p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Common: Remove DEFAULT_AGENT_CONFIGURATION_JSON 

It's easier to maintain object than a JSON string for the default
configuration.
This commit is contained in:
Mike Salvatore 2022-06-27 08:22:41 -04:00
parent 90259c1b7a
commit e6d3854f74
4 changed files with 109 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
monkey/common/configuration/__init__.py
View File

@ -12,6 +12,5 @@ from .agent_sub_configurations import (
PropagationConfiguration, PropagationConfiguration,
) )
from .default_agent_configuration import ( from .default_agent_configuration import (
DEFAULT_AGENT_CONFIGURATION_JSON, DEFAULT_AGENT_CONFIGURATION,
build_default_agent_configuration,
) )

300
monkey/common/configuration/default_agent_configuration.py
View File

@ -1,207 +1,115 @@
from . import AgentConfiguration from . import AgentConfiguration
from .agent_sub_configurations import (
CustomPBAConfiguration,
ExploitationConfiguration,
ExploitationOptionsConfiguration,
ExploiterConfiguration,
ICMPScanConfiguration,
NetworkScanConfiguration,
PluginConfiguration,
PropagationConfiguration,
ScanTargetConfiguration,
TCPScanConfiguration,
)
DEFAULT_AGENT_CONFIGURATION_JSON = """{ PBAS = [
"keep_tunnel_open_time": 30, "CommunicateAsBackdoorUser",
"post_breach_actions": [ "ModifyShellStartupFiles",
{ "HiddenFiles",
"name": "CommunicateAsBackdoorUser", "TrapCommand",
"options": {} "ChangeSetuidSetgid",
}, "ScheduleJobs",
{ "Timestomping",
"name": "ModifyShellStartupFiles", "AccountDiscovery",
"options": {} "ProcessListCollection",
}, ]
{
"name": "HiddenFiles",
"options": {}
},
{
"name": "TrapCommand",
"options": {}
},
{
"name": "ChangeSetuidSetgid",
"options": {}
},
{
"name": "ScheduleJobs",
"options": {}
},
{
"name": "Timestomping",
"options": {}
},
{
"name": "AccountDiscovery",
"options": {}
},
{
"name": "ProcessListCollection",
"options": {}
}
],
"credential_collectors": [
{
"name": "MimikatzCollector",
"options": {}
},
{
"name": "SSHCollector",
"options": {}
}
],
"payloads": [
{
"name": "ransomware",
"options": {
"encryption": {
"enabled": true,
"directories": {
"linux_target_dir": "",
"windows_target_dir": ""
}
},
"other_behaviors": {
"readme": true
}
}
}
],
"custom_pbas": {
"linux_command": "",
"linux_filename": "",
"windows_command": "",
"windows_filename": ""
},
"propagation": {
"maximum_depth": 2,
"network_scan": {
"tcp": {
"timeout": 3000,
"ports": [
22,
80,
135,
443,
445,
2222,
3306,
3389,
5985,
5986,
7001,
8008,
8080,
8088,
8983,
9200,
9600
]
},
"icmp": {
"timeout": 1000
},
"fingerprinters": [
{
"name": "elastic",
"options": {}
},
{
"name": "http",
"options": {
"http_ports": [
80,
443,
7001,
8008,
8080,
8983,
9200,
9600
]
}
},
{
"name": "mssql",
"options": {}
},
{
"name": "smb",
"options": {}
},
{
"name": "ssh",
"options": {}
}
],
"targets": {
"blocked_ips": [],
"inaccessible_subnets": [],
"local_network_scan": true,
"subnets": []
}
},
"exploitation": {
"options": {
"http_ports": [
80,
443,
7001,
8008,
8080,
8983,
9200,
9600
]
},
"brute_force": [
{
"name": "MSSQLExploiter",
"options": {}
}, CREDENTIAL_COLLECTORS = ["MimikatzCollector", "SSHCollector"]
{
"name": "PowerShellExploiter",
"options": {}
}, PBA_CONFIGURATION = [PluginConfiguration(pba, {}) for pba in PBAS]
{ CREDENTIAL_COLLECTOR_CONFIGURATION = [
"name": "SSHExploiter", PluginConfiguration(collector, {}) for collector in CREDENTIAL_COLLECTORS
"options": {} ]
}, RANSOMWARE_OPTIONS = {
{ "encryption": {
"name": "SmbExploiter", "enabled": True,
"options": { "directories": {"linux_target_dir": "", "windows_target_dir": ""},
"smb_download_timeout": 30 },
} "other_behaviors": {"readme": True},
}
}, PAYLOAD_CONFIGURATION = [PluginConfiguration("ransomware", RANSOMWARE_OPTIONS)]
{
"name": "WmiExploiter",
"options": {
"smb_download_timeout": 30
}
} CUSTOM_PBA_CONFIGURATION = CustomPBAConfiguration(
], linux_command="", linux_filename="", windows_command="", windows_filename=""
"vulnerability": [ )
{
"name": "HadoopExploiter",
"options": {}
}, TCP_PORTS = [
{ 22,
"name": "Log4ShellExploiter", 80,
"options": {} 135,
443,
445,
2222,
3306,
3389,
5985,
5986,
7001,
8008,
8080,
8088,
8983,
9200,
9600,
]
} TCP_SCAN_CONFIGURATION = TCPScanConfiguration(timeout=3.0, ports=TCP_PORTS)
] ICMP_CONFIGURATION = ICMPScanConfiguration(timeout=1.0)
} HTTP_PORTS = [80, 443, 7001, 8008, 8080, 8983, 9200, 9600]
} FINGERPRINTERS = [
} PluginConfiguration("elastic", {}),
""" PluginConfiguration("http", {"http_ports": HTTP_PORTS}),
PluginConfiguration("mssql", {}),
PluginConfiguration("smb", {}),
PluginConfiguration("ssh", {}),
]
SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration([], [], True, [])
NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration(
TCP_SCAN_CONFIGURATION, ICMP_CONFIGURATION, FINGERPRINTERS, SCAN_TARGET_CONFIGURATION
)
def build_default_agent_configuration() -> AgentConfiguration: EXPLOITATION_OPTIONS_CONFIGURATION = ExploitationOptionsConfiguration(HTTP_PORTS)
return AgentConfiguration.from_json(DEFAULT_AGENT_CONFIGURATION_JSON) BRUTE_FORCE_EXPLOITERS = [
ExploiterConfiguration("MSSQLExploiter", {}),
ExploiterConfiguration("PowerShellExploiter", {}),
ExploiterConfiguration("SSHExploiter", {}),
ExploiterConfiguration("SmbExploiter", {"smb_download_timeout": 30}),
ExploiterConfiguration("WmiExploiter", {"smb_download_timeout": 30}),
]
VULNERABILITY_EXPLOITERS = [
ExploiterConfiguration("Log4ShellExploiter", {}),
ExploiterConfiguration("HadoopExploiter", {}),
]
EXPLOITATION_CONFIGURATION = ExploitationConfiguration(
EXPLOITATION_OPTIONS_CONFIGURATION, BRUTE_FORCE_EXPLOITERS, VULNERABILITY_EXPLOITERS
)
PROPAGATION_CONFIGURATION = PropagationConfiguration(
maximum_depth=2,
network_scan=NETWORK_SCAN_CONFIGURATION,
exploitation=EXPLOITATION_CONFIGURATION,
)
DEFAULT_AGENT_CONFIGURATION = AgentConfiguration(
keep_tunnel_open_time=30,
custom_pbas=CUSTOM_PBA_CONFIGURATION,
post_breach_actions=PBA_CONFIGURATION,
credential_collectors=CREDENTIAL_COLLECTOR_CONFIGURATION,
payloads=PAYLOAD_CONFIGURATION,
propagation=PROPAGATION_CONFIGURATION,
)

