From 03d3a22b42cde9993aeb76bfeb0e6c67536b75e2 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 16 Nov 2021 11:58:32 +0530 Subject: [PATCH 1/8] Island: Remove max iters and timeout between iters config option --- .../cc/services/config_schema/monkey.py | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py index 97fdbd19b..615212981 100644 --- a/monkey/monkey_island/cc/services/config_schema/monkey.py +++ b/monkey/monkey_island/cc/services/config_schema/monkey.py @@ -97,23 +97,6 @@ MONKEY = { "title": "Persistent scanning", "type": "object", "properties": { - "max_iterations": { - "title": "Max iterations", - "type": "integer", - "default": 1, - "minimum": 1, - "description": "Determines how many iterations of the monkey's full lifecycle " - "should occur " - "(how many times to do the scan)", - }, - "timeout_between_iterations": { - "title": "Wait time between iterations", - "type": "integer", - "default": 100, - "minimum": 0, - "description": "Determines for how long (in seconds) should the monkey wait " - "before starting another scan", - }, "retry_failed_explotation": { "title": "Retry failed exploitation", "type": "boolean", From e774fc8a1e9972e5daef41eec9a2b19fddeee0ec Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 16 Nov 2021 12:55:37 +0530 Subject: [PATCH 2/8] Agent: Remove max iters and timeout between iters options --- monkey/infection_monkey/config.py | 6 -- monkey/infection_monkey/example.conf | 2 - monkey/infection_monkey/monkey.py | 154 ++++++++++++--------------- 3 files changed, 71 insertions(+), 91 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 8d33af8fd..d37db1e15 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -99,12 +99,6 @@ class Configuration(object): # sets whether or not the monkey is alive. if false will stop scanning and exploiting alive = True - # how long to wait between scan iterations - timeout_between_iterations = 100 - - # how many scan iterations to perform on each run - max_iterations = 1 - finger_classes = [] exploiter_classes = [] system_info_collector_classes = [] diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index 556bdfcaa..b82e3e43f 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -43,7 +43,6 @@ "MSSQLFingerprint", "ElasticFinger" ], - "max_iterations": 3, "monkey_log_path_windows": "%temp%\\~df1563.tmp", "monkey_log_path_linux": "/tmp/user-1563", "ms08_067_exploit_attempts": 5, @@ -77,7 +76,6 @@ 7001, 8088 ], - "timeout_between_iterations": 10, "victims_max_exploit": 100, "victims_max_find": 100, "post_breach_actions": [] diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index cc9045408..b24cdf52c 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -208,98 +208,86 @@ class InfectionMonkey(object): raise PlannedShutdownException("Marked 'not alive' from configuration.") def propagate(self): - for iteration_index in range(WormConfiguration.max_iterations): - ControlClient.keepalive() - ControlClient.load_control_config() + ControlClient.keepalive() + ControlClient.load_control_config() - self._network.initialize() + self._network.initialize() - self._fingerprint = HostFinger.get_instances() + self._fingerprint = HostFinger.get_instances() - self._exploiters = HostExploiter.get_classes() + self._exploiters = HostExploiter.get_classes() - if not self._keep_running or not WormConfiguration.alive: + if not WormConfiguration.alive: + logger.info("Marked not alive from configuration") + + machines = self._network.get_victim_machines( + max_find=WormConfiguration.victims_max_find, + stop_callback=ControlClient.check_for_stop, + ) + for machine in machines: + if ControlClient.check_for_stop(): break - machines = self._network.get_victim_machines( - max_find=WormConfiguration.victims_max_find, - stop_callback=ControlClient.check_for_stop, - ) - is_empty = True - for machine in machines: - if ControlClient.check_for_stop(): - break - - is_empty = False - for finger in self._fingerprint: - logger.info( - "Trying to get OS fingerprint from %r with module %s", - machine, - finger.