Merge branch 'develop' into feature/run-aws-monkey
This commit is contained in:
commit
78507062b8
|
@ -121,7 +121,7 @@ openssl req -new -key cc/server.key -out cc/server.csr \
|
||||||
openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt || handle_error
|
openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt || handle_error
|
||||||
|
|
||||||
|
|
||||||
chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error
|
sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error
|
||||||
${ISLAND_PATH}/linux/create_certificate.sh || handle_error
|
${ISLAND_PATH}/linux/create_certificate.sh || handle_error
|
||||||
|
|
||||||
# Install npm
|
# Install npm
|
||||||
|
@ -142,16 +142,16 @@ npm run dist
|
||||||
log_message "Installing monkey requirements"
|
log_message "Installing monkey requirements"
|
||||||
sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1
|
sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1
|
||||||
cd ${monkey_home}/monkey/infection_monkey || handle_error
|
cd ${monkey_home}/monkey/infection_monkey || handle_error
|
||||||
python -m pip install --user -r requirements.txt || handle_error
|
python -m pip install --user -r requirements_linux.txt || handle_error
|
||||||
|
|
||||||
# Build samba
|
# Build samba
|
||||||
log_message "Building samba binaries"
|
log_message "Building samba binaries"
|
||||||
sudo apt-get install gcc-multilib
|
sudo apt-get install gcc-multilib
|
||||||
cd ${monkey_home}/monkey/infection_monkey/monkey_utils/sambacry_monkey_runner
|
cd ${monkey_home}/monkey/infection_monkey/monkey_utils/sambacry_monkey_runner
|
||||||
chmod +x ./build.sh || handle_error
|
sudo chmod +x ./build.sh || handle_error
|
||||||
./build.sh
|
./build.sh
|
||||||
|
|
||||||
chmod +x ${monkey_home}/monkey/infection_monkey/build_linux.sh
|
sudo chmod +x ${monkey_home}/monkey/infection_monkey/build_linux.sh
|
||||||
|
|
||||||
log_message "Deployment script finished."
|
log_message "Deployment script finished."
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -39,7 +39,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||||
New-Item -ItemType directory -path $binDir
|
New-Item -ItemType directory -path $binDir
|
||||||
"Bin directory added"
|
"Bin directory added"
|
||||||
}
|
}
|
||||||
|
|
||||||
# We check if python is installed
|
# We check if python is installed
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
@ -72,7 +72,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||||
"Downloading Visual C++ Compiler for Python 2.7 ..."
|
"Downloading Visual C++ Compiler for Python 2.7 ..."
|
||||||
$webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER)
|
$webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER)
|
||||||
Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop
|
Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop
|
||||||
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
|
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
|
||||||
Remove-Item $TEMP_VC_FOR_PYTHON27_INSTALLER
|
Remove-Item $TEMP_VC_FOR_PYTHON27_INSTALLER
|
||||||
|
|
||||||
# Install requirements for island
|
# Install requirements for island
|
||||||
|
@ -86,7 +86,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||||
}
|
}
|
||||||
& python -m pip install --user -r $islandRequirements
|
& python -m pip install --user -r $islandRequirements
|
||||||
# Install requirements for monkey
|
# Install requirements for monkey
|
||||||
$monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements.txt"
|
$monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt"
|
||||||
& python -m pip install --user -r $monkeyRequirements
|
& python -m pip install --user -r $monkeyRequirements
|
||||||
|
|
||||||
# Download mongodb
|
# Download mongodb
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
*.md
|
|
@ -1,19 +1,24 @@
|
||||||
FROM debian:jessie-slim
|
FROM debian:stretch-slim
|
||||||
|
|
||||||
LABEL MAINTAINER="theonlydoo <theonlydoo@gmail.com>"
|
LABEL MAINTAINER="theonlydoo <theonlydoo@gmail.com>"
|
||||||
|
|
||||||
|
ARG RELEASE=1.6
|
||||||
|
ARG DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
|
EXPOSE 5000
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
ADD https://github.com/guardicore/monkey/releases/download/1.5.2/infection_monkey_1.5.2_deb.tgz .
|
ADD https://github.com/guardicore/monkey/releases/download/${RELEASE}/infection_monkey_deb.${RELEASE}.tgz .
