p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed system info collection attack technique

This commit is contained in:
VakarisZ 2020-03-19 15:41:49 +02:00
parent 48abfcab68
commit b4112f024f
3 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/monkey_island/cc/services/attack/technique_reports/T1082.py
View File

@ -11,7 +11,7 @@ class T1082(AttackTechnique):
scanned_msg = "" scanned_msg = ""
used_msg = "Monkey gathered system info from machines in the network." used_msg = "Monkey gathered system info from machines in the network."
query = [{'$match': {'telem_category': 'system_info'}}, query = [{'$match': {'telem_category': 'system_info', 'data.network_info': {'$exists': True}}},
{'$project': {'machine': {'hostname': '$data.hostname', 'ips': '$data.network_info.networks'}, {'$project': {'machine': {'hostname': '$data.hostname', 'ips': '$data.network_info.networks'},
'aws': '$data.aws', 'aws': '$data.aws',
'netstat': '$data.network_info.netstat', 'netstat': '$data.network_info.netstat',

13
monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js
View File

@ -9,7 +9,10 @@ export function renderMachine(val) {
/* Function takes data gathered from system info collector and creates a /* Function takes data gathered from system info collector and creates a
string representation of machine from that data. */ string representation of machine from that data. */
export function renderMachineFromSystemData(data) { export function renderMachineFromSystemData(data) {
let machineStr = data['hostname'] + ' ( '; let machineStr = '';
if (typeof data['hostname'] !== 'undefined') {
machineStr = data['hostname'] + ' ( ';
}
data['ips'].forEach(function (ipInfo) { data['ips'].forEach(function (ipInfo) {
if (typeof ipInfo === 'object') { if (typeof ipInfo === 'object') {
machineStr += ipInfo['addr'] + ', '; machineStr += ipInfo['addr'] + ', ';
@ -17,8 +20,12 @@ export function renderMachineFromSystemData(data) {
machineStr += ipInfo + ', '; machineStr += ipInfo + ', ';
} }
}); });
// Replaces " ," with " )" to finish a list of IP's if (typeof data['hostname'] !== 'undefined') {
return machineStr.slice(0, -2) + ' )' return machineStr.slice(0, -2) + ' )';
} else {
// Replaces " ," with " )" to finish a list of IP's
return machineStr.slice(0, -2);
}
} }
/* Formats telemetry data that contains _id.machine and _id.usage fields into columns /* Formats telemetry data that contains _id.machine and _id.usage fields into columns

11
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js
View File

@ -12,13 +12,14 @@ class T1082 extends React.Component {
static getSystemInfoColumns() { static getSystemInfoColumns() {
return ([{ return ([{
columns: [ columns: [
{ { Header: 'Machine',
Header: 'Machine',
id: 'machine', id: 'machine',
accessor: x => renderMachineFromSystemData(x.machine), accessor: x => renderMachineFromSystemData(x.machine),
style: {'whiteSpace': 'unset'} style: {'whiteSpace': 'unset'}},
}, { Header: 'Gathered info',
{Header: 'Gathered info', id: 'info', accessor: x => renderUsageFields(x.collections), style: {'whiteSpace': 'unset'}} id: 'info',
accessor: x => renderUsageFields(x.collections),
style: {'whiteSpace': 'unset'}}
] ]
}]) }])
} }