From 9fb0a5628de6b08ccd4d62961196c091b6202bae Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 4 Mar 2021 10:46:05 +0200 Subject: [PATCH 01/64] Fixed cryptography requirement for infection monkey, latest one doesn't have a pre-built wheel --- monkey/infection_monkey/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/monkey/infection_monkey/requirements.txt b/monkey/infection_monkey/requirements.txt index 0a1dbd282..dc0ab227e 100644 --- a/monkey/infection_monkey/requirements.txt +++ b/monkey/infection_monkey/requirements.txt @@ -1,3 +1,4 @@ +cryptography==2.5 WinSys-3.x>=0.5.2 cffi>=1.14 ecdsa==0.15 From 3848dbeb324d129949713c615adbe36b179b884b Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 5 Mar 2021 10:46:07 +0200 Subject: [PATCH 02/64] Fixed a bug in configuration generation for BB tests. Bug was related to incorrect references --- envs/monkey_zoo/blackbox/island_configs/ssh.py | 4 +++- envs/monkey_zoo/blackbox/island_configs/struts2.py | 4 +++- envs/monkey_zoo/blackbox/island_configs/tunneling.py | 4 +++- envs/monkey_zoo/blackbox/island_configs/weblogic.py | 4 +++- envs/monkey_zoo/blackbox/island_configs/wmi_mimikatz.py | 4 +++- envs/monkey_zoo/blackbox/island_configs/wmi_pth.py | 4 +++- envs/monkey_zoo/blackbox/test_blackbox.py | 1 + 7 files changed, 19 insertions(+), 6 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_configs/ssh.py b/envs/monkey_zoo/blackbox/island_configs/ssh.py index f6a5b1762..a0c3a285e 100644 --- a/envs/monkey_zoo/blackbox/island_configs/ssh.py +++ b/envs/monkey_zoo/blackbox/island_configs/ssh.py @@ -1,8 +1,10 @@ +from copy import copy + from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate class Ssh(BaseTemplate): - config_values = BaseTemplate.config_values + config_values = copy(BaseTemplate.config_values) config_values.update({ "basic.exploiters.exploiter_classes": ["SSHExploiter"], diff --git a/envs/monkey_zoo/blackbox/island_configs/struts2.py b/envs/monkey_zoo/blackbox/island_configs/struts2.py index e88c0899f..a94ae714a 100644 --- a/envs/monkey_zoo/blackbox/island_configs/struts2.py +++ b/envs/monkey_zoo/blackbox/island_configs/struts2.py @@ -1,9 +1,11 @@ +from copy import copy + from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate class Struts2(BaseTemplate): - config_values = BaseTemplate.config_values + config_values = copy(BaseTemplate.config_values) config_values.update({ "basic.exploiters.exploiter_classes": ["Struts2Exploiter"], diff --git a/envs/monkey_zoo/blackbox/island_configs/tunneling.py b/envs/monkey_zoo/blackbox/island_configs/tunneling.py index 458b89794..9badf1a17 100644 --- a/envs/monkey_zoo/blackbox/island_configs/tunneling.py +++ b/envs/monkey_zoo/blackbox/island_configs/tunneling.py @@ -1,8 +1,10 @@ +from copy import copy + from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate class Tunneling(BaseTemplate): - config_values = BaseTemplate.config_values + config_values = copy(BaseTemplate.config_values) config_values.update({ "basic.exploiters.exploiter_classes": ["SmbExploiter", diff --git a/envs/monkey_zoo/blackbox/island_configs/weblogic.py b/envs/monkey_zoo/blackbox/island_configs/weblogic.py index 433067cb9..8632f0efa 100644 --- a/envs/monkey_zoo/blackbox/island_configs/weblogic.py +++ b/envs/monkey_zoo/blackbox/island_configs/weblogic.py @@ -1,9 +1,11 @@ +from copy import copy + from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate class Weblogic(BaseTemplate): - config_values = BaseTemplate.config_values + config_values = copy(BaseTemplate.config_values) config_values.update({ "basic.exploiters.exploiter_classes": ["WebLogicExploiter"], diff --git a/envs/monkey_zoo/blackbox/island_configs/wmi_mimikatz.py b/envs/monkey_zoo/blackbox/island_configs/wmi_mimikatz.py index 73bd913cd..11b0fc026 100644 --- a/envs/monkey_zoo/blackbox/island_configs/wmi_mimikatz.py +++ b/envs/monkey_zoo/blackbox/island_configs/wmi_mimikatz.py @@ -1,8 +1,10 @@ +from copy import copy + from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate class WmiMimikatz(BaseTemplate): - config_values = BaseTemplate.config_values + config_values = copy(BaseTemplate.config_values) config_values.update({ "basic.exploiters.exploiter_classes": ["WmiExploiter"], diff --git a/envs/monkey_zoo/blackbox/island_configs/wmi_pth.py b/envs/monkey_zoo/blackbox/island_configs/wmi_pth.py index dcb735c78..a435f25e4 100644 --- a/envs/monkey_zoo/blackbox/island_configs/wmi_pth.py +++ b/envs/monkey_zoo/blackbox/island_configs/wmi_pth.py @@ -1,8 +1,10 @@ +from copy import copy + from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate class WmiPth(BaseTemplate): - config_values = BaseTemplate.config_values + config_values = copy(BaseTemplate.config_values) config_values.update({ "basic.exploiters.exploiter_classes": ["WmiExploiter"], diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index e5a77ef45..d895f7cfe 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -46,6 +46,7 @@ GCP_TEST_MACHINE_LIST = ['sshkeys-11', 'sshkeys-12', 'elastic-4', 'elastic-5', ' 'mimikatz-14', 'mimikatz-15', 'struts2-23', 'struts2-24', 'tunneling-9', 'tunneling-10', 'tunneling-11', 'tunneling-12', 'weblogic-18', 'weblogic-19', 'shellshock-8', 'zerologon-25'] LOG_DIR_PATH = "./logs" +logging.basicConfig(level=logging.INFO) LOGGER = logging.getLogger(__name__) From 43c5834d512c39685911ceeec580c2b70b25462b Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 5 Mar 2021 10:05:50 -0500 Subject: [PATCH 03/64] cc: add useful debug logging that explains errors in HTTPFinger --- monkey/infection_monkey/network/httpfinger.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/network/httpfinger.py b/monkey/infection_monkey/network/httpfinger.py index 26e362a5f..1ce026c11 100644 --- a/monkey/infection_monkey/network/httpfinger.py +++ b/monkey/infection_monkey/network/httpfinger.py @@ -43,8 +43,8 @@ class HTTPFinger(HostFinger): LOG.info("Port %d is open on host %s " % (port[0], host)) break # https will be the same on the same port except Timeout: - pass + LOG.debug(f"Timout while requesting headers from {url}") except ConnectionError: # Someone doesn't like us - pass + LOG.debug(f"ConnetionError while requesting headers from {url}") return True From 793bb99309011bef23148090f1a49a4c37c38bfe Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 5 Mar 2021 12:32:34 -0500 Subject: [PATCH 04/64] ui: properly render master checkbox on import or reset Fixes #1018 --- .../components/ui-components/AdvancedMultiSelect.js | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js b/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js index 8503a74fc..a8878c986 100644 --- a/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js +++ b/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js @@ -94,9 +94,11 @@ class AdvancedMultiSelect extends React.Component { } setMasterCheckboxState(selectValues) { - this.setState(() => ({ - masterCheckboxState: this.getMasterCheckboxState(selectValues) - })); + let newState = this.getMasterCheckboxState(selectValues); + + if (newState != this.state.masterCheckboxState) { + this.setState({masterCheckboxState: newState}); + } } getMasterCheckboxState(selectValues) { @@ -188,6 +190,10 @@ class AdvancedMultiSelect extends React.Component { ); } + + componentDidUpdate(_prevProps) { + this.setMasterCheckboxState(this.props.value); + } } export default AdvancedMultiSelect; From 5e21ff88cb6f8f2b74e0f52a521eb113f2168a38 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 5 Mar 2021 12:32:57 -0500 Subject: [PATCH 05/64] ui: minor style changes in AdvancedMultiSelect --- .../components/ui-components/AdvancedMultiSelect.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js b/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js index a8878c986..193cb40b0 100644 --- a/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js +++ b/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js @@ -43,7 +43,7 @@ class AdvancedMultiSelect extends React.Component { infoPaneParams: getDefaultPaneParams( this.infoPaneRefString, this.registry, - this.isUnsafeOptionSelected(this.props.value) + this.isUnsafeOptionSelected(props.value) ) }; } @@ -164,11 +164,12 @@ class AdvancedMultiSelect extends React.Component { render() { const { - schema, + autofocus, id, - required, multiple, - autofocus + required, + schema, + value } = this.props; return ( @@ -181,7 +182,7 @@ class AdvancedMultiSelect extends React.Component { + selectedValues={value} enumOptions={this.enumOptions}/> Date: Mon, 8 Mar 2021 11:02:15 +0200 Subject: [PATCH 06/64] Moved common config value paths to common --- .../config_schema => common}/config_value_paths.py | 0 .../cc/services/attack/technique_reports/T1065.py | 2 +- monkey/monkey_island/cc/services/config.py | 8 ++++---- monkey/monkey_island/cc/services/configuration/utils.py | 2 +- monkey/monkey_island/cc/services/reporting/report.py | 6 +++--- .../zero_trust/scoutsuite/scoutsuite_auth_service.py | 2 +- .../zero_trust/scoutsuite/test_scoutsuite_auth_service.py | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) rename monkey/{monkey_island/cc/services/config_schema => common}/config_value_paths.py (100%) diff --git a/monkey/monkey_island/cc/services/config_schema/config_value_paths.py b/monkey/common/config_value_paths.py similarity index 100% rename from monkey/monkey_island/cc/services/config_schema/config_value_paths.py rename to monkey/common/config_value_paths.py diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py index c3fcd03e8..3b18be488 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py @@ -4,7 +4,7 @@ from monkey_island.cc.services.config import ConfigService __author__ = "VakarisZ" -from monkey_island.cc.services.config_schema.config_value_paths import CURRENT_SERVER_PATH +from common.config_value_paths import CURRENT_SERVER_PATH class T1065(AttackTechnique): diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index b4370a63b..390380131 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -14,10 +14,10 @@ from monkey_island.cc.services.config_schema.config_schema import SCHEMA __author__ = "itay.mizeretz" -from monkey_island.cc.services.config_schema.config_value_paths import (AWS_KEYS_PATH, EXPORT_MONKEY_TELEMS_PATH, - LM_HASH_LIST_PATH, NTLM_HASH_LIST_PATH, - PASSWORD_LIST_PATH, SSH_KEYS_PATH, - STARTED_ON_ISLAND_PATH, USER_LIST_PATH) +from common.config_value_paths import (AWS_KEYS_PATH, EXPORT_MONKEY_TELEMS_PATH, + LM_HASH_LIST_PATH, NTLM_HASH_LIST_PATH, + PASSWORD_LIST_PATH, SSH_KEYS_PATH, + STARTED_ON_ISLAND_PATH, USER_LIST_PATH) logger = logging.getLogger(__name__) diff --git a/monkey/monkey_island/cc/services/configuration/utils.py b/monkey/monkey_island/cc/services/configuration/utils.py index 48857e2e3..493d5af03 100644 --- a/monkey/monkey_island/cc/services/configuration/utils.py +++ b/monkey/monkey_island/cc/services/configuration/utils.py @@ -1,5 +1,5 @@ from monkey_island.cc.services.config import ConfigService -from monkey_island.cc.services.config_schema.config_value_paths import INACCESSIBLE_SUBNETS_PATH +from common.config_value_paths import INACCESSIBLE_SUBNETS_PATH def get_config_network_segments_as_subnet_groups(): diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index 5970a33b7..a23aa6d85 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -12,9 +12,9 @@ from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey from monkey_island.cc.services.utils.network_utils import get_subnets, local_ip_addresses from monkey_island.cc.services.config import ConfigService -from monkey_island.cc.services.config_schema.config_value_paths import (EXPLOITER_CLASSES_PATH, LOCAL_NETWORK_SCAN_PATH, - PASSWORD_LIST_PATH, SUBNET_SCAN_LIST_PATH, - USER_LIST_PATH) +from common.config_value_paths import (EXPLOITER_CLASSES_PATH, LOCAL_NETWORK_SCAN_PATH, + PASSWORD_LIST_PATH, SUBNET_SCAN_LIST_PATH, + USER_LIST_PATH) from monkey_island.cc.services.configuration.utils import get_config_network_segments_as_subnet_groups from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.reporting.pth_report import PTHReportService diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py index dc3f8d5ee..b5d405234 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py @@ -6,7 +6,7 @@ from common.cloud.scoutsuite_consts import CloudProviders from common.utils.exceptions import InvalidAWSKeys from monkey_island.cc.server_utils.encryptor import encryptor from monkey_island.cc.services.config import ConfigService -from monkey_island.cc.services.config_schema.config_value_paths import AWS_KEYS_PATH +from common.config_value_paths import AWS_KEYS_PATH def is_cloud_authentication_setup(provider: CloudProviders) -> Tuple[bool, str]: diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py index 24e700ce6..c35e55a8f 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py @@ -6,7 +6,7 @@ import dpath.util from monkey_island.cc.database import mongo from monkey_island.cc.server_utils import encryptor from monkey_island.cc.services.config import ConfigService -from monkey_island.cc.services.config_schema.config_value_paths import AWS_KEYS_PATH +from