p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update node/edge's data regarding exploits

This commit is contained in:
Itay Mizeretz 2017-10-15 16:01:39 +03:00
parent bb53606a1b
commit 484ed3c508
4 changed files with 34 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
monkey_island/cc/resources/telemetry.py
View File

@ -1,15 +1,15 @@
import json
from datetime import datetime
import traceback
from datetime import datetime
import dateutil
from flask import request
import flask_restful
from flask import request
from cc.database import mongo
from cc.services.config import ConfigService
from cc.services.edge import EdgeService
from cc.services.node import NodeService
from cc.services.config import ConfigService
__author__ = 'Barak'
@ -103,19 +103,16 @@ class Telemetry(flask_restful.Resource):
def process_exploit_telemetry(self, telemetry_json):
edge = self.get_edge_by_scan_or_exploit_telemetry(telemetry_json)
data = telemetry_json['data']
data["machine"].pop("ip_addr")
new_exploit = \
{
"timestamp": telemetry_json["timestamp"],
"data": data,
"exploiter": telemetry_json['data']['exploiter']
}
new_exploit = telemetry_json['data']
new_exploit.pop('machine')
new_exploit['timestamp'] = telemetry_json['timestamp']
mongo.db.edge.update(
{"_id": edge["_id"]},
{"$push": {"exploits": new_exploit}}
{'_id': edge['_id']},
{'$push': {'exploits': new_exploit}}
)
if data['result']:
if new_exploit['result']:
EdgeService.set_edge_exploited(edge)
def process_scan_telemetry(self, telemetry_json):
@ -158,5 +155,3 @@ class Telemetry(flask_restful.Resource):
ConfigService.creds_add_lm_hash(creds[user]['lm_hash'])
if 'ntlm_hash' in creds[user]:
ConfigService.creds_add_ntlm_hash(creds[user]['ntlm_hash'])

50
monkey_island/cc/services/edge.py
View File

@ -24,66 +24,20 @@ class EdgeService:
def edge_to_displayed_edge(edge):
services = []
os = {}
exploits = []
if len(edge["scans"]) > 0:
services = EdgeService.services_to_displayed_services(edge["scans"][-1]["data"]["services"])
os = edge["scans"][-1]["data"]["os"]
for exploit in edge["exploits"]:
new_exploit = EdgeService.exploit_to_displayed_exploit(exploit)
if (len(exploits) > 0) and (exploits[-1]["exploiter"] == exploit["exploiter"]):
exploit_container = exploits[-1]
else:
exploit_container =\
{
"exploiter": exploit["exploiter"],
"start_timestamp": exploit["timestamp"],
"end_timestamp": exploit["timestamp"],
"result": False,
"attempts": []
}
exploits.append(exploit_container)
exploit_container["attempts"].append(new_exploit)
if new_exploit["result"]:
exploit_container["result"] = True
exploit_container["end_timestamp"] = new_exploit["timestamp"]
displayed_edge = EdgeService.edge_to_net_edge(edge)
displayed_edge["ip_address"] = edge["ip_address"]
displayed_edge["services"] = services
displayed_edge["os"] = os
displayed_edge["exploits"] = exploits
displayed_edge["exploits"] = edge['exploits']
displayed_edge["_label"] = EdgeService.get_edge_label(displayed_edge)
return displayed_edge
@staticmethod
def exploit_to_displayed_exploit(exploit):
user = ""
password = ""
# TODO: The format that's used today to get the credentials is bad. Change it from monkey side and adapt.
result = exploit["data"]["result"]
if result:
if "creds" in exploit["data"]["machine"]:
user = exploit["data"]["machine"]["creds"].keys()[0]
password = exploit["data"]["machine"]["creds"][user]
else:
if ("user" in exploit["data"]) and ("password" in exploit["data"]):
user = exploit["data"]["user"]
password = exploit["data"]["password"]
return \
{
"timestamp": exploit["timestamp"],
"user": user,
"password": password,
"result": result,
}
@staticmethod
def insert_edge(from_id, to_id):
edge_insert_result = mongo.db.edge.insert_one(

4
monkey_island/cc/services/node.py
View File

@ -62,9 +62,9 @@ class NodeService:
@staticmethod
def _cmp_exploits_by_timestamp(exploit_1, exploit_2):
if exploit_1["start_timestamp"] == exploit_2["start_timestamp"]:
if exploit_1["timestamp"] == exploit_2["timestamp"]:
return 0
if exploit_1["start_timestamp"] > exploit_2["start_timestamp"]:
if exploit_1["timestamp"] > exploit_2["timestamp"]:
return 1
return -1

14
monkey_island/cc/ui/src/components/preview-pane/PreviewPane.js
View File

@ -91,9 +91,9 @@ class PreviewPaneComponent extends React.Component {
<h4 style={{'marginTop': '2em'}}>Timeline</h4>
<ul className="timeline">
{ asset.exploits.map(exploit =>
<li key={exploit.start_timestamp}>
<li key={exploit.timestamp}>
<div className={'bullet ' + (exploit.result ? 'bad' : '')} />
<div>{new Date(exploit.start_timestamp).toLocaleString()}</div>
<div>{new Date(exploit.timestamp).toLocaleString()}</div>
<div>{exploit.origin}</div>
<div>{exploit.exploiter}</div>
</li>
@ -157,18 +157,24 @@ class PreviewPaneComponent extends React.Component {
</tr>
</tbody>
</table>
{
(edge.exploits.length === 0) ?
'' :
<div>
<h4 style={{'marginTop': '2em'}}>Timeline</h4>
<ul className="timeline">
{ edge.exploits.map(exploit =>
<li key={exploit.start_timestamp}>
<li key={exploit.timestamp}>
<div className={'bullet ' + (exploit.result ? 'bad' : '')} />
<div>{exploit.start_timestamp}</div>
<div>{new Date(exploit.timestamp).toLocaleString()}</div>
<div>{exploit.origin}</div>
<div>{exploit.exploiter}</div>
</li>
)}
</ul>
</div>
}
</div>
);
}