Merge pull request #1644 from guardicore/1635-remove-should-monkey-run-function
1635 remove should monkey run function
This commit is contained in:
Mike Salvatore
GitHub
commit
416d6734ba
|
|
@ -33,6 +33,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- Max iterations and timeout between iterations config options. #1600
|
||||
- MITRE ATT&CK configuration screen. #1532
|
||||
- Propagation credentials from "GET /api/monkey/<string:guid>" endpoint. #1538
|
||||
- "GET /api/monkey_control/check_remote_port/<string:port>" endpoint. #1635
|
||||
|
||||
### Fixed
|
||||
- A bug in network map page that caused delay of telemetry log loading. #1545
|
||||
|
|
|
|||
|
|
@ -13,11 +13,7 @@ import infection_monkey.monkeyfs as monkeyfs
|
|||
import infection_monkey.tunnel as tunnel
|
||||
from common.common_consts.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
|
||||
from common.common_consts.time_formats import DEFAULT_TIME_FORMAT
|
||||
from common.common_consts.timeouts import (
|
||||
LONG_REQUEST_TIMEOUT,
|
||||
MEDIUM_REQUEST_TIMEOUT,
|
||||
SHORT_REQUEST_TIMEOUT,
|
||||
)
|
||||
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
|
||||
from infection_monkey.config import GUID, WormConfiguration
|
||||
from infection_monkey.network.info import local_ips
|
||||
from infection_monkey.transport.http import HTTPConnectProxy
|
||||
|
|
@ -407,33 +403,6 @@ class ControlClient(object):
|
|||
except requests.exceptions.RequestException:
|
||||
return False
|
||||
|
||||
@staticmethod
|
||||
def should_monkey_run(vulnerable_port: str) -> bool:
|
||||
if (
|
||||
vulnerable_port
|
||||
and WormConfiguration.get_hop_distance_to_island() > 1
|
||||
and ControlClient.can_island_see_port(vulnerable_port)
|
||||
and WormConfiguration.started_on_island
|
||||
):
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
@staticmethod
|
||||
def can_island_see_port(port):
|
||||
try:
|
||||
url = (
|
||||
f"https://{WormConfiguration.current_server}/api/monkey_control"
|
||||
f"/check_remote_port/{port}"
|
||||
)
|
||||
response = requests.get( # noqa: DUO123
|
||||
url, verify=False, timeout=SHORT_REQUEST_TIMEOUT
|
||||
)
|
||||
response = json.loads(response.content.decode())
|
||||
return response["status"] == "port_visible"
|
||||
except requests.exceptions.RequestException:
|
||||
return False
|
||||
|
||||
@staticmethod
|
||||
def report_start_on_island():
|
||||
requests.post( # noqa: DUO123
|
||||
|
|
|
|||
|
|
@ -139,7 +139,6 @@ class MonkeyDrops(object):
|
|||
server=self.opts.server,
|
||||
depth=self.opts.depth,
|
||||
location=None,
|
||||
vulnerable_port=self.opts.vulnerable_port,
|
||||
)
|
||||
|
||||
if OperatingSystem.Windows == SystemInfoCollector.get_os():
|
||||
|
|
|
|||
|
|
@ -87,9 +87,7 @@ class HadoopExploiter(WebRCE):
|
|||
|
||||
def build_command(self, path, http_path):
|
||||
# Build command to execute
|
||||
monkey_cmd = build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1, vulnerable_port=HadoopExploiter.HADOOP_PORTS[0][0]
|
||||
)
|
||||
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||
if "linux" in self.host.os["type"]:
|
||||
base_command = HADOOP_LINUX_COMMAND
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -147,9 +147,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
def get_monkey_launch_command(self):
|
||||
dst_path = get_monkey_dest_path(self.monkey_server.http_path)
|
||||
# Form monkey's launch command
|
||||
monkey_args = build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1, MSSQLExploiter.SQL_DEFAULT_TCP_PORT, dst_path
|
||||
)
|
||||
monkey_args = build_monkey_commandline(self.host, get_monkey_depth() - 1, dst_path)
|
||||
suffix = ">>{}".format(self.payload_file_path)
|
||||
prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX
|
||||
return MSSQLLimitedSizePayload(
|
||||
|
|
|
|||
|
|
@ -208,7 +208,6 @@ def build_monkey_execution_command(host: VictimHost, depth: int, executable_path
|
|||
monkey_params = build_monkey_commandline(
|
||||
target_host=host,
|
||||
depth=depth,
|
||||
vulnerable_port=None,
|
||||
location=executable_path,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -164,7 +164,6 @@ class ShellShockExploiter(HostExploiter):
|
|||
cmdline += build_monkey_commandline(
|
||||
self.host,
|
||||
get_monkey_depth() - 1,
|
||||
HTTPTools.get_port_from_url(url),
|
||||
dropper_target_path_linux,
|
||||
)
|
||||
cmdline += " & "
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ class SmbExploiter(HostExploiter):
|
|||
|
||||
def __init__(self, host):
|
||||
super(SmbExploiter, self).__init__(host)
|
||||
self.vulnerable_port = None
|
||||
|
||||
def is_os_supported(self):
|
||||
if super(SmbExploiter, self).is_os_supported():
|
||||
|
|
@ -112,7 +111,6 @@ class SmbExploiter(HostExploiter):
|
|||
logger.debug("Exploiter SmbExec is giving up...")
