p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Core functionality added, not tested yet

This commit is contained in:
VakarisZ 2019-02-04 09:57:57 +02:00
parent 8e78150db4
commit 20d774b7df
6 changed files with 35 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
monkey/infection_monkey/config.py
View File

@ -20,7 +20,6 @@ class Configuration(object):
# now we won't work at <2.7 for sure
network_import = importlib.import_module('infection_monkey.network')
exploit_import = importlib.import_module('infection_monkey.exploit')
post_breach_import = importlib.import_module('infection_monkey.post_breach')
unknown_items = []
for key, value in formatted_data.items():
@ -37,9 +36,6 @@ class Configuration(object):
elif key == 'exploiter_classes':
class_objects = [getattr(exploit_import, val) for val in value]
setattr(self, key, class_objects)
elif key == 'post_breach_actions':
class_objects = [getattr(post_breach_import, val) for val in value]
setattr(self, key, class_objects)
else:
if hasattr(self, key):
setattr(self, key, value)
@ -270,7 +266,7 @@ class Configuration(object):
extract_azure_creds = True
post_breach_actions = []
post_breach_actions = {}
WormConfiguration = Configuration()

5
monkey/infection_monkey/monkey.py
View File

@ -16,6 +16,7 @@ from infection_monkey.network.network_scanner import NetworkScanner
from infection_monkey.system_info import SystemInfoCollector
from infection_monkey.system_singleton import SystemSingleton
from infection_monkey.windows_upgrader import WindowsUpgrader
from infection_monkey.post_breach.post_breach import PostBreach
__author__ = 'itamar'
@ -112,6 +113,10 @@ class InfectionMonkey(object):
system_info = system_info_collector.get_info()
ControlClient.send_telemetry("system_info_collection", system_info)
pb = PostBreach()
output = pb.execute()
ControlClient.send_telemetry("post_breach", {'output': output})
for action_class in WormConfiguration.post_breach_actions:
action = action_class()
action.act()

24
monkey/infection_monkey/post_breach/post_breach.py
View File

@ -1,7 +1,7 @@
import logging
import infection_monkey.config
import subprocess
from abc import abstractmethod
import platform
LOG = logging.getLogger(__name__)
@ -10,25 +10,25 @@ __author__ = 'VakarisZ'
# Class that handles post breach action execution
class PostBreach(object):
def __init__(self, host, pba_list):
self._config = infection_monkey.config.WormConfiguration
self.pba_list = pba_list
self.host = host
def __init__(self):
self.pba_list = PostBreach.config_to_pba_list(infection_monkey.config.WormConfiguration)
def execute(self):
for pba in self.pba_list:
if self.host.is_linux():
pba.execute_linux()
if platform.system() == 'Windows':
return pba.execute_win()
else:
pba.execute_win()
return pba.execute_linux()
@staticmethod
@abstractmethod
def config_to_pba_list(config):
"""
Should return a list of PBA's generated from config
"""
raise NotImplementedError()
pba_list = []
if config.post_breach_actions["linux"] or config.post_breach_actions["windows"]:
pba_list.append(PBA(config.post_breach_actions["linux"], config.post_breach_actions["windows"]))
return pba_list
# Post Breach Action container
@ -38,8 +38,8 @@ class PBA(object):
self.windows_command = windows_command
def execute_linux(self):
return subprocess.check_output(self.linux_command, shell=True)
return subprocess.check_output(self.linux_command, shell=True) if self.linux_command else False
def execute_win(self):
return subprocess.check_output(self.windows_command, shell=True)
return subprocess.check_output(self.windows_command, shell=True) if self.windows_command else False

10
monkey/monkey_island/cc/resources/telemetry.py
View File

@ -257,6 +257,13 @@ class Telemetry(flask_restful.Resource):
if len(credential) > 0:
attempts[i][field] = encryptor.enc(credential.encode('utf-8'))
@staticmethod
def process_post_breach_telemetry(telemetry_json):
if telemetry_json['output']:
node = NodeService.get_or_create_node(telemetry_json['ip'], telemetry_json['domain_name'])
pass
TELEM_PROCESS_DICT = \
{
@ -265,5 +272,6 @@ TELEM_PROCESS_DICT = \
'exploit': Telemetry.process_exploit_telemetry,
'scan': Telemetry.process_scan_telemetry,
'system_info_collection': Telemetry.process_system_info_telemetry,
'trace': Telemetry.process_trace_telemetry
'trace': Telemetry.process_trace_telemetry,
'post_breach': Telemetry.process_post_breach_telemetry
}

27
monkey/monkey_island/cc/services/config_schema.py
View File

@ -94,19 +94,6 @@ SCHEMA = {
}
]
},
"post_breach_acts": {
"title": "Post breach actions",
"type": "string",
"anyOf": [
{
"type": "string",
"enum": [
"BackdoorUser"
],
"title": "Back door user",
},
],
},
"finger_classes": {
"title": "Fingerprint class",
"type": "string",
@ -295,7 +282,13 @@ SCHEMA = {
"type": "boolean",
"default": True,
"description": "Is the monkey alive"
},
}
}
},
"behaviour": {
"title": "Behaviour",
"type": "object",
"properties": {
"post_breach_actions": {
"title": "Post breach actions",
"type": "object",
@ -315,12 +308,6 @@ SCHEMA = {
],
"description": "List of actions the Monkey will run post breach"
},
}
},
"behaviour": {
"title": "Behaviour",
"type": "object",
"properties": {
"self_delete_in_cleanup": {
"title": "Self delete on cleanup",
"type": "boolean",

2
monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
View File

@ -153,7 +153,7 @@ class ConfigurePageComponent extends AuthComponent {
render() {
let displayedSchema = {};
const uiSchema = {
general: {
behaviour: {
post_breach_actions: {
linux: {
"ui:widget": "textarea"