p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add report components, link to matrix

This commit is contained in:
Shreya 2020-06-05 22:09:36 +05:30
parent 49350aa303
commit 0f6fcc799c
5 changed files with 103 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
monkey/monkey_island/cc/services/attack/attack_report.py
View File

@ -4,7 +4,7 @@ from monkey_island.cc.models import Monkey
from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082 from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086, T1082
from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188 from monkey_island.cc.services.attack.technique_reports import T1145, T1105, T1065, T1035, T1129, T1106, T1107, T1188
from monkey_island.cc.services.attack.technique_reports import T1090, T1041, T1222, T1005, T1018, T1016, T1021, T1064 from monkey_island.cc.services.attack.technique_reports import T1090, T1041, T1222, T1005, T1018, T1016, T1021, T1064
from monkey_island.cc.services.attack.technique_reports import T1136, T1156, T1504 from monkey_island.cc.services.attack.technique_reports import T1136, T1156, T1504, T1158
from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.services.attack.attack_config import AttackConfig
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_attack_report from monkey_island.cc.services.reporting.report_generation_synchronisation import safe_generate_attack_report
@ -40,6 +40,7 @@ TECHNIQUES = {'T1210': T1210.T1210,
'T1136': T1136.T1136, 'T1136': T1136.T1136,
'T1156': T1156.T1156, 'T1156': T1156.T1156,
'T1504': T1504.T1504 'T1504': T1504.T1504
'T1158': T1158.T1158
} }
REPORT_NAME = 'new_report' REPORT_NAME = 'new_report'

9
monkey/monkey_island/cc/services/attack/attack_schema.py
View File

@ -99,6 +99,15 @@ SCHEMA = {
"description": "Adversaries may gain persistence and elevate privileges " "description": "Adversaries may gain persistence and elevate privileges "
"in certain situations by abusing PowerShell profiles which " "in certain situations by abusing PowerShell profiles which "
"are scripts that run when PowerShell starts." "are scripts that run when PowerShell starts."
"T1158": {
"title": "Hidden Files and Directories",
"type": "bool",
"value": True,
"necessary": False,
"link": "https://attack.mitre.org/techniques/T1158",
"description": "Adversaries can hide files and folders on the system "
"and evade a typical user or system analysis that does not "
"incorporate investigation of hidden files."
} }
} }
}, },

38
monkey/monkey_island/cc/services/attack/technique_reports/T1158.py Normal file
View File

@ -0,0 +1,38 @@
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
from monkey_island.cc.services.reporting.report import ReportService
from common.utils.attack_utils import ScanStatus
from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
__author__ = "shreyamalviya"
class T1158(AttackTechnique):
tech_id = "T1158"
unscanned_msg = "Monkey did not try creating hidden files or folders."
scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
used_msg = "Monkey created hidden files and folders on the system."
@staticmethod
def get_report_data():
data = {'title': T1158.technique_title(), 'info': []}
scanned_nodes = ReportService.get_scanned()
status = ScanStatus.UNSCANNED.value
for node in scanned_nodes:
if node['pba_results'] != 'None':
for pba in node['pba_results']:
if pba['name'] == POST_BREACH_HIDDEN_FILES:
status = ScanStatus.USED.value if pba['result'][1]\
else ScanStatus.SCANNED.value
data['info'].append({
'machine': {
'hostname': pba['hostname'],
'ips': node['ip_addresses']
},
'type': 'Folder' if 'folder' in pba['command'] else 'File',
'result': pba['result'][0]
})
data.update(T1158.get_base_data_by_status(status))
return data

5
monkey/monkey_island/cc/services/config_schema.py
View File

@ -167,6 +167,10 @@ SCHEMA = {
], ],
"title": "Modify shell startup files", "title": "Modify shell startup files",
"attack_techniques": ["T1156", "T1504"] "attack_techniques": ["T1156", "T1504"]
"HiddenFiles"
],
"title": "Hidden files and directories",
"attack_techniques": ["T1158"]
} }
], ],
}, },
@ -389,6 +393,7 @@ SCHEMA = {
"BackdoorUser", "BackdoorUser",
"CommunicateAsNewUser", "CommunicateAsNewUser",
"ModifyShellStartupFiles" "ModifyShellStartupFiles"
"HiddenFiles"
], ],
"description": "List of actions the Monkey will run post breach" "description": "List of actions the Monkey will run post breach"
}, },

49
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1158.js Normal file
View File

@ -0,0 +1,49 @@
import React from 'react';
import ReactTable from 'react-table';
import {renderMachineFromSystemData, ScanStatus} from './Helpers';
import MitigationsComponent from './MitigationsComponent';
class T1158 extends React.Component {
constructor(props) {
super(props);
}
static getColumns() {
return ([{
columns: [
{ Header: 'Machine',
id: 'machine',
accessor: x => renderMachineFromSystemData(x.machine),
style: {'whiteSpace': 'unset'}},
{ Header: 'File/Folder',
id: 'type',
accessor: x => x.type,
style: {'whiteSpace': 'unset'}, width: 160},
{ Header: 'Result',
id: 'result',
accessor: x => x.result,
style: {'whiteSpace': 'unset'}}
]
}])
}
render() {
return (
<div>
<div>{this.props.data.message}</div>
<br/>
{this.props.data.status === ScanStatus.USED ?
<ReactTable
columns={T1158.getColumns()}
data={this.props.data.info}
showPagination={false}
defaultPageSize={this.props.data.info.length}
/> : ''}
<MitigationsComponent mitigations={this.props.data.mitigations}/>
</div>
);
}
}
export default T1158;