|
||||
return False
|
||||
|
||||
self.set_vulnerable_port()
|
||||
# execute the remote dropper in case the path isn't final
|
||||
if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
|
||||
cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {
|
||||
|
|
@ -120,15 +118,12 @@ class SmbExploiter(HostExploiter):
|
|||
} + build_monkey_commandline(
|
||||
self.host,
|
||||
get_monkey_depth() - 1,
|
||||
self.vulnerable_port,
|
||||
self._config.dropper_target_path_win_32,
|
||||
)
|
||||
else:
|
||||
cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {
|
||||
"monkey_path": remote_full_path
|
||||
} + build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1, vulnerable_port=self.vulnerable_port
|
||||
)
|
||||
} + build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||
|
||||
smb_conn = False
|
||||
for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
|
||||
|
|
@ -198,11 +193,3 @@ class SmbExploiter(HostExploiter):
|
|||
)
|
||||
)
|
||||
return True
|
||||
|
||||
def set_vulnerable_port(self):
|
||||
if "tcp-445" in self.host.services:
|
||||
self.vulnerable_port = "445"
|
||||
elif "tcp-139" in self.host.services:
|
||||
self.vulnerable_port = "139"
|
||||
else:
|
||||
self.vulnerable_port = None
|
||||
|
|
|
|||
|
|
@ -197,9 +197,7 @@ class SSHExploiter(HostExploiter):
|
|||
|
||||
try:
|
||||
cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
|
||||
cmdline += build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1, vulnerable_port=SSH_PORT
|
||||
)
|
||||
cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||
cmdline += " > /dev/null 2>&1 &"
|
||||
ssh.exec_command(cmdline)
|
||||
|
||||
|
|
|
|||
|
|
@ -80,10 +80,6 @@ class HTTPTools(object):
|
|||
httpd,
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def get_port_from_url(url: str) -> int:
|
||||
return urllib.parse.urlparse(url).port
|
||||
|
||||
|
||||
class MonkeyHTTPServer(HTTPTools):
|
||||
def __init__(self, host):
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@ class WebRCE(HostExploiter):
|
|||
self.skip_exist = self._config.skip_exploit_if_file_exist
|
||||
self.vulnerable_urls = []
|
||||
self.target_url = None
|
||||
self.vulnerable_port = None
|
||||
|
||||
def get_exploit_config(self):
|
||||
"""
|
||||
|
|
@ -106,7 +105,6 @@ class WebRCE(HostExploiter):
|
|||
return False
|
||||
|
||||
self.target_url = self.get_target_url()
|
||||
self.vulnerable_port = HTTPTools.get_port_from_url(self.target_url)
|
||||
|
||||
# Skip if monkey already exists and this option is given
|
||||
if (
|
||||
|
|
@ -455,18 +453,14 @@ class WebRCE(HostExploiter):
|
|||
default_path = self.get_default_dropper_path()
|
||||
if default_path is False:
|
||||
return False
|
||||
monkey_cmd = build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1, self.vulnerable_port, default_path
|
||||
)
|
||||
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, default_path)
|
||||
command = RUN_MONKEY % {
|
||||
"monkey_path": path,
|
||||
"monkey_type": DROPPER_ARG,
|
||||
"parameters": monkey_cmd,
|
||||
}
|
||||
else:
|
||||
monkey_cmd = build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1, self.vulnerable_port
|
||||
)
|
||||
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||
command = RUN_MONKEY % {
|
||||
"monkey_path": path,
|
||||
"monkey_type": MONKEY_ARG,
|
||||
|
|
|
|||
|
|
@ -289,15 +289,12 @@ class Ms08_067_Exploiter(HostExploiter):
|
|||
} + build_monkey_commandline(
|
||||
self.host,
|
||||
