Merge branch 'release/1.10.0' of https://github.com/guardicore/monkey into release/1.10.0

This commit is contained in:
VakarisZ 2021-03-18 09:34:33 +02:00
commit e6a0b7b49e
6 changed files with 182 additions and 28 deletions

View File

@ -134,7 +134,9 @@ class MonkeyDrops(object):
'monkey_commandline': inner_monkey_cmdline} 'monkey_commandline': inner_monkey_cmdline}
monkey_process = subprocess.Popen(monkey_cmdline, shell=True, monkey_process = subprocess.Popen(monkey_cmdline, shell=True,
stdin=None, stdout=None, stderr=None, stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
close_fds=True, creationflags=DETACHED_PROCESS) close_fds=True, creationflags=DETACHED_PROCESS)
LOG.info("Executed monkey process (PID=%d) with command line: %s", LOG.info("Executed monkey process (PID=%d) with command line: %s",
@ -145,6 +147,8 @@ class MonkeyDrops(object):
LOG.warning("Seems like monkey died too soon") LOG.warning("Seems like monkey died too soon")
def cleanup(self): def cleanup(self):
LOG.info("Cleaning up the dropper")
try: try:
if (self._config['source_path'].lower() != self._config['destination_path'].lower()) and \ if (self._config['source_path'].lower() != self._config['destination_path'].lower()) and \
os.path.exists(self._config['source_path']) and \ os.path.exists(self._config['source_path']) and \
@ -166,5 +170,7 @@ class MonkeyDrops(object):
LOG.debug("Dropper source file '%s' is marked for deletion on next boot", LOG.debug("Dropper source file '%s' is marked for deletion on next boot",
self._config['source_path']) self._config['source_path'])
T1106Telem(ScanStatus.USED, UsageEnum.DROPPER_WINAPI).send() T1106Telem(ScanStatus.USED, UsageEnum.DROPPER_WINAPI).send()
LOG.info("Dropper cleanup complete")
except AttributeError: except AttributeError:
LOG.error("Invalid configuration options. Failing") LOG.error("Invalid configuration options. Failing")

View File

@ -36,6 +36,7 @@ class DrupalExploiter(WebRCE):
exploit_config = super(DrupalExploiter, self).get_exploit_config() exploit_config = super(DrupalExploiter, self).get_exploit_config()
exploit_config['url_extensions'] = ['node/', # In Linux, no path is added exploit_config['url_extensions'] = ['node/', # In Linux, no path is added
'drupal/node/'] # However, Bitnami installations are under /drupal 'drupal/node/'] # However, Bitnami installations are under /drupal
exploit_config['dropper'] = True
return exploit_config return exploit_config
def add_vulnerable_urls(self, potential_urls, stop_checking=False): def add_vulnerable_urls(self, potential_urls, stop_checking=False):

View File

@ -45,6 +45,6 @@ class HTTPFinger(HostFinger):
except Timeout: except Timeout:
LOG.debug(f"Timout while requesting headers from {url}") LOG.debug(f"Timout while requesting headers from {url}")
except ConnectionError: # Someone doesn't like us except ConnectionError: # Someone doesn't like us
LOG.debug(f"ConnetionError while requesting headers from {url}") LOG.debug(f"Connection error while requesting headers from {url}")
return True return True