common.config_value_paths import AWS_KEYS_PATH from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import is_aws_keys_setup from monkey_island.cc.test_common.fixtures import FixtureEnum From f6b068229735383fc9f65833b7e430494956b5cb Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 11:07:24 +0200 Subject: [PATCH 07/64] Added ZeroLogon test to the BlackBox infrastructure. --- .../monkey_zoo/blackbox/analyzers/analyzer.py | 2 +- .../blackbox/analyzers/zerologon_analyzer.py | 42 +++++++++++++++++++ .../blackbox/island_configs/zerologon.py | 13 ++++++ envs/monkey_zoo/blackbox/test_blackbox.py | 17 ++++++++ 4 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py create mode 100644 envs/monkey_zoo/blackbox/island_configs/zerologon.py diff --git a/envs/monkey_zoo/blackbox/analyzers/analyzer.py b/envs/monkey_zoo/blackbox/analyzers/analyzer.py index d6043feeb..13db46cb3 100644 --- a/envs/monkey_zoo/blackbox/analyzers/analyzer.py +++ b/envs/monkey_zoo/blackbox/analyzers/analyzer.py @@ -4,5 +4,5 @@ from abc import ABCMeta, abstractmethod class Analyzer(object, metaclass=ABCMeta): @abstractmethod - def analyze_test_results(self): + def analyze_test_results(self) -> bool: raise NotImplementedError() diff --git a/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py b/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py new file mode 100644 index 000000000..691724830 --- /dev/null +++ b/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py @@ -0,0 +1,42 @@ +from typing import List + +import dpath.util + +from common.config_value_paths import USER_LIST_PATH, PASSWORD_LIST_PATH, NTLM_HASH_LIST_PATH, LM_HASH_LIST_PATH +from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer +from envs.monkey_zoo.blackbox.analyzers.analyzer_log import AnalyzerLog +from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient + +# Query for telemetry collection to see if password restoration was successful +TELEM_QUERY = {'telem_category': 'exploit', + 'data.exploiter': 'ZerologonExploiter', + 'data.info.password_restored': True} + + +class ZeroLogonAnalyzer(Analyzer): + + def __init__(self, island_client: MonkeyIslandClient, expected_credentials: List[str]): + self.island_client = island_client + self.expected_credentials = expected_credentials + self.log = AnalyzerLog(self.__class__.__name__) + + def analyze_test_results(self): + self.log.clear() + return self._analyze_credential_gathering() and self._analyze_credential_restore() + + def _analyze_credential_gathering(self) -> bool: + credentials_on_island = [] + config = self.island_client.get_config() + credentials_on_island.extend(dpath.util.get(config['configuration'], USER_LIST_PATH)) + credentials_on_island.extend(dpath.util.get(config['configuration'], NTLM_HASH_LIST_PATH)) + credentials_on_island.extend(dpath.util.get(config['configuration'], LM_HASH_LIST_PATH)) + return ZeroLogonAnalyzer._is_all_credentials_in_list(self.expected_credentials, + credentials_on_island) + + @staticmethod + def _is_all_credentials_in_list(expected_creds: List[str], + all_creds: List[str]) -> bool: + return all((cred in all_creds) for cred in expected_creds) + + def _analyze_credential_restore(self) -> bool: + return bool(self.island_client.find_telems_in_db(TELEM_QUERY)) diff --git a/envs/monkey_zoo/blackbox/island_configs/zerologon.py b/envs/monkey_zoo/blackbox/island_configs/zerologon.py new file mode 100644 index 000000000..725fa91b9 --- /dev/null +++ b/envs/monkey_zoo/blackbox/island_configs/zerologon.py @@ -0,0 +1,13 @@ +from copy import copy + +from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate + + +class ZeroLogon(BaseTemplate): + + config_values = copy(BaseTemplate.config_values) + + config_values.update({ + "basic.exploiters.exploiter_classes": ["ZerologonExploiter"], + "basic_network.scope.subnet_scan_list": ["10.2.2.25"] + }) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index d895f7cfe..7560b5d42 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -7,6 +7,7 @@ from typing_extensions import Type from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \ CommunicationAnalyzer +from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZeroLogonAnalyzer from envs.monkey_zoo.blackbox.island_client.island_config_parser import \ IslandConfigParser from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ @@ -25,6 +26,7 @@ from envs.monkey_zoo.blackbox.island_configs.tunneling import Tunneling from envs.monkey_zoo.blackbox.island_configs.weblogic import Weblogic from envs.monkey_zoo.blackbox.island_configs.wmi_mimikatz import WmiMimikatz from envs.monkey_zoo.blackbox.island_configs.wmi_pth import WmiPth +from envs.monkey_zoo.blackbox.island_configs.zerologon import ZeroLogon from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \ TestLogsHandler from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest @@ -160,6 +162,21 @@ class TestMonkeyBlackbox: def test_wmi_pth(self, island_client): TestMonkeyBlackbox.run_exploitation_test(island_client, WmiPth, "WMI_PTH") + def test_zerologon_exploiter(self, island_client): + test_name = "ZeroLogon_exploiter" + expected_creds = ["test_username", "test_ntlm_hash"] + raw_config = IslandConfigParser.get_raw_config(ZeroLogon, island_client) + analyzer = ZeroLogonAnalyzer(island_client, expected_creds) + log_handler = TestLogsHandler(test_name, island_client, TestMonkeyBlackbox.get_log_dir_path()) + ExploitationTest( + name=test_name, + island_client=island_client, + raw_config=raw_config, + analyzers=[analyzer], + timeout=DEFAULT_TIMEOUT_SECONDS, + log_handler=log_handler).run() + TestMonkeyBlackbox.run_exploitation_test(island_client, ZeroLogon, "ZeroLogon_exploiter") + @pytest.mark.skip(reason="Perfomance test that creates env from fake telemetries is faster, use that instead.") def test_report_generation_performance(self, island_client, quick_performance_tests): """ From 263fa53ea558d9e5065135827ea7375d8c377640 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 11:13:31 +0200 Subject: [PATCH 08/64] Added an endpoint on the island for telemetry tests. This allows for tests like blackbox tests to send queries and check whether a certain telemetry is in the database or not --- .../blackbox/island_client/monkey_island_client.py | 11 ++++++++++- monkey/monkey_island/cc/app.py | 3 +++ .../cc/resources/test/telemetry_test.py | 13 +++++++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 monkey/monkey_island/cc/resources/test/telemetry_test.py diff --git a/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py b/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py index 050cfe04c..304996ebd 100644 --- a/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py +++ b/envs/monkey_zoo/blackbox/island_client/monkey_island_client.py @@ -1,6 +1,7 @@ import json import logging from time import sleep +from typing import Union from bson import json_util @@ -8,6 +9,7 @@ from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import Monkey SLEEP_BETWEEN_REQUESTS_SECONDS = 0.5 MONKEY_TEST_ENDPOINT = 'api/test/monkey' +TELEMETRY_TEST_ENDPOINT = 'api/test/telemetry' LOG_TEST_ENDPOINT = 'api/test/log' LOGGER = logging.getLogger(__name__) @@ -67,6 +69,13 @@ class MonkeyIslandClient(object): MonkeyIslandClient.form_find_query_for_request(query)) return MonkeyIslandClient.get_test_query_results(response) + def find_telems_in_db(self, query: dict): + if query is None: + raise TypeError + response = self.requests.get(TELEMETRY_TEST_ENDPOINT, + MonkeyIslandClient.form_find_query_for_request(query)) + return MonkeyIslandClient.get_test_query_results(response) + def get_all_monkeys_from_db(self): response = self.requests.get(MONKEY_TEST_ENDPOINT, MonkeyIslandClient.form_find_query_for_request(None)) @@ -78,7 +87,7 @@ class MonkeyIslandClient(object): return MonkeyIslandClient.get_test_query_results(response) @staticmethod - def form_find_query_for_request(query): + def form_find_query_for_request(query: Union[dict, None]) -> dict: return {'find_query': json_util.dumps(query)} @staticmethod diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index c53c04caa..c7fd0006f 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -7,6 +7,7 @@ from werkzeug.exceptions import NotFound import monkey_island.cc.environment.environment_singleton as env_singleton from common.common_consts.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH +from monkey_island.cc.resources.test.telemetry_test import TelemetryTest from monkey_island.cc.resources.zero_trust.zero_trust_report import ZeroTrustReport from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH from monkey_island.cc.server_utils.custom_json_encoder import CustomJSONEncoder @@ -145,9 +146,11 @@ def init_api_resources(api): api.add_resource(ScoutSuiteAuth, '/api/scoutsuite_auth/') api.add_resource(AWSKeys, '/api/aws_keys') + # Resources used by black box tests api.add_resource(MonkeyTest, '/api/test/monkey') api.add_resource(ClearCaches, '/api/test/clear_caches') api.add_resource(LogTest, '/api/test/log') + api.add_resource(TelemetryTest, '/api/test/telemetry') def init_app(mongo_url): diff --git a/monkey/monkey_island/cc/resources/test/telemetry_test.py b/monkey/monkey_island/cc/resources/test/telemetry_test.py new file mode 100644 index 000000000..29108070e --- /dev/null +++ b/monkey/monkey_island/cc/resources/test/telemetry_test.py @@ -0,0 +1,13 @@ +import flask_restful +from bson import json_util +from flask import request + +from monkey_island.cc.database import mongo +from monkey_island.cc.resources.auth.auth import jwt_required + + +class TelemetryTest(flask_restful.Resource): + @jwt_required + def get(self, **kw): + find_query = json_util.loads(request.args.get('find_query')) + return {'results': list(mongo.db.telemetry.find(find_query))} From 44f6ce36b6c60064d318f590484521fb8ecf5fd0 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 12:05:00 +0200 Subject: [PATCH 09/64] Fixed credentials in zerologon exploiter to match. --- envs/monkey_zoo/blackbox/island_configs/zerologon.py | 4 +++- envs/monkey_zoo/blackbox/test_blackbox.py | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_configs/zerologon.py b/envs/monkey_zoo/blackbox/island_configs/zerologon.py index 725fa91b9..3c31e3d6a 100644 --- a/envs/monkey_zoo/blackbox/island_configs/zerologon.py +++ b/envs/monkey_zoo/blackbox/island_configs/zerologon.py @@ -9,5 +9,7 @@ class ZeroLogon(BaseTemplate): config_values.update({ "basic.exploiters.exploiter_classes": ["ZerologonExploiter"], - "basic_network.scope.subnet_scan_list": ["10.2.2.25"] + "basic_network.scope.subnet_scan_list": ["10.2.2.25"], + # Empty list to make sure ZeroLogon adds "Administrator" username + "basic.credentials.exploit_user_list": [] }) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index 7560b5d42..d3496a519 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -164,7 +164,9 @@ class TestMonkeyBlackbox: def test_zerologon_exploiter(self, island_client): test_name = "ZeroLogon_exploiter" - expected_creds = ["test_username", "test_ntlm_hash"] + expected_creds = ["Administrator", + "aad3b435b51404eeaad3b435b51404ee", + "2864b62ea4496934a5d6e86f50b834a5"] raw_config = IslandConfigParser.get_raw_config(ZeroLogon, island_client) analyzer = ZeroLogonAnalyzer(island_client, expected_creds) log_handler = TestLogsHandler(test_name, island_client, TestMonkeyBlackbox.get_log_dir_path()) From b43f6690812216fffe4ee02f21320d1a22363bcd Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 12:35:31 +0200 Subject: [PATCH 10/64] Bugfix: removed unneeded exploitation test run in ZeroLogon BB test --- envs/monkey_zoo/blackbox/test_blackbox.py | 1 - 1 file changed, 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index d3496a519..4d083907f 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -177,7 +177,6 @@ class TestMonkeyBlackbox: analyzers=[analyzer], timeout=DEFAULT_TIMEOUT_SECONDS, log_handler=log_handler).run() - TestMonkeyBlackbox.run_exploitation_test(island_client, ZeroLogon, "ZeroLogon_exploiter") @pytest.mark.skip(reason="Perfomance test that creates env from fake telemetries is faster, use that instead.") def test_report_generation_performance(self, island_client, quick_performance_tests): From 70ec513f51ac9a26702cb3a07252cad0998ee243 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 13:10:14 +0200 Subject: [PATCH 11/64] Added logging to the ZeroLogon analyzer --- .../blackbox/analyzers/zerologon_analyzer.py | 37 +++++++++++++++---- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py b/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py index 691724830..20fdac468 100644 --- a/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py +++ b/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py @@ -1,4 +1,5 @@ from typing import List +from pprint import pformat import dpath.util @@ -22,7 +23,9 @@ class ZeroLogonAnalyzer(Analyzer): def analyze_test_results(self): self.log.clear() - return self._analyze_credential_gathering() and self._analyze_credential_restore() + is_creds_gathered = self._analyze_credential_gathering() + is_creds_restored = self._analyze_credential_restore() + return