p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update node/edge's data regarding exploits

This commit is contained in:
Itay Mizeretz 2017-10-15 16:01:39 +03:00
parent bb53606a1b
commit 484ed3c508
4 changed files with 34 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
monkey_island/cc/resources/telemetry.py
View File

@ -1,15 +1,15 @@
import json import json
from datetime import datetime
import traceback import traceback
from datetime import datetime
import dateutil import dateutil
from flask import request
import flask_restful import flask_restful
from flask import request
from cc.database import mongo from cc.database import mongo
from cc.services.config import ConfigService
from cc.services.edge import EdgeService from cc.services.edge import EdgeService
from cc.services.node import NodeService from cc.services.node import NodeService
from cc.services.config import ConfigService
__author__ = 'Barak' __author__ = 'Barak'
@ -103,19 +103,16 @@ class Telemetry(flask_restful.Resource):
def process_exploit_telemetry(self, telemetry_json): def process_exploit_telemetry(self, telemetry_json):
edge = self.get_edge_by_scan_or_exploit_telemetry(telemetry_json) edge = self.get_edge_by_scan_or_exploit_telemetry(telemetry_json)
data = telemetry_json['data'] new_exploit = telemetry_json['data']
data["machine"].pop("ip_addr")
new_exploit = \ new_exploit.pop('machine')
{ new_exploit['timestamp'] = telemetry_json['timestamp']
"timestamp": telemetry_json["timestamp"],
"data": data,
"exploiter": telemetry_json['data']['exploiter']
}
mongo.db.edge.update( mongo.db.edge.update(
{"_id": edge["_id"]}, {'_id': edge['_id']},
{"$push": {"exploits": new_exploit}} {'$push': {'exploits': new_exploit}}
) )
if data['result']: if new_exploit['result']:
EdgeService.set_edge_exploited(edge) EdgeService.set_edge_exploited(edge)
def process_scan_telemetry(self, telemetry_json): def process_scan_telemetry(self, telemetry_json):
@ -158,5 +155,3 @@ class Telemetry(flask_restful.Resource):
ConfigService.creds_add_lm_hash(creds[user]['lm_hash']) ConfigService.creds_add_lm_hash(creds[user]['lm_hash'])
if 'ntlm_hash' in creds[user]: if 'ntlm_hash' in creds[user]:
ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash']) ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash'])

50
monkey_island/cc/services/edge.py
View File

@ -24,66 +24,20 @@ class EdgeService:
def edge_to_displayed_edge(edge): def edge_to_displayed_edge(edge):
services = [] services = []
os = {} os = {}
exploits = []
if len(edge["scans"]) > 0: if len(edge["scans"]) > 0:
services = EdgeService.services_to_displayed_services(edge["scans"][-1]["data"]["services"]) services = EdgeService.services_to_displayed_services(edge["scans"][-1]["data"]["services"])
os = edge["scans"][-1]["data"]["os"] os = edge["scans"][-1]["data"]["os"]
for exploit in edge["exploits"]:
new_exploit = EdgeService.exploit_to_displayed_exploit(exploit)
if (len(exploits) > 0) and (exploits[-1]["exploiter"] == exploit["exploiter"]):
exploit_container = exploits[-1]
else:
exploit_container =\
{
"exploiter": exploit["exploiter"],
"start_timestamp": exploit["timestamp"],
"end_timestamp": exploit["timestamp"],
"result": False,
"attempts": []
}
exploits.append(exploit_container)
exploit_container["attempts"].append(new_exploit)
if new_exploit["result"]:
exploit_container["result"] = True
exploit_container["end_timestamp"] = new_exploit["timestamp"]
displayed_edge = EdgeService.edge_to_net_edge(edge) displayed_edge = EdgeService.edge_to_net_edge(edge)
displayed_edge["ip_address"] = edge["ip_address"] displayed_edge["ip_address"] = edge["ip_address"]
displayed_edge["services"] = services displayed_edge["services"] = services
displayed_edge["os"] = os displayed_edge["os"] = os
displayed_edge["exploits"] = exploits displayed_edge["exploits"] = edge['exploits']
displayed_edge["_label"] = EdgeService.get_edge_label(displayed_edge) displayed_edge["_label"] = EdgeService.get_edge_label(displayed_edge)
return displayed_edge return displayed_edge
@staticmethod
def exploit_to_displayed_exploit(exploit):
user = ""
password = ""
# TODO: The format that's used today to get the credentials is bad. Change it from monkey side and adapt.
result = exploit["data"]["result"]
if result:
if "creds" in exploit["data"]["machine"]:
user = exploit["data"]["machine"]["creds"].keys()[0]
password = exploit["data"]["machine"]["creds"][user]
else:
if ("user" in exploit["data"]) and ("password" in exploit["data"]):
user = exploit["data"]["user"]
password = exploit["data"]["password"]
return \
{
"timestamp": exploit["timestamp"],
"user": user,
"password": password,
"result": result,
}
@staticmethod @staticmethod
def insert_edge(from_id, to_id): def insert_edge(from_id, to_id):
edge_insert_result = mongo.db.edge.insert_one( edge_insert_result = mongo.db.edge.insert_one(

