From 9864720fb5c0227920a2309c8478b04e03116789 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 22 May 2020 21:22:29 +0300 Subject: [PATCH 1/3] Get node label performance improvement and small BB test changes --- envs/monkey_zoo/blackbox/README.md | 3 ++ .../performance/endpoint_performance_test.py | 2 +- .../telemetry_performance_test_workflow.py | 4 +- monkey/monkey_island/cc/services/edge.py | 45 +++++++++++-------- .../cc/services/telemetry/processing/scan.py | 2 + 5 files changed, 36 insertions(+), 20 deletions(-) diff --git a/envs/monkey_zoo/blackbox/README.md b/envs/monkey_zoo/blackbox/README.md index dbdd54b41..56879e508 100644 --- a/envs/monkey_zoo/blackbox/README.md +++ b/envs/monkey_zoo/blackbox/README.md @@ -25,6 +25,9 @@ Configure a PyTest configuration with the additional arguments `-s --island=35.2 `monkey\envs\monkey_zoo\blackbox`. ### Running telemetry performance test + +**Before running performance test make sure browser is not sending requests to island!** + To run telemetry performance test follow these steps: 1. Gather monkey telemetries. 1. Enable "Export monkey telemetries" in Configuration -> Internal -> Tests if you don't have diff --git a/envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py b/envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py index b4f8f35c8..b8793452d 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py +++ b/envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py @@ -18,9 +18,9 @@ class EndpointPerformanceTest(BasicTest): def run(self) -> bool: # Collect timings for all pages - self.island_client.clear_caches() endpoint_timings = {} for endpoint in self.test_config.endpoints_to_test: + self.island_client.clear_caches() endpoint_timings[endpoint] = self.island_client.requests.get_request_time(endpoint, SupportedRequestMethod.GET) analyzer = PerformanceAnalyzer(self.test_config, endpoint_timings) diff --git a/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py b/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py index e8bef33d8..6d09752ca 100644 --- a/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py +++ b/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py @@ -15,7 +15,9 @@ class TelemetryPerformanceTestWorkflow(BasicTest): def run(self): try: if not self.quick_performance_test: - TelemetryPerformanceTest(island_client=self.island_client).test_telemetry_performance() + telem_sending_test = TelemetryPerformanceTest(island_client=self.island_client, + quick_performance_test=self.quick_performance_test) + telem_sending_test.test_telemetry_performance() performance_test = EndpointPerformanceTest(self.name, self.performance_config, self.island_client) assert performance_test.run() finally: diff --git a/monkey/monkey_island/cc/services/edge.py b/monkey/monkey_island/cc/services/edge.py index a8016f5a8..cd4ef737b 100644 --- a/monkey/monkey_island/cc/services/edge.py +++ b/monkey/monkey_island/cc/services/edge.py @@ -48,7 +48,9 @@ class EdgeService: "scans": [], "exploits": [], "tunnel": False, - "exploited": False + "exploited": False, + "src_label": EdgeService.get_label_for_endpoint(from_id), + "dst_label": EdgeService.get_label_for_endpoint(to_id) }) return mongo.db.edge.find_one({"_id": edge_insert_result.inserted_id}) @@ -67,7 +69,9 @@ class EdgeService: "id": edge_id, "from": edge_from, "to": edge_to, - "group": "island" + "group": "island", + "src_label": EdgeService.get_label_for_endpoint(edge_from), + "dst_label": EdgeService.get_label_for_endpoint(edge_to) } edge["_label"] = EdgeService.get_edge_label(edge) return edge @@ -118,7 +122,9 @@ class EdgeService: "id": edge["_id"], "from": edge["from"], "to": edge["to"], - "group": EdgeService.get_edge_group(edge) + "group": EdgeService.get_edge_group(edge), + "src_label": edge["src_label"], + "dst_label": edge["dst_label"] } @staticmethod @@ -141,24 +147,27 @@ class EdgeService: @staticmethod def get_edge_label(edge): + return "%s %s %s" % (edge['src_label'], RIGHT_ARROW, edge['dst_label']) + + @staticmethod + def get_label_for_endpoint(endpoint_id): node_service = monkey_island.cc.services.node.NodeService - from_id = edge["from"] - to_id = edge["to"] - - try: - from_label = Monkey.get_label_by_id(from_id) - except MonkeyNotFoundError: - from_label = node_service.get_node_by_id(from_id)['domain_name'] - - if to_id == ObjectId("000000000000000000000000"): - to_label = 'MonkeyIsland' + if endpoint_id == ObjectId("000000000000000000000000"): + return 