From 35c496812f8403cc343e467d343a2291f0879f9d Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 2 Aug 2019 13:11:16 +0300 Subject: [PATCH 1/2] Fixed CR comments and implemented test for proxy attack techniques --- monkey/monkey_island/cc/models/monkey.py | 16 +++++------- monkey/monkey_island/cc/models/test_monkey.py | 26 +++++++++++++++++-- .../attack/technique_reports/T1090.py | 7 ++--- .../attack/technique_reports/T1188.py | 9 +++---- .../components/attack/techniques/Helpers.js | 1 + .../src/components/attack/techniques/T1090.js | 16 +++++++----- .../src/components/attack/techniques/T1188.js | 2 +- 7 files changed, 47 insertions(+), 30 deletions(-) diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 418cec03f..f9f556844 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -68,19 +68,17 @@ class Monkey(Document): os = "windows" return os + def get_network_info(self): + """ + Formats network info from monkey's model + :return: dictionary with an array of IP's and a hostname + """ + return {'ips': self.ip_addresses, 'hostname': self.hostname} + @staticmethod def get_tunneled_monkeys(): return Monkey.objects(tunnel__exists=True) - @staticmethod - def get_network_info(monkey): - """ - Formats network info from monkey's model - :param monkey: monkey model - :return: dictionary with an array of IP's and a hostname - """ - return {'ips': monkey.ip_addresses, 'hostname': monkey.hostname} - class MonkeyNotFoundError(Exception): pass diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index a744db6b6..a44512995 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -9,11 +9,11 @@ from monkey_ttl import MonkeyTtl class TestMonkey(IslandTestCase): """ - Make sure to set server environment to `testing` in server.json! Otherwise this will mess up your mongo instance and + Make sure to set server environment to `testing` in server_config.json! Otherwise this will mess up your mongo instance and won't work. Also, the working directory needs to be the working directory from which you usually run the island so the - server.json file is found and loaded. + server_config.json file is found and loaded. """ def test_is_dead(self): @@ -77,3 +77,25 @@ class TestMonkey(IslandTestCase): self.assertEquals(1, len(filter(lambda m: m.get_os() == "windows", Monkey.objects()))) self.assertEquals(1, len(filter(lambda m: m.get_os() == "linux", Monkey.objects()))) self.assertEquals(1, len(filter(lambda m: m.get_os() == "unknown", Monkey.objects()))) + + def test_get_tunneled_monkeys(self): + self.fail_if_not_testing_env() + self.clean_monkey_db() + + linux_monkey = Monkey(guid=str(uuid.uuid4()), + description="Linux shay-Virtual-Machine") + windows_monkey = Monkey(guid=str(uuid.uuid4()), + description="Windows bla bla bla", + tunneling=linux_monkey) + unknown_monkey = Monkey(guid=str(uuid.uuid4()), + description="bla bla bla", + tunneling=windows_monkey) + linux_monkey.save() + windows_monkey.save() + unknown_monkey.save() + tunneled_monkeys = Monkey.get_tunneled_monkeys() + test = bool(windows_monkey in tunneled_monkeys + and unknown_monkey in tunneled_monkeys + and linux_monkey not in tunneled_monkeys + and len(tunneled_monkeys) == 2) + self.assertTrue(test, "Tunneling test") diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py index 0e48d2198..f0835aff9 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1090.py @@ -15,11 +15,8 @@ class T1090(AttackTechnique): @staticmethod def get_report_data(): monkeys = Monkey.get_tunneled_monkeys() - monkeys = [Monkey.get_network_info(monkey) for monkey in monkeys] - if monkeys: - status = ScanStatus.USED.value - else: - status = ScanStatus.UNSCANNED.value + monkeys = [monkey.get_network_info() for monkey in monkeys] + status = ScanStatus.USED.value if monkeys else ScanStatus.UNSCANNED.value data = T1090.get_base_data_by_status(status) data.update({'proxies': monkeys}) return data diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py index 6e35f7c7f..32187696a 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1188.py @@ -23,13 +23,10 @@ class T1188(AttackTechnique): proxy_count += 1 proxy = proxy.tunnel if proxy_count > 1: - hops.append({'from': Monkey.get_network_info(initial), - 'to': Monkey.get_network_info(proxy), + hops.append({'from': initial.get_network_info(), + 'to': proxy.get_network_info(), 'count': proxy_count}) - if hops: - status = ScanStatus.USED.value - else: - status = ScanStatus.UNSCANNED.value + status = ScanStatus.USED.value if hops else ScanStatus.UNSCANNED.value data = T1188.get_base_data_by_status(status) data.update({'hops': hops}) return data diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js index adc0d2583..18df4b58f 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/Helpers.js @@ -17,6 +17,7 @@ export function renderMachineFromSystemData(data) { machineStr += ipInfo + ", "; } }); + // Replaces " ," with " )" to finish a list of IP's return machineStr.slice(0, -2) + " )" } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js index 99660cf65..d5fed289f 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1090.js @@ -12,7 +12,6 @@ class T1090 extends React.Component { static getProxyColumns() { return ([{ - Header: "Proxies were used to communicate with:", columns: [ {Header: 'Machines', id: 'machine', @@ -26,12 +25,15 @@ class T1090 extends React.Component {
{this.props.data.message}

{this.props.data.status === scanStatus.USED ? - : ""} +
+

Proxies were used to communicate with:

+ +
: ""} ); } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js index f938c5e3f..c28a8092c 100644 --- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1188.js @@ -12,7 +12,7 @@ class T1188 extends React.Component { static getHopColumns() { return ([{ - Header: "Communications trough multi-hop proxies", + Header: "Communications through multi-hop proxies", columns: [ {Header: 'From', id: 'from', From e9d39577eedbaa14abebf30fbc4f87fad6c790ad Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 19 Aug 2019 15:17:48 +0300 Subject: [PATCH 2/2] Fixed bug in unit test for tunneling --- monkey/monkey_island/cc/models/test_monkey.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/models/test_monkey.py b/monkey/monkey_island/cc/models/test_monkey.py index a44512995..ba8ff10fc 100644 --- a/monkey/monkey_island/cc/models/test_monkey.py +++ b/monkey/monkey_island/cc/models/test_monkey.py @@ -86,10 +86,10 @@ class TestMonkey(IslandTestCase): description="Linux shay-Virtual-Machine") windows_monkey = Monkey(guid=str(uuid.uuid4()), description="Windows bla bla bla", - tunneling=linux_monkey) + tunnel=linux_monkey) unknown_monkey = Monkey(guid=str(uuid.uuid4()), description="bla bla bla", - tunneling=windows_monkey) + tunnel=windows_monkey) linux_monkey.save() windows_monkey.save() unknown_monkey.save()