Merge pull request #1644 from guardicore/1635-remove-should-monkey-run-function

1635 remove should monkey run function
2021-12-08 06:42:28 -05:00 · 2021-12-08 06:42:28 -05:00 · 416d6734ba
parent 84c6f6ee01 5052e21d97
commit 416d6734ba
19 changed files with 14 additions and 132 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -33,6 +33,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - Max iterations and timeout between iterations config options. #1600
 - MITRE ATT&CK configuration screen. #1532
 - Propagation credentials from "GET /api/monkey/<string:guid>" endpoint. #1538
 - "GET /api/monkey_control/check_remote_port/<string:port>" endpoint. #1635
 ### Fixed
 - A bug in network map page that caused delay of telemetry log loading. #1545
--- a/monkey/infection_monkey/control.py
+++ b/monkey/infection_monkey/control.py
@ -13,11 +13,7 @@ import infection_monkey.monkeyfs as monkeyfs
 import infection_monkey.tunnel as tunnel
 from common.common_consts.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
 from common.common_consts.time_formats import DEFAULT_TIME_FORMAT
-from common.common_consts.timeouts import (
+from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
    LONG_REQUEST_TIMEOUT,
    MEDIUM_REQUEST_TIMEOUT,
    SHORT_REQUEST_TIMEOUT,
 )
 from infection_monkey.config import GUID, WormConfiguration
 from infection_monkey.network.info import local_ips
 from infection_monkey.transport.http import HTTPConnectProxy
@ -407,33 +403,6 @@ class ControlClient(object):
        except requests.exceptions.RequestException:
            return False
    @staticmethod
    def should_monkey_run(vulnerable_port: str) -> bool:
        if (
            vulnerable_port
            and WormConfiguration.get_hop_distance_to_island() > 1
            and ControlClient.can_island_see_port(vulnerable_port)
            and WormConfiguration.started_on_island
        ):
            return False
        return True
    @staticmethod
    def can_island_see_port(port):
        try:
            url = (
                f"https://{WormConfiguration.current_server}/api/monkey_control"
                f"/check_remote_port/{port}"
            )
            response = requests.get(  # noqa: DUO123
                url, verify=False, timeout=SHORT_REQUEST_TIMEOUT
            )
            response = json.loads(response.content.decode())
            return response["status"] == "port_visible"
        except requests.exceptions.RequestException:
            return False
    @staticmethod
    def report_start_on_island():
        requests.post(  # noqa: DUO123
--- a/monkey/infection_monkey/dropper.py
+++ b/monkey/infection_monkey/dropper.py
@ -139,7 +139,6 @@ class MonkeyDrops(object):
            server=self.opts.server,
            depth=self.opts.depth,
            location=None,
            vulnerable_port=self.opts.vulnerable_port,
        )
        if OperatingSystem.Windows == SystemInfoCollector.get_os():
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@ -87,9 +87,7 @@ class HadoopExploiter(WebRCE):
    def build_command(self, path, http_path):
        # Build command to execute
-        monkey_cmd = build_monkey_commandline(
+        monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
            self.host, get_monkey_depth() - 1, vulnerable_port=HadoopExploiter.HADOOP_PORTS[0][0]
        )
        if "linux" in self.host.os["type"]:
            base_command = HADOOP_LINUX_COMMAND
        else:
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -147,9 +147,7 @@ class MSSQLExploiter(HostExploiter):
    def get_monkey_launch_command(self):
        dst_path = get_monkey_dest_path(self.monkey_server.http_path)
        # Form monkey's launch command
-        monkey_args = build_monkey_commandline(
+        monkey_args = build_monkey_commandline(self.host, get_monkey_depth() - 1, dst_path)
            self.host, get_monkey_depth() - 1, MSSQLExploiter.SQL_DEFAULT_TCP_PORT, dst_path
        )
        suffix = ">>{}".format(self.payload_file_path)
        prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX
        return MSSQLLimitedSizePayload(
--- a/monkey/infection_monkey/exploit/powershell.py
+++ b/monkey/infection_monkey/exploit/powershell.py
@ -208,7 +208,6 @@ def build_monkey_execution_command(host: VictimHost, depth: int, executable_path
    monkey_params = build_monkey_commandline(
        target_host=host,
        depth=depth,
        vulnerable_port=None,
        location=executable_path,
    )
--- a/monkey/infection_monkey/exploit/shellshock.py
+++ b/monkey/infection_monkey/exploit/shellshock.py
@ -164,7 +164,6 @@ class ShellShockExploiter(HostExploiter):
            cmdline += build_monkey_commandline(
                self.host,
                get_monkey_depth() - 1,
                HTTPTools.get_port_from_url(url),
                dropper_target_path_linux,
            )
            cmdline += " & "
--- a/monkey/infection_monkey/exploit/smbexec.py
+++ b/monkey/infection_monkey/exploit/smbexec.py
@ -28,7 +28,6 @@ class SmbExploiter(HostExploiter):
    def __init__(self, host):
        super(SmbExploiter, self).__init__(host)
        self.vulnerable_port = None
    def is_os_supported(self):
        if super(SmbExploiter, self).is_os_supported():
@ -112,7 +111,6 @@ class SmbExploiter(HostExploiter):
            logger.debug("Exploiter SmbExec is giving up...")
