Agent: Add tags and error messages in Hadoop

2022-10-04 16:39:10 +02:00 · 2022-10-04 16:39:10 +02:00 · 9c185a3a78
parent fe864792f3
commit 9c185a3a78
1 changed files with 18 additions and 1 deletions
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@ -5,6 +5,7 @@
 """

 import json
+import logging
 import posixpath
 import random
 import string
@ -12,6 +13,7 @@ import string
 import requests

 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
+from common.tags import T1203_ATTACK_TECHNIQUE_TAG
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.exploit.web_rce import WebRCE
@ -23,6 +25,10 @@ from infection_monkey.model import (
 )
 from infection_monkey.utils.commands import build_monkey_commandline

+logger = logging.getLogger(__name__)
+
+HADOOP_EXPLOITER_TAG = "hadoop-exploiter"
+

 class HadoopExploiter(WebRCE):
    _EXPLOITED_SERVICE = "Hadoop"
@ -40,18 +46,24 @@ class HadoopExploiter(WebRCE):
        urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
        self.add_vulnerable_urls(urls, True)
        if not self.vulnerable_urls:
+            self.exploit.error_message = f"No vulnerable urls has been found for {self.host}"
            self.publish_exploitation_event(
                target=self.host.ip_addr,
                exploitation_success=False,
+                error_message=self.exploit_result.error_message,
+                tags=(HADOOP_EXPLOITER_TAG,),
            )
            return self.exploit_result

        try:
            monkey_path_on_victim = get_agent_dst_path(self.host)
        except KeyError:
+            self.exploit_result.error_message = f"No coressponding agent found for {self.host}"
            self.publish_exploitation_event(
                target=self.host.ip_addr,
                exploitation_success=False,
+                error_message=self.exploit_result.error_message,
+                tags=(HADOOP_EXPLOITER_TAG,),
            )
            return self.exploit_result

@ -70,8 +82,13 @@ class HadoopExploiter(WebRCE):
                self.publish_exploitation_event(
                    target=self.host.ip_addr,
                    exploitation_success=True,
+                    tags=(HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
+                )
+                self.publish_propagation_event(
+                    target=self.host.ip_addr,
+                    propagation_success=True,
+                    tags=(HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
                )
-                self.publish_propagation_event(target=self.host.ip_addr, propagation_success=True)
        finally:
            http_thread.join(self.DOWNLOAD_TIMEOUT)
            http_thread.stop()