|
||||||
|
|
||||||
RUN tar xvf infection_monkey_1.5.2_deb.tgz \
|
RUN tar xvf infection_monkey_deb.${RELEASE}.tgz \
|
||||||
&& apt-get -yqq update \
|
&& apt-get -yqq update \
|
||||||
&& apt-get -yqq upgrade \
|
&& apt-get -yqq upgrade \
|
||||||
&& apt-get -yqq install python-pip \
|
&& apt-get -yqq install python-pip \
|
||||||
libssl-dev \
|
python-dev \
|
||||||
supervisor \
|
&& dpkg -i *.deb \
|
||||||
&& dpkg -i *.deb
|
&& rm -f *.deb *.tgz
|
||||||
|
|
||||||
COPY stack.conf /etc/supervisor/conf.d/stack.conf
|
WORKDIR /var/monkey
|
||||||
|
ENTRYPOINT ["/var/monkey/monkey_island/bin/python/bin/python"]
|
||||||
ENTRYPOINT [ "supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf" ]
|
CMD ["/var/monkey/monkey_island.py"]
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
version: '3.3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mongo:4
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- db_data:/data/db
|
||||||
|
environment:
|
||||||
|
MONGO_INITDB_DATABASE: monkeyisland
|
||||||
|
monkey:
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
build: .
|
||||||
|
image: monkey:latest
|
||||||
|
ports:
|
||||||
|
- "5000:5000"
|
||||||
|
environment:
|
||||||
|
MONGO_URL: mongodb://db:27017/monkeyisland
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db_data:
|
|
@ -1,4 +0,0 @@
|
||||||
[program:mongod]
|
|
||||||
command=/var/monkey_island/bin/mongodb/bin/mongod --quiet --dbpath /var/monkey_island/db
|
|
||||||
[program:monkey]
|
|
||||||
command=/var/monkey_island/ubuntu/systemd/start_server.sh
|
|
|
@ -69,7 +69,6 @@ def process_datas(orig_datas):
|
||||||
def get_binaries():
|
def get_binaries():
|
||||||
binaries = get_windows_only_binaries() if is_windows() else get_linux_only_binaries()
|
binaries = get_windows_only_binaries() if is_windows() else get_linux_only_binaries()
|
||||||
binaries += get_sc_binaries()
|
binaries += get_sc_binaries()
|
||||||
binaries += get_traceroute_binaries()
|
|
||||||
return binaries
|
return binaries
|
||||||
|
|
||||||
|
|
||||||
|
@ -81,6 +80,7 @@ def get_windows_only_binaries():
|
||||||
|
|
||||||
def get_linux_only_binaries():
|
def get_linux_only_binaries():
|
||||||
binaries = []
|
binaries = []
|
||||||
|
binaries += get_traceroute_binaries()
|
||||||
return binaries
|
return binaries
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -23,14 +23,17 @@ class BackdoorUser(object):
|
||||||
|
|
||||||
def act(self):
|
def act(self):
|
||||||
LOG.info("Adding a user")
|
LOG.info("Adding a user")
|
||||||
if sys.platform.startswith("win"):
|
try:
|
||||||
retval = self.add_user_windows()
|
if sys.platform.startswith("win"):
|
||||||
else:
|
retval = self.add_user_windows()
|
||||||
retval = self.add_user_linux()
|
else:
|
||||||
if retval != 0:
|
retval = self.add_user_linux()
|
||||||
LOG.warn("Failed to add a user")
|
if retval != 0:
|
||||||
else:
|
LOG.warn("Failed to add a user")
|
||||||
LOG.info("Done adding user")
|
else:
|
||||||
|
LOG.info("Done adding user")
|
||||||
|
except OSError:
|
||||||
|
LOG.exception("Exception while adding a user")
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def add_user_linux():
|
def add_user_linux():
|
||||||
|
|
|
@ -5,6 +5,7 @@ The monkey is composed of three separate parts.
|
||||||
* The Infection Monkey itself - PyInstaller compressed python archives
|
* The Infection Monkey itself - PyInstaller compressed python archives
|
||||||
* Sambacry binaries - Two linux binaries, 32/64 bit.
|
* Sambacry binaries - Two linux binaries, 32/64 bit.
|
||||||
* Mimikatz binaries - Two windows binaries, 32/64 bit.
|
* Mimikatz binaries - Two windows binaries, 32/64 bit.
|
||||||
|
* Traceroute binaries - Two linux binaries, 32/64bit.
