From 82f1e531e7dec391e85d0fae26a2660be4755589 Mon Sep 17 00:00:00 2001 From: Shreya Date: Tue, 14 Jul 2020 20:24:11 +0530 Subject: [PATCH] Update after pulling from develop --- .../attack/technique_reports/T1154.py | 28 +++---------------- .../attack/technique_reports/T1166.py | 26 ++--------------- 2 files changed, 7 insertions(+), 47 deletions(-) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py index c7bace482..c4ec9a918 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1154.py @@ -2,35 +2,15 @@ from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo from monkey_island.cc.services.attack.technique_reports import AttackTechnique +from monkey_island.cc.services.attack.technique_reports.pba_technique import \ + PostBreachTechnique __author__ = "shreyamalviya" -class T1154(AttackTechnique): +class T1154(PostBreachTechnique): tech_id = "T1154" unscanned_msg = "Monkey did not use the trap command." scanned_msg = "Monkey tried using the trap command but failed." used_msg = "Monkey used the trap command successfully." - - query = [{'$match': {'telem_category': 'post_breach', - 'data.name': POST_BREACH_TRAP_COMMAND}}, - {'$project': {'_id': 0, - 'machine': {'hostname': '$data.hostname', - 'ips': ['$data.ip']}, - 'result': '$data.result'}}] - - @staticmethod - def get_report_data(): - data = {'title': T1154.technique_title(), 'info': []} - - trap_command_info = list(mongo.db.telemetry.aggregate(T1154.query)) - - status = ScanStatus.UNSCANNED.value - if trap_command_info: - successful_PBAs = mongo.db.telemetry.count({'data.name': POST_BREACH_TRAP_COMMAND, - 'data.result.1': True}) - status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value - - data.update(T1154.get_base_data_by_status(status)) - data.update({'info': trap_command_info}) - return data + pba_names = [POST_BREACH_TRAP_COMMAND] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py index 3c5b9b0bf..075a74ba0 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1166.py @@ -2,6 +2,8 @@ from common.data.post_breach_consts import POST_BREACH_SETUID_SETGID from common.utils.attack_utils import ScanStatus from monkey_island.cc.database import mongo from monkey_island.cc.services.attack.technique_reports import AttackTechnique +from monkey_island.cc.services.attack.technique_reports.pba_technique import \ + PostBreachTechnique __author__ = "shreyamalviya" @@ -11,26 +13,4 @@ class T1166(AttackTechnique): unscanned_msg = "Monkey did not try creating hidden files or folders." scanned_msg = "Monkey tried creating hidden files and folders on the system but failed." used_msg = "Monkey created hidden files and folders on the system." - - query = [{'$match': {'telem_category': 'post_breach', - 'data.name': POST_BREACH_SETUID_SETGID}}, - {'$project': {'_id': 0, - 'machine': {'hostname': '$data.hostname', - 'ips': ['$data.ip']}, - 'result': '$data.result'}}] - - @staticmethod - def get_report_data(): - data = {'title': T1166.technique_title(), 'info': []} - - setuid_setgid_info = list(mongo.db.telemetry.aggregate(T1166.query)) - - status = ScanStatus.UNSCANNED.value - if setuid_setgid_info: - successful_PBAs = mongo.db.telemetry.count({'data.name': POST_BREACH_SETUID_SETGID, - 'data.result.1': True}) - status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value - - data.update(T1166.get_base_data_by_status(status)) - data.update({'info': setuid_setgid_info}) - return data + pba_names = [POST_BREACH_SETUID_SETGID]