View File

@ -15,10 +15,6 @@ LOG = logging.getLogger(__name__)
__author__ = 'VakarisZ' __author__ = 'VakarisZ'
# Default commands for executing PBA file and then removing it
DEFAULT_LINUX_COMMAND = "chmod +x {0} ; {0} ; rm {0}"
DEFAULT_WINDOWS_COMMAND = "{0} & del {0}"
DIR_CHANGE_WINDOWS = 'cd %s & ' DIR_CHANGE_WINDOWS = 'cd %s & '
DIR_CHANGE_LINUX = 'cd %s ; ' DIR_CHANGE_LINUX = 'cd %s ; '
@ -31,30 +27,23 @@ class UsersPBA(PBA):
def __init__(self): def __init__(self):
super(UsersPBA, self).__init__(POST_BREACH_FILE_EXECUTION) super(UsersPBA, self).__init__(POST_BREACH_FILE_EXECUTION)
self.filename = '' self.filename = ''
if not is_windows_os(): if not is_windows_os():
# Add linux commands to PBA's # Add linux commands to PBA's
if WormConfiguration.PBA_linux_filename: if WormConfiguration.PBA_linux_filename:
self.filename = WormConfiguration.PBA_linux_filename
if WormConfiguration.custom_PBA_linux_cmd: if WormConfiguration.custom_PBA_linux_cmd:
# Add change dir command, because user will try to access his file # Add change dir command, because user will try to access his file
self.command = (DIR_CHANGE_LINUX % get_monkey_dir_path()) + WormConfiguration.custom_PBA_linux_cmd self.command = (DIR_CHANGE_LINUX % get_monkey_dir_path()) + WormConfiguration.custom_PBA_linux_cmd
self.filename = WormConfiguration.PBA_linux_filename
else:
file_path = os.path.join(get_monkey_dir_path(), WormConfiguration.PBA_linux_filename)
self.command = DEFAULT_LINUX_COMMAND.format(file_path)
self.filename = WormConfiguration.PBA_linux_filename
elif WormConfiguration.custom_PBA_linux_cmd: elif WormConfiguration.custom_PBA_linux_cmd:
self.command = WormConfiguration.custom_PBA_linux_cmd self.command = WormConfiguration.custom_PBA_linux_cmd
else: else:
# Add windows commands to PBA's # Add windows commands to PBA's
if WormConfiguration.PBA_windows_filename: if WormConfiguration.PBA_windows_filename:
self.filename = WormConfiguration.PBA_windows_filename
if WormConfiguration.custom_PBA_windows_cmd: if WormConfiguration.custom_PBA_windows_cmd:
# Add change dir command, because user will try to access his file # Add change dir command, because user will try to access his file
self.command = (DIR_CHANGE_WINDOWS % get_monkey_dir_path()) + WormConfiguration.custom_PBA_windows_cmd self.command = (DIR_CHANGE_WINDOWS % get_monkey_dir_path()) + WormConfiguration.custom_PBA_windows_cmd
self.filename = WormConfiguration.PBA_windows_filename
else:
file_path = os.path.join(get_monkey_dir_path(), WormConfiguration.PBA_windows_filename)
self.command = DEFAULT_WINDOWS_COMMAND.format(file_path)
self.filename = WormConfiguration.PBA_windows_filename
elif WormConfiguration.custom_PBA_windows_cmd: elif WormConfiguration.custom_PBA_windows_cmd:
self.command = WormConfiguration.custom_PBA_windows_cmd self.command = WormConfiguration.custom_PBA_windows_cmd