|
||||||
|
|
||||||
--- Windows ---
|
--- Windows ---
|
||||||
|
|
||||||
|
@ -51,8 +52,11 @@ Tested on Ubuntu 16.04 and 17.04.
|
||||||
pip install -r requirements.txt
|
pip install -r requirements.txt
|
||||||
2. Build Sambacry binaries
|
2. Build Sambacry binaries
|
||||||
a. Build/Download according to sections at the end of this readme.
|
a. Build/Download according to sections at the end of this readme.
|
||||||
b. Place the binaries under [code location]\infection_monkey\bin
|
b. Place the binaries under [code location]\infection_monkey\bin, under the names 'sc_monkey_runner32.so', 'sc_monkey_runner64.so'
|
||||||
3. To build, run in terminal:
|
3. Build Traceroute binaries
|
||||||
|
a. Build/Download according to sections at the end of this readme.
|
||||||
|
b. Place the binaries under [code location]\infection_monkey\bin, under the names 'traceroute32', 'traceroute64'
|
||||||
|
4. To build, run in terminal:
|
||||||
cd [code location]/infection_monkey
|
cd [code location]/infection_monkey
|
||||||
chmod +x build_linux.sh
|
chmod +x build_linux.sh
|
||||||
./build_linux.sh
|
./build_linux.sh
|
||||||
|
@ -61,19 +65,45 @@ Tested on Ubuntu 16.04 and 17.04.
|
||||||
-- Sambacry --
|
-- Sambacry --
|
||||||
|
|
||||||
Sambacry requires two standalone binaries to execute remotely.
|
Sambacry requires two standalone binaries to execute remotely.
|
||||||
1. Install gcc-multilib if it's not installed
|
a. Build sambacry binaries yourself
|
||||||
sudo apt-get install gcc-multilib
|
a.1. Install gcc-multilib if it's not installed
|
||||||
2. Build the binaries
|
sudo apt-get install gcc-multilib
|
||||||
cd [code location]/infection_monkey/monkey_utils/sambacry_monkey_runner
|
a.2. Build the binaries
|
||||||
./build.sh
|
cd [code location]/infection_monkey/monkey_utils/sambacry_monkey_runner
|
||||||
|
./build.sh
|
||||||
|
|
||||||
|
b. Download our pre-built sambacry binaries
|
||||||
|
b.1. Available here:
|
||||||
|
32bit: https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so
|
||||||
|
64bit: https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so
|
||||||
|
|
||||||
-- Mimikatz --
|
-- Mimikatz --
|
||||||
|
|
||||||
Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile from sources (requires Visual Studio 2013 and up) or download the binaries from
|
Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile from sources (requires Visual Studio 2013 and up) or download the binaries from
|
||||||
https://github.com/guardicore/mimikatz/releases/tag/1.0.0
|
You can either build them yourself or download pre-built binaries.
|
||||||
Download both 32 and 64 bit zipped DLLs and place them under [code location]\infection_monkey\bin
|
a. Build Mimikatz yourself
|
||||||
Alternatively, if you build Mimikatz, put each version in a zip file.
|
a.0. Building mimikatz requires Visual Studio 2013 and up
|
||||||
1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll
|
a.1. Clone our version of mimikatz from https://github.com/guardicore/mimikatz/tree/1.1.0
|
||||||
2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'.
|
a.2. Build using Visual Studio.
|
||||||
3. The zip file should be named mk32.zip/mk64.zip accordingly.
|
a.3. Put each version in a zip file
|
||||||
4. Zipping with 7zip has been tested. Other zipping software may not work.
|
a.3.1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll
|
||||||
|
a.3.2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'.
|
||||||
|
a.3.3. The zip file should be named mk32.zip/mk64.zip accordingly.
|
||||||
|
a.3.4. Zipping with 7zip has been tested. Other zipping software may not work.
|
||||||
|
|
||||||
|
b. Download our pre-built traceroute binaries
|
||||||
|
b.1. Download both 32 and 64 bit zipped DLLs from https://github.com/guardicore/mimikatz/releases/tag/1.1.0
|
||||||
|
b.2. Place them under [code location]\infection_monkey\bin
|
||||||
|
|
||||||
|
-- Traceroute --
|
||||||
|
|
||||||
|
Traceroute requires two standalone binaries to execute remotely.
|
||||||
|
The monkey carries the standalone binaries since traceroute isn't built in all Linux distributions.
|
||||||
|
You can either build them yourself or download pre-built binaries.
