Add known credentials to monkey documents

2017-11-07 14:52:13 +02:00 · 2017-11-07 14:52:13 +02:00 · 8d9068fe40
parent e9b6b39a21
commit 8d9068fe40
3 changed files with 29 additions and 0 deletions
--- a/monkey_island/cc/resources/monkey.py
+++ b/monkey_island/cc/resources/monkey.py
@ -53,6 +53,7 @@ class Monkey(flask_restful.Resource):

    def post(self, **kw):
        monkey_json = json.loads(request.data)
+        monkey_json['creds'] = {}
        if 'keepalive' in monkey_json:
            monkey_json['keepalive'] = dateutil.parser.parse(monkey_json['keepalive'])
        else:
@ -119,6 +120,8 @@ class Monkey(flask_restful.Resource):
            node_id = existing_node["_id"]
            for edge in mongo.db.edge.find({"to": node_id}):
                mongo.db.edge.update({"_id": edge["_id"]}, {"$set": {"to": new_monkey_id}})
+            for user in existing_node['creds']:
+                NodeService.add_credentials_to_monkey(new_monkey_id, user, existing_node['creds'][user])
            mongo.db.node.remove({"_id": node_id})

        return {"id": new_monkey_id}
--- a/monkey_island/cc/resources/telemetry.py
+++ b/monkey_island/cc/resources/telemetry.py
@ -115,6 +115,15 @@ class Telemetry(flask_restful.Resource):
        if new_exploit['result']:
            EdgeService.set_edge_exploited(edge)

+        for attempt in telemetry_json['data']['attempts']:
+            if attempt['result']:
+                attempt.pop('result')
+                user = attempt.pop('user')
+                for field in ['password', 'lm_hash', 'ntlm_hash']:
+                    if len(attempt[field]) == 0:
+                        attempt.pop(field)
+                NodeService.add_credentials_to_node(edge['to'], user, attempt)
+
    @staticmethod
    def process_scan_telemetry(telemetry_json):
        edge = Telemetry.get_edge_by_scan_or_exploit_telemetry(telemetry_json)
@ -151,6 +160,8 @@ class Telemetry(flask_restful.Resource):
            creds = telemetry_json['data']['credentials']
            for user in creds:
                ConfigService.creds_add_username(user)
+                NodeService.add_credentials_to_monkey(
+                    NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])['_id'], user, creds[user])
                if 'password' in creds[user]:
                    ConfigService.creds_add_password(creds[user]['password'])
                if 'lm_hash' in creds[user]:
--- a/monkey_island/cc/services/node.py
+++ b/monkey_island/cc/services/node.py
@ -170,6 +170,7 @@ class NodeService:
            {
                "ip_addresses": [ip_address],
                "exploited": False,
+                "creds": {},
                "os":
                    {
                        "type": "unknown",
@ -277,3 +278,17 @@ class NodeService:
    @staticmethod
    def is_any_monkey_exists():
        return mongo.db.monkey.find_one({}) is not None
+
+    @staticmethod
+    def add_credentials_to_monkey(monkey_id, user, creds):
+        mongo.db.monkey.update(
+            {'_id': monkey_id},
+            {'$set': {'creds.' + user: creds}}
+        )
+
+    @staticmethod
+    def add_credentials_to_node(node_id, user, creds):
+        mongo.db.node.update(
+            {'_id': node_id},
+            {'$set': {'creds.' + user: creds}}
+        )