Remove username/password lists from code. get/set from global config
This commit is contained in:
parent
ba291b577b
commit
be1b6879f7
|
@ -2,7 +2,3 @@ __author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
ISLAND_PORT = 5000
|
ISLAND_PORT = 5000
|
||||||
DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland"
|
DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland"
|
||||||
|
|
||||||
# TODO: remove this, and get from global config`
|
|
||||||
INITIAL_USERNAMES = ['Administrator', 'root', 'user']
|
|
||||||
INITIAL_PASSWORDS = ["Password1!", "1234", "password", "12345678"]
|
|
|
@ -8,8 +8,8 @@ if BASE_PATH not in sys.path:
|
||||||
sys.path.insert(0, BASE_PATH)
|
sys.path.insert(0, BASE_PATH)
|
||||||
|
|
||||||
from cc.app import init_app
|
from cc.app import init_app
|
||||||
from cc.utils import init_collections, local_ip_addresses
|
from cc.utils import local_ip_addresses
|
||||||
from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT, INITIAL_USERNAMES, INITIAL_PASSWORDS
|
from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
from tornado.wsgi import WSGIContainer
|
from tornado.wsgi import WSGIContainer
|
||||||
|
@ -17,8 +17,6 @@ if __name__ == '__main__':
|
||||||
from tornado.ioloop import IOLoop
|
from tornado.ioloop import IOLoop
|
||||||
|
|
||||||
app = init_app(os.environ.get('MONGO_URL', DEFAULT_MONGO_URL))
|
app = init_app(os.environ.get('MONGO_URL', DEFAULT_MONGO_URL))
|
||||||
with app.app_context():
|
|
||||||
init_collections(INITIAL_USERNAMES, INITIAL_PASSWORDS)
|
|
||||||
http_server = HTTPServer(WSGIContainer(app),
|
http_server = HTTPServer(WSGIContainer(app),
|
||||||
ssl_options={'certfile': os.environ.get('SERVER_CRT', 'server.crt'),
|
ssl_options={'certfile': os.environ.get('SERVER_CRT', 'server.crt'),
|
||||||
'keyfile': os.environ.get('SERVER_KEY', 'server.key')})
|
'keyfile': os.environ.get('SERVER_KEY', 'server.key')})
|
||||||
|
|
|
@ -33,10 +33,6 @@ class Monkey(flask_restful.Resource):
|
||||||
|
|
||||||
if guid:
|
if guid:
|
||||||
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
|
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
|
||||||
monkey_json['config']['exploit_user_list'] = \
|
|
||||||
map(lambda x: x['username'], mongo.db.usernames.find({}, {'_id': 0, 'username': 1}).sort([('count', -1)]))
|
|
||||||
monkey_json['config']['exploit_password_list'] = \
|
|
||||||
map(lambda x: x['password'], mongo.db.passwords.find({}, {'_id': 0, 'password': 1}).sort([('count', -1)]))
|
|
||||||
return monkey_json
|
return monkey_json
|
||||||
else:
|
else:
|
||||||
result = {'timestamp': datetime.now().isoformat()}
|
result = {'timestamp': datetime.now().isoformat()}
|
||||||
|
|
|
@ -5,7 +5,7 @@ import flask_restful
|
||||||
|
|
||||||
from cc.database import mongo
|
from cc.database import mongo
|
||||||
|
|
||||||
from cc.utils import init_collections, local_ip_addresses
|
from cc.utils import local_ip_addresses
|
||||||
|
|
||||||
__author__ = 'Barak'
|
__author__ = 'Barak'
|
||||||
|
|
||||||
|
@ -22,11 +22,8 @@ class Root(flask_restful.Resource):
|
||||||
mongo.db.config.drop()
|
mongo.db.config.drop()
|
||||||
mongo.db.monkey.drop()
|
mongo.db.monkey.drop()
|
||||||
mongo.db.telemetry.drop()
|
mongo.db.telemetry.drop()
|
||||||
mongo.db.usernames.drop()
|
|
||||||
mongo.db.passwords.drop()
|
|
||||||
mongo.db.node.drop()
|
mongo.db.node.drop()
|
||||||
mongo.db.edge.drop()
|
mongo.db.edge.drop()
|
||||||
init_collections()
|
|
||||||
return jsonify(status='OK')
|
return jsonify(status='OK')
|
||||||
elif action == "killall":
|
elif action == "killall":
|
||||||
mongo.db.monkey.update({}, {'$set': {'config.alive': False, 'modifytime': datetime.now()}}, upsert=False,
|
mongo.db.monkey.update({}, {'$set': {'config.alive': False, 'modifytime': datetime.now()}}, upsert=False,
|
||||||
|
|
|
@ -9,8 +9,7 @@ import flask_restful
|
||||||
from cc.database import mongo
|
from cc.database import mongo
|
||||||
from cc.services.edge import EdgeService
|