|
||||||
|
|
||||||
|
a. Build traceroute yourself
|
||||||
|
a.1. The sources of traceroute are available here with building instructions: http://traceroute.sourceforge.net
|
||||||
|
b. Download our pre-built traceroute binaries
|
||||||
|
b.1. Available here:
|
||||||
|
32bit: https://github.com/guardicore/monkey/releases/download/1.6/traceroute32
|
||||||
|
64bit: https://github.com/guardicore/monkey/releases/download/1.6/traceroute64
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
enum34
|
||||||
|
impacket
|
||||||
|
pycryptodome
|
||||||
|
pyasn1
|
||||||
|
cffi
|
||||||
|
twisted
|
||||||
|
rdpy
|
||||||
|
requests
|
||||||
|
odict
|
||||||
|
paramiko
|
||||||
|
psutil==3.4.2
|
||||||
|
PyInstaller
|
||||||
|
six
|
||||||
|
ecdsa
|
||||||
|
netifaces
|
||||||
|
ipaddress
|
||||||
|
wmi
|
||||||
|
pymssql
|
||||||
|
pyftpdlib
|
|
@ -1,6 +1,6 @@
|
||||||
enum34
|
enum34
|
||||||
impacket
|
impacket
|
||||||
PyCrypto
|
pycryptodome
|
||||||
pyasn1
|
pyasn1
|
||||||
cffi
|
cffi
|
||||||
twisted
|
twisted
|
|
@ -39,7 +39,7 @@ class Encryptor:
|
||||||
def enc(self, message):
|
def enc(self, message):
|
||||||
cipher_iv = Random.new().read(AES.block_size)
|
cipher_iv = Random.new().read(AES.block_size)
|
||||||
cipher = AES.new(self._cipher_key, AES.MODE_CBC, cipher_iv)
|
cipher = AES.new(self._cipher_key, AES.MODE_CBC, cipher_iv)
|
||||||
return base64.b64encode(cipher_iv + cipher.encrypt(self._pad(message)))
|
return base64.b64encode(cipher_iv + cipher.encrypt(str(self._pad(message)))) # ciper.encrypt expects str
|
||||||
|
|
||||||
def dec(self, enc_message):
|
def dec(self, enc_message):
|
||||||
enc_message = base64.b64decode(enc_message)
|
enc_message = base64.b64decode(enc_message)
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import abc
|
import abc
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
import os
|
import os
|
||||||
|
from Crypto.Hash import SHA3_512
|
||||||
|
|
||||||
__author__ = 'itay.mizeretz'
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
@ -13,6 +14,12 @@ class Environment(object):
|
||||||
_DEBUG_SERVER = False
|
_DEBUG_SERVER = False
|
||||||
_AUTH_EXPIRATION_TIME = timedelta(hours=1)
|
_AUTH_EXPIRATION_TIME = timedelta(hours=1)
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
self.config = None
|
||||||
|
|
||||||
|
def set_config(self, config):
|
||||||
|
self.config = config
|
||||||
|
|
||||||
def get_island_port(self):
|
def get_island_port(self):
|
||||||
return self._ISLAND_PORT
|
return self._ISLAND_PORT
|
||||||
|
|
||||||
|
@ -25,6 +32,11 @@ class Environment(object):
|
||||||
def get_auth_expiration_time(self):
|
def get_auth_expiration_time(self):
|
||||||
return self._AUTH_EXPIRATION_TIME
|
return self._AUTH_EXPIRATION_TIME
|
||||||
|
|
||||||
|
def hash_secret(self, secret):
|
||||||
|
h = SHA3_512.new()
|
||||||
|
h.update(secret)
|
||||||
|
return h.hexdigest()
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def is_auth_enabled(self):
|
def is_auth_enabled(self):
|
||||||
return
|
return
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import cc.auth
|
import cc.auth
|
||||||
from cc.environment import Environment
|
from cc.environment import Environment
|
||||||
from common.cloud.aws_instance import AwsInstance
|
from common.cloud.aws_instance import AwsInstance
|
||||||
|
from Crypto.Hash import SHA3_512
|
||||||
|
|
||||||
__author__ = 'itay.mizeretz'
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
@ -23,5 +24,5 @@ class AwsEnvironment(Environment):
|
||||||
|
|
||||||
def get_auth_users(self):
|
def get_auth_users(self):
|
||||||
return [
|
return [
|
||||||
cc.auth.User(1, 'monkey', self._instance_id)
|
cc.auth.User(1, 'monkey', self.hash_secret(self._instance_id))
|
||||||
]
|
]
|
||||||
|
