Agent IP addresses (#2056)

* Added host IP address list to agent object and to update this variable with heartbeat. Also updated frontend to include host IP addresses in agent modal. * Modified a test to mirror agent changes * Improved host_ip variable name in agent static and object * Updated test Co-authored-by: Ravi B Serota <[email protected]>
mitre · Mar 9, 2021 · ab8a607 · ab8a607
1 parent feb27aa
commit ab8a607
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/app/objects/c_agent.py b/app/objects/c_agent.py
@@ -41,6 +41,7 @@ class AgentFieldsSchema(ma.Schema):
     deadman_enabled = ma.fields.Boolean()
     available_contacts = ma.fields.List(ma.fields.String())
     created = ma.fields.DateTime(format='%Y-%m-%d %H:%M:%S')
+    host_ip_addrs = ma.fields.List(ma.fields.String())
 
     @ma.pre_load
     def remove_nulls(self, in_data, **_):
@@ -74,7 +75,7 @@ def __init__(self, sleep_min, sleep_max, watchdog, platform='unknown', server='u
                  username='unknown', architecture='unknown', group='red', location='unknown', pid=0, ppid=0,
                  trusted=True, executors=(), privilege='User', exe_name='unknown', contact='unknown', paw=None,
                  proxy_receivers=None, proxy_chain=None, origin_link_id=0, deadman_enabled=False,
-                 available_contacts=None):
+                 available_contacts=None, host_ip_addrs=None):
         super().__init__()
         self.paw = paw if paw else self.generate_name(size=6)
         self.host = host
@@ -106,6 +107,7 @@ def __init__(self, sleep_min, sleep_max, watchdog, platform='unknown', server='u
         self.deadman_enabled = deadman_enabled
         self.available_contacts = available_contacts if available_contacts else [self.contact]
         self.pending_contact = contact
+        self.host_ip_addrs = host_ip_addrs if host_ip_addrs else []
 
     def store(self, ram):
         existing = self.retrieve(ram['agents'], self.unique)
@@ -151,6 +153,7 @@ async def heartbeat_modification(self, **kwargs):
         self.update('proxy_chain', kwargs.get('proxy_chain'))
         self.update('deadman_enabled', kwargs.get('deadman_enabled'))
         self.update('contact', kwargs.get('contact'))
+        self.update('host_ip_addrs', kwargs.get('host_ip_addrs'))
 
     async def gui_modification(self, **kwargs):
         loaded = AgentFieldsSchema(only=('group', 'trusted', 'sleep_min', 'sleep_max', 'watchdog', 'pending_contact')).load(kwargs)

diff --git a/templates/agents.html b/templates/agents.html
@@ -162,6 +162,10 @@ <h3 id="modal-paw"></h3>
                         <td>Executors</td>
                         <td><p id="modal-executors"></p></td>
                     </tr>
+                    <tr>
+                        <td>Host IP Addresses</td>
+                        <td><p id="modal-host_ip_addrs"></p></td>
+                    </tr>
                     <tr>
                         <td>Peer-to-Peer Proxy Receivers</td>
                         <td><p id="modal-peer_receivers"></p></td>
@@ -447,6 +451,7 @@ <h3 id="modal-paw"></h3>
             parent.find('#modal-ppid').text(agent['ppid']);
             parent.find('#modal-executors').text(JSON.stringify(agent['executors']));
             parent.find('#modal-watchdog').text(agent['watchdog']);
+            parent.find('#modal-host_ip_addrs').text(JSON.stringify(agent['host_ip_addrs']));
 
             // Set up contact selection
             let num_contacts = agent['available_contacts'].length;

diff --git a/tests/services/test_rest_svc.py b/tests/services/test_rest_svc.py
@@ -103,7 +103,8 @@ def test_create_operation(self, loop, rest_svc, data_svc):
                      'platform': 'windows', 'host': 'unknown', 'paw': '123', 'pid': 0,
                      'display_name': 'unknown$unknown', 'group': 'red', 'location': 'unknown', 'privilege': 'User',
                      'proxy_receivers': {}, 'proxy_chain': [], 'origin_link_id': 0,
-                     'deadman_enabled': False, 'available_contacts': ['unknown'], 'pending_contact': 'unknown'}],
+                     'deadman_enabled': False, 'available_contacts': ['unknown'], 'pending_contact': 'unknown',
+                     'host_ip_addrs': []}],
                 'visibility': 50, 'autonomous': 1, 'chain': [], 'auto_close': False, 'objective': '',
                 'obfuscator': 'plain-text'}
         internal_rest_svc = rest_svc(loop)