p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Powershell query changed to parse array of executed command dicts

This commit is contained in:
VakarisZ 2019-06-26 14:58:07 +03:00
parent fea8567177
commit 3e9dcd3646
8 changed files with 25 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -66,7 +66,7 @@ class MSSQLExploiter(HostExploiter):
"xp_cmdshell \"<nul set /p=, ^\'%s^\') >>%s\"" % (dst_path, tmp_file_path)] "xp_cmdshell \"<nul set /p=, ^\'%s^\') >>%s\"" % (dst_path, tmp_file_path)]
MSSQLExploiter.execute_command(cursor, commands) MSSQLExploiter.execute_command(cursor, commands)
MSSQLExploiter.run_file(cursor, tmp_file_path) MSSQLExploiter.run_file(cursor, tmp_file_path)
self.add_powershell_cmd(' '.join(commands)) self.add_executed_cmd(' '.join(commands))
# Form monkey's command in a file # Form monkey's command in a file
monkey_args = tools.build_monkey_commandline(self.host, monkey_args = tools.build_monkey_commandline(self.host,
tools.get_monkey_depth() - 1, tools.get_monkey_depth() - 1,

2
monkey/infection_monkey/exploit/web_rce.py
View File

@ -338,7 +338,7 @@ class WebRCE(HostExploiter):
command = self.get_command(paths['dest_path'], http_path, commands) command = self.get_command(paths['dest_path'], http_path, commands)
resp = self.exploit(url, command) resp = self.exploit(url, command)
self.add_powershell_cmd(command) self.add_executed_cmd(command)
resp = self.run_backup_commands(resp, url, paths['dest_path'], http_path) resp = self.run_backup_commands(resp, url, paths['dest_path'], http_path)
http_thread.join(DOWNLOAD_TIMEOUT) http_thread.join(DOWNLOAD_TIMEOUT)

4
monkey/infection_monkey/exploit/weblogic.py
View File

@ -20,8 +20,8 @@ __author__ = "VakarisZ"
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
# How long server waits for get request in seconds # How long server waits for get request in seconds
SERVER_TIMEOUT = 4 SERVER_TIMEOUT = 4
# How long should we wait after each request in seconds # How long should be wait after each request in seconds
REQUEST_DELAY = 0.1 REQUEST_DELAY = 0.0001
# How long to wait for a sign(request from host) that server is vulnerable. In seconds # How long to wait for a sign(request from host) that server is vulnerable. In seconds
REQUEST_TIMEOUT = 5 REQUEST_TIMEOUT = 5
# How long to wait for response in exploitation. In seconds # How long to wait for response in exploitation. In seconds

5
monkey/monkey_island/cc/services/attack/technique_reports/T1059.py
View File

@ -14,10 +14,13 @@ class T1059(AttackTechnique):
query = [{'$match': {'telem_category': 'exploit', query = [{'$match': {'telem_category': 'exploit',
'data.info.executed_cmds': {'$exists': True, '$ne': []}}}, 'data.info.executed_cmds': {'$exists': True, '$ne': []}}},
{'$unwind': '$data.info.executed_cmds'},
{'$sort': {'data.info.executed_cmds.powershell': 1}},
{'$project': {'_id': 0, {'$project': {'_id': 0,
'machine': '$data.machine', 'machine': '$data.machine',
'info': '$data.info'}}, 'info': '$data.info'}},
{'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}] {'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}},
{'$project': {'_id': 0, 'data': {'$arrayElemAt': ['$data', 0]}}}]
@staticmethod @staticmethod
def get_report_data(): def get_report_data():

13
monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
View File

@ -12,11 +12,16 @@ class T1086(AttackTechnique):
scanned_msg = "" scanned_msg = ""
used_msg = "Monkey successfully ran powershell commands on exploited machines in the network." used_msg = "Monkey successfully ran powershell commands on exploited machines in the network."
query = [{'$match': {'telem_type': 'exploit', query = [{'$match': {'telem_category': 'exploit',
'data.info.executed_cmds.example': {'$elemMatch': {'powershell': True}}}}, 'data.info.executed_cmds': {'$elemMatch': {'powershell': True}}}},
{'$project': {'_id': 0, {'$project': {'machine': '$data.machine',
'machine': '$data.machine',
'info': '$data.info'}}, 'info': '$data.info'}},
{'$project': {'_id': 0,
'machine': 1,
'info.finished': 1,
'info.executed_cmds': {'$filter': {'input': '$info.executed_cmds',
'as': 'command',
'cond': {'$eq': ['$$command.powershell', True]}}}}},
{'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}] {'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}]
@staticmethod @staticmethod

7
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js
View File

@ -14,14 +14,13 @@ class T1059 extends React.Component {
return ([{ return ([{
Header: 'Example commands used', Header: 'Example commands used',
columns: [ columns: [
{Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.data[0].machine), style: { 'whiteSpace': 'unset'}, width: 160 }, {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.data.machine), style: { 'whiteSpace': 'unset'}, width: 160 },
{Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: { 'whiteSpace': 'unset' }}, {Header: 'Approx. Time', id: 'time', accessor: x => x.data.info.finished, style: { 'whiteSpace': 'unset' }},
{Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds[0].cmd, style: { 'whiteSpace': 'unset' }}, {Header: 'Command', id: 'command', accessor: x => x.data.info.executed_cmds.cmd, style: { 'whiteSpace': 'unset' }},
] ]
}])}; }])};
render() { render() {
console.log(this.props.data);
return ( return (
<div> <div>
<div>{this.props.data.message}</div> <div>{this.props.data.message}</div>

6
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js
View File

@ -1,7 +1,7 @@
import React from 'react'; import React from 'react';
import '../../../styles/Collapse.scss' import '../../../styles/Collapse.scss'
import ReactTable from "react-table"; import ReactTable from "react-table";
import { RenderMachine } from "./Helpers" import { renderMachine } from "./Helpers"
class T1086 extends React.Component { class T1086 extends React.Component {
@ -14,9 +14,9 @@ class T1086 extends React.Component {
return ([{ return ([{
Header: 'Example Powershell commands used', Header: 'Example Powershell commands used',
columns: [ columns: [
{Header: 'Machine', id: 'machine', accessor: x => RenderMachine(x.data[0].machine), style: { 'whiteSpace': 'unset'}, width: 160 }, {Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.data[0].machine), style: { 'whiteSpace': 'unset'}, width: 160 },
{Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: { 'whiteSpace': 'unset' }}, {Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: { 'whiteSpace': 'unset' }},
{Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds.powershell, style: { 'whiteSpace': 'unset' }}, {Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds[0].cmd, style: { 'whiteSpace': 'unset' }},
] ]
}])}; }])};