From 9c185a3a785419b33d7b0ee27a07be51bda3c797 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Tue, 4 Oct 2022 16:39:10 +0200 Subject: [PATCH] Agent: Add tags and error messages in Hadoop --- monkey/infection_monkey/exploit/hadoop.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py index 4fdd308a2..5a878621e 100644 --- a/monkey/infection_monkey/exploit/hadoop.py +++ b/monkey/infection_monkey/exploit/hadoop.py @@ -5,6 +5,7 @@ """ import json +import logging import posixpath import random import string @@ -12,6 +13,7 @@ import string import requests from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT +from common.tags import T1203_ATTACK_TECHNIQUE_TAG from infection_monkey.exploit.tools.helpers import get_agent_dst_path from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.exploit.web_rce import WebRCE @@ -23,6 +25,10 @@ from infection_monkey.model import ( ) from infection_monkey.utils.commands import build_monkey_commandline +logger = logging.getLogger(__name__) + +HADOOP_EXPLOITER_TAG = "hadoop-exploiter" + class HadoopExploiter(WebRCE): _EXPLOITED_SERVICE = "Hadoop" @@ -40,18 +46,24 @@ class HadoopExploiter(WebRCE): urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS) self.add_vulnerable_urls(urls, True) if not self.vulnerable_urls: + self.exploit.error_message = f"No vulnerable urls has been found for {self.host}" self.publish_exploitation_event( target=self.host.ip_addr, exploitation_success=False, + error_message=self.exploit_result.error_message, + tags=(HADOOP_EXPLOITER_TAG,), ) return self.exploit_result try: monkey_path_on_victim = get_agent_dst_path(self.host) except KeyError: + self.exploit_result.error_message = f"No coressponding agent found for {self.host}" self.publish_exploitation_event( target=self.host.ip_addr, exploitation_success=False, + error_message=self.exploit_result.error_message, + tags=(HADOOP_EXPLOITER_TAG,), ) return self.exploit_result @@ -70,8 +82,13 @@ class HadoopExploiter(WebRCE): self.publish_exploitation_event( target=self.host.ip_addr, exploitation_success=True, + tags=(HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG), + ) + self.publish_propagation_event( + target=self.host.ip_addr, + propagation_success=True, + tags=(HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG), ) - self.publish_propagation_event(target=self.host.ip_addr, propagation_success=True) finally: http_thread.join(self.DOWNLOAD_TIMEOUT) http_thread.stop()