4
monkey_island/cc/services/node.py
View File

@ -62,9 +62,9 @@ class NodeService:
@staticmethod @staticmethod
def _cmp_exploits_by_timestamp(exploit_1, exploit_2): def _cmp_exploits_by_timestamp(exploit_1, exploit_2):
if exploit_1["start_timestamp"] == exploit_2["start_timestamp"]: if exploit_1["timestamp"] == exploit_2["timestamp"]:
return 0 return 0
if exploit_1["start_timestamp"] > exploit_2["start_timestamp"]: if exploit_1["timestamp"] > exploit_2["timestamp"]:
return 1 return 1
return -1 return -1

14
monkey_island/cc/ui/src/components/preview-pane/PreviewPane.js
View File

@ -91,9 +91,9 @@ class PreviewPaneComponent extends React.Component {
<h4 style={{'marginTop': '2em'}}>Timeline</h4> <h4 style={{'marginTop': '2em'}}>Timeline</h4>
<ul className="timeline"> <ul className="timeline">
{ asset.exploits.map(exploit => { asset.exploits.map(exploit =>
<li key={exploit.start_timestamp}> <li key={exploit.timestamp}>
<div className={'bullet ' + (exploit.result ? 'bad' : '')} /> <div className={'bullet ' + (exploit.result ? 'bad' : '')} />
<div>{new Date(exploit.start_timestamp).toLocaleString()}</div> <div>{new Date(exploit.timestamp).toLocaleString()}</div>
<div>{exploit.origin}</div> <div>{exploit.origin}</div>
<div>{exploit.exploiter}</div> <div>{exploit.exploiter}</div>
</li> </li>
@ -157,18 +157,24 @@ class PreviewPaneComponent extends React.Component {
</tr> </tr>
</tbody> </tbody>
</table> </table>
{
(edge.exploits.length === 0) ?
'' :
<div>
<h4 style={{'marginTop': '2em'}}>Timeline</h4> <h4 style={{'marginTop': '2em'}}>Timeline</h4>
<ul className="timeline"> <ul className="timeline">
{ edge.exploits.map(exploit => { edge.exploits.map(exploit =>
<li key={exploit.start_timestamp}> <li key={exploit.timestamp}>
<div className={'bullet ' + (exploit.result ? 'bad' : '')} /> <div className={'bullet ' + (exploit.result ? 'bad' : '')} />
<div>{exploit.start_timestamp}</div> <div>{new Date(exploit.timestamp).toLocaleString()}</div>
<div>{exploit.origin}</div> <div>{exploit.origin}</div>
<div>{exploit.exploiter}</div> <div>{exploit.exploiter}</div>
</li> </li>
)} )}
</ul> </ul>
</div> </div>
}
</div>
); );
} }