is_creds_gathered and is_creds_restored def _analyze_credential_gathering(self) -> bool: credentials_on_island = [] @@ -30,13 +33,33 @@ class ZeroLogonAnalyzer(Analyzer): credentials_on_island.extend(dpath.util.get(config['configuration'], USER_LIST_PATH)) credentials_on_island.extend(dpath.util.get(config['configuration'], NTLM_HASH_LIST_PATH)) credentials_on_island.extend(dpath.util.get(config['configuration'], LM_HASH_LIST_PATH)) - return ZeroLogonAnalyzer._is_all_credentials_in_list(self.expected_credentials, - credentials_on_island) + return self._is_all_credentials_in_list(credentials_on_island) - @staticmethod - def _is_all_credentials_in_list(expected_creds: List[str], + def _is_all_credentials_in_list(self, all_creds: List[str]) -> bool: - return all((cred in all_creds) for cred in expected_creds) + credentials_missing = [cred for cred in self.expected_credentials if cred not in all_creds] + self._log_creds_not_gathered(credentials_missing) + return not credentials_missing + + def _log_creds_not_gathered(self, missing_creds: List[str]): + if not missing_creds: + self.log.add_entry("ZeroLogon exploiter gathered all credentials expected.") + else: + for cred in missing_creds: + self.log.add_entry(f"Credential ZeroLogon exploiter failed to gathered:{cred}.") def _analyze_credential_restore(self) -> bool: - return bool(self.island_client.find_telems_in_db(TELEM_QUERY)) + cred_restore_telems = self.island_client.find_telems_in_db(TELEM_QUERY) + self._log_credential_restore(cred_restore_telems) + return bool(cred_restore_telems) + + def _log_credential_restore(self, telem_list: List[dict]): + if telem_list: + self.log.add_entry("ZeroLogon exploiter telemetry contains indicators that credentials " + "were successfully restored.") + else: + self.log.add_entry("Credential restore failed or credential restore " + "telemetry not found on the Monkey Island.") + self.log.add_entry(f"Query for credential restore telem: {pformat(TELEM_QUERY)}") + + From f43d9fe035685eb785ec8db69491cd2626485c20 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 13:58:11 +0200 Subject: [PATCH 12/64] ZL BB tests: Renamed "ZeroLogon" to "Zerologon" for cinsistency, extracted relevant credential extortion from island config into a separate method. --- .../blackbox/analyzers/zerologon_analyzer.py | 17 +++++++++++------ .../blackbox/island_configs/zerologon.py | 2 +- envs/monkey_zoo/blackbox/test_blackbox.py | 10 +++++----- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py b/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py index 20fdac468..f5da3a2e1 100644 --- a/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py +++ b/envs/monkey_zoo/blackbox/analyzers/zerologon_analyzer.py @@ -14,7 +14,7 @@ TELEM_QUERY = {'telem_category': 'exploit', 'data.info.password_restored': True} -class ZeroLogonAnalyzer(Analyzer): +class ZerologonAnalyzer(Analyzer): def __init__(self, island_client: MonkeyIslandClient, expected_credentials: List[str]): self.island_client = island_client @@ -28,12 +28,17 @@ class ZeroLogonAnalyzer(Analyzer): return is_creds_gathered and is_creds_restored def _analyze_credential_gathering(self) -> bool: - credentials_on_island = [] config = self.island_client.get_config() + credentials_on_island = ZerologonAnalyzer._get_relevant_credentials(config) + return self._is_all_credentials_in_list(credentials_on_island) + + @staticmethod + def _get_relevant_credentials(config: dict): + credentials_on_island = [] credentials_on_island.extend(dpath.util.get(config['configuration'], USER_LIST_PATH)) credentials_on_island.extend(dpath.util.get(config['configuration'], NTLM_HASH_LIST_PATH)) credentials_on_island.extend(dpath.util.get(config['configuration'], LM_HASH_LIST_PATH)) - return self._is_all_credentials_in_list(credentials_on_island) + return credentials_on_island def _is_all_credentials_in_list(self, all_creds: List[str]) -> bool: @@ -43,10 +48,10 @@ class ZeroLogonAnalyzer(Analyzer): def _log_creds_not_gathered(self, missing_creds: List[str]): if not missing_creds: - self.log.add_entry("ZeroLogon exploiter gathered all credentials expected.") + self.log.add_entry("Zerologon exploiter gathered all credentials expected.") else: for cred in missing_creds: - self.log.add_entry(f"Credential ZeroLogon exploiter failed to gathered:{cred}.") + self.log.add_entry(f"Credential Zerologon exploiter failed to gathered:{cred}.") def _analyze_credential_restore(self) -> bool: cred_restore_telems = self.island_client.find_telems_in_db(TELEM_QUERY) @@ -55,7 +60,7 @@ class ZeroLogonAnalyzer(Analyzer): def _log_credential_restore(self, telem_list: List[dict]): if telem_list: - self.log.add_entry("ZeroLogon exploiter telemetry contains indicators that credentials " + self.log.add_entry("Zerologon exploiter telemetry contains indicators that credentials " "were successfully restored.") else: self.log.add_entry("Credential restore failed or credential restore " diff --git a/envs/monkey_zoo/blackbox/island_configs/zerologon.py b/envs/monkey_zoo/blackbox/island_configs/zerologon.py index 3c31e3d6a..6b84589fb 100644 --- a/envs/monkey_zoo/blackbox/island_configs/zerologon.py +++ b/envs/monkey_zoo/blackbox/island_configs/zerologon.py @@ -3,7 +3,7 @@ from copy import copy from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate -class ZeroLogon(BaseTemplate): +class Zerologon(BaseTemplate): config_values = copy(BaseTemplate.config_values) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index 4d083907f..b54fa5393 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -7,7 +7,7 @@ from typing_extensions import Type from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \ CommunicationAnalyzer -from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZeroLogonAnalyzer +from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZerologonAnalyzer from envs.monkey_zoo.blackbox.island_client.island_config_parser import \ IslandConfigParser from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ @@ -26,7 +26,7 @@ from envs.monkey_zoo.blackbox.island_configs.tunneling import Tunneling from envs.monkey_zoo.blackbox.island_configs.weblogic import Weblogic from envs.monkey_zoo.blackbox.island_configs.wmi_mimikatz import WmiMimikatz from envs.monkey_zoo.blackbox.island_configs.wmi_pth import WmiPth -from envs.monkey_zoo.blackbox.island_configs.zerologon import ZeroLogon +from envs.monkey_zoo.blackbox.island_configs.zerologon import Zerologon from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \ TestLogsHandler from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest @@ -163,12 +163,12 @@ class TestMonkeyBlackbox: TestMonkeyBlackbox.run_exploitation_test(island_client, WmiPth, "WMI_PTH") def test_zerologon_exploiter(self, island_client): - test_name = "ZeroLogon_exploiter" + test_name = "Zerologon_exploiter" expected_creds = ["Administrator", "aad3b435b51404eeaad3b435b51404ee", "2864b62ea4496934a5d6e86f50b834a5"] - raw_config = IslandConfigParser.get_raw_config(ZeroLogon, island_client) - analyzer = ZeroLogonAnalyzer(island_client, expected_creds) + raw_config = IslandConfigParser.get_raw_config(Zerologon, island_client) + analyzer = ZerologonAnalyzer(island_client, expected_creds) log_handler = TestLogsHandler(test_name, island_client, TestMonkeyBlackbox.get_log_dir_path()) ExploitationTest( name=test_name, From 0fb0c58fd4ae35e1fcdd600552d593edfc398cd3 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 8 Mar 2021 08:54:15 -0500 Subject: [PATCH 13/64] zoo: add missing port number in blackbox/README.md --- envs/monkey_zoo/blackbox/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/README.md b/envs/monkey_zoo/blackbox/README.md index 30855b855..81f535e7b 100644 --- a/envs/monkey_zoo/blackbox/README.md +++ b/envs/monkey_zoo/blackbox/README.md @@ -22,7 +22,7 @@ Example run command: `monkey\envs\monkey_zoo\blackbox>python -m pytest -s --island=35.207.152.72:5000 test_blackbox.py` #### Running in PyCharm -Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72`, and to run from +Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72:5000`, and to run from directory `monkey\envs\monkey_zoo\blackbox`. ### Running telemetry performance test From 3164ae77c46251b02b0f6a0a51b75d1e5b8308a0 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 8 Mar 2021 08:54:45 -0500 Subject: [PATCH 14/64] zoo: add drupal-28 to teraform scrips --- envs/monkey_zoo/terraform/images.tf | 4 ++++ envs/monkey_zoo/terraform/monkey_zoo.tf | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/envs/monkey_zoo/terraform/images.tf b/envs/monkey_zoo/terraform/images.tf index a402842b8..866a4f174 100644 --- a/envs/monkey_zoo/terraform/images.tf +++ b/envs/monkey_zoo/terraform/images.tf @@ -89,6 +89,10 @@ data "google_compute_image" "zerologon-25" { name = "zerologon-25" project = local.monkeyzoo_project } +data "google_compute_image" "drupal-28" { + name = "drupal-28" + project = local.monkeyzoo_project +} data "google_compute_image" "island-linux-250" { name = "island-linux-250" project = local.monkeyzoo_project diff --git a/envs/monkey_zoo/terraform/monkey_zoo.tf b/envs/monkey_zoo/terraform/monkey_zoo.tf index 6c3a49b2e..5eabc160b 100644 --- a/envs/monkey_zoo/terraform/monkey_zoo.tf +++ b/envs/monkey_zoo/terraform/monkey_zoo.tf @@ -447,6 +447,21 @@ resource "google_compute_instance_from_template" "zerologon-25" { } } +resource "google_compute_instance_from_template" "drupal-28" { + name = "${local.resource_prefix}drupal-28" + source_instance_template = local.default_windows + boot_disk{ + initialize_params { + image = data.google_compute_image.drupal-28.self_link + } + auto_delete = true + } + network_interface { + subnetwork="${local.resource_prefix}monkeyzoo-main" + network_ip="10.2.2.28" + } +} + resource "google_compute_instance_from_template" "island-linux-250" { name = "${local.resource_prefix}island-linux-250" machine_type = "n1-standard-2" From 34b0830c776d481c666d266c353b7556e0de34dd Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 8 Mar 2021 09:42:48 -0500 Subject: [PATCH 15/64] zoo: add drupal exploiter blackbox test --- envs/monkey_zoo/blackbox/island_configs/drupal.py | 13 +++++++++++++ envs/monkey_zoo/blackbox/test_blackbox.py | 7 ++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 envs/monkey_zoo/blackbox/island_configs/drupal.py diff --git a/envs/monkey_zoo/blackbox/island_configs/drupal.py b/envs/monkey_zoo/blackbox/island_configs/drupal.py new file mode 100644 index 000000000..da2b41ac6 --- /dev/null +++ b/envs/monkey_zoo/blackbox/island_configs/drupal.py @@ -0,0 +1,13 @@ +from copy import copy + +from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate + + +class Drupal(BaseTemplate): + config_values = copy(BaseTemplate.config_values) + + config_values.update({ + "internal.classes.finger_classes": ["PingScanner", "HTTPFinger"], + "basic.exploiters.exploiter_classes": ["DrupalExploiter"], + "basic_network.scope.subnet_scan_list": ["10.2.2.28"] + }) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index b54fa5393..ff2e2cde2 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -13,6 +13,7 @@ from envs.monkey_zoo.blackbox.island_client.island_config_parser import \ from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ MonkeyIslandClient from envs.monkey_zoo.blackbox.island_configs.config_template import ConfigTemplate +from envs.monkey_zoo.blackbox.island_configs.drupal import Drupal from envs.monkey_zoo.blackbox.island_configs.elastic import Elastic from envs.monkey_zoo.blackbox.island_configs.hadoop import Hadoop from envs.monkey_zoo.blackbox.island_configs.mssql import Mssql @@ -46,7 +47,8 @@ DEFAULT_TIMEOUT_SECONDS = 5*60 MACHINE_BOOTUP_WAIT_SECONDS = 30 GCP_TEST_MACHINE_LIST = ['sshkeys-11', 'sshkeys-12', 'elastic-4', 'elastic-5', 'hadoop-2', 'hadoop-3', 'mssql-16', 'mimikatz-14', 'mimikatz-15', 'struts2-23', 'struts2-24', 'tunneling-9', 'tunneling-10', - 'tunneling-11', 'tunneling-12', 'weblogic-18', 'weblogic-19', 'shellshock-8', 'zerologon-25'] + 'tunneling-11', 'tunneling-12', 'weblogic-18', 'weblogic-19', 'shellshock-8', 'zerologon-25', + 'drupal-28'] LOG_DIR_PATH = "./logs" logging.basicConfig(level=logging.INFO) LOGGER = logging.getLogger(__name__) @@ -141,6 +143,9 @@ class TestMonkeyBlackbox: def test_smb_pth(self, island_client): TestMonkeyBlackbox.run_exploitation_test(island_client, SmbPth, "SMB_PTH") + def test_drupal_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Drupal, "Drupal_exploiter") + def test_elastic_exploiter(self, island_client): TestMonkeyBlackbox.run_exploitation_test(island_client, Elastic, "Elastic_exploiter") From 551928369ac17b0a3d8ff0be8a749235fc7865f8 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 8 Mar 2021 09:47:16 -0500 Subject: [PATCH 16/64] zoo: update command to run blackbox tests Commit 3f687f6ae introduced a dependency on `common/`. Update the instructions in blackbox/README.md to reflect this change. --- envs/monkey_zoo/blackbox/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/README.md b/envs/monkey_zoo/blackbox/README.md index 81f535e7b..808a0a5cb 100644 --- a/envs/monkey_zoo/blackbox/README.md +++ b/envs/monkey_zoo/blackbox/README.md @@ -19,7 +19,7 @@ instead will just test performance of endpoints in already present island state. Example run command: -`monkey\envs\monkey_zoo\blackbox>python -m pytest -s --island=35.207.152.72:5000 test_blackbox.py` +`monkey\monkey>python -m pytest -s --island=35.207.152.72:5000 ..