Brute force implementation started

2019-05-30 08:36:41 +03:00 · 2019-05-30 08:36:41 +03:00 · 1eac0f5665
parent b465c27e20
commit 1eac0f5665
9 changed files with 107 additions and 15 deletions
--- a/monkey/infection_monkey/exploit/init.py
+++ b/monkey/infection_monkey/exploit/init.py
@ -1,6 +1,7 @@
 from abc import ABCMeta, abstractmethod, abstractproperty
 import infection_monkey.config
 from common.utils.exploit_enum import ExploitType
+from datetime import datetime

 __author__ = 'itamar'

@ -20,11 +21,20 @@ class HostExploiter(object):
    def __init__(self, host):
        self._config = infection_monkey.config.WormConfiguration
        self._exploit_info = {'display_name': self._EXPLOITED_SERVICE,
+                              'exploit_type': self.EXPLOIT_TYPE.name,
+                              'started': '',
+                              'finished': '',
                              'vulnerable_urls': [],
                              'vulnerable_ports': []}
        self._exploit_attempts = []
        self.host = host

+    def set_start_time(self):
+        self._exploit_info['started'] = datetime.now().isoformat()
+
+    def set_finish_time(self):
+        self._exploit_info['finished'] = datetime.now().isoformat()
+
    def is_os_supported(self):
        return self.host.os.get('type') in self._TARGET_OS_TYPE

--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@ -286,7 +286,9 @@ class InfectionMonkey(object):

        result = False
        try:
+            exploiter.set_start_time()
            result = exploiter.exploit_host()
+            exploiter.set_finish_time()
            if result:
                self.successfully_exploited(machine, exploiter)
                return True
--- a/monkey/infection_monkey/utils.py
+++ b/monkey/infection_monkey/utils.py
@ -2,7 +2,6 @@ import os
 import sys
 import shutil
 import struct
-import datetime
 from infection_monkey.config import WormConfiguration


--- a/monkey/monkey_island/cc/services/attack/attack_report.py
+++ b/monkey/monkey_island/cc/services/attack/attack_report.py
@ -1,5 +1,5 @@
 import logging
-from monkey_island.cc.services.attack.technique_reports import T1210, T1197
+from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110
 from monkey_island.cc.services.attack.attack_telem import AttackTelemService
 from monkey_island.cc.services.attack.attack_config import AttackConfig
 from monkey_island.cc.database import mongo
@ -10,7 +10,8 @@ __author__ = "VakarisZ"
 LOG = logging.getLogger(__name__)

 TECHNIQUES = {'T1210': T1210.T1210,
-              'T1197': T1197.T1197}
+              'T1197': T1197.T1197,
+              'T1110': T1110.T1110}

 REPORT_NAME = 'new_report'

--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1110.py
@ -0,0 +1,21 @@
+from monkey_island.cc.database import mongo
+from monkey_island.cc.services.attack.technique_reports import AttackTechnique
+from common.utils.exploit_enum import ExploitType
+
+__author__ = "VakarisZ"
+
+
+class T1110(AttackTechnique):
+    tech_id = "T1110"
+    unscanned_msg = "Monkey didn't try to brute force any services."
+    scanned_msg = "Monkey tried to brute force some services, but failed."
+    used_msg = "Monkey successfully used brute force in the network."
+
+    @staticmethod
+    def get_report_data():
+        data = {'title': T1110.technique_title(T1110.tech_id)}
+        results = mongo.db.telemetry.find({'telem_type': 'exploit', 'data.info.exploit_type': ExploitType.BRUTE_FORCE.name, 'data.attempts': {'$ne': '[]'}},
+                             {'data.machine': 1, 'data.info': 1, 'data.attempts': 1})
+        results = [result['data'] for result in results]
+        data.update({'services': results})
+        return data
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1210.py
@ -4,13 +4,6 @@ from monkey_island.cc.database import mongo

 __author__ = "VakarisZ"

-TECHNIQUE = "T1210"
-MESSAGES = {
-    'unscanned': "Monkey didn't scan any remote services. Maybe it didn't find any machines on the network?",
-    'scanned': "Monkey scanned for remote services on the network, but couldn't exploit any of them.",
-    'used': "Monkey scanned for remote services and exploited some on the network."
-}
-

 class T1210(AttackTechnique):

