From 1eac0f566552ea1016e5cab707dc2d5e1ca6c760 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 30 May 2019 08:36:41 +0300 Subject: [PATCH] Brute force implementation started --- monkey/infection_monkey/exploit/__init__.py | 10 +++ monkey/infection_monkey/monkey.py | 2 + monkey/infection_monkey/utils.py | 1 - .../cc/services/attack/attack_report.py | 5 +- .../attack/technique_reports/T1110.py | 21 ++++++ .../attack/technique_reports/T1210.py | 9 +-- monkey/monkey_island/cc/services/report.py | 6 +- .../src/components/attack/techniques/T1110.js | 64 +++++++++++++++++++ .../report-components/AttackReport.js | 4 +- 9 files changed, 107 insertions(+), 15 deletions(-) create mode 100644 monkey/monkey_island/cc/services/attack/technique_reports/T1110.py create mode 100644 monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py index f2decb590..b2355f853 100644 --- a/monkey/infection_monkey/exploit/__init__.py +++ b/monkey/infection_monkey/exploit/__init__.py @@ -1,6 +1,7 @@ from abc import ABCMeta, abstractmethod, abstractproperty import infection_monkey.config from common.utils.exploit_enum import ExploitType +from datetime import datetime __author__ = 'itamar' @@ -20,11 +21,20 @@ class HostExploiter(object): def __init__(self, host): self._config = infection_monkey.config.WormConfiguration self._exploit_info = {'display_name': self._EXPLOITED_SERVICE, + 'exploit_type': self.EXPLOIT_TYPE.name, + 'started': '', + 'finished': '', 'vulnerable_urls': [], 'vulnerable_ports': []} self._exploit_attempts = [] self.host = host + def set_start_time(self): + self._exploit_info['started'] = datetime.now().isoformat() + + def set_finish_time(self): + self._exploit_info['finished'] = datetime.now().isoformat() + def is_os_supported(self): return self.host.os.get('type') in self._TARGET_OS_TYPE diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 6589e8718..ba6bf7879 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -286,7 +286,9 @@ class InfectionMonkey(object): result = False try: + exploiter.set_start_time() result = exploiter.exploit_host() + exploiter.set_finish_time() if result: self.successfully_exploited(machine, exploiter) return True diff --git a/monkey/infection_monkey/utils.py b/monkey/infection_monkey/utils.py index 0e08203c2..68b39163d 100644 --- a/monkey/infection_monkey/utils.py +++ b/monkey/infection_monkey/utils.py @@ -2,7 +2,6 @@ import os import sys import shutil import struct -import datetime from infection_monkey.config import WormConfiguration diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index c70d3d56d..6801bcd64 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -1,5 +1,5 @@ import logging -from monkey_island.cc.services.attack.technique_reports import T1210, T1197 +from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110 from monkey_island.cc.services.attack.attack_telem import AttackTelemService from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.database import mongo @@ -10,7 +10,8 @@ __author__ = "VakarisZ" LOG = logging.getLogger(__name__) TECHNIQUES = {'T1210': T1210.T1210, - 'T1197': T1197.T1197} + 'T1197': T1197.T1197, + 'T1110': T1110.T1110} REPORT_NAME = 'new_report' diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py new file mode 100644 index 000000000..b28b92e89 --- /dev/null +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py @@ -0,0 +1,21 @@ +from monkey_island.cc.database import mongo +from monkey_island.cc.services.attack.technique_reports import AttackTechnique +from common.utils.exploit_enum import ExploitType + +__author__ = "VakarisZ" + + +class T1110(AttackTechnique): + tech_id = "T1110" + unscanned_msg = "Monkey didn't try to brute force any services." + scanned_msg = "Monkey tried to brute force some services, but failed." + used_msg = "Monkey successfully used brute force in the network." + + @staticmethod + def get_report_data(): + data = {'title': T1110.technique_title(T1110.tech_id)} + results = mongo.db.telemetry.find({'telem_type': 'exploit', 'data.info.exploit_type': ExploitType.BRUTE_FORCE.name, 'data.attempts': {'$ne': '[]'}}, + {'data.machine': 1, 'data.info': 1, 'data.attempts': 