p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #580 from VakarisZ/mitre_bugfixes 

Mitre bugfixes
This commit is contained in:
Shay Nehmad 2020-03-23 12:17:37 +02:00 committed by GitHub
parent 10767390a5 b5078f8ba0
commit f561d4c604
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
monkey/monkey_island/cc/services/attack/technique_reports/T1003.py
View File

@ -1,4 +1,5 @@
from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.services.attack.technique_reports import AttackTechnique
from monkey_island.cc.services.reporting.report import ReportService
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
@ -23,4 +24,6 @@ class T1003(AttackTechnique):
else: else:
status = ScanStatus.UNSCANNED.value status = ScanStatus.UNSCANNED.value
data.update(T1003.get_message_and_status(status)) data.update(T1003.get_message_and_status(status))
data['stolen_creds'] = ReportService.get_stolen_creds()
data['stolen_creds'].extend(ReportService.get_ssh_keys())
return data return data

2
monkey/monkey_island/cc/services/attack/technique_reports/T1016.py
View File

@ -11,7 +11,7 @@ class T1016(AttackTechnique):
scanned_msg = "" scanned_msg = ""
used_msg = "Monkey gathered network configurations on systems in the network." used_msg = "Monkey gathered network configurations on systems in the network."
query = [{'$match': {'telem_category': 'system_info'}}, query = [{'$match': {'telem_category': 'system_info', 'data.network_info': {'$exists': True}}},
{'$project': {'machine': {'hostname': '$data.hostname', 'ips': '$data.network_info.networks'}, {'$project': {'machine': {'hostname': '$data.hostname', 'ips': '$data.network_info.networks'},
'networks': '$data.network_info.networks', 'networks': '$data.network_info.networks',
'netstat': '$data.network_info.netstat'}}, 'netstat': '$data.network_info.netstat'}},

2
monkey/monkey_island/cc/services/attack/technique_reports/T1082.py
View File

@ -11,7 +11,7 @@ class T1082(AttackTechnique):
scanned_msg = "" scanned_msg = ""
used_msg = "Monkey gathered system info from machines in the network." used_msg = "Monkey gathered system info from machines in the network."
query = [{'$match': {'telem_category': 'system_info'}}, query = [{'$match': {'telem_category': 'system_info', 'data.network_info': {'$exists': True}}},
{'$project': {'machine': {'hostname': '$data.hostname', 'ips': '$data.network_info.networks'}, {'$project': {'machine': {'hostname': '$data.hostname', 'ips': '$data.network_info.networks'},
'aws': '$data.aws', 'aws': '$data.aws',
'netstat': '$data.network_info.netstat', 'netstat': '$data.network_info.netstat',

13
monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js
View File

@ -9,7 +9,10 @@ export function renderMachine(val) {
/* Function takes data gathered from system info collector and creates a /* Function takes data gathered from system info collector and creates a
string representation of machine from that data. */ string representation of machine from that data. */
export function renderMachineFromSystemData(data) { export function renderMachineFromSystemData(data) {
let machineStr = data['hostname'] + ' ( '; let machineStr = '';
if (typeof data['hostname'] !== 'undefined') {
machineStr = data['hostname'] + ' ( ';
}
data['ips'].forEach(function (ipInfo) { data['ips'].forEach(function (ipInfo) {
if (typeof ipInfo === 'object') { if (typeof ipInfo === 'object') {
machineStr += ipInfo['addr'] + ', '; machineStr += ipInfo['addr'] + ', ';
@ -17,8 +20,12 @@ export function renderMachineFromSystemData(data) {
machineStr += ipInfo + ', '; machineStr += ipInfo + ', ';
} }
}); });
// Replaces " ," with " )" to finish a list of IP's if (typeof data['hostname'] !== 'undefined') {
return machineStr.slice(0, -2) + ' )' return machineStr.slice(0, -2) + ' )';
} else {
// Replaces " ," with " )" to finish a list of IP's
return machineStr.slice(0, -2);
}
} }
/* Formats telemetry data that contains _id.machine and _id.usage fields into columns /* Formats telemetry data that contains _id.machine and _id.usage fields into columns

2
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1003.js
View File

@ -17,7 +17,7 @@ class T1003 extends React.Component {
<br/> <br/>
{this.props.data.status === ScanStatus.USED ? {this.props.data.status === ScanStatus.USED ?
<StolenPasswordsComponent <StolenPasswordsComponent
data={this.props.reportData.glance.stolen_creds.concat(this.props.reportData.glance.ssh_keys)}/> data={this.props.data.stolen_creds}/>
: ''} : ''}
</div> </div>
); );

11
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1082.js
View File

@ -12,13 +12,14 @@ class T1082 extends React.Component {
static getSystemInfoColumns() { static getSystemInfoColumns() {
return ([{ return ([{
columns: [ columns: [
{ { Header: 'Machine',
Header: 'Machine',
id: 'machine', id: 'machine',
accessor: x => renderMachineFromSystemData(x.machine), accessor: x => renderMachineFromSystemData(x.machine),
style: {'whiteSpace': 'unset'} style: {'whiteSpace': 'unset'}},
}, { Header: 'Gathered info',
{Header: 'Gathered info', id: 'info', accessor: x => renderUsageFields(x.collections), style: {'whiteSpace': 'unset'}} id: 'info',
accessor: x => renderUsageFields(x.collections),
style: {'whiteSpace': 'unset'}}
] ]
}]) }])
} }