get_monkey_depth() - 1,
|
||||
SRVSVC_Exploit.TELNET_PORT,
|
||||
self._config.dropper_target_path_win_32,
|
||||
)
|
||||
else:
|
||||
cmdline = MONKEY_CMDLINE_WINDOWS % {
|
||||
"monkey_path": remote_full_path
|
||||
} + build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1, vulnerable_port=SRVSVC_Exploit.TELNET_PORT
|
||||
)
|
||||
} + build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||
|
||||
try:
|
||||
sock.send(("start %s\r\n" % (cmdline,)).encode())
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ class WmiExploiter(HostExploiter):
|
|||
_TARGET_OS_TYPE = ["windows"]
|
||||
EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
|
||||
_EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)"
|
||||
VULNERABLE_PORT = 135
|
||||
|
||||
def __init__(self, host):
|
||||
super(WmiExploiter, self).__init__(host)
|
||||
|
|
@ -113,15 +112,12 @@ class WmiExploiter(HostExploiter):
|
|||
} + build_monkey_commandline(
|
||||
self.host,
|
||||
get_monkey_depth() - 1,
|
||||
WmiExploiter.VULNERABLE_PORT,
|
||||
self._config.dropper_target_path_win_32,
|
||||
)
|
||||
else:
|
||||
cmdline = MONKEY_CMDLINE_WINDOWS % {
|
||||
"monkey_path": remote_full_path
|
||||
} + build_monkey_commandline(
|
||||
self.host, get_monkey_depth() - 1, WmiExploiter.VULNERABLE_PORT
|
||||
)
|
||||
} + build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||
|
||||
# execute the remote monkey
|
||||
result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(
|
||||
|
|
|
|||
|
|
@ -36,7 +36,6 @@ class ZerologonExploiter(HostExploiter):
|
|||
|
||||
def __init__(self, host: object):
|
||||
super().__init__(host)
|
||||
self.vulnerable_port = None
|
||||
self.exploit_info["credentials"] = {}
|
||||
self.exploit_info["password_restored"] = None
|
||||
self._extracted_creds = {}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ from infection_monkey.control import ControlClient
|
|||
from infection_monkey.master.mock_master import MockMaster
|
||||
from infection_monkey.model import DELAY_DELETE_CMD
|
||||
from infection_monkey.network.firewall import app as firewall
|
||||
from infection_monkey.network.tools import is_running_on_island
|
||||
from infection_monkey.puppet.mock_puppet import MockPuppet
|
||||
from infection_monkey.system_singleton import SystemSingleton
|
||||
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
||||
|
|
@ -50,7 +49,6 @@ class InfectionMonkey:
|
|||
arg_parser.add_argument("-t", "--tunnel")
|
||||
arg_parser.add_argument("-s", "--server")
|
||||
arg_parser.add_argument("-d", "--depth", type=int)
|
||||
arg_parser.add_argument("-vp", "--vulnerable-port")
|
||||
opts, _ = arg_parser.parse_known_args(args)
|
||||
InfectionMonkey._log_arguments(opts)
|
||||
return opts
|
||||
|
|
@ -145,13 +143,6 @@ class InfectionMonkey:
|
|||
def _setup(self):
|
||||
logger.debug("Starting the setup phase.")
|
||||
|
||||
if self._should_exit_for_performance():
|
||||
logger.info(
|
||||
"Monkey shouldn't run on current machine to improve perfomance"
|
||||
"(it will be exploited later with more depth)."
|
||||
)
|
||||
return
|
||||
|
||||
if firewall.is_enabled():
|
||||
firewall.add_firewall_rule()
|
||||
|
||||
|
|
@ -164,18 +155,6 @@ class InfectionMonkey:
|
|||
|
||||
register_signal_handlers(self._master)
|
||||
|
||||
def _should_exit_for_performance(self):
|
||||
"""
|
||||
This method implements propagation performance enhancing algorithm that
|
||||
kicks in if the run was started from the Island.