1}) + results = [result['data'] for result in results] + data.update({'services': results}) + return data diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py index 9d5ff4cfd..b6335422f 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py @@ -4,13 +4,6 @@ from monkey_island.cc.database import mongo __author__ = "VakarisZ" -TECHNIQUE = "T1210" -MESSAGES = { - 'unscanned': "Monkey didn't scan any remote services. Maybe it didn't find any machines on the network?", - 'scanned': "Monkey scanned for remote services on the network, but couldn't exploit any of them.", - 'used': "Monkey scanned for remote services and exploited some on the network." -} - class T1210(AttackTechnique): @@ -21,7 +14,7 @@ class T1210(AttackTechnique): @staticmethod def get_report_data(): - data = {'title': T1210.technique_title(TECHNIQUE)} + data = {'title': T1210.technique_title(T1210.tech_id)} scanned_services = T1210.get_scanned_services() exploited_services = T1210.get_exploited_services() if exploited_services: diff --git a/monkey/monkey_island/cc/services/report.py b/monkey/monkey_island/cc/services/report.py index 21dcea0bc..702a42cd1 100644 --- a/monkey/monkey_island/cc/services/report.py +++ b/monkey/monkey_island/cc/services/report.py @@ -57,8 +57,8 @@ class ReportService: STRUTS2 = 8 WEBLOGIC = 9 HADOOP = 10 - PTH_CRIT_SERVICES_ACCESS = 11, - MSSQL = 12, + PTH_CRIT_SERVICES_ACCESS = 11 + MSSQL = 12 VSFTPD = 13 class WARNINGS_DICT(Enum): @@ -296,7 +296,7 @@ class ReportService: def process_vsftpd_exploit(exploit): processed_exploit = ReportService.process_general_creds_exploit(exploit) processed_exploit['type'] = 'vsftp' - return processed_exploit + return processed_exploit @staticmethod def process_sambacry_exploit(exploit): diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js new file mode 100644 index 000000000..31a12259c --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js @@ -0,0 +1,64 @@ +import React from 'react'; +import '../../../styles/Collapse.scss' +import ReactTable from "react-table"; + + +class T1110 extends React.Component { + + constructor(props) { + super(props); + } + + static getServiceColumns() { + return ([{ + columns: [ + {Header: 'Machine', id: 'machine', accessor: x => this.renderMachine(x.machine), + style: { 'whiteSpace': 'unset' }, width: 200}, + {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: { 'whiteSpace': 'unset' }, width: 170}, + {Header: 'Started', id: 'started', accessor: x => x.info.started, style: { 'whiteSpace': 'unset' }}, + {Header: 'Finished', id: 'finished', accessor: x => x.info.finished, style: { 'whiteSpace': 'unset' }}, + {Header: 'Attempts', id: 'attempts', accessor: x => x.attempts.length, style: { 'whiteSpace': 'unset' }}, + {Header: 'Successful credentials', id: 'credentials', accessor: x => this.renderCredentials(x.attempts), style: { 'whiteSpace': 'unset' }}, + ] + }])}; + + static renderMachine(val){ + return ( + {val.ip_addr} {(val.domain_name ? " (".concat(val.domain_name, ")") : "")} + ) + }; + + static renderCredentials(creds){ + let content = ''; + creds.forEach((cred) => { + if (cred.result){ + if (cred.ntlm_hash){ + content += {cred.user} ; NTLM hash: {cred.ntlm_hash} + } else if (cred.ssh_key){ + content += {cred.user} ; SSH key: {cred.ssh_key} + } else if (cred.lm_hash){ + content += {cred.user} ; LM hash: {cred.lm_hash} + } else if (cred.password){ + content += {cred.user} : {cred.password} + } + content += {cred.user} : {cred.password} + } + }) + } + + render() { + return ( +
+
{this.props.data.message}
+ +
+ ); + } +} + +export default T1110; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js index 2cc582832..19a7bb7c6 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js @@ -6,11 +6,13 @@ import AuthComponent from '../AuthComponent'; import Collapse from '@kunukn/react-collapse'; import T1210 from '../attack/techniques/T1210'; import T1197 from '../attack/techniques/T1197'; +import T1110 from '../attack/techniques/T1110'; import '../../styles/Collapse.scss' const tech_components = { 'T1210': T1210, - 'T1197': T1197 + 'T1197': T1197, + 'T1110': T1110 }; const classNames = require('classnames');