from cc.services.edge import EdgeService
|
||||||
from cc.services.node import NodeService
|
from cc.services.node import NodeService
|
||||||
|
from cc.services.config import ConfigService
|
||||||
from cc.utils import creds_add_username, creds_add_password
|
|
||||||
|
|
||||||
__author__ = 'Barak'
|
__author__ = 'Barak'
|
||||||
|
|
||||||
|
@ -93,10 +92,9 @@ class Telemetry(flask_restful.Resource):
|
||||||
if 'credentials' in telemetry_json['data']:
|
if 'credentials' in telemetry_json['data']:
|
||||||
creds = telemetry_json['data']['credentials']
|
creds = telemetry_json['data']['credentials']
|
||||||
for user in creds:
|
for user in creds:
|
||||||
creds_add_username(user)
|
ConfigService.creds_add_username(user)
|
||||||
|
|
||||||
if 'password' in creds[user]:
|
if 'password' in creds[user]:
|
||||||
creds_add_password(creds[user]['password'])
|
ConfigService.creds_add_password(creds[user]['password'])
|
||||||
|
|
||||||
def add_scan_to_edge(self, edge, telemetry_json):
|
def add_scan_to_edge(self, edge, telemetry_json):
|
||||||
data = telemetry_json['data']['machine']
|
data = telemetry_json['data']['machine']
|
||||||
|
@ -125,9 +123,6 @@ class Telemetry(flask_restful.Resource):
|
||||||
{"$set": {"os.version": scan_os["version"]}},
|
{"$set": {"os.version": scan_os["version"]}},
|
||||||
upsert=False)
|
upsert=False)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def add_exploit_to_edge(self, edge, telemetry_json):
|
def add_exploit_to_edge(self, edge, telemetry_json):
|
||||||
data = telemetry_json['data']
|
data = telemetry_json['data']
|
||||||
data["machine"].pop("ip_addr")
|
data["machine"].pop("ip_addr")
|
||||||
|
|
|
@ -749,6 +749,7 @@ SCHEMA = {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
class ConfigService:
|
class ConfigService:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
pass
|
pass
|
||||||
|
@ -775,6 +776,22 @@ class ConfigService:
|
||||||
def get_config_schema():
|
def get_config_schema():
|
||||||
return SCHEMA
|
return SCHEMA
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def creds_add_username(username):
|
||||||
|
mongo.db.config.update(
|
||||||
|
{'name': 'newconfig'},
|
||||||
|
{'$addToSet': {'exploits.credentials.exploit_user_list': username}},
|
||||||
|
upsert=False
|
||||||
|
)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def creds_add_password(password):
|
||||||
|
mongo.db.config.update(
|
||||||
|
{'name': 'newconfig'},
|
||||||
|
{'$addToSet': {'exploits.credentials.exploit_password_list': password}},
|
||||||
|
upsert=False
|
||||||
|
)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def update_config():
|
def update_config():
|
||||||
pass
|
pass
|
||||||
|
|
|
@ -11,36 +11,6 @@ from cc.database import mongo
|
||||||
__author__ = 'Barak'
|
__author__ = 'Barak'
|
||||||
|
|
||||||
|
|
||||||
# data structures
|
|
||||||
|
|
||||||
def creds_add_username(username):
|
|
||||||
mongo.db.usernames.update(
|
|
||||||
{'username': username},
|
|
||||||
{'$inc': {'count': 1}},
|
|
||||||
upsert=True
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def creds_add_password(password):
|
|
||||||
mongo.db.passwords.update(
|
|
||||||
{'password': password},
|
|
||||||
{'$inc': {'count': 1}},
|
|
||||||
upsert=True
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def init_collections(usernames, passwords):
|
|
||||||
if "usernames" not in mongo.db.collection_names():
|
|
||||||
mongo.db.usernames.create_index([("username", 1)], unique=True)
|
|
||||||
for username in usernames:
|
|
||||||
creds_add_username(username)
|
|
||||||
|
|
||||||
if "passwords" not in mongo.db.collection_names():
|
|
||||||
mongo.db.passwords.create_index([("password", 1)], unique=True)
|
|
||||||
for password in passwords:
|
|
||||||
creds_add_password(password)
|
|
||||||
|
|
||||||
|
|
||||||
# Local ips function
|
# Local ips function
|
||||||
if sys.platform == "win32":
|
if sys.platform == "win32":
|
||||||
def local_ips():
|
def local_ips():
|
||||||
|
|
Loading…
Reference in New Issue