\envs\monkey_zoo\blackbox\test_blackbox.py` #### Running in PyCharm Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72:5000`, and to run from From b65524a85dde5cc8be7840636af6e88a84bc2430 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 15:41:22 +0200 Subject: [PATCH 17/64] Refactored "island_configs" dir to "config_templates" dir in blackbox --- .../__init__.py | 0 .../base_template.py | 2 +- .../config_template.py | 0 .../drupal.py | 0 .../elastic.py | 4 +-- .../hadoop.py | 2 +- .../mssql.py | 2 +- .../performance.py | 2 +- .../shellshock.py | 2 +- .../smb_mimikatz.py | 2 +- .../smb_pth.py | 2 +- .../ssh.py | 2 +- .../struts2.py | 2 +- .../tunneling.py | 2 +- .../weblogic.py | 2 +- .../wmi_mimikatz.py | 2 +- .../wmi_pth.py | 2 +- .../zerologon.py | 2 +- .../island_client/island_config_parser.py | 2 +- envs/monkey_zoo/blackbox/test_blackbox.py | 32 +++++++++---------- 20 files changed, 33 insertions(+), 33 deletions(-) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/__init__.py (100%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/base_template.py (85%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/config_template.py (100%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/drupal.py (100%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/elastic.py (63%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/hadoop.py (77%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/mssql.py (89%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/performance.py (97%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/shellshock.py (77%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/smb_mimikatz.py (91%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/smb_pth.py (91%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/ssh.py (91%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/struts2.py (77%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/tunneling.py (94%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/weblogic.py (78%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/wmi_mimikatz.py (92%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/wmi_pth.py (91%) rename envs/monkey_zoo/blackbox/{island_configs => config_templates}/zerologon.py (83%) diff --git a/envs/monkey_zoo/blackbox/island_configs/__init__.py b/envs/monkey_zoo/blackbox/config_templates/__init__.py similarity index 100% rename from envs/monkey_zoo/blackbox/island_configs/__init__.py rename to envs/monkey_zoo/blackbox/config_templates/__init__.py diff --git a/envs/monkey_zoo/blackbox/island_configs/base_template.py b/envs/monkey_zoo/blackbox/config_templates/base_template.py similarity index 85% rename from envs/monkey_zoo/blackbox/island_configs/base_template.py rename to envs/monkey_zoo/blackbox/config_templates/base_template.py index 13a480286..9ebea6f1f 100644 --- a/envs/monkey_zoo/blackbox/island_configs/base_template.py +++ b/envs/monkey_zoo/blackbox/config_templates/base_template.py @@ -1,4 +1,4 @@ -from envs.monkey_zoo.blackbox.island_configs.config_template import ConfigTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate # Disables a lot of config values not required for a specific feature test diff --git a/envs/monkey_zoo/blackbox/island_configs/config_template.py b/envs/monkey_zoo/blackbox/config_templates/config_template.py similarity index 100% rename from envs/monkey_zoo/blackbox/island_configs/config_template.py rename to envs/monkey_zoo/blackbox/config_templates/config_template.py diff --git a/envs/monkey_zoo/blackbox/island_configs/drupal.py b/envs/monkey_zoo/blackbox/config_templates/drupal.py similarity index 100% rename from envs/monkey_zoo/blackbox/island_configs/drupal.py rename to envs/monkey_zoo/blackbox/config_templates/drupal.py diff --git a/envs/monkey_zoo/blackbox/island_configs/elastic.py b/envs/monkey_zoo/blackbox/config_templates/elastic.py similarity index 63% rename from envs/monkey_zoo/blackbox/island_configs/elastic.py rename to envs/monkey_zoo/blackbox/config_templates/elastic.py index 97598f718..1385366a8 100644 --- a/envs/monkey_zoo/blackbox/island_configs/elastic.py +++ b/envs/monkey_zoo/blackbox/config_templates/elastic.py @@ -1,7 +1,7 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate -from envs.monkey_zoo.blackbox.island_configs.config_template import ConfigTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate class Elastic(ConfigTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/hadoop.py b/envs/monkey_zoo/blackbox/config_templates/hadoop.py similarity index 77% rename from envs/monkey_zoo/blackbox/island_configs/hadoop.py rename to envs/monkey_zoo/blackbox/config_templates/hadoop.py index 8c42b8ee3..0d26c4b64 100644 --- a/envs/monkey_zoo/blackbox/island_configs/hadoop.py +++ b/envs/monkey_zoo/blackbox/config_templates/hadoop.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class Hadoop(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/mssql.py b/envs/monkey_zoo/blackbox/config_templates/mssql.py similarity index 89% rename from envs/monkey_zoo/blackbox/island_configs/mssql.py rename to envs/monkey_zoo/blackbox/config_templates/mssql.py index 5406494ee..1190e5c82 100644 --- a/envs/monkey_zoo/blackbox/island_configs/mssql.py +++ b/envs/monkey_zoo/blackbox/config_templates/mssql.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class Mssql(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/performance.py b/envs/monkey_zoo/blackbox/config_templates/performance.py similarity index 97% rename from envs/monkey_zoo/blackbox/island_configs/performance.py rename to envs/monkey_zoo/blackbox/config_templates/performance.py index 3a9a48e9f..e9e34727d 100644 --- a/envs/monkey_zoo/blackbox/island_configs/performance.py +++ b/envs/monkey_zoo/blackbox/config_templates/performance.py @@ -1,4 +1,4 @@ -from envs.monkey_zoo.blackbox.island_configs.config_template import ConfigTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate class Performance(ConfigTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/shellshock.py b/envs/monkey_zoo/blackbox/config_templates/shellshock.py similarity index 77% rename from envs/monkey_zoo/blackbox/island_configs/shellshock.py rename to envs/monkey_zoo/blackbox/config_templates/shellshock.py index 27e0dc34d..d7e72d61d 100644 --- a/envs/monkey_zoo/blackbox/island_configs/shellshock.py +++ b/envs/monkey_zoo/blackbox/config_templates/shellshock.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class ShellShock(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/smb_mimikatz.py b/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py similarity index 91% rename from envs/monkey_zoo/blackbox/island_configs/smb_mimikatz.py rename to envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py index aed4ee9c7..314a0875b 100644 --- a/envs/monkey_zoo/blackbox/island_configs/smb_mimikatz.py +++ b/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class SmbMimikatz(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/smb_pth.py b/envs/monkey_zoo/blackbox/config_templates/smb_pth.py similarity index 91% rename from envs/monkey_zoo/blackbox/island_configs/smb_pth.py rename to envs/monkey_zoo/blackbox/config_templates/smb_pth.py index 3bb92347e..966116f6d 100644 --- a/envs/monkey_zoo/blackbox/island_configs/smb_pth.py +++ b/envs/monkey_zoo/blackbox/config_templates/smb_pth.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class SmbPth(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/ssh.py b/envs/monkey_zoo/blackbox/config_templates/ssh.py similarity index 91% rename from envs/monkey_zoo/blackbox/island_configs/ssh.py rename to envs/monkey_zoo/blackbox/config_templates/ssh.py index a0c3a285e..7f36a9dc2 100644 --- a/envs/monkey_zoo/blackbox/island_configs/ssh.py +++ b/envs/monkey_zoo/blackbox/config_templates/ssh.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class Ssh(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/struts2.py b/envs/monkey_zoo/blackbox/config_templates/struts2.py similarity index 77% rename from envs/monkey_zoo/blackbox/island_configs/struts2.py rename to envs/monkey_zoo/blackbox/config_templates/struts2.py index a94ae714a..9f1633744 100644 --- a/envs/monkey_zoo/blackbox/island_configs/struts2.py +++ b/envs/monkey_zoo/blackbox/config_templates/struts2.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class Struts2(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/tunneling.py b/envs/monkey_zoo/blackbox/config_templates/tunneling.py similarity index 94% rename from envs/monkey_zoo/blackbox/island_configs/tunneling.py rename to envs/monkey_zoo/blackbox/config_templates/tunneling.py index 9badf1a17..0e44765ef 100644 --- a/envs/monkey_zoo/blackbox/island_configs/tunneling.py +++ b/envs/monkey_zoo/blackbox/config_templates/tunneling.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class Tunneling(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/weblogic.py b/envs/monkey_zoo/blackbox/config_templates/weblogic.py similarity index 78% rename from envs/monkey_zoo/blackbox/island_configs/weblogic.py rename to envs/monkey_zoo/blackbox/config_templates/weblogic.py index 8632f0efa..d9167a923 100644 --- a/envs/monkey_zoo/blackbox/island_configs/weblogic.py +++ b/envs/monkey_zoo/blackbox/config_templates/weblogic.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class Weblogic(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/wmi_mimikatz.py b/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py similarity index 92% rename from envs/monkey_zoo/blackbox/island_configs/wmi_mimikatz.py rename to envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py index 11b0fc026..8be744f6c 100644 --- a/envs/monkey_zoo/blackbox/island_configs/wmi_mimikatz.py +++ b/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class WmiMimikatz(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/wmi_pth.py b/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py similarity index 91% rename from envs/monkey_zoo/blackbox/island_configs/wmi_pth.py rename to envs/monkey_zoo/blackbox/config_templates/wmi_pth.py index a435f25e4..84d950a86 100644 --- a/envs/monkey_zoo/blackbox/island_configs/wmi_pth.py +++ b/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class WmiPth(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_configs/zerologon.py b/envs/monkey_zoo/blackbox/config_templates/zerologon.py similarity index 83% rename from envs/monkey_zoo/blackbox/island_configs/zerologon.py rename to envs/monkey_zoo/blackbox/config_templates/zerologon.py index 6b84589fb..7e0fef8d8 100644 --- a/envs/monkey_zoo/blackbox/island_configs/zerologon.py +++ b/envs/monkey_zoo/blackbox/config_templates/zerologon.py @@ -1,6 +1,6 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate class Zerologon(BaseTemplate): diff --git a/envs/monkey_zoo/blackbox/island_client/island_config_parser.py b/envs/monkey_zoo/blackbox/island_client/island_config_parser.py index d9e81957e..5b7211f87 100644 --- a/envs/monkey_zoo/blackbox/island_client/island_config_parser.py +++ b/envs/monkey_zoo/blackbox/island_client/island_config_parser.py @@ -4,7 +4,7 @@ import dpath.util from typing_extensions import Type from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient -from envs.monkey_zoo.blackbox.island_configs.config_template import ConfigTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate class IslandConfigParser: diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index ff2e2cde2..bfcf32fba 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -12,22 +12,22 @@ from envs.monkey_zoo.blackbox.island_client.island_config_parser import \ IslandConfigParser from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \ MonkeyIslandClient -from envs.monkey_zoo.blackbox.island_configs.config_template import ConfigTemplate -from envs.monkey_zoo.blackbox.island_configs.drupal import Drupal -from envs.monkey_zoo.blackbox.island_configs.elastic import Elastic -from envs.monkey_zoo.blackbox.island_configs.hadoop import Hadoop -from envs.monkey_zoo.blackbox.island_configs.mssql import Mssql -from envs.monkey_zoo.blackbox.island_configs.performance import Performance -from envs.monkey_zoo.blackbox.island_configs.shellshock import ShellShock -from envs.monkey_zoo.blackbox.island_configs.smb_mimikatz import SmbMimikatz -from envs.monkey_zoo.blackbox.island_configs.smb_pth import SmbPth -from envs.monkey_zoo.blackbox.island_configs.ssh import Ssh -from envs.monkey_zoo.blackbox.island_configs.struts2 import Struts2 -from envs.monkey_zoo.blackbox.island_configs.tunneling import Tunneling -from envs.monkey_zoo.blackbox.island_configs.weblogic import Weblogic -from envs.monkey_zoo.blackbox.island_configs.wmi_mimikatz import WmiMimikatz -from