View File

@ -0,0 +1,152 @@
import pytest
from infection_monkey.post_breach.actions.users_custom_pba import (
DIR_CHANGE_LINUX, DIR_CHANGE_WINDOWS, UsersPBA)
MONKEY_DIR_PATH = "/dir/to/monkey/"
CUSTOM_LINUX_CMD = "command-for-linux"
CUSTOM_LINUX_FILENAME = "filename-for-linux"
CUSTOM_WINDOWS_CMD = "command-for-windows"
CUSTOM_WINDOWS_FILENAME = "filename-for-windows"
@pytest.fixture
def fake_monkey_dir_path(monkeypatch):
monkeypatch.setattr(
"infection_monkey.post_breach.actions.users_custom_pba.get_monkey_dir_path",
lambda: MONKEY_DIR_PATH,
)
@pytest.fixture
def set_os_linux(monkeypatch):
monkeypatch.setattr(
"infection_monkey.post_breach.actions.users_custom_pba.is_windows_os",
lambda: False,
)
@pytest.fixture
def set_os_windows(monkeypatch):
monkeypatch.setattr(
"infection_monkey.post_breach.actions.users_custom_pba.is_windows_os",
lambda: True,
)
@pytest.fixture
def mock_UsersPBA_linux_custom_file_and_cmd(
set_os_linux, fake_monkey_dir_path, monkeypatch
):
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd",
CUSTOM_LINUX_CMD,
)
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.PBA_linux_filename",
CUSTOM_LINUX_FILENAME,
)
return UsersPBA()
def test_command_linux_custom_file_and_cmd(
mock_UsersPBA_linux_custom_file_and_cmd,
):
expected_command = f"cd {MONKEY_DIR_PATH} ; {CUSTOM_LINUX_CMD}"
assert mock_UsersPBA_linux_custom_file_and_cmd.command == expected_command
@pytest.fixture
def mock_UsersPBA_windows_custom_file_and_cmd(
set_os_windows, fake_monkey_dir_path, monkeypatch
):
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd",
CUSTOM_WINDOWS_CMD,
)
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.PBA_windows_filename",
CUSTOM_WINDOWS_FILENAME,
)
return UsersPBA()
def test_command_windows_custom_file_and_cmd(
mock_UsersPBA_windows_custom_file_and_cmd,
):
expected_command = f"cd {MONKEY_DIR_PATH} & {CUSTOM_WINDOWS_CMD}"
assert mock_UsersPBA_windows_custom_file_and_cmd.command == expected_command
@pytest.fixture
def mock_UsersPBA_linux_custom_file(set_os_linux, fake_monkey_dir_path, monkeypatch):
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd", None
)
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.PBA_linux_filename",
CUSTOM_LINUX_FILENAME,
)
return UsersPBA()
def test_command_linux_custom_file(mock_UsersPBA_linux_custom_file):
expected_command = ""
assert mock_UsersPBA_linux_custom_file.command == expected_command
@pytest.fixture
def mock_UsersPBA_windows_custom_file(
set_os_windows, fake_monkey_dir_path, monkeypatch
):
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd", None
)
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.PBA_windows_filename",
CUSTOM_WINDOWS_FILENAME,
)
return UsersPBA()
def test_command_windows_custom_file(mock_UsersPBA_windows_custom_file):
expected_command = ""
assert mock_UsersPBA_windows_custom_file.command == expected_command
@pytest.fixture
def mock_UsersPBA_linux_custom_cmd(set_os_linux, fake_monkey_dir_path, monkeypatch):
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd",
CUSTOM_LINUX_CMD,
)
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.PBA_linux_filename", None
)
return UsersPBA()
def test_command_linux_custom_cmd(mock_UsersPBA_linux_custom_cmd):
expected_command = CUSTOM_LINUX_CMD
assert mock_UsersPBA_linux_custom_cmd.command == expected_command
@pytest.fixture
def mock_UsersPBA_windows_custom_cmd(set_os_windows, fake_monkey_dir_path, monkeypatch):
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd",
CUSTOM_WINDOWS_CMD,
)
monkeypatch.setattr(
"infection_monkey.config.WormConfiguration.PBA_windows_filename", None
)
return UsersPBA()
def test_command_windows_custom_cmd(mock_UsersPBA_windows_custom_cmd):
expected_command = CUSTOM_WINDOWS_CMD
assert mock_UsersPBA_windows_custom_cmd.command == expected_command

View File

@ -11,33 +11,39 @@ MONKEY = {
"type": "object", "type": "object",
"properties": { "properties": {
"custom_PBA_linux_cmd": { "custom_PBA_linux_cmd": {
"title": "Linux post breach command", "title": "Linux post-breach command",
"type": "string", "type": "string",
"default": "", "default": "",
"description": "Linux command to be executed after breaching." "description": "Command to be executed after breaching. "
"Use this field to run custom commands or execute uploaded "
"files on exploited machines.\nExample: "
"\"chmod +x ./my_script.sh; ./my_script.sh ; rm ./my_script.sh\""
}, },
"PBA_linux_file": { "PBA_linux_file": {
"title": "Linux post breach file", "title": "Linux post-breach file",
"type": "string", "type": "string",
"format": "data-url", "format": "data-url",
"description": "File to be executed after breaching. " "description": "File to be uploaded after breaching. "
"If you want custom execution behavior, " "Use the 'Linux post-breach command' field to "
"specify it in 'Linux post breach command' field. " "change permissions, run, or delete the file. "
"Reference your file by filename." "Reference your file by filename."
}, },
"custom_PBA_windows_cmd": { "custom_PBA_windows_cmd": {
"title": "Windows post breach command", "title": "Windows post-breach command",
"type": "string", "type": "string",
"default": "", "default": "",
"description": "Windows command to be executed after breaching." "description": "Command to be executed after breaching. "
"Use this field to run custom commands or execute uploaded "
"files on exploited machines.\nExample: "
"\"my_script.bat & del my_script.bat\""
}, },
"PBA_windows_file": { "PBA_windows_file": {
"title": "Windows post breach file", "title": "Windows post-breach file",
"type": "string", "type": "string",
"format": "data-url", "format": "data-url",
"description": "File to be executed after breaching. " "description": "File to be uploaded after breaching. "
"If you want custom execution behavior, " "Use the 'Windows post-breach command' field to "
"specify it in 'Windows post breach command' field. " "change permissions, run, or delete the file. "
"Reference your file by filename." "Reference your file by filename."
}, },
"PBA_windows_filename": { "PBA_windows_filename": {