            return False
        self.set_vulnerable_port()
        # execute the remote dropper in case the path isn't final
        if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
            cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {
@ -120,15 +118,12 @@ class SmbExploiter(HostExploiter):
            } + build_monkey_commandline(
                self.host,
                get_monkey_depth() - 1,
                self.vulnerable_port,
                self._config.dropper_target_path_win_32,
            )
        else:
            cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {
                "monkey_path": remote_full_path
-            } + build_monkey_commandline(
+            } + build_monkey_commandline(self.host, get_monkey_depth() - 1)
                self.host, get_monkey_depth() - 1, vulnerable_port=self.vulnerable_port
            )
        smb_conn = False
        for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
@ -198,11 +193,3 @@ class SmbExploiter(HostExploiter):
            )
        )
        return True
    def set_vulnerable_port(self):
        if "tcp-445" in self.host.services:
            self.vulnerable_port = "445"
        elif "tcp-139" in self.host.services:
            self.vulnerable_port = "139"
        else:
            self.vulnerable_port = None
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@ -197,9 +197,7 @@ class SSHExploiter(HostExploiter):
        try:
            cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
-            cmdline += build_monkey_commandline(
+            cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
                self.host, get_monkey_depth() - 1, vulnerable_port=SSH_PORT
            )
            cmdline += " > /dev/null 2>&1 &"
            ssh.exec_command(cmdline)
--- a/monkey/infection_monkey/exploit/tools/http_tools.py
+++ b/monkey/infection_monkey/exploit/tools/http_tools.py
@ -80,10 +80,6 @@ class HTTPTools(object):
            httpd,
        )
    @staticmethod
    def get_port_from_url(url: str) -> int:
        return urllib.parse.urlparse(url).port
 class MonkeyHTTPServer(HTTPTools):
    def __init__(self, host):
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@ -53,7 +53,6 @@ class WebRCE(HostExploiter):
        self.skip_exist = self._config.skip_exploit_if_file_exist
        self.vulnerable_urls = []
        self.target_url = None
        self.vulnerable_port = None
    def get_exploit_config(self):
        """
@ -106,7 +105,6 @@ class WebRCE(HostExploiter):
            return False
        self.target_url = self.get_target_url()
        self.vulnerable_port = HTTPTools.get_port_from_url(self.target_url)
        # Skip if monkey already exists and this option is given
        if (
@ -455,18 +453,14 @@ class WebRCE(HostExploiter):
            default_path = self.get_default_dropper_path()
            if default_path is False:
                return False
-            monkey_cmd = build_monkey_commandline(
+            monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, default_path)
                self.host, get_monkey_depth() - 1, self.vulnerable_port, default_path
            )
            command = RUN_MONKEY % {
                "monkey_path": path,
                "monkey_type": DROPPER_ARG,
                "parameters": monkey_cmd,
            }
        else:
-            monkey_cmd = build_monkey_commandline(
+            monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
                self.host, get_monkey_depth() - 1, self.vulnerable_port
            )
            command = RUN_MONKEY % {
                "monkey_path": path,
                "monkey_type": MONKEY_ARG,
--- a/monkey/infection_monkey/exploit/win_ms08_067.py
+++ b/monkey/infection_monkey/exploit/win_ms08_067.py