__class__.__name__, - ) - try: - finger.get_host_fingerprint(machine) - except BaseException as exc: - logger.error( - "Failed to run fingerprinter %s, exception %s" - % finger.__class__.__name__, - str(exc), - ) - - ScanTelem(machine).send() - - # skip machines that we've already exploited - if machine in self._exploited_machines: - logger.debug("Skipping %r - already exploited", machine) - continue - elif machine in self._fail_exploitation_machines: - if WormConfiguration.retry_failed_explotation: - logger.debug("%r - exploitation failed before, trying again", machine) - else: - logger.debug("Skipping %r - exploitation failed before", machine) - continue - - if self._monkey_tunnel: - self._monkey_tunnel.set_tunnel_for_host(machine) - if self._default_server: - if self._network.on_island(self._default_server): - machine.set_default_server( - get_interface_to_target(machine.ip_addr) - + (":" + self._default_server_port if self._default_server_port else "") - ) - else: - machine.set_default_server(self._default_server) - logger.debug( - "Default server for machine: %r set to %s" - % (machine, machine.default_server) - ) - - # Order exploits according to their type - self._exploiters = sorted( - self._exploiters, key=lambda exploiter_: exploiter_.EXPLOIT_TYPE.value + for finger in self._fingerprint: + logger.info( + "Trying to get OS fingerprint from %r with module %s", + machine, + finger.__class__.__name__, ) - host_exploited = False - for exploiter in [exploiter(machine) for exploiter in self._exploiters]: - if self.try_exploiting(machine, exploiter): - host_exploited = True - VictimHostTelem("T1210", ScanStatus.USED, machine=machine).send() - if exploiter.RUNS_AGENT_ON_SUCCESS: - break # if adding machine to exploited, won't try other exploits - # on it - if not host_exploited: - self._fail_exploitation_machines.add(machine) - VictimHostTelem("T1210", ScanStatus.SCANNED, machine=machine).send() - if not self._keep_running: - break + try: + finger.get_host_fingerprint(machine) + except BaseException as exc: + logger.error( + "Failed to run fingerprinter %s, exception %s" % finger.__class__.__name__, + str(exc), + ) - if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1): - time_to_sleep = WormConfiguration.timeout_between_iterations - logger.info("Sleeping %d seconds before next life cycle iteration", time_to_sleep) - time.sleep(time_to_sleep) + ScanTelem(machine).send() - if self._keep_running and WormConfiguration.alive: - logger.info("Reached max iterations (%d)", WormConfiguration.max_iterations) - elif not WormConfiguration.alive: + # skip machines that we've already exploited + if machine in self._exploited_machines: + logger.debug("Skipping %r - already exploited", machine) + continue + elif machine in self._fail_exploitation_machines: + if WormConfiguration.retry_failed_explotation: + logger.debug("%r - exploitation failed before, trying again", machine) + else: + logger.debug("Skipping %r - exploitation failed before", machine) + continue + + if self._monkey_tunnel: + self._monkey_tunnel.set_tunnel_for_host(machine) + if self._default_server: + if self._network.on_island(self._default_server): + machine.set_default_server( + get_interface_to_target(machine.ip_addr) + + (":" + self._default_server_port if self._default_server_port else "") + ) + else: + machine.set_default_server(self._default_server) + logger.debug( + "Default server for machine: %r set to %s" % (machine, machine.default_server) + ) + + # Order exploits according to their type + self._exploiters = sorted( + self._exploiters, key=lambda exploiter_: exploiter_.EXPLOIT_TYPE.value + ) + host_exploited = False + for exploiter in [exploiter(machine) for exploiter in self._exploiters]: + if self.try_exploiting(machine, exploiter): + host_exploited = True + VictimHostTelem("T1210", ScanStatus.USED, machine=machine).send() + if exploiter.RUNS_AGENT_ON_SUCCESS: + break # if adding machine to exploited, won't try other exploits + # on it + if not host_exploited: + self._fail_exploitation_machines.add(machine) + VictimHostTelem("T1210", ScanStatus.SCANNED, machine=machine).send() + if not self._keep_running: + break + + if not WormConfiguration.alive: logger.info("Marked not alive from configuration") def upgrade_to_64_if_needed(self): From f6ebc2ffeac6ca9b51c68eba0096ec634a31f538 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 16 Nov 2021 12:56:28 +0530 Subject: [PATCH 3/8] UT: Remove max iters and timeout between iters config options from UT sample config --- .../data_for_tests/monkey_configs/monkey_config_standard.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json index d27f142e7..9e68d080c 100644 --- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json +++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json @@ -165,8 +165,6 @@ ] }, "persistent_scanning": { - "max_iterations": 1, - "timeout_between_iterations": 100, "retry_failed_explotation": true } } From 828d152203c243966f80485adbae31d8ce942ff9 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 16 Nov 2021 13:01:51 +0530 Subject: [PATCH 4/8] Changelog: Add entry for removing max iters and timeout between iters config options --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5cf8edab4..22cc8d781 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/). - Azure credential collector, because it was broken (not gathering credentials). #1535 - Custom monkey directory name config option. #1537 - Hostname system info collector. #1535 +- Max iterations and timeout between iterations config options. #1600 ### Fixed - A bug in network map page that caused delay of telemetry log loading. #1545 From de2515a2f482e1d49d43be4e96933e3bbbf6de6d Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Thu, 18 Nov 2021 12:14:14 +0530 Subject: [PATCH 5/8] Island: Remove persistent scanning section from config since none of its fields are needed now --- .../cc/services/config_schema/monkey.py | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py index 615212981..480aa0852 100644 --- a/monkey/monkey_island/cc/services/config_schema/monkey.py +++ b/monkey/monkey_island/cc/services/config_schema/monkey.py @@ -93,18 +93,5 @@ MONKEY = { }, }, }, - "persistent_scanning": { - "title": "Persistent scanning", - "type": "object", - "properties": { - "retry_failed_explotation": { - "title": "Retry failed exploitation", - "type": "boolean", - "default": True, - "description": "Determines whether the monkey should retry exploiting machines" - " it didn't successfully exploit on previous scans", - }, - }, - }, }, } From 1e76810e77ba357c5d316ff0224b5ac49705cac4 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Thu, 18 Nov 2021 12:22:12 +0530 Subject: [PATCH 6/8] Agent: Remove retry failed exploitation option --- monkey/infection_monkey/config.py | 3 --- monkey/infection_monkey/example.conf | 1 - monkey/infection_monkey/monkey.py | 6 ------ 3 files changed, 10 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index d37db1e15..8f4984ba6 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -118,9 +118,6 @@ class Configuration(object): # Configuration servers to try to connect to, in this order. command_servers = ["192.0.2.0:5000"] - # sets whether or not to retry failed hosts on next scan - retry_failed_explotation = True - keep_tunnel_open_time = 60 ########################### diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index b82e3e43f..dcb3b3138 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -50,7 +50,6 @@ "ping_scan_timeout": 10000, "smb_download_timeout": 300, "smb_service_name": "InfectionMonkey", - "retry_failed_explotation": true, "self_delete_in_cleanup": true, "skip_exploit_if_file_exist": false, "exploit_user_list": [], diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index b24cdf52c..4160a36e0 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -248,12 +248,6 @@ class InfectionMonkey(object): if machine in self._exploited_machines: logger.debug("Skipping %r - already exploited", machine) continue - elif machine in self._fail_exploitation_machines: - if WormConfiguration.retry_failed_explotation: - logger.debug("%r - exploitation failed before, trying again", machine) - else: - logger.debug("Skipping %r - exploitation failed before", machine) - continue if self._monkey_tunnel: self._monkey_tunnel.set_tunnel_for_host(machine) From 1c7df88ee42f5c3f40cb5d094df26e94d6bf43a2 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Thu, 18 Nov 2021 12:23:57 +0530 Subject: [PATCH 7/8] UT: Remove persistent scanning config section from UT sample config --- .../data_for_tests/monkey_configs/monkey_config_standard.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json index 9e68d080c..112d649d8 100644 --- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json +++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json @@ -163,9 +163,6 @@ "processlistcollector", "mimikatzcollector" ] - }, - "persistent_scanning": { - "retry_failed_explotation": true } } } From 52019f25c69d32578a5d15b63e96c41012c18fb4 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 19 Nov 2021 07:57:53 -0500 Subject: [PATCH 8/8] =?UTF-8?q?docs(swimm):=20update=20exercise=20Add=20a?= =?UTF-8?q?=20new=20configuration=20setting=20to=20the=20Agent=20=E2=9A=99?= =?UTF-8?q?=20AzD8XysWg1BBXCjCDkfq?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .swm/AzD8XysWg1BBXCjCDkfq.swm | 36 +++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.swm/AzD8XysWg1BBXCjCDkfq.swm b/.swm/AzD8XysWg1BBXCjCDkfq.swm index 29ad78526..708d8e8c5 100644 --- a/.swm/AzD8XysWg1BBXCjCDkfq.swm +++ b/.swm/AzD8XysWg1BBXCjCDkfq.swm @@ -17,13 +17,13 @@ "type": "snippet", "path": "monkey/infection_monkey/config.py", "comments": [], - "firstLineNumber": 124, + "firstLineNumber": 103, "lines": [ " exploiter_classes = []", " system_info_collector_classes = []", " ", - "* # how many victims to look for in a single scan iteration\r", - "* victims_max_find = 100\r", + "* # how many victims to look for in a single scan iteration", + "* victims_max_find = 100", " ", " # how many victims to exploit before stopping", " victims_max_exploit = 100" @@ -35,23 +35,23 @@ "comments": [], "firstLineNumber": 220, "lines": [ - " if not self._keep_running or not WormConfiguration.alive:", - " break", + " if not WormConfiguration.alive:", + " logger.info(\"Marked not alive from configuration\")", " ", - "* machines = self._network.get_victim_machines(", - "* max_find=WormConfiguration.victims_max_find,", - "* stop_callback=ControlClient.check_for_stop,", - "* )", - " is_empty = True", - " for machine in machines:", - " if ControlClient.check_for_stop():" + "* machines = self._network.get_victim_machines(", + "* max_find=WormConfiguration.victims_max_find,", + "* stop_callback=ControlClient.check_for_stop,", + "* )", + " for machine in machines:", + " if ControlClient.check_for_stop():", + " break" ] }, { "type": "snippet", "path": "monkey/monkey_island/cc/services/config_schema/internal.py", "comments": [], - "firstLineNumber": 42, + "firstLineNumber": 28, "lines": [ " \"title\": \"Monkey\",", " \"type\": \"object\",", @@ -74,13 +74,13 @@ } ], "symbols": {}, - "file_version": "2.0.1", + "file_version": "2.0.3", "meta": { - "app_version": "0.4.9-1", + "app_version": "0.6.6-2", "file_blobs": { - "monkey/infection_monkey/config.py": "0bede1c57949987f5c8025bd9b8f7aa29d02a6af", - "monkey/infection_monkey/monkey.py": "89d2fa8452dee70f6d2985a9bb452f0159ea8219", - "monkey/monkey_island/cc/services/config_schema/internal.py": "1ce1c864b1df332b65e16b4ce9ed533affd73f9c" + "monkey/infection_monkey/config.py": "8f4984ba6563564343282765ab498efca5d89ba8", + "monkey/infection_monkey/monkey.py": "4160a36e0e624404d77526472d51dd07bba49e5a", + "monkey/monkey_island/cc/services/config_schema/internal.py": "86318eaf19b9991a8af5de861a3eb085238e17a4" } } }