envs.monkey_zoo.blackbox.island_configs.wmi_pth import WmiPth -from envs.monkey_zoo.blackbox.island_configs.zerologon import Zerologon +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate +from envs.monkey_zoo.blackbox.config_templates.drupal import Drupal +from envs.monkey_zoo.blackbox.config_templates.elastic import Elastic +from envs.monkey_zoo.blackbox.config_templates.hadoop import Hadoop +from envs.monkey_zoo.blackbox.config_templates.mssql import Mssql +from envs.monkey_zoo.blackbox.config_templates.performance import Performance +from envs.monkey_zoo.blackbox.config_templates.shellshock import ShellShock +from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz +from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth +from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh +from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2 +from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling +from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic +from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz +from envs.monkey_zoo.blackbox.config_templates.wmi_pth import WmiPth +from envs.monkey_zoo.blackbox.config_templates.zerologon import Zerologon from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \ TestLogsHandler from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest From 5f41ce54c6627c30419418dcc77eeecc36bf8677 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 17:13:35 +0200 Subject: [PATCH 18/64] Added config file generation script, which can generate config files from config templates. --- envs/monkey_zoo/blackbox/utils/README.md | 9 +++ .../utils/config_generation_script.py | 69 +++++++++++++++++++ .../utils/generated_configs/.gitignore | 1 + 3 files changed, 79 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/utils/README.md create mode 100644 envs/monkey_zoo/blackbox/utils/config_generation_script.py create mode 100644 envs/monkey_zoo/blackbox/utils/generated_configs/.gitignore diff --git a/envs/monkey_zoo/blackbox/utils/README.md b/envs/monkey_zoo/blackbox/utils/README.md new file mode 100644 index 000000000..b5d8e9125 --- /dev/null +++ b/envs/monkey_zoo/blackbox/utils/README.md @@ -0,0 +1,9 @@ +# BlackBox utility scripts + +## Config generation script + +This script is used to generate config files for manual tests. +Config file will be generated according to the templates in `envs/monkey_zoo/blackbox/config_templates`. + +Run `envs/monkey_zoo/blackbox/utils/config_generation_script.py` to populate +`envs/monkey_zoo/blackbox/utils/generated_configs` directory with configuration files. diff --git a/envs/monkey_zoo/blackbox/utils/config_generation_script.py b/envs/monkey_zoo/blackbox/utils/config_generation_script.py new file mode 100644 index 000000000..7ecee6bd7 --- /dev/null +++ b/envs/monkey_zoo/blackbox/utils/config_generation_script.py @@ -0,0 +1,69 @@ +import argparse +import pathlib +from typing import Type + +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate +from envs.monkey_zoo.blackbox.config_templates.elastic import Elastic +from envs.monkey_zoo.blackbox.config_templates.hadoop import Hadoop +from envs.monkey_zoo.blackbox.config_templates.mssql import Mssql +from envs.monkey_zoo.blackbox.config_templates.performance import Performance +from envs.monkey_zoo.blackbox.config_templates.shellshock import ShellShock +from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz +from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth +from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh +from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2 +from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling +from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic +from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz +from envs.monkey_zoo.blackbox.config_templates.wmi_pth import WmiPth +from envs.monkey_zoo.blackbox.config_templates.zerologon import Zerologon +from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser +from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient + +DST_DIR_NAME = 'generated_configs' +DST_DIR_PATH = pathlib.Path(pathlib.Path(__file__).parent.absolute(), DST_DIR_NAME) + +parser = argparse.ArgumentParser(description='Generate config files.') +parser.add_argument('island_ip', metavar='IP:PORT', + help='Island endpoint. Example: 123.123.123.123:5000') + +args = parser.parse_args() +island_client = MonkeyIslandClient(args.island_ip) + + +CONFIG_TEMPLATES = [ + Elastic, + Hadoop, + Mssql, + Performance, + ShellShock, + SmbMimikatz, + SmbPth, + Ssh, + Struts2, + Tunneling, + Weblogic, + WmiMimikatz, + WmiPth, + Zerologon +] + + +def generate_templates(): + for template in CONFIG_TEMPLATES: + save_template_as_config(template) + + +def save_template_as_config(template: Type[ConfigTemplate]): + file_path = pathlib.Path(DST_DIR_PATH, f"{template.__name__}.conf") + file_contents = IslandConfigParser.get_raw_config(template, island_client) + save_to_file(file_path, file_contents) + + +def save_to_file(file_path, contents): + with open(file_path, 'w') as file: + file.write(contents) + + +if __name__ == '__main__': + generate_templates() diff --git a/envs/monkey_zoo/blackbox/utils/generated_configs/.gitignore b/envs/monkey_zoo/blackbox/utils/generated_configs/.gitignore new file mode 100644 index 000000000..9c558e357 --- /dev/null +++ b/envs/monkey_zoo/blackbox/utils/generated_configs/.gitignore @@ -0,0 +1 @@ +. From 6a6dd6711392c28c084afcd1474997869e593aaa Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 17:16:32 +0200 Subject: [PATCH 19/64] Refactored config templates to inherit from ConfigTemplate class instead of BaseTemplate --- envs/monkey_zoo/blackbox/config_templates/drupal.py | 5 +++-- envs/monkey_zoo/blackbox/config_templates/hadoop.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/mssql.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/shellshock.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/smb_pth.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/ssh.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/struts2.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/tunneling.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/weblogic.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/wmi_pth.py | 3 ++- envs/monkey_zoo/blackbox/config_templates/zerologon.py | 3 ++- 13 files changed, 27 insertions(+), 14 deletions(-) diff --git a/envs/monkey_zoo/blackbox/config_templates/drupal.py b/envs/monkey_zoo/blackbox/config_templates/drupal.py index da2b41ac6..e202219dc 100644 --- a/envs/monkey_zoo/blackbox/config_templates/drupal.py +++ b/envs/monkey_zoo/blackbox/config_templates/drupal.py @@ -1,9 +1,10 @@ from copy import copy -from envs.monkey_zoo.blackbox.island_configs.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class Drupal(BaseTemplate): +class Drupal(ConfigTemplate): config_values = copy(BaseTemplate.config_values) config_values.update({ diff --git a/envs/monkey_zoo/blackbox/config_templates/hadoop.py b/envs/monkey_zoo/blackbox/config_templates/hadoop.py index 0d26c4b64..d136068e5 100644 --- a/envs/monkey_zoo/blackbox/config_templates/hadoop.py +++ b/envs/monkey_zoo/blackbox/config_templates/hadoop.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class Hadoop(BaseTemplate): +class Hadoop(ConfigTemplate): config_values = copy(BaseTemplate.config_values) diff --git a/envs/monkey_zoo/blackbox/config_templates/mssql.py b/envs/monkey_zoo/blackbox/config_templates/mssql.py index 1190e5c82..003f9f8d3 100644 --- a/envs/monkey_zoo/blackbox/config_templates/mssql.py +++ b/envs/monkey_zoo/blackbox/config_templates/mssql.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class Mssql(BaseTemplate): +class Mssql(ConfigTemplate): config_values = copy(BaseTemplate.config_values) config_values.update({ diff --git a/envs/monkey_zoo/blackbox/config_templates/shellshock.py b/envs/monkey_zoo/blackbox/config_templates/shellshock.py index d7e72d61d..71d968e0b 100644 --- a/envs/monkey_zoo/blackbox/config_templates/shellshock.py +++ b/envs/monkey_zoo/blackbox/config_templates/shellshock.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class ShellShock(BaseTemplate): +class ShellShock(ConfigTemplate): config_values = copy(BaseTemplate.config_values) config_values.update({ diff --git a/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py b/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py index 314a0875b..f563bc8d1 100644 --- a/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py +++ b/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class SmbMimikatz(BaseTemplate): +class SmbMimikatz(ConfigTemplate): config_values = copy(BaseTemplate.config_values) config_values.update({ diff --git a/envs/monkey_zoo/blackbox/config_templates/smb_pth.py b/envs/monkey_zoo/blackbox/config_templates/smb_pth.py index 966116f6d..edee4cdbd 100644 --- a/envs/monkey_zoo/blackbox/config_templates/smb_pth.py +++ b/envs/monkey_zoo/blackbox/config_templates/smb_pth.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class SmbPth(BaseTemplate): +class SmbPth(ConfigTemplate): config_values = copy(BaseTemplate.config_values) config_value_list = { diff --git a/envs/monkey_zoo/blackbox/config_templates/ssh.py b/envs/monkey_zoo/blackbox/config_templates/ssh.py index 7f36a9dc2..90871e52b 100644 --- a/envs/monkey_zoo/blackbox/config_templates/ssh.py +++ b/envs/monkey_zoo/blackbox/config_templates/ssh.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class Ssh(BaseTemplate): +class Ssh(ConfigTemplate): config_values = copy(BaseTemplate.config_values) config_values.update({ diff --git a/envs/monkey_zoo/blackbox/config_templates/struts2.py b/envs/monkey_zoo/blackbox/config_templates/struts2.py index 9f1633744..6eb399568 100644 --- a/envs/monkey_zoo/blackbox/config_templates/struts2.py +++ b/envs/monkey_zoo/blackbox/config_templates/struts2.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class Struts2(BaseTemplate): +class Struts2(ConfigTemplate): config_values = copy(BaseTemplate.config_values) diff --git a/envs/monkey_zoo/blackbox/config_templates/tunneling.py b/envs/monkey_zoo/blackbox/config_templates/tunneling.py index 0e44765ef..ac735eea4 100644 --- a/envs/monkey_zoo/blackbox/config_templates/tunneling.py +++ b/envs/monkey_zoo/blackbox/config_templates/tunneling.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class Tunneling(BaseTemplate): +class Tunneling(ConfigTemplate): config_values = copy(BaseTemplate.config_values) config_values.update({ diff --git a/envs/monkey_zoo/blackbox/config_templates/weblogic.py b/envs/monkey_zoo/blackbox/config_templates/weblogic.py index d9167a923..482f7abf9 100644 --- a/envs/monkey_zoo/blackbox/config_templates/weblogic.py +++ b/envs/monkey_zoo/blackbox/config_templates/weblogic.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class Weblogic(BaseTemplate): +class Weblogic(ConfigTemplate): config_values = copy(BaseTemplate.config_values) diff --git a/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py b/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py index 8be744f6c..b6dbc0c88 100644 --- a/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py +++ b/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class WmiMimikatz(BaseTemplate): +class WmiMimikatz(ConfigTemplate): config_values = copy(BaseTemplate.config_values) config_values.update({ diff --git a/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py b/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py index 84d950a86..ddc5cfaba 100644 --- a/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py +++ b/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class WmiPth(BaseTemplate): +class WmiPth(ConfigTemplate): config_values = copy(BaseTemplate.config_values) config_values.update({ diff --git a/envs/monkey_zoo/blackbox/config_templates/zerologon.py b/envs/monkey_zoo/blackbox/config_templates/zerologon.py index 7e0fef8d8..28afa281f 100644 --- a/envs/monkey_zoo/blackbox/config_templates/zerologon.py +++ b/envs/monkey_zoo/blackbox/config_templates/zerologon.py @@ -1,9 +1,10 @@ from copy import copy from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class Zerologon(BaseTemplate): +class Zerologon(ConfigTemplate): config_values = copy(BaseTemplate.config_values) From c234891330defabf496c2dd444023ae9eb16c99f Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 8 Mar 2021 17:27:57 +0200 Subject: [PATCH 20/64] Minor fixes in config file generation script: added island IP param in docs and added Drupal to configs --- envs/monkey_zoo/blackbox/utils/README.md | 2 +- envs/monkey_zoo/blackbox/utils/config_generation_script.