': T1107 + 'T1107': T1107, + 'T1188': T1188 }; const classNames = require('classnames'); From b7f678de04a391a870464952c8548cd788b9ec7c Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 15 Jul 2019 10:53:44 +0300 Subject: [PATCH 3/6] Single proxy attack technique finished --- monkey/monkey_island/cc/models/monkey.py | 11 ++++- .../cc/services/attack/attack_report.py | 4 +- .../attack/technique_reports/T1090.py | 23 ++++------- .../attack/technique_reports/T1188.py | 8 +--- .../src/components/attack/techniques/T1090.js | 40 +++++++++++++++++++ .../report-components/AttackReport.js | 4 +- 6 files changed, 66 insertions(+), 24 deletions(-) create mode 100644 monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 56b78bc3b..418cec03f 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -71,7 +71,16 @@ class Monkey(Document): @staticmethod def get_tunneled_monkeys(): return Monkey.objects(tunnel__exists=True) - + + @staticmethod + def get_network_info(monkey): + """ + Formats network info from monkey's model + :param monkey: monkey model + :return: dictionary with an array of IP's and a hostname + """ + return {'ips': monkey.ip_addresses, 'hostname': monkey.hostname} + class MonkeyNotFoundError(Exception): pass diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index 2321a37c5..719463ba5 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -2,6 +2,7 @@ import logging from monkey_island.cc.models import Monkey from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082 from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188 +from monkey_island.cc.services.attack.technique_reports import T1090 from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.database import mongo @@ -25,7 +26,8 @@ TECHNIQUES = {'T1210': T1210.T1210, 'T1129': T1129.T1129, 'T1106': T1106.T1106, 'T1107': T1107.T1107, - 'T1188': T1188.T1188} + 'T1188': T1188.T1188, + 'T1090': T1090.T1090} REPORT_NAME = 'new_report' diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py index fc9969d9b..0e48d2198 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py @@ -1,6 +1,6 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique from common.utils.attack_utils import ScanStatus -from monkey_island.cc.database import mongo +from monkey_island.cc.models import Monkey __author__ = "VakarisZ" @@ -12,23 +12,16 @@ class T1090(AttackTechnique): scanned_msg = "" used_msg = "Monkey used connection proxy." - query = [{'$match': {'telem_category': 'exploit', - 'data.info.executed_cmds': {'$exists': True, '$ne': []}}}, - {'$unwind': '$data.info.executed_cmds'}, - {'$sort': {'data.info.executed_cmds.powershell': 1}}, - {'$project': {'_id': 0, - 'machine': '$data.machine', - 'info': '$data.info'}}, - {'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}, - {'$project': {'_id': 0, 'data': {'$arrayElemAt': ['$data', 0]}}}] - @staticmethod def get_report_data(): - cmd_data = list(mongo.db.telemetry.aggregate(T1090.query)) - data = {'title': T1090.technique_title(), 'cmds': cmd_data} - if cmd_data: + monkeys = Monkey.get_tunneled_monkeys() + monkeys = [Monkey.get_network_info(monkey) for monkey in monkeys] + if monkeys: status = ScanStatus.USED.value else: status = ScanStatus.UNSCANNED.value - data.update(T1090.get_message_and_status(status)) + data = T1090.get_base_data_by_status(status) + data.update({'proxies': monkeys}) return data + + diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py index 30e621065..6e35f7c7f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -23,8 +23,8 @@ class T1188(AttackTechnique): proxy_count += 1 proxy = proxy.tunnel if proxy_count > 1: - hops.append({'from': T1188.get_network_info(initial), - 'to': T1188.get_network_info(proxy), + hops.append({'from': Monkey.get_network_info(initial), + 'to': Monkey.get_network_info(proxy), 'count': proxy_count}) if hops: status = ScanStatus.USED.value @@ -33,7 +33,3 @@ class T1188(AttackTechnique): data = T1188.get_base_data_by_status(status) data.update({'hops': hops}) return data - - @staticmethod - def get_network_info(monkey): - return {'ips': monkey.ip_addresses, 'hostname': monkey.hostname} diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js new file mode 100644 index 000000000..99660cf65 --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js @@ -0,0 +1,40 @@ +import React from 'react'; +import '../../../styles/Collapse.scss' +import ReactTable from "react-table"; +import { renderMachineFromSystemData, scanStatus } from "./Helpers" + + +class T1090 extends React.Component { + + constructor(props) { + super(props); + } + + static getProxyColumns() { + return ([{ + Header: "Proxies were used to communicate with:", + columns: [ + {Header: 'Machines', + id: 'machine', + accessor: x => renderMachineFromSystemData(x), + style: { 'whiteSpace': 'unset', textAlign: 'center' }}]}]) + }; + + render() { + return ( +
