-
Notifications
You must be signed in to change notification settings - Fork 792
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #698 from shreyamalviya/T1154
Add T1154 attack technique (trap command)
- Loading branch information
Showing
9 changed files
with
131 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
monkey/infection_monkey/post_breach/actions/use_trap_command.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND | ||
| from infection_monkey.post_breach.pba import PBA | ||
| from infection_monkey.post_breach.trap_command.trap_command import\ | ||
| get_trap_commands | ||
| from infection_monkey.utils.environment import is_windows_os | ||
|
|
||
|
|
||
| class TrapCommand(PBA): | ||
| def __init__(self): | ||
| if not is_windows_os(): | ||
| linux_cmds = get_trap_commands() | ||
| super(TrapCommand, self).__init__(POST_BREACH_TRAP_COMMAND, | ||
| linux_cmd=linux_cmds) |
5 changes: 5 additions & 0 deletions
5
monkey/infection_monkey/post_breach/trap_command/linux_trap_command.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| def get_linux_trap_commands(): | ||
| return [ | ||
| 'trap \'echo \"Successfully used trap command\"\' INT && kill -2 $$ ;', # trap and send SIGINT signal | ||
| 'trap - INT' # untrap SIGINT | ||
| ] |
7 changes: 7 additions & 0 deletions
7
monkey/infection_monkey/post_breach/trap_command/trap_command.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| from infection_monkey.post_breach.trap_command.linux_trap_command import\ | ||
| get_linux_trap_commands | ||
|
|
||
|
|
||
| def get_trap_commands(): | ||
| linux_cmds = get_linux_trap_commands() | ||
| return linux_cmds |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
monkey/monkey_island/cc/services/attack/technique_reports/T1154.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| from monkey_island.cc.services.attack.technique_reports import AttackTechnique | ||
| from monkey_island.cc.database import mongo | ||
| from common.utils.attack_utils import ScanStatus | ||
| from common.data.post_breach_consts import POST_BREACH_TRAP_COMMAND | ||
|
|
||
|
|
||
| __author__ = "shreyamalviya" | ||
|
|
||
|
|
||
| class T1154(AttackTechnique): | ||
| tech_id = "T1154" | ||
| unscanned_msg = "Monkey did not use the trap command." | ||
| scanned_msg = "Monkey tried using the trap command but failed." | ||
| used_msg = "Monkey used the trap command successfully." | ||
|
|
||
| query = [{'$match': {'telem_category': 'post_breach', | ||
| 'data.name': POST_BREACH_TRAP_COMMAND}}, | ||
| {'$project': {'_id': 0, | ||
| 'machine': {'hostname': '$data.hostname', | ||
| 'ips': ['$data.ip']}, | ||
| 'result': '$data.result'}}] | ||
|
|
||
| @staticmethod | ||
| def get_report_data(): | ||
| data = {'title': T1154.technique_title(), 'info': []} | ||
|
|
||
| trap_command_info = list(mongo.db.telemetry.aggregate(T1154.query)) | ||
|
|
||
| status = ScanStatus.UNSCANNED.value | ||
| if trap_command_info: | ||
| successful_PBAs = mongo.db.telemetry.count({'data.name': POST_BREACH_TRAP_COMMAND, | ||
| 'data.result.1': True}) | ||
| status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value | ||
|
|
||
| data.update(T1154.get_base_data_by_status(status)) | ||
| data.update({'info': trap_command_info}) | ||
| return data |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
45 changes: 45 additions & 0 deletions
45
monkey/monkey_island/cc/ui/src/components/attack/techniques/T1154.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| import React from 'react'; | ||
| import ReactTable from 'react-table'; | ||
| import {renderMachineFromSystemData, ScanStatus} from './Helpers'; | ||
| import MitigationsComponent from './MitigationsComponent'; | ||
|
|
||
| class T1154 extends React.Component { | ||
|
|
||
| constructor(props) { | ||
| super(props); | ||
| } | ||
|
|
||
| static getColumns() { | ||
| return ([{ | ||
| columns: [ | ||
| { Header: 'Machine', | ||
| id: 'machine', | ||
| accessor: x => renderMachineFromSystemData(x.machine), | ||
| style: {'whiteSpace': 'unset'}}, | ||
| { Header: 'Result', | ||
| id: 'result', | ||
| accessor: x => x.result, | ||
| style: {'whiteSpace': 'unset'}} | ||
| ] | ||
| }]) | ||
| } | ||
|
|
||
| render() { | ||
| return ( | ||
| <div> | ||
| <div>{this.props.data.message}</div> | ||
| <br/> | ||
| {this.props.data.status === ScanStatus.USED ? | ||
| <ReactTable | ||
| columns={T1154.getColumns()} | ||
| data={this.props.data.info} | ||
| showPagination={false} | ||
| defaultPageSize={this.props.data.info.length} | ||
| /> : ''} | ||
| <MitigationsComponent mitigations={this.props.data.mitigations}/> | ||
| </div> | ||
| ); | ||
| } | ||
| } | ||
|
|
||
| export default T1154; |