@ -21,7 +14,7 @@ class T1210(AttackTechnique):

    @staticmethod
    def get_report_data():
-        data = {'title': T1210.technique_title(TECHNIQUE)}
+        data = {'title': T1210.technique_title(T1210.tech_id)}
        scanned_services = T1210.get_scanned_services()
        exploited_services = T1210.get_exploited_services()
        if exploited_services:
--- a/monkey/monkey_island/cc/services/report.py
+++ b/monkey/monkey_island/cc/services/report.py
@ -57,8 +57,8 @@ class ReportService:
        STRUTS2 = 8
        WEBLOGIC = 9
        HADOOP = 10
-        PTH_CRIT_SERVICES_ACCESS = 11,
-        MSSQL = 12,
+        PTH_CRIT_SERVICES_ACCESS = 11
+        MSSQL = 12
        VSFTPD = 13

    class WARNINGS_DICT(Enum):
--- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js
+++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1110.js
@ -0,0 +1,64 @@
+import React from 'react';
+import '../../../styles/Collapse.scss'
+import ReactTable from "react-table";
+
+
+class T1110 extends React.Component {
+
+  constructor(props) {
+    super(props);
+  }
+
+  static getServiceColumns() {
+    return ([{
+      columns: [
+        {Header: 'Machine', id: 'machine', accessor: x => this.renderMachine(x.machine),
+          style: { 'whiteSpace': 'unset' }, width: 200},
+        {Header: 'Service', id: 'service', accessor: x => x.info.display_name, style: { 'whiteSpace': 'unset' }, width: 170},
+        {Header: 'Started', id: 'started', accessor: x => x.info.started, style: { 'whiteSpace': 'unset' }},
+        {Header: 'Finished', id: 'finished', accessor: x => x.info.finished, style: { 'whiteSpace': 'unset' }},
+        {Header: 'Attempts', id: 'attempts', accessor: x => x.attempts.length, style: { 'whiteSpace': 'unset' }},
+        {Header: 'Successful credentials', id: 'credentials', accessor: x => this.renderCredentials(x.attempts), style: { 'whiteSpace': 'unset' }},
+        ]
+    }])};
+
+  static renderMachine(val){
+    return (
+      <span>{val.ip_addr} {(val.domain_name ? " (".concat(val.domain_name, ")") : "")}</span>
+    )
+  };
+
+  static renderCredentials(creds){
+    let content = '';
+    creds.forEach((cred) => {
+      if (cred.result){
+        if (cred.ntlm_hash){
+          content += <span>{cred.user} ; NTLM hash: {cred.ntlm_hash}</span>
+        } else if (cred.ssh_key){
+          content += <span>{cred.user} ; SSH key: {cred.ssh_key}</span>
+        } else if (cred.lm_hash){
+          content += <span>{cred.user} ; LM hash: {cred.lm_hash}</span>
+        } else if (cred.password){
+          content += <span>{cred.user} : {cred.password}</span>
+        }
+        content += <span>{cred.user} : {cred.password}</span>
+      }
+    })
+  }
+
+  render() {
+    return (
+      <div>
+        <div>{this.props.data.message}</div>
+        <ReactTable
+            columns={T1110.getServiceColumns()}
+            data={this.props.data.services}
+            showPagination={false}
+            defaultPageSize={this.props.data.services.length}
+        />
+      </div>
+    );
+  }
+}
+
+export default T1110;
--- a/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js
@ -6,11 +6,13 @@ import AuthComponent from '../AuthComponent';
 import Collapse from '@kunukn/react-collapse';
 import T1210 from '../attack/techniques/T1210';
 import T1197 from '../attack/techniques/T1197';
+import T1110 from '../attack/techniques/T1110';
 import '../../styles/Collapse.scss'

 const tech_components = {
  'T1210': T1210,
-  'T1197': T1197
+  'T1197': T1197,
+  'T1110': T1110
 };

 const classNames = require('classnames');