Remove username/password lists from code. get/set from global config

This commit is contained in:
Itay Mizeretz 2017-09-13 13:30:28 +03:00
parent ba291b577b
commit be1b6879f7
7 changed files with 24 additions and 55 deletions

View File

@ -2,7 +2,3 @@ __author__ = 'itay.mizeretz'
ISLAND_PORT = 5000 ISLAND_PORT = 5000
DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland" DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland"
# TODO: remove this, and get from global config`
INITIAL_USERNAMES = ['Administrator', 'root', 'user']
INITIAL_PASSWORDS = ["Password1!", "1234", "password", "12345678"]

View File

@ -8,8 +8,8 @@ if BASE_PATH not in sys.path:
sys.path.insert(0, BASE_PATH) sys.path.insert(0, BASE_PATH)
from cc.app import init_app from cc.app import init_app
from cc.utils import init_collections, local_ip_addresses from cc.utils import local_ip_addresses
from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT, INITIAL_USERNAMES, INITIAL_PASSWORDS from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT
if __name__ == '__main__': if __name__ == '__main__':
from tornado.wsgi import WSGIContainer from tornado.wsgi import WSGIContainer
@ -17,8 +17,6 @@ if __name__ == '__main__':
from tornado.ioloop import IOLoop from tornado.ioloop import IOLoop
app = init_app(os.environ.get('MONGO_URL', DEFAULT_MONGO_URL)) app = init_app(os.environ.get('MONGO_URL', DEFAULT_MONGO_URL))
with app.app_context():
init_collections(INITIAL_USERNAMES, INITIAL_PASSWORDS)
http_server = HTTPServer(WSGIContainer(app), http_server = HTTPServer(WSGIContainer(app),
ssl_options={'certfile': os.environ.get('SERVER_CRT', 'server.crt'), ssl_options={'certfile': os.environ.get('SERVER_CRT', 'server.crt'),
'keyfile': os.environ.get('SERVER_KEY', 'server.key')}) 'keyfile': os.environ.get('SERVER_KEY', 'server.key')})

View File

@ -33,10 +33,6 @@ class Monkey(flask_restful.Resource):
if guid: if guid:
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid}) monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
monkey_json['config']['exploit_user_list'] = \
map(lambda x: x['username'], mongo.db.usernames.find({}, {'_id': 0, 'username': 1}).sort([('count', -1)]))
monkey_json['config']['exploit_password_list'] = \
map(lambda x: x['password'], mongo.db.passwords.find({}, {'_id': 0, 'password': 1}).sort([('count', -1)]))
return monkey_json return monkey_json
else: else:
result = {'timestamp': datetime.now().isoformat()} result = {'timestamp': datetime.now().isoformat()}

View File

@ -5,7 +5,7 @@ import flask_restful
from cc.database import mongo from cc.database import mongo
from cc.utils import init_collections, local_ip_addresses from cc.utils import local_ip_addresses
__author__ = 'Barak' __author__ = 'Barak'
@ -22,11 +22,8 @@ class Root(flask_restful.Resource):
mongo.db.config.drop() mongo.db.config.drop()
mongo.db.monkey.drop() mongo.db.monkey.drop()
mongo.db.telemetry.drop() mongo.db.telemetry.drop()
mongo.db.usernames.drop()
mongo.db.passwords.drop()
mongo.db.node.drop() mongo.db.node.drop()
mongo.db.edge.drop() mongo.db.edge.drop()
init_collections()
return jsonify(status='OK') return jsonify(status='OK')
elif action == "killall": elif action == "killall":
mongo.db.monkey.update({}, {'$set': {'config.alive': False, 'modifytime': datetime.now()}}, upsert=False, mongo.db.monkey.update({}, {'$set': {'config.alive': False, 'modifytime': datetime.now()}}, upsert=False,

View File

@ -9,8 +9,7 @@ import flask_restful
from cc.database import mongo from cc.database import mongo
from cc.services.edge import EdgeService from cc.services.edge import EdgeService
from cc.services.node import NodeService from cc.services.node import NodeService
from cc.services.config import ConfigService
from cc.utils import creds_add_username, creds_add_password
__author__ = 'Barak' __author__ = 'Barak'
@ -93,10 +92,9 @@ class Telemetry(flask_restful.Resource):
if 'credentials' in telemetry_json['data']: if 'credentials' in telemetry_json['data']:
creds = telemetry_json['data']['credentials'] creds = telemetry_json['data']['credentials']
for user in creds: for user in creds:
creds_add_username(user) ConfigService.creds_add_username(user)
if 'password' in creds[user]: if 'password' in creds[user]:
creds_add_password(creds[user]['password']) ConfigService.creds_add_password(creds[user]['password'])
def add_scan_to_edge(self, edge, telemetry_json): def add_scan_to_edge(self, edge, telemetry_json):
data = telemetry_json['data']['machine'] data = telemetry_json['data']['machine']
@ -125,9 +123,6 @@ class Telemetry(flask_restful.Resource):
{"$set": {"os.version": scan_os["version"]}}, {"$set": {"os.version": scan_os["version"]}},
upsert=False) upsert=False)
def add_exploit_to_edge(self, edge, telemetry_json): def add_exploit_to_edge(self, edge, telemetry_json):
data = telemetry_json['data'] data = telemetry_json['data']
data["machine"].pop("ip_addr") data["machine"].pop("ip_addr")

View File

@ -749,6 +749,7 @@ SCHEMA = {
} }
} }
class ConfigService: class ConfigService:
def __init__(self): def __init__(self):
pass pass
@ -775,6 +776,22 @@ class ConfigService:
def get_config_schema(): def get_config_schema():
return SCHEMA return SCHEMA
@staticmethod
def creds_add_username(username):
mongo.db.config.update(
{'name': 'newconfig'},
{'$addToSet': {'exploits.credentials.exploit_user_list': username}},
upsert=False
)
@staticmethod
def creds_add_password(password):
mongo.db.config.update(
{'name': 'newconfig'},
{'$addToSet': {'exploits.credentials.exploit_password_list': password}},
upsert=False
)
@staticmethod @staticmethod
def update_config(): def update_config():
pass pass

View File

@ -11,36 +11,6 @@ from cc.database import mongo
__author__ = 'Barak' __author__ = 'Barak'
# data structures
def creds_add_username(username):
mongo.db.usernames.update(
{'username': username},
{'$inc': {'count': 1}},
upsert=True
)
def creds_add_password(password):
mongo.db.passwords.update(
{'password': password},
{'$inc': {'count': 1}},
upsert=True
)
def init_collections(usernames, passwords):
if "usernames" not in mongo.db.collection_names():
mongo.db.usernames.create_index([("username", 1)], unique=True)
for username in usernames:
creds_add_username(username)
if "passwords" not in mongo.db.collection_names():
mongo.db.passwords.create_index([("password", 1)], unique=True)
for password in passwords:
creds_add_password(password)
# Local ips function # Local ips function
if sys.platform == "win32": if sys.platform == "win32":
def local_ips(): def local_ips():