'MonkeyIsland' + if Monkey.is_monkey(endpoint_id): + return Monkey.get_label_by_id(endpoint_id) else: - if Monkey.is_monkey(to_id): - to_label = Monkey.get_label_by_id(to_id) - else: - to_label = node_service.get_node_label(node_service.get_node_by_id(to_id)) + return node_service.get_node_label(node_service.get_node_by_id(endpoint_id)) - return "%s %s %s" % (from_label, RIGHT_ARROW, to_label) + @staticmethod + def update_label_by_endpoint(edge, endpoint_id): + label = EdgeService.get_label_for_endpoint(endpoint_id) + if endpoint_id == edge["to"]: + mongo_field = {"dst_label": label} + else: + mongo_field = {"src_label": label} + mongo.db.edge.update({"_id": edge["_id"]}, + {"$set": mongo_field}) RIGHT_ARROW = "\u2192" diff --git a/monkey/monkey_island/cc/services/telemetry/processing/scan.py b/monkey/monkey_island/cc/services/telemetry/processing/scan.py index bea451170..d57aef7c0 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/scan.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/scan.py @@ -2,6 +2,7 @@ import copy from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey +from monkey_island.cc.services.edge import EdgeService from monkey_island.cc.services.telemetry.processing.utils import get_edge_by_scan_or_exploit_telemetry from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import test_open_data_endpoints from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import test_segmentation_violation @@ -42,3 +43,4 @@ def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json): mongo.db.node.update({"_id": node["_id"]}, {"$set": {"os.version": scan_os["version"]}}, upsert=False) + EdgeService.update_label_by_endpoint(edge, node["_id"]) From 1ed49c6eb06de0845d4b7685e5fab9ba7507af1a Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 26 May 2020 11:50:01 +0300 Subject: [PATCH 2/3] Fixed smb exploiter bug where vulnerable port was not passed --- monkey/infection_monkey/exploit/smbexec.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py index 86839c027..3188890d8 100644 --- a/monkey/infection_monkey/exploit/smbexec.py +++ b/monkey/infection_monkey/exploit/smbexec.py @@ -6,7 +6,7 @@ from impacket.smbconnection import SMB_DIALECT from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline from infection_monkey.exploit.tools.smb_tools import SmbTools -from infection_monkey.model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDLINE_DETACHED_WINDOWS +from infection_monkey.model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDLINE_DETACHED_WINDOWS, VictimHost from infection_monkey.network.smbfinger import SMBFinger from infection_monkey.network.tools import check_tcp_port from common.utils.exploit_enum import ExploitType @@ -37,13 +37,11 @@ class SmbExploiter(HostExploiter): if not self.host.os.get('type'): is_smb_open, _ = check_tcp_port(self.host.ip_addr, 445) if is_smb_open: - self.vulnerable_port = 445 smb_finger = SMBFinger() smb_finger.get_host_fingerprint(self.host) else: is_nb_open, _ = check_tcp_port(self.host.ip_addr, 139) if is_nb_open: - self.vulnerable_port = 139 self.host.os['type'] = 'windows' return self.host.os.get('type') in self._TARGET_OS_TYPE return False @@ -102,6 +100,7 @@ class SmbExploiter(HostExploiter): LOG.debug("Exploiter SmbExec is giving up...") return False + self.set_vulnerable_port(self.host) # execute the remote dropper in case the path isn't final if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower(): cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \ @@ -164,3 +163,9 @@ class SmbExploiter(HostExploiter): self.add_vuln_port("%s or %s" % (SmbExploiter.KNOWN_PROTOCOLS['139/SMB'][1], SmbExploiter.KNOWN_PROTOCOLS['445/SMB'][1])) return True + + def set_vulnerable_port(self, host: VictimHost): + if 'tcp-445' in self.host.services: + self.vulnerable_port = "445" + elif 'tcp-139' in self.host.services: + self.vulnerable_port = "139" From 8cf9c9f8f47b7a35ea10f2dadc0e32fafd7da862 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 26 May 2020 14:17:21 +0300 Subject: [PATCH 3/3] Explicitly set vulnerable port to None --- monkey/infection_monkey/exploit/smbexec.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py index 3188890d8..777483330 100644 --- a/monkey/infection_monkey/exploit/smbexec.py +++ b/monkey/infection_monkey/exploit/smbexec.py @@ -169,3 +169,5 @@ class SmbExploiter(HostExploiter): self.vulnerable_port = "445" elif 'tcp-139' in self.host.services: self.vulnerable_port = "139" + else: + self.vulnerable_port = None