4
monkey/monkey_island/cc/services/initialize.py
View File

@ -3,7 +3,7 @@ from pathlib import Path
from common import DIContainer from common import DIContainer
from common.aws import AWSInstance from common.aws import AWSInstance
from common.configuration import AgentConfiguration, build_default_agent_configuration from common.configuration import DEFAULT_AGENT_CONFIGURATION, AgentConfiguration
from common.utils.file_utils import get_binary_io_sha256_hash from common.utils.file_utils import get_binary_io_sha256_hash
from monkey_island.cc.repository import ( from monkey_island.cc.repository import (
AgentBinaryRepository, AgentBinaryRepository,
@ -32,7 +32,7 @@ def initialize_services(data_dir: Path) -> DIContainer:
container.register_convention(Path, "data_dir", data_dir) container.register_convention(Path, "data_dir", data_dir)
container.register_convention( container.register_convention(
AgentConfiguration, "default_agent_configuration", build_default_agent_configuration() AgentConfiguration, "default_agent_configuration", DEFAULT_AGENT_CONFIGURATION
) )
container.register_instance(AWSInstance, AWSInstance()) container.register_instance(AWSInstance, AWSInstance())

4
monkey/tests/unit_tests/conftest.py
View File

@ -9,7 +9,7 @@ from _pytest.monkeypatch import MonkeyPatch
MONKEY_BASE_PATH = str(Path(__file__).parent.parent.parent) MONKEY_BASE_PATH = str(Path(__file__).parent.parent.parent)
sys.path.insert(0, MONKEY_BASE_PATH) sys.path.insert(0, MONKEY_BASE_PATH)
from common.configuration import AgentConfiguration, build_default_agent_configuration # noqa: E402 from common.configuration import DEFAULT_AGENT_CONFIGURATION, AgentConfiguration # noqa: E402
@pytest.fixture(scope="session") @pytest.fixture(scope="session")
@ -60,4 +60,4 @@ def load_monkey_config(data_for_tests_dir) -> Callable[[str], Dict]:
@pytest.fixture @pytest.fixture
def default_agent_configuration() -> AgentConfiguration: def default_agent_configuration() -> AgentConfiguration:
return build_default_agent_configuration() return DEFAULT_AGENT_CONFIGURATION