@ -289,15 +289,12 @@ class Ms08_067_Exploiter(HostExploiter):
            } + build_monkey_commandline(
                self.host,
                get_monkey_depth() - 1,
                SRVSVC_Exploit.TELNET_PORT,
                self._config.dropper_target_path_win_32,
            )
        else:
            cmdline = MONKEY_CMDLINE_WINDOWS % {
                "monkey_path": remote_full_path
-            } + build_monkey_commandline(
+            } + build_monkey_commandline(self.host, get_monkey_depth() - 1)
                self.host, get_monkey_depth() - 1, vulnerable_port=SRVSVC_Exploit.TELNET_PORT
            )
        try:
            sock.send(("start %s\r\n" % (cmdline,)).encode())
--- a/monkey/infection_monkey/exploit/wmiexec.py
+++ b/monkey/infection_monkey/exploit/wmiexec.py
@ -20,7 +20,6 @@ class WmiExploiter(HostExploiter):
    _TARGET_OS_TYPE = ["windows"]
    EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
    _EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)"
    VULNERABLE_PORT = 135
    def __init__(self, host):
        super(WmiExploiter, self).__init__(host)
@ -113,15 +112,12 @@ class WmiExploiter(HostExploiter):
                } + build_monkey_commandline(
                    self.host,
                    get_monkey_depth() - 1,
                    WmiExploiter.VULNERABLE_PORT,
                    self._config.dropper_target_path_win_32,
                )
            else:
                cmdline = MONKEY_CMDLINE_WINDOWS % {
                    "monkey_path": remote_full_path
-                } + build_monkey_commandline(
+                } + build_monkey_commandline(self.host, get_monkey_depth() - 1)
                    self.host, get_monkey_depth() - 1, WmiExploiter.VULNERABLE_PORT
                )
            # execute the remote monkey
            result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@ -36,7 +36,6 @@ class ZerologonExploiter(HostExploiter):
    def __init__(self, host: object):
        super().__init__(host)
        self.vulnerable_port = None
        self.exploit_info["credentials"] = {}
        self.exploit_info["password_restored"] = None
        self._extracted_creds = {}
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@ -13,7 +13,6 @@ from infection_monkey.control import ControlClient
 from infection_monkey.master.mock_master import MockMaster
 from infection_monkey.model import DELAY_DELETE_CMD
 from infection_monkey.network.firewall import app as firewall
 from infection_monkey.network.tools import is_running_on_island
 from infection_monkey.puppet.mock_puppet import MockPuppet
 from infection_monkey.system_singleton import SystemSingleton
 from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
@ -50,7 +49,6 @@ class InfectionMonkey:
        arg_parser.add_argument("-t", "--tunnel")
        arg_parser.add_argument("-s", "--server")
        arg_parser.add_argument("-d", "--depth", type=int)
        arg_parser.add_argument("-vp", "--vulnerable-port")
        opts, _ = arg_parser.parse_known_args(args)
        InfectionMonkey._log_arguments(opts)
        return opts
@ -145,13 +143,6 @@ class InfectionMonkey:
    def _setup(self):
        logger.debug("Starting the setup phase.")
        if self._should_exit_for_performance():
            logger.info(
                "Monkey shouldn't run on current machine to improve perfomance"
                "(it will be exploited later with more depth)."
            )
            return
        if firewall.is_enabled():
            firewall.add_firewall_rule()
@ -164,18 +155,6 @@ class InfectionMonkey:
        register_signal_handlers(self._master)
    def _should_exit_for_performance(self):
        """
        This method implements propagation performance enhancing algorithm that
        kicks in if the run was started from the Island.