|
|
@ -1,16 +1,22 @@
|
||||||
import json
|
import json
|
||||||
import logging
|
import logging
|
||||||
import standard
|
|
||||||
import aws
|
from cc.environment import standard
|
||||||
|
from cc.environment import aws
|
||||||
|
from cc.environment import password
|
||||||
|
|
||||||
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
AWS = 'aws'
|
AWS = 'aws'
|
||||||
STANDARD = 'standard'
|
STANDARD = 'standard'
|
||||||
|
PASSWORD = 'password'
|
||||||
|
|
||||||
ENV_DICT = {
|
ENV_DICT = {
|
||||||
'standard': standard.StandardEnvironment,
|
STANDARD: standard.StandardEnvironment,
|
||||||
'aws': aws.AwsEnvironment
|
AWS: aws.AwsEnvironment,
|
||||||
|
PASSWORD: password.PasswordEnvironment,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -25,8 +31,10 @@ def load_env_from_file():
|
||||||
return config_json['server_config']
|
return config_json['server_config']
|
||||||
|
|
||||||
try:
|
try:
|
||||||
__env_type = load_env_from_file()
|
config_json = load_server_configuration_from_file()
|
||||||
|
__env_type = config_json['server_config']
|
||||||
env = ENV_DICT[__env_type]()
|
env = ENV_DICT[__env_type]()
|
||||||
|
env.set_config(config_json)
|
||||||
logger.info('Monkey\'s env is: {0}'.format(env.__class__.__name__))
|
logger.info('Monkey\'s env is: {0}'.format(env.__class__.__name__))
|
||||||
except Exception:
|
except Exception:
|
||||||
logger.error('Failed initializing environment', exc_info=True)
|
logger.error('Failed initializing environment', exc_info=True)
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
from cc.environment import Environment
|
||||||
|
import cc.auth
|
||||||
|
|
||||||
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
|
||||||
|
class PasswordEnvironment(Environment):
|
||||||
|
|
||||||
|
def is_auth_enabled(self):
|
||||||
|
return True
|
||||||
|
|
||||||
|
def get_auth_users(self):
|
||||||
|
return [
|
||||||
|
cc.auth.User(1, self.config['user'], self.config['hash'])
|
||||||
|
]
|
|
@ -52,7 +52,7 @@ class TelemetryFeed(flask_restful.Resource):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_state_telem_brief(telem):
|
def get_state_telem_brief(telem):
|
||||||
if telem['data']['done']:
|
if telem['data']['done']:
|
||||||
return 'Monkey died.'
|
return '''Monkey finishing it's execution.'''
|
||||||
else:
|
else:
|
||||||
return 'Monkey started.'
|
return 'Monkey started.'
|
||||||
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -90,6 +90,7 @@
|
||||||
"react-router-dom": "^4.3.1",
|
"react-router-dom": "^4.3.1",
|
||||||
"react-table": "^6.8.6",
|
"react-table": "^6.8.6",
|
||||||
"react-toggle": "^4.0.1",
|
"react-toggle": "^4.0.1",
|
||||||
"redux": "^4.0.0"
|
"redux": "^4.0.0",
|
||||||
|
"sha3": "^2.0.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
import BaseConfig from './BaseConfig';
|
||||||
|
|
||||||
|
class PasswordConfig extends BaseConfig{
|
||||||
|
isAuthEnabled() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export default PasswordConfig;
|
|
@ -1,12 +1,14 @@
|
||||||
import StandardConfig from './StandardConfig';
|
import StandardConfig from './StandardConfig';
|
||||||
import AwsConfig from './AwsConfig';
|
import AwsConfig from './AwsConfig';
|
||||||
|
import PasswordConfig from "./PasswordConfig";
|
||||||
|
|
||||||
const SERVER_CONFIG_JSON = require('../../../server_config.json');
|
const SERVER_CONFIG_JSON = require('../../../server_config.json');
|
||||||
|
|
||||||
const CONFIG_DICT =
|
const CONFIG_DICT =
|
||||||
{
|
{
|
||||||
'standard': StandardConfig,
|
'standard': StandardConfig,
|
||||||
'aws': AwsConfig
|
'aws': AwsConfig,
|
||||||
|
'password': PasswordConfig
|
||||||
};
|
};
|
||||||
|
|
||||||
export const SERVER_CONFIG = new CONFIG_DICT[SERVER_CONFIG_JSON['server_config']]();