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/envs/monkey_zoo/blackbox/utils/README.md b/envs/monkey_zoo/blackbox/utils/README.md index b5d8e9125..638e54c92 100644 --- a/envs/monkey_zoo/blackbox/utils/README.md +++ b/envs/monkey_zoo/blackbox/utils/README.md @@ -5,5 +5,5 @@ This script is used to generate config files for manual tests. Config file will be generated according to the templates in `envs/monkey_zoo/blackbox/config_templates`. -Run `envs/monkey_zoo/blackbox/utils/config_generation_script.py` to populate +Run `envs/monkey_zoo/blackbox/utils/config_generation_script.py island_ip:5000` to populate `envs/monkey_zoo/blackbox/utils/generated_configs` directory with configuration files. diff --git a/envs/monkey_zoo/blackbox/utils/config_generation_script.py b/envs/monkey_zoo/blackbox/utils/config_generation_script.py index 7ecee6bd7..f11fb31f4 100644 --- a/envs/monkey_zoo/blackbox/utils/config_generation_script.py +++ b/envs/monkey_zoo/blackbox/utils/config_generation_script.py @@ -3,6 +3,7 @@ import pathlib from typing import Type from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate +from envs.monkey_zoo.blackbox.config_templates.drupal import Drupal from envs.monkey_zoo.blackbox.config_templates.elastic import Elastic from envs.monkey_zoo.blackbox.config_templates.hadoop import Hadoop from envs.monkey_zoo.blackbox.config_templates.mssql import Mssql @@ -45,7 +46,8 @@ CONFIG_TEMPLATES = [ Weblogic, WmiMimikatz, WmiPth, - Zerologon + Zerologon, + Drupal ] From a4aee364b450e39608a214ece163f9c8ca702813 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 9 Mar 2021 10:23:35 +0200 Subject: [PATCH 21/64] Ran black on config generation script --- .../utils/config_generation_script.py | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/envs/monkey_zoo/blackbox/utils/config_generation_script.py b/envs/monkey_zoo/blackbox/utils/config_generation_script.py index f11fb31f4..603e9fe4d 100644 --- a/envs/monkey_zoo/blackbox/utils/config_generation_script.py +++ b/envs/monkey_zoo/blackbox/utils/config_generation_script.py @@ -18,15 +18,22 @@ from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz from envs.monkey_zoo.blackbox.config_templates.wmi_pth import WmiPth from envs.monkey_zoo.blackbox.config_templates.zerologon import Zerologon -from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser -from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient +from envs.monkey_zoo.blackbox.island_client.island_config_parser import ( + IslandConfigParser, +) +from envs.monkey_zoo.blackbox.island_client.monkey_island_client import ( + MonkeyIslandClient, +) -DST_DIR_NAME = 'generated_configs' +DST_DIR_NAME = "generated_configs" DST_DIR_PATH = pathlib.Path(pathlib.Path(__file__).parent.absolute(), DST_DIR_NAME) -parser = argparse.ArgumentParser(description='Generate config files.') -parser.add_argument('island_ip', metavar='IP:PORT', - help='Island endpoint. Example: 123.123.123.123:5000') +parser = argparse.ArgumentParser(description="Generate config files.") +parser.add_argument( + "island_ip", + metavar="IP:PORT", + help="Island endpoint. Example: 123.123.123.123:5000", +) args = parser.parse_args() island_client = MonkeyIslandClient(args.island_ip) @@ -47,7 +54,7 @@ CONFIG_TEMPLATES = [ WmiMimikatz, WmiPth, Zerologon, - Drupal + Drupal, ] @@ -63,9 +70,9 @@ def save_template_as_config(template: Type[ConfigTemplate]): def save_to_file(file_path, contents): - with open(file_path, 'w') as file: + with open(file_path, "w") as file: file.write(contents) -if __name__ == '__main__': +if __name__ == "__main__": generate_templates() From 92d9226edfbe4e9918041de0712f9f0b8135f9e8 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 9 Mar 2021 14:51:35 +0200 Subject: [PATCH 22/64] Bugfixed a couple of config templates. --- .../blackbox/config_templates/elastic.py | 1 + .../blackbox/config_templates/wmi_pth.py | 25 ++++++++++--------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/envs/monkey_zoo/blackbox/config_templates/elastic.py b/envs/monkey_zoo/blackbox/config_templates/elastic.py index 1385366a8..56021e959 100644 --- a/envs/monkey_zoo/blackbox/config_templates/elastic.py +++ b/envs/monkey_zoo/blackbox/config_templates/elastic.py @@ -10,5 +10,6 @@ class Elastic(ConfigTemplate): config_values.update({ "basic.exploiters.exploiter_classes": ["ElasticGroovyExploiter"], + "internal.classes.finger_classes": ["PingScanner", "HTTPFinger", "ElasticFinger"], "basic_network.scope.subnet_scan_list": ["10.2.2.4", "10.2.2.5"] }) diff --git a/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py b/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py index ddc5cfaba..92746c3df 100644 --- a/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py +++ b/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py @@ -7,15 +7,16 @@ from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemp class WmiPth(ConfigTemplate): config_values = copy(BaseTemplate.config_values) - config_values.update({ - "basic.exploiters.exploiter_classes": ["WmiExploiter"], - "basic_network.scope.subnet_scan_list": ["10.2.2.15"], - "basic.credentials.exploit_password_list": ["Password1!"], - "basic.credentials.exploit_user_list": ["Administrator", - "m0nk3y", - "user"], - "internal.classes.finger_classes": ["PingScanner", - "HTTPFinger"], - "internal.classes.exploits.exploit_ntlm_hash_list": ["5da0889ea2081aa79f6852294cba4a5e", - "50c9987a6bf1ac59398df9f911122c9b"] - }) + config_values.update( + { + "basic.exploiters.exploiter_classes": ["WmiExploiter"], + "basic_network.scope.subnet_scan_list": ["10.2.2.15"], + "basic.credentials.exploit_password_list": ["Password1!"], + "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], + "internal.classes.finger_classes": ["PingScanner", "HTTPFinger"], + "internal.exploits.exploit_ntlm_hash_list": [ + "5da0889ea2081aa79f6852294cba4a5e", + "50c9987a6bf1ac59398df9f911122c9b", + ], + } + ) From 6a7d08c93e416756bd5d1e7c451d0d6d5cb7508f Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 9 Mar 2021 14:51:56 +0200 Subject: [PATCH 23/64] Improved README.md of config file generation script --- envs/monkey_zoo/blackbox/utils/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/utils/README.md b/envs/monkey_zoo/blackbox/utils/README.md index 638e54c92..69a6b8930 100644 --- a/envs/monkey_zoo/blackbox/utils/README.md +++ b/envs/monkey_zoo/blackbox/utils/README.md @@ -5,5 +5,9 @@ This script is used to generate config files for manual tests. Config file will be generated according to the templates in `envs/monkey_zoo/blackbox/config_templates`. -Run `envs/monkey_zoo/blackbox/utils/config_generation_script.py island_ip:5000` to populate +1. Reset the Island config to contain default configuration. +2. Run `envs/monkey_zoo/blackbox/utils/config_generation_script.py island_ip:5000` to populate `envs/monkey_zoo/blackbox/utils/generated_configs` directory with configuration files. + +!! It's important to target the Island you'll be testing, because configs contain Island's IPs +in the configuration !! From ba6bf7177607fb55a6410ed6452b76df5ff63961 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 9 Mar 2021 11:56:06 -0500 Subject: [PATCH 24/64] agent: Fix typo in HTTPFinger --- monkey/infection_monkey/network/httpfinger.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/network/httpfinger.py b/monkey/infection_monkey/network/httpfinger.py index 1ce026c11..86c48cbde 100644 --- a/monkey/infection_monkey/network/httpfinger.py +++ b/monkey/infection_monkey/network/httpfinger.py @@ -45,6 +45,6 @@ class HTTPFinger(HostFinger): except Timeout: LOG.debug(f"Timout while requesting headers from {url}") except ConnectionError: # Someone doesn't like us - LOG.debug(f"ConnetionError while requesting headers from {url}") + LOG.debug(f"Connection error while requesting headers from {url}") return True From 4ac7c0197654ba26b4ba7136921a3533db75d218 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 9 Mar 2021 11:32:52 -0500 Subject: [PATCH 25/64] agent: add 2 new log statements to the dropper --- monkey/infection_monkey/dropper.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index cb7be181d..d98eb8e9e 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -145,6 +145,8 @@ class MonkeyDrops(object): LOG.warning("Seems like monkey died too soon") def cleanup(self): + LOG.info("Cleaning up the dropper") + try: if (self._config['source_path'].lower() != self._config['destination_path'].lower()) and \ os.path.exists(self._config['source_path']) and \ @@ -166,5 +168,7 @@ class MonkeyDrops(object): LOG.debug("Dropper source file '%s' is marked for deletion on next boot", self._config['source_path']) T1106Telem(ScanStatus.USED, UsageEnum.DROPPER_WINAPI).send() + + LOG.info("Dropper cleanup complete") except AttributeError: LOG.error("Invalid configuration options. Failing") From e7528e95448e2298a191ca6930f9eaea1a895186 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 9 Mar 2021 11:35:38 -0500 Subject: [PATCH 26/64] agent: Use PIPE for stdin, stdout, and stderr in dropper The dropper is expected to detatch the child monkey agent process. If stdin, stdout, and stderr are set to `None`, the child process inherits them. Since the child process inherits the parent's file descriptors and holds them open, issues like #1026 can occur. --- monkey/infection_monkey/dropper.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index d98eb8e9e..9b374c9f1 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -134,7 +134,9 @@ class MonkeyDrops(object): 'monkey_commandline': inner_monkey_cmdline} monkey_process = subprocess.Popen(monkey_cmdline, shell=True, - stdin=None, stdout=None, stderr=None, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, close_fds=True, creationflags=DETACHED_PROCESS) LOG.info("Executed monkey process (PID=%d) with command line: %s", From 3714dd2f6f184a2c4f625e54abb820ed768981db Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 9 Mar 2021 11:39:44 -0500 Subject: [PATCH 27/64] agent: Use the dropper in the DrupalExploiter Fixes #1026 --- monkey/infection_monkey/exploit/drupal.py | 1 + 1 file changed, 1 insertion(+) diff --git a/monkey/infection_monkey/exploit/drupal.py b/monkey/infection_monkey/exploit/drupal.py index 5872f4703..04b0ce431 100644 --- a/monkey/infection_monkey/exploit/drupal.py +++ b/monkey/infection_monkey/exploit/drupal.py @@ -36,6 +36,7 @@ class DrupalExploiter(WebRCE): exploit_config = super(DrupalExploiter, self).get_exploit_config() exploit_config['url_extensions'] = ['node/', # In Linux, no path is added 'drupal/node/'] # However, Bitnami installations are under /drupal + exploit_config['dropper'] = True return exploit_config def add_vulnerable_urls(self, potential_urls, stop_checking=False): From 307e1e309314886a940ad8ae3d676294e4a91e36 Mon Sep 17 00:00:00 2001 From: Shreya Date: Tue, 9 Mar 2021 15:19:29 +0530 Subject: [PATCH 28/64] Rephrase custom PBA file descriptions in configuration --- .../cc/services/config_schema/monkey.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py index 01d463672..faf27c481 100644 --- a/monkey/monkey_island/cc/services/config_schema/monkey.py +++ b/monkey/monkey_island/cc/services/config_schema/monkey.py @@ -20,9 +20,9 @@ MONKEY = { "title": "Linux post breach file", "type": "string", "format": "data-url", - "description": "File to be executed after breaching. " - "If you want custom execution behavior, " - "specify it in 'Linux post breach command' field. " + "description": "File to be uploaded after breaching. " + "If you want the file to be executed, " + "specify it in the 'Linux post breach command' field. " "Reference your file by filename." }, "custom_PBA_windows_cmd": { @@ -35,9 +35,9 @@ MONKEY = { "title": "Windows post breach file", "type": "string", "format": "data-url", - "description": "File to be executed after breaching. " - "If you want custom execution behavior, " - "specify it in 'Windows post breach command' field. " + "description": "File to be uploaded after breaching. " + "If you want the file to be executed, " + "specify it in the 'Windows post breach command' field. " "Reference your file by filename." }, "PBA_windows_filename": { From eeba0513d226758cf11c7da5d6e96927d00d054c Mon Sep 17 00:00:00 2001 From: Shreya Date: Tue, 9 Mar 2021 18:02:55 +0530 Subject: [PATCH 29/64] Only upload custom PBA file; execute only if specified in custom PBA command --- .../post_breach/actions/users_custom_pba.py | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py index 175d6b215..b282bc4bd 100644 --- a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py +++ b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py @@ -15,10 +15,6 @@ LOG = logging.getLogger(__name__) __author__ = 'VakarisZ' -# Default commands for executing PBA file and then removing it -DEFAULT_LINUX_COMMAND = "chmod +x {0} ; {0} ; rm {0}" -DEFAULT_WINDOWS_COMMAND = "{0} & del {0}" - DIR_CHANGE_WINDOWS = 'cd %s & ' DIR_CHANGE_LINUX = 'cd %s ; ' @@ -31,37 +27,28 @@ class UsersPBA(PBA): def __init__(self): super(UsersPBA, self).