|
||||
Should get replaced by other, better performance enhancement solutions
|
||||
"""
|
||||
if is_running_on_island():
|
||||
WormConfiguration.started_on_island = True
|
||||
ControlClient.report_start_on_island()
|
||||
|
||||
return not ControlClient.should_monkey_run(self._opts.vulnerable_port)
|
||||
|
||||
def _is_another_monkey_running(self):
|
||||
return not self._singleton.try_lock()
|
||||
|
||||
|
|
|
|||
|
|
@ -3,9 +3,7 @@ from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG
|
|||
from infection_monkey.model.host import VictimHost
|
||||
|
||||
|
||||
def build_monkey_commandline(
|
||||
target_host: VictimHost, depth: int, vulnerable_port: str, location: str = None
|
||||
) -> str:
|
||||
def build_monkey_commandline(target_host: VictimHost, depth: int, location: str = None) -> str:
|
||||
|
||||
return " " + " ".join(
|
||||
build_monkey_commandline_explicitly(
|
||||
|
|
@ -14,7 +12,6 @@ def build_monkey_commandline(
|
|||
target_host.default_server,
|
||||
depth,
|
||||
location,
|
||||
vulnerable_port,
|
||||
)
|
||||
)
|
||||
|
||||
|
|
@ -25,7 +22,6 @@ def build_monkey_commandline_explicitly(
|
|||
server: str = None,
|
||||
depth: int = None,
|
||||
location: str = None,
|
||||
vulnerable_port: str = None,
|
||||
) -> list:
|
||||
cmdline = []
|
||||
|
||||
|
|
@ -46,9 +42,6 @@ def build_monkey_commandline_explicitly(
|
|||
if location is not None:
|
||||
cmdline.append("-l")
|
||||
cmdline.append(str(location))
|
||||
if vulnerable_port is not None:
|
||||
cmdline.append("-vp")
|
||||
cmdline.append(str(vulnerable_port))
|
||||
|
||||
return cmdline
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ from monkey_island.cc.resources.island_mode import IslandMode
|
|||
from monkey_island.cc.resources.local_run import LocalRun
|
||||
from monkey_island.cc.resources.log import Log
|
||||
from monkey_island.cc.resources.monkey import Monkey
|
||||
from monkey_island.cc.resources.monkey_control.remote_port_check import RemotePortCheck
|
||||
from monkey_island.cc.resources.monkey_control.started_on_island import StartedOnIsland
|
||||
from monkey_island.cc.resources.monkey_control.stop_agent_check import StopAgentCheck
|
||||
from monkey_island.cc.resources.monkey_download import MonkeyDownload
|
||||
|
|
@ -173,7 +172,6 @@ def init_api_resources(api):
|
|||
api.add_resource(PropagationCredentials, "/api/propagationCredentials")
|
||||
api.add_resource(RemoteRun, "/api/remote-monkey", "/api/remote-monkey/")
|
||||
api.add_resource(VersionUpdate, "/api/version-update", "/api/version-update/")
|
||||
api.add_resource(RemotePortCheck, "/api/monkey_control/check_remote_port/<string:port>")
|
||||
api.add_resource(StartedOnIsland, "/api/monkey_control/started_on_island")
|
||||
api.add_resource(StopAgentCheck, "/api/monkey_control/<int:monkey_guid>")
|
||||
api.add_resource(ScoutSuiteAuth, "/api/scoutsuite_auth/<string:provider>")
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
import flask_restful
|
||||
from flask import request
|
||||
|
||||
from monkey_island.cc.services.remote_port_check import check_tcp_port
|
||||
|
||||
|
||||
class RemotePortCheck(flask_restful.Resource):
|
||||
|
||||
# Used by monkey. can't secure.
|
||||
def get(self, port):
|
||||
if port and check_tcp_port(request.remote_addr, port):
|
||||
return {"status": "port_visible"}
|
||||
else:
|
||||
return {"status": "port_invisible"}
|
||||
|
|
@ -20,11 +20,9 @@ def test_build_monkey_commandline_explicitly_arguments():
|
|||
"0",
|
||||
"-l",
|
||||
"C:\\windows\\abc",
|
||||
"-vp",
|
||||
"80",
|
||||
]
|
||||
actual = build_monkey_commandline_explicitly(
|
||||
"101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", "80"
|
||||
"101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc"
|
||||
)
|
||||
|
||||
assert expected == actual
|
||||
|
|
@ -100,9 +98,7 @@ def test_build_monkey_commandline():
|
|||
example_host = VictimHost(ip_addr="bla")
|
||||
example_host.set_default_server("101010")
|
||||
|
||||
expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla -vp 80"
|
||||
actual = build_monkey_commandline(
|
||||
target_host=example_host, depth=0, vulnerable_port="80", location="/home/bla"
|
||||
)
|
||||
expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla"
|
||||
actual = build_monkey_commandline(target_host=example_host, depth=0, location="/home/bla")
|
||||
|
||||
assert expected == actual
|
||||
|
|
|
|||
Loading…
Reference in New Issue