+
{this.props.data.message}
+
+ {this.props.data.status === scanStatus.USED ? + : ""} +
+ ); + } +} + +export default T1090; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js index b5217a56a..0b622248b 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js @@ -22,6 +22,7 @@ import T1035 from "../attack/techniques/T1035"; import T1129 from "../attack/techniques/T1129"; import T1106 from "../attack/techniques/T1106"; import T1188 from "../attack/techniques/T1188"; +import T1090 from "../attack/techniques/T1090"; const tech_components = { 'T1210': T1210, @@ -39,7 +40,8 @@ const tech_components = { 'T1129': T1129, 'T1106': T1106, 'T1107': T1107, - 'T1188': T1188 + 'T1188': T1188, + 'T1090': T1090 }; const classNames = require('classnames'); From 930ff08149958b9a991294f1762127fa9db4abbc Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 15 Jul 2019 10:54:13 +0300 Subject: [PATCH 4/6] Added "," after each IP address while rendering a machine --- .../cc/ui/src/components/attack/techniques/Helpers.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js index 775d453da..adc0d2583 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js @@ -12,12 +12,12 @@ export function renderMachineFromSystemData(data) { let machineStr = data['hostname'] + " ( "; data['ips'].forEach(function(ipInfo){ if(typeof ipInfo === "object"){ - machineStr += ipInfo['addr'] + " "; + machineStr += ipInfo['addr'] + ", "; } else { - machineStr += ipInfo + " "; + machineStr += ipInfo + ", "; } }); - return machineStr + ")" + return machineStr.slice(0, -2) + " )" } /* Formats telemetry data that contains _id.machine and _id.usage fields into columns From 35c496812f8403cc343e467d343a2291f0879f9d Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 2 Aug 2019 13:11:16 +0300 Subject: [PATCH 5/6] Fixed CR comments and implemented test for proxy attack techniques --- monkey/monkey_island/cc/models/monkey.py | 16 +++++------- monkey/monkey_island/cc/models/test_monkey.py | 26 +++++++++++++++++-- .../attack/technique_reports/T1090.py | 7 ++--- .../attack/technique_reports/T1188.py | 9 +++---- .../components/attack/techniques/Helpers.js | 1 + .../src/components/attack/techniques/T1090.js | 16 +++++++----- .../src/components/attack/techniques/T1188.js | 2 +- 7 files changed, 47 insertions(+), 30 deletions(-) diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 418cec03f..f9f556844 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -68,19 +68,17 @@ class Monkey(Document): os = "windows" return os + def get_network_info(self): + """ + Formats network info from monkey's model + :return: dictionary with an array of IP's and a hostname + """ + return {'ips': self.ip_addresses, 'hostname': self.hostname} + @staticmethod def get_tunneled_monkeys(): return Monkey.objects(tunnel__exists=True) - @staticmethod - def get_network_info(monkey): - """ - Formats network info from monkey's model - :param monkey: monkey model - :return: dictionary with an array of IP's and a hostname - """ - return {'ips': monkey.ip_addresses, 'hostname': monkey.hostname} - class MonkeyNotFoundError(Exception): pass diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index a744db6b6..a44512995 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -9,11 +9,11 @@ from monkey_ttl import MonkeyTtl class TestMonkey(IslandTestCase): """ - Make sure to set server environment to `testing` in server.json! Otherwise this will mess up your mongo instance and + Make sure to set server environment to `testing` in server_config.json! Otherwise this will mess up your mongo instance and won't work. Also, the working directory needs to be the working directory from which you usually run the island so the - server.json file is found and loaded. + server_config.json file is found and loaded. """ def test_is_dead(self): @@ -77,3 +77,25 @@ class TestMonkey(IslandTestCase): self.assertEquals(1, len(filter(lambda