__init__(POST_BREACH_FILE_EXECUTION) self.filename = '' + if not is_windows_os(): # Add linux commands to PBA's if WormConfiguration.PBA_linux_filename: + self.filename = WormConfiguration.PBA_linux_filename if WormConfiguration.custom_PBA_linux_cmd: # Add change dir command, because user will try to access his file self.command = (DIR_CHANGE_LINUX % get_monkey_dir_path()) + WormConfiguration.custom_PBA_linux_cmd - self.filename = WormConfiguration.PBA_linux_filename - else: - file_path = os.path.join(get_monkey_dir_path(), WormConfiguration.PBA_linux_filename) - self.command = DEFAULT_LINUX_COMMAND.format(file_path) - self.filename = WormConfiguration.PBA_linux_filename elif WormConfiguration.custom_PBA_linux_cmd: self.command = WormConfiguration.custom_PBA_linux_cmd else: # Add windows commands to PBA's if WormConfiguration.PBA_windows_filename: + self.filename = WormConfiguration.PBA_windows_filename if WormConfiguration.custom_PBA_windows_cmd: # Add change dir command, because user will try to access his file self.command = (DIR_CHANGE_WINDOWS % get_monkey_dir_path()) + WormConfiguration.custom_PBA_windows_cmd - self.filename = WormConfiguration.PBA_windows_filename - else: - file_path = os.path.join(get_monkey_dir_path(), WormConfiguration.PBA_windows_filename) - self.command = DEFAULT_WINDOWS_COMMAND.format(file_path) - self.filename = WormConfiguration.PBA_windows_filename elif WormConfiguration.custom_PBA_windows_cmd: self.command = WormConfiguration.custom_PBA_windows_cmd - def _execute_default(self): if self.filename: UsersPBA.download_pba_file(get_monkey_dir_path(), self.filename) - return super(UsersPBA, self)._execute_default() @staticmethod def should_run(class_name): From 6f134bdb0362a51323016b51d9b09043045c0049 Mon Sep 17 00:00:00 2001 From: Shreya Date: Wed, 10 Mar 2021 12:28:30 +0530 Subject: [PATCH 30/64] Download custom PBA file during execution, not initialisation --- monkey/infection_monkey/post_breach/actions/users_custom_pba.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py index b282bc4bd..dd723c14d 100644 --- a/monkey/infection_monkey/post_breach/actions/users_custom_pba.py +++ b/monkey/infection_monkey/post_breach/actions/users_custom_pba.py @@ -47,8 +47,10 @@ class UsersPBA(PBA): elif WormConfiguration.custom_PBA_windows_cmd: self.command = WormConfiguration.custom_PBA_windows_cmd + def _execute_default(self): if self.filename: UsersPBA.download_pba_file(get_monkey_dir_path(), self.filename) + return super(UsersPBA, self)._execute_default() @staticmethod def should_run(class_name): From 72a88c81a3e7976ce6d59b02e4c9f9a8a45ffc59 Mon Sep 17 00:00:00 2001 From: Shreya Date: Mon, 8 Mar 2021 13:53:01 +0530 Subject: [PATCH 31/64] Add unit tests --- .../tests/actions/test_users_custom_pba.py | 227 ++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 monkey/infection_monkey/post_breach/tests/actions/test_users_custom_pba.py diff --git a/monkey/infection_monkey/post_breach/tests/actions/test_users_custom_pba.py b/monkey/infection_monkey/post_breach/tests/actions/test_users_custom_pba.py new file mode 100644 index 000000000..dab6ee59e --- /dev/null +++ b/monkey/infection_monkey/post_breach/tests/actions/test_users_custom_pba.py @@ -0,0 +1,227 @@ +import pytest + +from infection_monkey.post_breach.actions.users_custom_pba import ( + DEFAULT_LINUX_COMMAND, DEFAULT_WINDOWS_COMMAND, DIR_CHANGE_LINUX, + DIR_CHANGE_WINDOWS, UsersPBA) + +MONKEY_DIR_PATH = "/dir/to/monkey/" +CUSTOM_LINUX_CMD_SEPARATE = "command-for-linux" +CUSTOM_LINUX_FILENAME = "filename-for-linux" +CUSTOM_LINUX_CMD_RELATED = f"command-with-{CUSTOM_LINUX_FILENAME}" +CUSTOM_WINDOWS_CMD_SEPARATE = "command-for-windows" +CUSTOM_WINDOWS_FILENAME = "filename-for-windows" +CUSTOM_WINDOWS_CMD_RELATED = f"command-with-{CUSTOM_WINDOWS_FILENAME}" + + +@pytest.fixture +def fake_monkey_dir_path(monkeypatch): + monkeypatch.setattr( + "infection_monkey.post_breach.actions.users_custom_pba.get_monkey_dir_path", + lambda: MONKEY_DIR_PATH, + ) + + +@pytest.fixture +def set_os_linux(monkeypatch): + monkeypatch.setattr( + "infection_monkey.post_breach.actions.users_custom_pba.is_windows_os", + lambda: False, + ) + + +@pytest.fixture +def set_os_windows(monkeypatch): + monkeypatch.setattr( + "infection_monkey.post_breach.actions.users_custom_pba.is_windows_os", + lambda: True, + ) + + +@pytest.fixture +def mock_UsersPBA_linux_custom_file_and_cmd_separate( + set_os_linux, fake_monkey_dir_path, monkeypatch +): + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd", + CUSTOM_LINUX_CMD_SEPARATE, + ) + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.PBA_linux_filename", + CUSTOM_LINUX_FILENAME, + ) + return UsersPBA() + + +def test_command_list_linux_custom_file_and_cmd_separate( + mock_UsersPBA_linux_custom_file_and_cmd_separate, +): + expected_command_list = [ + f"cd {MONKEY_DIR_PATH} ; {CUSTOM_LINUX_CMD_SEPARATE}", + f"chmod +x {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME} ; {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME} ; " + + f"rm {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME}", + ] + assert ( + mock_UsersPBA_linux_custom_file_and_cmd_separate.command_list + == expected_command_list + ) + + +@pytest.fixture +def mock_UsersPBA_windows_custom_file_and_cmd_separate( + set_os_windows, fake_monkey_dir_path, monkeypatch +): + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd", + CUSTOM_WINDOWS_CMD_SEPARATE, + ) + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.PBA_windows_filename", + CUSTOM_WINDOWS_FILENAME, + ) + return UsersPBA() + + +def test_command_list_windows_custom_file_and_cmd_separate( + mock_UsersPBA_windows_custom_file_and_cmd_separate, +): + expected_command_list = [ + f"cd {MONKEY_DIR_PATH} & {CUSTOM_WINDOWS_CMD_SEPARATE}", + f"{MONKEY_DIR_PATH}{CUSTOM_WINDOWS_FILENAME} & del {MONKEY_DIR_PATH}{CUSTOM_WINDOWS_FILENAME}", + ] + assert ( + mock_UsersPBA_windows_custom_file_and_cmd_separate.command_list + == expected_command_list + ) + + +@pytest.fixture +def mock_UsersPBA_linux_custom_file_and_cmd_related( + set_os_linux, fake_monkey_dir_path, monkeypatch +): + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd", + CUSTOM_LINUX_CMD_RELATED, + ) + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.PBA_linux_filename", + CUSTOM_LINUX_FILENAME, + ) + return UsersPBA() + + +def test_command_list_linux_custom_file_and_cmd_related( + mock_UsersPBA_linux_custom_file_and_cmd_related, +): + expected_command_list = [f"cd {MONKEY_DIR_PATH} ; {CUSTOM_LINUX_CMD_RELATED}"] + assert ( + mock_UsersPBA_linux_custom_file_and_cmd_related.command_list + == expected_command_list + ) + + +@pytest.fixture +def mock_UsersPBA_windows_custom_file_and_cmd_related( + set_os_windows, fake_monkey_dir_path, monkeypatch +): + + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd", + CUSTOM_WINDOWS_CMD_RELATED, + ) + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.PBA_windows_filename", + CUSTOM_WINDOWS_FILENAME, + ) + return UsersPBA() + + +def test_command_list_windows_custom_file_and_cmd_related( + mock_UsersPBA_windows_custom_file_and_cmd_related, +): + expected_command_list = [ + f"cd {MONKEY_DIR_PATH} & {CUSTOM_WINDOWS_CMD_RELATED}", + ] + assert ( + mock_UsersPBA_windows_custom_file_and_cmd_related.command_list + == expected_command_list + ) + + +@pytest.fixture +def mock_UsersPBA_linux_custom_file(set_os_linux, fake_monkey_dir_path, monkeypatch): + + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd", None + ) + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.PBA_linux_filename", + CUSTOM_LINUX_FILENAME, + ) + return UsersPBA() + + +def test_command_list_linux_custom_file(mock_UsersPBA_linux_custom_file): + expected_command_list = [ + f"chmod +x {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME} ; {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME} ; " + + f"rm {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME}" + ] + + assert mock_UsersPBA_linux_custom_file.command_list == expected_command_list + + +@pytest.fixture +def mock_UsersPBA_windows_custom_file( + set_os_windows, fake_monkey_dir_path, monkeypatch +): + + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd", None + ) + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.PBA_windows_filename", + CUSTOM_WINDOWS_FILENAME, + ) + return UsersPBA() + + +def test_command_list_windows_custom_file(mock_UsersPBA_windows_custom_file): + expected_command_list = [ + f"{MONKEY_DIR_PATH}{CUSTOM_WINDOWS_FILENAME} & del {MONKEY_DIR_PATH}{CUSTOM_WINDOWS_FILENAME}", + ] + assert mock_UsersPBA_windows_custom_file.command_list == expected_command_list + + +@pytest.fixture +def mock_UsersPBA_linux_custom_cmd(set_os_linux, fake_monkey_dir_path, monkeypatch): + + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd", + CUSTOM_LINUX_CMD_SEPARATE, + ) + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.PBA_linux_filename", None + ) + return UsersPBA() + + +def test_command_list_linux_custom_cmd(mock_UsersPBA_linux_custom_cmd): + expected_command_list = [CUSTOM_LINUX_CMD_SEPARATE] + assert mock_UsersPBA_linux_custom_cmd.command_list == expected_command_list + + +@pytest.fixture +def mock_UsersPBA_windows_custom_cmd(set_os_windows, fake_monkey_dir_path, monkeypatch): + + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd", + CUSTOM_WINDOWS_CMD_SEPARATE, + ) + monkeypatch.setattr( + "infection_monkey.config.WormConfiguration.PBA_windows_filename", None + ) + return UsersPBA() + + +def test_command_list_windows_custom_cmd(mock_UsersPBA_windows_custom_cmd): + expected_command_list = [CUSTOM_WINDOWS_CMD_SEPARATE] + assert mock_UsersPBA_windows_custom_cmd.command_list == expected_command_list From 9167aa6460e70f2febbf4d740da841ce8ede97bf Mon Sep 17 00:00:00 2001 From: Shreya Date: Wed, 10 Mar 2021 12:44:51 +0530 Subject: [PATCH 32/64] Unit test modifications --- .../tests/actions/test_users_custom_pba.py | 133 ++++-------------- 1 file changed, 29 insertions(+), 104 deletions(-) diff --git a/monkey/infection_monkey/post_breach/tests/actions/test_users_custom_pba.py b/monkey/infection_monkey/post_breach/tests/actions/test_users_custom_pba.py index dab6ee59e..83af6e00a 100644 --- a/monkey/infection_monkey/post_breach/tests/actions/test_users_custom_pba.py +++ b/monkey/infection_monkey/post_breach/tests/actions/test_users_custom_pba.py @@ -1,16 +1,13 @@ import pytest from infection_monkey.post_breach.actions.users_custom_pba import ( - DEFAULT_LINUX_COMMAND, DEFAULT_WINDOWS_COMMAND, DIR_CHANGE_LINUX, - DIR_CHANGE_WINDOWS, UsersPBA) + DIR_CHANGE_LINUX, DIR_CHANGE_WINDOWS, UsersPBA) MONKEY_DIR_PATH = "/dir/to/monkey/" -CUSTOM_LINUX_CMD_SEPARATE = "command-for-linux" +CUSTOM_LINUX_CMD = "command-for-linux" CUSTOM_LINUX_FILENAME = "filename-for-linux" -CUSTOM_LINUX_CMD_RELATED = f"command-with-{CUSTOM_LINUX_FILENAME}" -CUSTOM_WINDOWS_CMD_SEPARATE = "command-for-windows" +CUSTOM_WINDOWS_CMD = "command-for-windows" CUSTOM_WINDOWS_FILENAME = "filename-for-windows" -CUSTOM_WINDOWS_CMD_RELATED = f"command-with-{CUSTOM_WINDOWS_FILENAME}" @pytest.fixture @@ -38,12 +35,12 @@ def set_os_windows(monkeypatch): @pytest.fixture -def mock_UsersPBA_linux_custom_file_and_cmd_separate( +def mock_UsersPBA_linux_custom_file_and_cmd( set_os_linux, fake_monkey_dir_path, monkeypatch ): monkeypatch.setattr( "infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd", - CUSTOM_LINUX_CMD_SEPARATE, + CUSTOM_LINUX_CMD, ) monkeypatch.setattr( "infection_monkey.config.WormConfiguration.PBA_linux_filename", @@ -52,27 +49,20 @@ def mock_UsersPBA_linux_custom_file_and_cmd_separate( return UsersPBA() -def test_command_list_linux_custom_file_and_cmd_separate( - mock_UsersPBA_linux_custom_file_and_cmd_separate, +def test_command_linux_custom_file_and_cmd( + mock_UsersPBA_linux_custom_file_and_cmd, ): - expected_command_list = [ - f"cd {MONKEY_DIR_PATH} ; {CUSTOM_LINUX_CMD_SEPARATE}", - f"chmod +x {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME} ; {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME} ; " + - f"rm {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME}", - ] - assert ( - mock_UsersPBA_linux_custom_file_and_cmd_separate.command_list - == expected_command_list - ) + expected_command = f"cd {MONKEY_DIR_PATH} ; {CUSTOM_LINUX_CMD}" + assert mock_UsersPBA_linux_custom_file_and_cmd.command == expected_command @pytest.fixture -def mock_UsersPBA_windows_custom_file_and_cmd_separate( +def mock_UsersPBA_windows_custom_file_and_cmd( set_os_windows, fake_monkey_dir_path, monkeypatch ): monkeypatch.setattr( "infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd", - CUSTOM_WINDOWS_CMD_SEPARATE, + CUSTOM_WINDOWS_CMD, ) monkeypatch.setattr( "infection_monkey.config.WormConfiguration.PBA_windows_filename", @@ -81,70 +71,11 @@ def mock_UsersPBA_windows_custom_file_and_cmd_separate( return UsersPBA() -def test_command_list_windows_custom_file_and_cmd_separate( - mock_UsersPBA_windows_custom_file_and_cmd_separate, +def test_command_windows_custom_file_and_cmd( + mock_UsersPBA_windows_custom_file_and_cmd, ): - expected_command_list = [ - f"cd {MONKEY_DIR_PATH} & {CUSTOM_WINDOWS_CMD_SEPARATE}", - f"{MONKEY_DIR_PATH}{CUSTOM_WINDOWS_FILENAME} & del {MONKEY_DIR_PATH}{CUSTOM_WINDOWS_FILENAME}", - ] - assert ( - mock_UsersPBA_windows_custom_file_and_cmd_separate.command_list - == expected_command_list - ) - - -@pytest.fixture -def mock_UsersPBA_linux_custom_file_and_cmd_related( - set_os_linux, fake_monkey_dir_path, monkeypatch -): - monkeypatch.setattr( - "infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd", - CUSTOM_LINUX_CMD_RELATED, - ) - monkeypatch.setattr( - "infection_monkey.config.WormConfiguration.PBA_linux_filename", - CUSTOM_LINUX_FILENAME, - ) - return