forked from p15670423/monkey
Bugfix: victimhost telem is sent instead of attack telem.
This commit is contained in:
parent
d891eb4abb
commit
69de938a37
|
@ -133,7 +133,7 @@ class ShellShockExploiter(HostExploiter):
|
||||||
chmod = '/bin/chmod +x %s' % dropper_target_path_linux
|
chmod = '/bin/chmod +x %s' % dropper_target_path_linux
|
||||||
run_path = exploit + chmod
|
run_path = exploit + chmod
|
||||||
self.attack_page(url, header, run_path)
|
self.attack_page(url, header, run_path)
|
||||||
T1222Telem(ScanStatus.USED, chmod).send()
|
T1222Telem(ScanStatus.USED, chmod, self.host).send()
|
||||||
|
|
||||||
# run the monkey
|
# run the monkey
|
||||||
cmdline = "%s %s" % (dropper_target_path_linux, DROPPER_ARG)
|
cmdline = "%s %s" % (dropper_target_path_linux, DROPPER_ARG)
|
||||||
|
|
|
@ -165,7 +165,7 @@ class SSHExploiter(HostExploiter):
|
||||||
ftp.putfo(file_obj, self._config.dropper_target_path_linux, file_size=monkeyfs.getsize(src_path),
|
ftp.putfo(file_obj, self._config.dropper_target_path_linux, file_size=monkeyfs.getsize(src_path),
|
||||||
callback=self.log_transfer)
|
callback=self.log_transfer)
|
||||||
ftp.chmod(self._config.dropper_target_path_linux, 0o777)
|
ftp.chmod(self._config.dropper_target_path_linux, 0o777)
|
||||||
T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux).send()
|
T1222Telem(ScanStatus.USED, "chmod 0777 %s" % self._config.dropper_target_path_linux, self.host).send()
|
||||||
T1105Telem(ScanStatus.USED,
|
T1105Telem(ScanStatus.USED,
|
||||||
get_interface_to_target(self.host.ip_addr),
|
get_interface_to_target(self.host.ip_addr),
|
||||||
self.host.ip_addr,
|
self.host.ip_addr,
|
||||||
|
|
|
@ -129,7 +129,7 @@ class VSFTPDExploiter(HostExploiter):
|
||||||
change_permission = str.encode(str(change_permission) + '\n')
|
change_permission = str.encode(str(change_permission) + '\n')
|
||||||
LOG.info("change_permission command is %s", change_permission)
|
LOG.info("change_permission command is %s", change_permission)
|
||||||
backdoor_socket.send(change_permission)
|
backdoor_socket.send(change_permission)
|
||||||
T1222Telem(ScanStatus.USED, change_permission).send()
|
T1222Telem(ScanStatus.USED, change_permission, self.host).send()
|
||||||
|
|
||||||
# Run monkey on the machine
|
# Run monkey on the machine
|
||||||
parameters = build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
parameters = build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||||
|
|
|
@ -368,10 +368,10 @@ class WebRCE(HostExploiter):
|
||||||
command = CHMOD_MONKEY % {'monkey_path': path}
|
command = CHMOD_MONKEY % {'monkey_path': path}
|
||||||
try:
|
try:
|
||||||
resp = self.exploit(url, command)
|
resp = self.exploit(url, command)
|
||||||
T1222Telem(ScanStatus.USED, command).send()
|
T1222Telem(ScanStatus.USED, command, self.host).send()
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
LOG.error("Something went wrong while trying to change permission: %s" % e)
|
LOG.error("Something went wrong while trying to change permission: %s" % e)
|
||||||
T1222Telem(ScanStatus.SCANNED, "").send()
|
T1222Telem(ScanStatus.SCANNED, "", self.host).send()
|
||||||
return False
|
return False
|
||||||
# If exploiter returns True / False
|
# If exploiter returns True / False
|
||||||
if type(resp) is bool:
|
if type(resp) is bool:
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
from infection_monkey.telemetry.attack.attack_telem import AttackTelem
|
from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
|
||||||
|
|
||||||
|
|
||||||
class T1222Telem(AttackTelem):
|
class T1222Telem(VictimHostTelem):
|
||||||
def __init__(self, status, command):
|
def __init__(self, status, command, machine):
|
||||||
"""
|
"""
|
||||||
T1222 telemetry.
|
T1222 telemetry.
|
||||||
:param status: ScanStatus of technique
|
:param status: ScanStatus of technique
|
||||||
:param command: command used to change permissions
|
:param command: command used to change permissions
|
||||||
"""
|
"""
|
||||||
super(T1222Telem, self).__init__('T1222', status)
|
super(T1222Telem, self).__init__('T1222', status, machine)
|
||||||
self.command = command
|
self.command = command
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
|
|
|
@ -14,17 +14,7 @@ class T1222(AttackTechnique):
|
||||||
query = [{'$match': {'telem_category': 'attack',
|
query = [{'$match': {'telem_category': 'attack',
|
||||||
'data.technique': 'T1222',
|
'data.technique': 'T1222',
|
||||||
'data.status': ScanStatus.USED.value}},
|
'data.status': ScanStatus.USED.value}},
|
||||||
{'$lookup': {'from': 'monkey',
|
{'$group': {'_id': {'machine': '$data.machine', 'status': '$data.status', 'command': '$data.command'}}},
|
||||||
'localField': 'monkey_guid',
|
|
||||||
'foreignField': 'guid',
|
|
||||||
'as': 'monkey'}},
|
|
||||||
{'$project': {'monkey': {'$arrayElemAt': ['$monkey', 0]},
|
|
||||||
'status': '$data.status',
|
|
||||||
'command': '$data.command'}},
|
|
||||||
{'$addFields': {'_id': 0,
|
|
||||||
'machine': {'hostname': '$monkey.hostname', 'ips': '$monkey.ip_addresses'},
|
|
||||||
'monkey': 0}},
|
|
||||||
{'$group': {'_id': {'machine': '$machine', 'status': '$status', 'command': '$command'}}},
|
|
||||||
{"$replaceRoot": {"newRoot": "$_id"}}]
|
{"$replaceRoot": {"newRoot": "$_id"}}]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import React from 'react';
|
import React from 'react';
|
||||||
import '../../../styles/Collapse.scss'
|
import '../../../styles/Collapse.scss'
|
||||||
import ReactTable from "react-table";
|
import ReactTable from "react-table";
|
||||||
import { renderMachineFromSystemData, scanStatus } from "./Helpers"
|
import { renderMachine, scanStatus } from "./Helpers"
|
||||||
|
|
||||||
|
|
||||||
class T1222 extends React.Component {
|
class T1222 extends React.Component {
|
||||||
|
@ -14,7 +14,7 @@ class T1222 extends React.Component {
|
||||||
return ([{
|
return ([{
|
||||||
Header: "Permission modification commands",
|
Header: "Permission modification commands",
|
||||||
columns: [
|
columns: [
|
||||||
{Header: 'Machine', id: 'machine', accessor: x => renderMachineFromSystemData(x.machine), style: { 'whiteSpace': 'unset' }},
|
{Header: 'Machine', id: 'machine', accessor: x => renderMachine(x.machine), style: { 'whiteSpace': 'unset' }},
|
||||||
{Header: 'Command', id: 'command', accessor: x => x.command, style: { 'whiteSpace': 'unset' }},
|
{Header: 'Command', id: 'command', accessor: x => x.command, style: { 'whiteSpace': 'unset' }},
|
||||||
]
|
]
|
||||||
}])};
|
}])};
|
||||||
|
|
Loading…
Reference in New Issue