p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

powershell command storage refactor

This commit is contained in:
VakarisZ 2019-06-25 08:36:21 +03:00
parent 17d08c7883
commit c4c53f732a
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
monkey/infection_monkey/exploit/__init__.py
View File

@ -60,7 +60,8 @@ class HostExploiter(object):
self._exploit_info['vulnerable_ports'].append(port)
def set_example_cmd(self, cmd):
self._exploit_info['executed_cmds']['example'] = cmd
powershell = True if "powershell" in cmd.lower() else False
self._exploit_info['executed_cmds']['example'].append({'command': cmd, 'powershell': powershell})
def add_powershell_cmd(self, cmd):
"""
@ -68,8 +69,6 @@ class HostExploiter(object):
:param cmd: Command used
:return: None
"""
if "powershell" in cmd.lower():
self._exploit_info['executed_cmds']['powershell'] = cmd
from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter

9
monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
View File

@ -13,7 +13,7 @@ class T1086(AttackTechnique):
used_msg = "Monkey successfully ran powershell commands on exploited machines in the network."
query = [{'$match': {'telem_type': 'exploit',
'data.info.executed_cmds.powershell': {'$exists': True}}},
'data.info.executed_cmds.example': {'$elemMatch': {'powershell': True}}}},
{'$project': {'_id': 0,
'machine': '$data.machine',
'info': '$data.info'}},
@ -22,9 +22,10 @@ class T1086(AttackTechnique):
@staticmethod
def get_report_data():
cmd_data = list(mongo.db.telemetry.aggregate(T1086.query))
data = {'title': T1086.technique_title(T1086.tech_id), 'cmds': cmd_data}
data = {'title': T1086.technique_title(), 'cmds': cmd_data}
if cmd_data:
data.update({'message': T1086.used_msg, 'status': ScanStatus.USED.name})
status = ScanStatus.USED
else:
data.update({'message': T1086.unscanned_msg, 'status': ScanStatus.UNSCANNED.name})
status = ScanStatus.UNSCANNED
data.update(T1086.get_message_and_status(status))
return data