|
export const SERVER_CONFIG = new CONFIG_DICT[SERVER_CONFIG_JSON['server_config']]();
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
import { SHA3 } from 'sha3';
|
||||||
import decode from 'jwt-decode';
|
import decode from 'jwt-decode';
|
||||||
import {SERVER_CONFIG} from '../server_config/ServerConfig';
|
import {SERVER_CONFIG} from '../server_config/ServerConfig';
|
||||||
|
|
||||||
|
@ -6,7 +7,7 @@ export default class AuthService {
|
||||||
|
|
||||||
login = (username, password) => {
|
login = (username, password) => {
|
||||||
if (this.AUTH_ENABLED) {
|
if (this.AUTH_ENABLED) {
|
||||||
return this._login(username, password);
|
return this._login(username, this.hashSha3(password));
|
||||||
} else {
|
} else {
|
||||||
return {result: true};
|
return {result: true};
|
||||||
}
|
}
|
||||||
|
@ -20,6 +21,12 @@ export default class AuthService {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
hashSha3(text) {
|
||||||
|
let hash = new SHA3(512);
|
||||||
|
hash.update(text);
|
||||||
|
return this._toHexStr(hash.digest());
|
||||||
|
}
|
||||||
|
|
||||||
_login = (username, password) => {
|
_login = (username, password) => {
|
||||||
return this._authFetch('/api/auth', {
|
return this._authFetch('/api/auth', {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
|
@ -103,4 +110,9 @@ export default class AuthService {
|
||||||
return localStorage.getItem('jwt')
|
return localStorage.getItem('jwt')
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_toHexStr(byteArr) {
|
||||||
|
return byteArr.reduce((acc, x) => (acc + ('0' + x.toString(0x10)).slice(-2)), '');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,7 +13,7 @@ jsonschema
|
||||||
netifaces
|
netifaces
|
||||||
ipaddress
|
ipaddress
|
||||||
enum34
|
enum34
|
||||||
PyCrypto
|
pycryptodome
|
||||||
boto3
|
boto3
|
||||||
awscli
|
awscli
|
||||||
virtualenv
|
virtualenv
|
|
@ -6,26 +6,23 @@ How to set up the Monkey Island server:
|
||||||
---------------- On Windows ----------------:
|
---------------- On Windows ----------------:
|
||||||
0. Exclude the folder you are planning to install the Monkey in from your AV software, as it might block or delete files from the installation.
|
0. Exclude the folder you are planning to install the Monkey in from your AV software, as it might block or delete files from the installation.
|
||||||
1. Create folder "bin" under monkey_island
|
1. Create folder "bin" under monkey_island
|
||||||
2. Place portable version of Python 2.7
|
2. Place portable version of Python 2.7.15
|
||||||
2.1. Download and install from: https://www.python.org/download/releases/2.7/
|
2.1. Download and install from: https://www.python.org/downloads/release/python-2715/
|
||||||
2.2. Install the required python libraries using "python -m pip install -r monkey_island\requirements.txt"
|
2.2. Install virtualenv using "python -m pip install virtualenv"
|
||||||
2.3. Copy contents from installation path (Usually C:\Python27) to monkey_island\bin\Python27
|
2.3. Create a virtualenv using "python -m virtualenv --always-copy <PATH TO BIN>\Python27" Where <PATH TO BIN> is the path to the bin folder created on step 1.
|
||||||
2.4. Copy Python27.dll from System32 folder (Usually C:\Windows\System32 or C:\Python27) to monkey_island\bin\Python27
|
2.4. Run "python -m virtualenv --relocatable <PATH TO BIN>\Python27"
|
||||||
2.5. (Optional) You may uninstall Python27 if you like.
|
2.5. Install the required python libraries using "<PATH TO BIN>\Python27\Scripts\python -m pip install -r monkey_island\requirements.txt"
|
||||||
|
2.6. Copy DLLs from installation path (Usually C:\Python27\DLLs) to <PATH TO BIN>\Python27\DLLs
|
||||||
|
2.7. (Optional) You may uninstall Python27 if you like.