m: m.get_os() == "windows", Monkey.objects()))) self.assertEquals(1, len(filter(lambda m: m.get_os() == "linux", Monkey.objects()))) self.assertEquals(1, len(filter(lambda m: m.get_os() == "unknown", Monkey.objects()))) + + def test_get_tunneled_monkeys(self): + self.fail_if_not_testing_env() + self.clean_monkey_db() + + linux_monkey = Monkey(guid=str(uuid.uuid4()), + description="Linux shay-Virtual-Machine") + windows_monkey = Monkey(guid=str(uuid.uuid4()), + description="Windows bla bla bla", + tunneling=linux_monkey) + unknown_monkey = Monkey(guid=str(uuid.uuid4()), + description="bla bla bla", + tunneling=windows_monkey) + linux_monkey.save() + windows_monkey.save() + unknown_monkey.save() + tunneled_monkeys = Monkey.get_tunneled_monkeys() + test = bool(windows_monkey in tunneled_monkeys + and unknown_monkey in tunneled_monkeys + and linux_monkey not in tunneled_monkeys + and len(tunneled_monkeys) == 2) + self.assertTrue(test, "Tunneling test") diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py index 0e48d2198..f0835aff9 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py @@ -15,11 +15,8 @@ class T1090(AttackTechnique): @staticmethod def get_report_data(): monkeys = Monkey.get_tunneled_monkeys() - monkeys = [Monkey.get_network_info(monkey) for monkey in monkeys] - if monkeys: - status = ScanStatus.USED.value - else: - status = ScanStatus.UNSCANNED.value + monkeys = [monkey.get_network_info() for monkey in monkeys] + status = ScanStatus.USED.value if monkeys else ScanStatus.UNSCANNED.value data = T1090.get_base_data_by_status(status) data.update({'proxies': monkeys}) return data diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py index 6e35f7c7f..32187696a 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -23,13 +23,10 @@ class T1188(AttackTechnique): proxy_count += 1 proxy = proxy.tunnel if proxy_count > 1: - hops.append({'from': Monkey.get_network_info(initial), - 'to': Monkey.get_network_info(proxy), + hops.append({'from': initial.get_network_info(), + 'to': proxy.get_network_info(), 'count': proxy_count}) - if hops: - status = ScanStatus.USED.value - else: - status = ScanStatus.UNSCANNED.value + status = ScanStatus.USED.value if hops else ScanStatus.UNSCANNED.value data = T1188.get_base_data_by_status(status) data.update({'hops': hops}) return data diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js index adc0d2583..18df4b58f 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js @@ -17,6 +17,7 @@ export function renderMachineFromSystemData(data) { machineStr += ipInfo + ", "; } }); + // Replaces " ," with " )" to finish a list of IP's return machineStr.slice(0, -2) + " )" } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js index 99660cf65..d5fed289f 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js @@ -12,7 +12,6 @@ class T1090 extends React.Component { static getProxyColumns() { return ([{ - Header: "Proxies were used to communicate with:", columns: [ {Header: 'Machines', id: 'machine', @@ -26,12 +25,15 @@ class T1090 extends React.Component {
{this.props.data.message}

{this.props.data.status === scanStatus.USED ? - : ""} +
+

Proxies were used to communicate with:

+ +
: ""} ); } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js index f938c5e3f..c28a8092c 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js @@ -12,7 +12,7 @@ class T1188 extends React.Component { static getHopColumns() { return ([{ - Header: "Communications trough multi-hop proxies", + Header: "Communications through multi-hop proxies", columns: [ {Header: 'From', id: 'from', From e9d39577eedbaa14abebf30fbc4f87fad6c790ad Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 19 Aug 2019 15:17:48 +0300 Subject: [PATCH 6/6] Fixed bug in unit test for tunneling --- monkey/monkey_island/cc/models/test_monkey.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index a44512995..ba8ff10fc 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -86,10 +86,10 @@ class TestMonkey(IslandTestCase): description="Linux shay-Virtual-Machine") windows_monkey = Monkey(guid=str(uuid.uuid4()), description="Windows bla bla bla", - tunneling=linux_monkey) + tunnel=linux_monkey) unknown_monkey = Monkey(guid=str(uuid.uuid4()), description="bla bla bla", - tunneling=windows_monkey) + tunnel=windows_monkey) linux_monkey.save() windows_monkey.save() unknown_monkey.save()