        Should get replaced by other, better performance enhancement solutions
        """
        if is_running_on_island():
            WormConfiguration.started_on_island = True
            ControlClient.report_start_on_island()
        return not ControlClient.should_monkey_run(self._opts.vulnerable_port)
    def _is_another_monkey_running(self):
        return not self._singleton.try_lock()
--- a/monkey/infection_monkey/utils/commands.py
+++ b/monkey/infection_monkey/utils/commands.py
@ -3,9 +3,7 @@ from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG
 from infection_monkey.model.host import VictimHost
-def build_monkey_commandline(
+def build_monkey_commandline(target_host: VictimHost, depth: int, location: str = None) -> str:
    target_host: VictimHost, depth: int, vulnerable_port: str, location: str = None
 ) -> str:
    return " " + " ".join(
        build_monkey_commandline_explicitly(
@ -14,7 +12,6 @@ def build_monkey_commandline(
            target_host.default_server,
            depth,
            location,
            vulnerable_port,
        )
    )
@ -25,7 +22,6 @@ def build_monkey_commandline_explicitly(
    server: str = None,
    depth: int = None,
    location: str = None,
    vulnerable_port: str = None,
 ) -> list:
    cmdline = []
@ -46,9 +42,6 @@ def build_monkey_commandline_explicitly(
    if location is not None:
        cmdline.append("-l")
        cmdline.append(str(location))
    if vulnerable_port is not None:
        cmdline.append("-vp")
        cmdline.append(str(vulnerable_port))
    return cmdline
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@ -30,7 +30,6 @@ from monkey_island.cc.resources.island_mode import IslandMode
 from monkey_island.cc.resources.local_run import LocalRun
 from monkey_island.cc.resources.log import Log
 from monkey_island.cc.resources.monkey import Monkey
 from monkey_island.cc.resources.monkey_control.remote_port_check import RemotePortCheck
 from monkey_island.cc.resources.monkey_control.started_on_island import StartedOnIsland
 from monkey_island.cc.resources.monkey_control.stop_agent_check import StopAgentCheck
 from monkey_island.cc.resources.monkey_download import MonkeyDownload
@ -173,7 +172,6 @@ def init_api_resources(api):
    api.add_resource(PropagationCredentials, "/api/propagationCredentials")
    api.add_resource(RemoteRun, "/api/remote-monkey", "/api/remote-monkey/")
    api.add_resource(VersionUpdate, "/api/version-update", "/api/version-update/")
    api.add_resource(RemotePortCheck, "/api/monkey_control/check_remote_port/<string:port>")
    api.add_resource(StartedOnIsland, "/api/monkey_control/started_on_island")
    api.add_resource(StopAgentCheck, "/api/monkey_control/<int:monkey_guid>")
    api.add_resource(ScoutSuiteAuth, "/api/scoutsuite_auth/<string:provider>")
--- a/monkey/monkey_island/cc/resources/monkey_control/remote_port_check.py
+++ b/monkey/monkey_island/cc/resources/monkey_control/remote_port_check.py
@ -1,14 +0,0 @@
 import flask_restful
 from flask import request
 from monkey_island.cc.services.remote_port_check import check_tcp_port
 class RemotePortCheck(flask_restful.Resource):
    # Used by monkey. can't secure.
    def get(self, port):
        if port and check_tcp_port(request.remote_addr, port):
            return {"status": "port_visible"}
        else:
            return {"status": "port_invisible"}
--- a/monkey/tests/unit_tests/infection_monkey/utils/test_commands.py
+++ b/monkey/tests/unit_tests/infection_monkey/utils/test_commands.py
@ -20,11 +20,9 @@ def test_build_monkey_commandline_explicitly_arguments():
        "0",
        "-l",
        "C:\\windows\\abc",
        "-vp",
        "80",
    ]
    actual = build_monkey_commandline_explicitly(
-        "101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", "80"
+        "101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc"
    )
    assert expected == actual
@ -100,9 +98,7 @@ def test_build_monkey_commandline():
    example_host = VictimHost(ip_addr="bla")
    example_host.set_default_server("101010")
-    expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla -vp 80"
+    expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla"
-    actual = build_monkey_commandline(
+    actual = build_monkey_commandline(target_host=example_host, depth=0, location="/home/bla")
        target_host=example_host, depth=0, vulnerable_port="80", location="/home/bla"
    )
    assert expected == actual