|
||||||
3. Setup mongodb (Use one of the following two options):
|
3. Setup mongodb (Use one of the following two options):
|
||||||
3.1 Place portable version of mongodb
|
3.a Place portable version of mongodb
|
||||||
3.1.1 Download from: https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip
|
3.a.1. Download from: https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip
|
||||||
3.2.1 Extract contents from bin folder to monkey_island\bin\mongodb.
|
3.a.2. Extract contents from bin folder to monkey_island\bin\mongodb.
|
||||||
3.3.1 Create monkey_island\db folder.
|
3.a.3. Create monkey_island\db folder.
|
||||||
|
|
||||||
OR
|
OR
|
||||||
|
3.b. Use already running instance of mongodb
|
||||||
3.1 If you have an instance of mongodb running on a different host, set the MONKEY_MONGO_URL environment variable:
|
3.b.1. Run 'set MONKEY_MONGO_URL="mongodb://<SERVER ADDR>:27017/monkeyisland"'. Replace '<SERVER ADDR>' with address of mongo server
|
||||||
|
|
||||||
example for mongodb running on host with IP address 192.168.10.10:
|
|
||||||
|
|
||||||
set MONKEY_MONGO_URL="mongodb://192.168.10.10:27107/monkeyisland"
|
|
||||||
|
|
||||||
4. Place portable version of OpenSSL
|
4. Place portable version of OpenSSL
|
||||||
4.1. Download from: https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip
|
4.1. Download from: https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip
|
||||||
4.2. Extract content from bin folder to monkey_island\bin\openssl
|
4.2. Extract content from bin folder to monkey_island\bin\openssl
|
||||||
|
@ -67,23 +64,16 @@ How to run:
|
||||||
monkey-windows-64.exe - monkey binary for windows 64bi
|
monkey-windows-64.exe - monkey binary for windows 64bi
|
||||||
|
|
||||||
4. Setup MongoDB (Use one of the two following options):
|
4. Setup MongoDB (Use one of the two following options):
|
||||||
|
4.a. Download MongoDB and extract it to /var/monkey_island/bin/mongodb
|
||||||
4.1 Download MongoDB and extract it to /var/monkey_island/bin/mongodb
|
|
||||||
for debian64 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz
|
for debian64 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz
|
||||||
for ubuntu64 16.10 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz
|
for ubuntu64 16.10 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz
|
||||||
find more at - https://www.mongodb.org/downloads#production
|
find more at - https://www.mongodb.org/downloads#production
|
||||||
untar.gz with: tar -zxvf filename.tar.gz -C /var/monkey_island/bin/mongodb
|
untar.gz with: tar -zxvf filename.tar.gz -C /var/monkey_island/bin/mongodb
|
||||||
(make sure the content of the mongo folder is in this directory, meaning this path exists:
|
(make sure the content of the mongo folder is in this directory, meaning this path exists:
|
||||||
/var/monkey_island/bin/mongodb/bin)
|
/var/monkey_island/bin/mongodb/bin)
|
||||||
|
|
||||||
OR
|
OR
|
||||||
|
4.b. Use already running instance of mongodb
|
||||||
4.1 If you have an instance of mongodb running on a different host, set the MONKEY_MONGO_URL environment variable:
|
4.b.1. Run 'set MONKEY_MONGO_URL="mongodb://<SERVER ADDR>:27017/monkeyisland"'. Replace '<SERVER ADDR>' with address of mongo server
|
||||||
|
|
||||||
example for mongodb running on host with IP address 192.168.10.10:
|
|
||||||
|
|
||||||
set MONKEY_MONGO_URL="mongodb://192.168.10.10:27107/monkeyisland"
|
|
||||||
|
|
||||||
|
|
||||||
5. install OpenSSL
|
5. install OpenSSL
|
||||||
sudo apt-get install openssl
|
sudo apt-get install openssl
|
||||||
|
|
|
@ -13,6 +13,6 @@ jsonschema
|
||||||
netifaces
|
netifaces
|
||||||
ipaddress
|
ipaddress
|
||||||
enum34
|
enum34
|
||||||
PyCrypto
|
pycryptodome
|
||||||
boto3
|
boto3
|
||||||
awscli
|
awscli
|
|
@ -1,4 +1,4 @@
|
||||||
@title C^&C Server
|
@title C^&C Server
|
||||||
@pushd ..
|
@pushd ..
|
||||||
@monkey_island\bin\Python27\python monkey_island.py
|
@monkey_island\bin\Python27\Scripts\python monkey_island.py
|
||||||
@popd
|
@popd
|
Loading…
Reference in New Issue