forked from p15670423/monkey
Bugfix: victimhost telem is sent instead of attack telem.
This commit is contained in:
parent
d891eb4abb
commit
69de938a37
|
@ -133,7 +133,7 @@ class ShellShockExploiter(HostExploiter):
|
|||
chmod = '/bin/chmod +x %s' % dropper_target_path_linux
|
||||
run_path = exploit + chmod
|
||||
self.attack_page(url, header, run_path)
|
||||
T1222Telem(ScanStatus.USED, chmod).send()
|
||||
T1222Telem(ScanStatus.USED, chmod, self.host).send()
|
||||
|
||||
# run the monkey
|
||||
cmdline = "%s %s" % (dropper_target_path_linux, DROPPER_ARG)
|
||||
|
|
|
@ -165,7 +165,7 @@ class SSHExploiter(HostExploiter):
|
|||
ftp.putfo(file_obj, self._config.dropper_target_path_linux, file_size=monkeyfs.getsize(src_path),
|
||||
callback=self.log_transfer)
|
||||
ftp.chmod(self._config.dropper_target_path_linux, 0o777)
|
||||
T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux).send()
|
||||
T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux, self.host).send()
|
||||
T1105Telem(ScanStatus.USED,
|
||||
get_interface_to_target(self.host.ip_addr),
|
||||
self.host.ip_addr,
|
||||
|
|
|
@ -129,7 +129,7 @@ class VSFTPDExploiter(HostExploiter):
|
|||
change_permission = str.encode(str(change_permission) + '\n')
|
||||
LOG.info("change_permission command is %s", change_permission)
|
||||
backdoor_socket.send(change_permission)
|
||||
T1222Telem(ScanStatus.USED, change_permission).send()
|
||||
T1222Telem(ScanStatus.USED, change_permission, self.host).send()
|
||||
|
||||
# Run monkey on the machine
|
||||
parameters = build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||
|
|
|
@ -368,10 +368,10 @@ class WebRCE(HostExploiter):
|
|||
command = CHMOD_MONKEY % {'monkey_path': path}
|
||||
try:
|
||||
resp = self.exploit(url, command)
|
||||
T1222Telem(ScanStatus.USED, command).send()
|
||||
T1222Telem(ScanStatus.USED, command, self.host).send()
|
||||
except Exception as e:
|
||||
LOG.error("Something went wrong while trying to change permission: %s" % e)
|
||||
T1222Telem(ScanStatus.SCANNED, "").send()
|
||||
T1222Telem(ScanStatus.SCANNED, "", self.host).send()
|
||||
return False
|
||||
# If exploiter returns True / False
|
||||
if type(resp) is bool:
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
from infection_monkey.telemetry.attack.attack_telem import AttackTelem
|
||||
from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
|
||||
|
||||
|
||||
class T1222Telem(AttackTelem):
|
||||
def __init__(self, status, command):
|
||||
class T1222Telem(VictimHostTelem):
|
||||
def __init__(self, status, command, machine):
|
||||
"""
|
||||
T1222 telemetry.
|
||||
:param status: ScanStatus of technique
|
||||
:param command: command used to change permissions
|
||||
"""
|
||||
super(T1222Telem, self).__init__('T1222', status)
|
||||
super(T1222Telem, self).__init__('T1222', status, machine)
|
||||
self.command = command
|
||||
|
||||
def get_data(self):
|
||||
|
|
|
@ -14,17 +14,7 @@ class T1222(AttackTechnique):
|
|||
query = [{'$match': {'telem_category': 'attack',
|
||||
'data.technique': 'T1222',
|
||||
'data.status': ScanStatus.USED.value}},
|
||||
{'$lookup': {'from': 'monkey',
|
||||
'localField': 'monkey_guid',
|
||||
'foreignField': 'guid',
|
||||
'as': 'monkey'}},
|
||||
{'$project': {'monkey': {'$arrayElemAt': ['$monkey', 0]},
|
||||
'status': '$data.status',
|
||||
'command': '$data.command'}},
|
||||
{'$addFields': {'_id': 0,
|
||||
'machine': {'hostname': '$monkey.hostname', 'ips': '$monkey.ip_addresses'},
|
||||
'monkey': 0}},
|
||||
{'$group': {'_id': {'machine': '$machine', 'status': '$status', 'command': '$command'}}},
|
||||
{'$group': {'_id': {'machine': '$data.machine', 'status': '$data.status', 'command': '$data.command'}}},
|
||||
{"$replaceRoot": {"newRoot": "$_id"}}]
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import React from 'react';
|
||||
import '../../../styles/Collapse.scss'
|
||||
import ReactTable from "react-table";
|
||||
import { renderMachineFromSystemData, scanStatus } from "./Helpers"
|
||||
import { renderMachine, scanStatus } from "./Helpers"
|
||||
|
||||
|
||||
class T1222 extends React.Component {
|
||||
|
@ -14,7 +14,7 @@ class T1222 extends React.Component {
|
|||
return ([{
|
||||
Header: "Permission modification commands",
|
||||
columns: [
|
||||
{Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }},
|
||||
{Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: { 'whiteSpace': 'unset' }},
|
||||
{Header: 'Command', id: 'command', accessor: x => x.command, style: { 'whiteSpace': 'unset' }},
|
||||
]
|
||||
}])};
|
||||
|
|
Loading…
Reference in New Issue