From 8ecf328b4c82556beb5db52738da3b93c3fdeb56 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 7 Dec 2021 11:27:19 -0500 Subject: [PATCH] Island: Reimplement PropagationCredentials resource --- monkey/monkey_island/cc/app.py | 2 +- .../cc/resources/propagation_credentials.py | 11 ++++++++-- monkey/monkey_island/cc/services/config.py | 20 ++++++------------- .../monkey_configs/flat_config.json | 18 ++++++++--------- .../monkey_island/cc/services/test_config.py | 13 ++++++++++++ 5 files changed, 38 insertions(+), 26 deletions(-) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 5c97db9db..e19ab6dcd 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -170,7 +170,7 @@ def init_api_resources(api): "/api/fileUpload/?load=", "/api/fileUpload/?restore=", ) - api.add_resource(PropagationCredentials, "/api/propagation-credentials") + api.add_resource(PropagationCredentials, "/api/propagation-credentials/") api.add_resource(RemoteRun, "/api/remote-monkey", "/api/remote-monkey/") api.add_resource(VersionUpdate, "/api/version-update", "/api/version-update/") api.add_resource(RemotePortCheck, "/api/monkey_control/check_remote_port/") diff --git a/monkey/monkey_island/cc/resources/propagation_credentials.py b/monkey/monkey_island/cc/resources/propagation_credentials.py index 74e99b10d..f85ffea0d 100644 --- a/monkey/monkey_island/cc/resources/propagation_credentials.py +++ b/monkey/monkey_island/cc/resources/propagation_credentials.py @@ -1,9 +1,16 @@ import flask_restful +from monkey_island.cc.database import mongo from monkey_island.cc.services.config import ConfigService class PropagationCredentials(flask_restful.Resource): - def get(self): + def get(self, guid: str): + monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid}) + ConfigService.decrypt_flat_config(monkey_json) - return {"propagation_credentials": ConfigService.get_config_propagation_credentials()} + propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config( + monkey_json["config"] + ) + + return {"propagation_credentials": propagation_credentials} diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 97bbd4c82..a6a2f9514 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -410,21 +410,13 @@ class ConfigService: ConfigService.set_config_value(STARTED_ON_ISLAND_PATH, value) @staticmethod - def get_config_propagation_credentials(): + def get_config_propagation_credentials_from_flat_config(config): return { - "exploit_user_list": ConfigService.get_config_value( - USER_LIST_PATH, should_decrypt=False - ), - "exploit_password_list": ConfigService.get_config_value( - PASSWORD_LIST_PATH, should_decrypt=False - ), - "exploit_lm_hash_list": ConfigService.get_config_value( - LM_HASH_LIST_PATH, should_decrypt=False - ), - "exploit_ntlm_hash_list": ConfigService.get_config_value( - NTLM_HASH_LIST_PATH, should_decrypt=False - ), - "exploit_ssh_keys": ConfigService.get_config_value(SSH_KEYS_PATH, should_decrypt=False), + "exploit_user_list": config["exploit_user_list"], + "exploit_password_list": config["exploit_password_list"], + "exploit_lm_hash_list": config["exploit_lm_hash_list"], + "exploit_ntlm_hash_list": config["exploit_ntlm_hash_list"], + "exploit_ssh_keys": config["exploit_ssh_keys"], } @staticmethod diff --git a/monkey/tests/data_for_tests/monkey_configs/flat_config.json b/monkey/tests/data_for_tests/monkey_configs/flat_config.json index b82ab6309..972f9e947 100644 --- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json @@ -29,18 +29,18 @@ "dropper_target_path_linux": "/tmp/monkey", "dropper_target_path_win_32": "C:\\Windows\\temp\\monkey32.exe", "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", - "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [], + "exploit_lm_hash_list": ["lm_hash_1", "lm_hash_2"], + "exploit_ntlm_hash_list": ["nt_hash_1", "nt_hash_2", "nt_hash_3"], "exploit_password_list": [ - "root", - "123456", - "password", - "123456789", - "qwerty", - "111111", - "iloveyou" + "test", + "iloveyou", + "12345" ], "exploit_ssh_keys": [ + { + "public_key": "my_public_key", + "private_key": "my_private_key" + } ], "exploit_user_list": [ "Administrator", diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py b/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py index be6bded05..1aece8180 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py +++ b/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py @@ -80,3 +80,16 @@ def test_format_config_for_agent__pbas(flat_monkey_config): assert "PBA_linux_filename" not in flat_monkey_config assert "custom_PBA_windows_cmd" not in flat_monkey_config assert "PBA_windows_filename" not in flat_monkey_config + + +def test_get_config_propagation_credentials_from_flat_config(flat_monkey_config): + expected_creds = { + "exploit_lm_hash_list": ["lm_hash_1", "lm_hash_2"], + "exploit_ntlm_hash_list": ["nt_hash_1", "nt_hash_2", "nt_hash_3"], + "exploit_password_list": ["test", "iloveyou", "12345"], + "exploit_ssh_keys": [{"private_key": "my_private_key", "public_key": "my_public_key"}], + "exploit_user_list": ["Administrator", "root", "user", "ubuntu"], + } + + creds = ConfigService.get_config_propagation_credentials_from_flat_config(flat_monkey_config) + assert creds == expected_creds