UsersPBA() - - -def test_command_list_linux_custom_file_and_cmd_related( - mock_UsersPBA_linux_custom_file_and_cmd_related, -): - expected_command_list = [f"cd {MONKEY_DIR_PATH} ; {CUSTOM_LINUX_CMD_RELATED}"] - assert ( - mock_UsersPBA_linux_custom_file_and_cmd_related.command_list - == expected_command_list - ) - - -@pytest.fixture -def mock_UsersPBA_windows_custom_file_and_cmd_related( - set_os_windows, fake_monkey_dir_path, monkeypatch -): - - monkeypatch.setattr( - "infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd", - CUSTOM_WINDOWS_CMD_RELATED, - ) - monkeypatch.setattr( - "infection_monkey.config.WormConfiguration.PBA_windows_filename", - CUSTOM_WINDOWS_FILENAME, - ) - return UsersPBA() - - -def test_command_list_windows_custom_file_and_cmd_related( - mock_UsersPBA_windows_custom_file_and_cmd_related, -): - expected_command_list = [ - f"cd {MONKEY_DIR_PATH} & {CUSTOM_WINDOWS_CMD_RELATED}", - ] - assert ( - mock_UsersPBA_windows_custom_file_and_cmd_related.command_list - == expected_command_list - ) + expected_command = f"cd {MONKEY_DIR_PATH} & {CUSTOM_WINDOWS_CMD}" + assert mock_UsersPBA_windows_custom_file_and_cmd.command == expected_command @pytest.fixture @@ -160,13 +91,9 @@ def mock_UsersPBA_linux_custom_file(set_os_linux, fake_monkey_dir_path, monkeypa return UsersPBA() -def test_command_list_linux_custom_file(mock_UsersPBA_linux_custom_file): - expected_command_list = [ - f"chmod +x {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME} ; {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME} ; " + - f"rm {MONKEY_DIR_PATH}{CUSTOM_LINUX_FILENAME}" - ] - - assert mock_UsersPBA_linux_custom_file.command_list == expected_command_list +def test_command_linux_custom_file(mock_UsersPBA_linux_custom_file): + expected_command = "" + assert mock_UsersPBA_linux_custom_file.command == expected_command @pytest.fixture @@ -184,11 +111,9 @@ def mock_UsersPBA_windows_custom_file( return UsersPBA() -def test_command_list_windows_custom_file(mock_UsersPBA_windows_custom_file): - expected_command_list = [ - f"{MONKEY_DIR_PATH}{CUSTOM_WINDOWS_FILENAME} & del {MONKEY_DIR_PATH}{CUSTOM_WINDOWS_FILENAME}", - ] - assert mock_UsersPBA_windows_custom_file.command_list == expected_command_list +def test_command_windows_custom_file(mock_UsersPBA_windows_custom_file): + expected_command = "" + assert mock_UsersPBA_windows_custom_file.command == expected_command @pytest.fixture @@ -196,7 +121,7 @@ def mock_UsersPBA_linux_custom_cmd(set_os_linux, fake_monkey_dir_path, monkeypat monkeypatch.setattr( "infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd", - CUSTOM_LINUX_CMD_SEPARATE, + CUSTOM_LINUX_CMD, ) monkeypatch.setattr( "infection_monkey.config.WormConfiguration.PBA_linux_filename", None @@ -204,9 +129,9 @@ def mock_UsersPBA_linux_custom_cmd(set_os_linux, fake_monkey_dir_path, monkeypat return UsersPBA() -def test_command_list_linux_custom_cmd(mock_UsersPBA_linux_custom_cmd): - expected_command_list = [CUSTOM_LINUX_CMD_SEPARATE] - assert mock_UsersPBA_linux_custom_cmd.command_list == expected_command_list +def test_command_linux_custom_cmd(mock_UsersPBA_linux_custom_cmd): + expected_command = CUSTOM_LINUX_CMD + assert mock_UsersPBA_linux_custom_cmd.command == expected_command @pytest.fixture @@ -214,7 +139,7 @@ def mock_UsersPBA_windows_custom_cmd(set_os_windows, fake_monkey_dir_path, monke monkeypatch.setattr( "infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd", - CUSTOM_WINDOWS_CMD_SEPARATE, + CUSTOM_WINDOWS_CMD, ) monkeypatch.setattr( "infection_monkey.config.WormConfiguration.PBA_windows_filename", None @@ -222,6 +147,6 @@ def mock_UsersPBA_windows_custom_cmd(set_os_windows, fake_monkey_dir_path, monke return UsersPBA() -def test_command_list_windows_custom_cmd(mock_UsersPBA_windows_custom_cmd): - expected_command_list = [CUSTOM_WINDOWS_CMD_SEPARATE] - assert mock_UsersPBA_windows_custom_cmd.command_list == expected_command_list +def test_command_windows_custom_cmd(mock_UsersPBA_windows_custom_cmd): + expected_command = CUSTOM_WINDOWS_CMD + assert mock_UsersPBA_windows_custom_cmd.command == expected_command From 4928109be2ff9c0aff6c7ad4894147b2312696ab Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 11 Mar 2021 18:42:01 +0530 Subject: [PATCH 33/64] Rephrase custom PBA file config descriptions --- .../cc/services/config_schema/monkey.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py index faf27c481..f54b79886 100644 --- a/monkey/monkey_island/cc/services/config_schema/monkey.py +++ b/monkey/monkey_island/cc/services/config_schema/monkey.py @@ -11,33 +11,33 @@ MONKEY = { "type": "object", "properties": { "custom_PBA_linux_cmd": { - "title": "Linux post breach command", + "title": "Linux post-breach command", "type": "string", "default": "", "description": "Linux command to be executed after breaching." }, "PBA_linux_file": { - "title": "Linux post breach file", + "title": "Linux post-breach file", "type": "string", "format": "data-url", "description": "File to be uploaded after breaching. " - "If you want the file to be executed, " - "specify it in the 'Linux post breach command' field. " + "Use the 'Linux post-breach command' field to " + "change permissions, run, or delete the file. " "Reference your file by filename." }, "custom_PBA_windows_cmd": { - "title": "Windows post breach command", + "title": "Windows post-breach command", "type": "string", "default": "", "description": "Windows command to be executed after breaching." }, "PBA_windows_file": { - "title": "Windows post breach file", + "title": "Windows post-breach file", "type": "string", "format": "data-url", "description": "File to be uploaded after breaching. " - "If you want the file to be executed, " - "specify it in the 'Windows post breach command' field. " + "Use the 'Windows post-breach command' field to " + "change permissions, run, or delete the file. " "Reference your file by filename." }, "PBA_windows_filename": { From 2b4fd9e9a7dae299887600a5258b6141cb0729e1 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 11 Mar 2021 18:55:00 +0530 Subject: [PATCH 34/64] Rephrase custom PBA command config descriptions --- .../monkey_island/cc/services/config_schema/monkey.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py index f54b79886..82a394b65 100644 --- a/monkey/monkey_island/cc/services/config_schema/monkey.py +++ b/monkey/monkey_island/cc/services/config_schema/monkey.py @@ -14,7 +14,10 @@ MONKEY = { "title": "Linux post-breach command", "type": "string", "default": "", - "description": "Linux command to be executed after breaching." + "description": "Command to be executed after breaching. " + "Use this field to run custom commands or execute uploaded " + "files on exploited machines.\nExample: " + "\"chmod +x ./my_script.sh; ./my_script.sh ; rm ./my_script.sh\"" }, "PBA_linux_file": { "title": "Linux post-breach file", @@ -29,7 +32,10 @@ MONKEY = { "title": "Windows post-breach command", "type": "string", "default": "", - "description": "Windows command to be executed after breaching." + "description": "Command to be executed after breaching. " + "Use this field to run custom commands or execute uploaded " + "files on exploited machines.\nExample: " + "\"my_script.bat & del my_script.bat\"" }, "PBA_windows_file": { "title": "Windows post-breach file", From c6fd7ae5e8d63cb728aec3471128f9a1443a7605 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 16 Mar 2021 09:11:45 +0200 Subject: [PATCH 35/64] Refactored ScoutSuite into a separate package rather than submodule --- .gitmodules | 3 --- monkey/common/cloud/scoutsuite | 1 - monkey/infection_monkey/monkey.spec | 27 ++++++++++++------- monkey/infection_monkey/requirements.txt | 1 + .../scoutsuite_collector/__init__.py | 15 ----------- .../scoutsuite_collector/scoutsuite_api.py | 5 ---- .../scoutsuite_collector.py | 13 ++++----- .../telemetry/scoutsuite_telem.py | 4 +-- .../zero_trust/scoutsuite/__init__.py | 13 --------- .../scoutsuite/scoutsuite_auth_service.py | 2 +- monkey/monkey_island/requirements.txt | 1 + 11 files changed, 29 insertions(+), 56 deletions(-) delete mode 160000 monkey/common/cloud/scoutsuite delete mode 100644 monkey/infection_monkey/system_info/collectors/scoutsuite_collector/__init__.py delete mode 100644 monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_api.py delete mode 100644 monkey/monkey_island/cc/services/zero_trust/scoutsuite/__init__.py diff --git a/.gitmodules b/.gitmodules index b898f160a..2fb33dd37 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,6 +4,3 @@ [submodule "docs/themes/learn"] path = docs/themes/learn url = https://github.com/guardicode/hugo-theme-learn.git -[submodule "monkey/infection_monkey/system_info/collectors/scoutsuite"] - path = monkey/common/cloud/scoutsuite - url = https://github.com/guardicode/ScoutSuite.git diff --git a/monkey/common/cloud/scoutsuite b/monkey/common/cloud/scoutsuite deleted file mode 160000 index 9de1e78ba..000000000 --- a/monkey/common/cloud/scoutsuite +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 9de1e78ba475f925c66c5b645564ec9eb08e2309 diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index 51bd4bb83..2031ee92a 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -1,15 +1,17 @@ # -*- mode: python -*- import os -import sys import platform - +import sys __author__ = 'itay.mizeretz' +from PyInstaller.utils.hooks import collect_data_files + block_cipher = None def main(): + print(collect_data_files('policyuniverse')) a = Analysis(['main.py'], pathex=['..'], hiddenimports=get_hidden_imports(), @@ -17,7 +19,7 @@ def main(): runtime_hooks=None, binaries=None, datas=[ - ("../common/BUILD", "/common") + ("../common/BUILD", "/common") ], excludes=None, win_no_prefer_redirects=None, @@ -48,7 +50,7 @@ def is_windows(): def is_32_bit(): - return sys.maxsize <= 2**32 + return sys.maxsize <= 2 ** 32 def get_bin_folder(): @@ -79,7 +81,12 @@ def get_linux_only_binaries(): def get_hidden_imports(): - return ['_cffi_backend', 'queue', '_mssql'] if is_windows() else ['_cffi_backend','_mssql'] + imports = ['ScoutSuite'] + if is_windows(): + imports.extend(['_cffi_backend', 'queue', '_mssql']) + else: + imports.extend(['_cffi_backend', '_mssql']) + return imports def get_sc_binaries(): @@ -94,15 +101,15 @@ def get_traceroute_binaries(): def get_monkey_filename(): name = 'monkey-' if is_windows(): - name = name+"windows-" + name = name + "windows-" else: - name = name+"linux-" + name = name + "linux-" if is_32_bit(): - name = name+"32" + name = name + "32" else: - name = name+"64" + name = name + "64" if is_windows(): - name = name+".exe" + name = name + ".exe" return name diff --git a/monkey/infection_monkey/requirements.txt b/monkey/infection_monkey/requirements.txt index dc0ab227e..e478095ac 100644 --- a/monkey/infection_monkey/requirements.txt +++ b/monkey/infection_monkey/requirements.txt @@ -16,3 +16,4 @@ pypykatz==0.3.12 pysmb==1.2.5 requests>=2.24 wmi==1.5.1 ; sys_platform == 'win32' +git+https://github.com/guardicode/ScoutSuite diff --git a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/__init__.py b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/__init__.py deleted file mode 100644 index 97e736b4b..000000000 --- a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -import pkgutil -import sys -from pathlib import PurePath - -_scoutsuite_api_package = pkgutil.get_loader('common.cloud.scoutsuite.ScoutSuite.__main__') - - -def _add_scoutsuite_to_python_path(): - scoutsuite_path = PurePath(_scoutsuite_api_package.path).parent.parent.__str__() - sys.path.append(scoutsuite_path) - - -# Add ScoutSuite to python path because this way -# we don't need to change any imports in ScoutSuite code -_add_scoutsuite_to_python_path() diff --git a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_api.py b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_api.py deleted file mode 100644 index 88ef32293..000000000 --- a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_api.py +++ /dev/null @@ -1,5 +0,0 @@ -import common.cloud.scoutsuite.ScoutSuite.api_run as scoutsuite_api - - -def run(*args, **kwargs): - return scoutsuite_api.run(*args, **kwargs) diff --git a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_collector.py b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_collector.py index c637e3593..79aabea56 100644 --- a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_collector.py +++ b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_collector.py @@ -1,8 +1,9 @@ import logging from typing import Union -import infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_api as scoutsuite_api -from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider +import ScoutSuite.api_run +from ScoutSuite.providers.base.provider import BaseProvider + from common.cloud.scoutsuite_consts import CloudProviders from common.utils.exceptions import ScoutSuiteScanError from infection_monkey.config import WormConfiguration @@ -22,10 +23,10 @@ def scan_cloud_security(cloud_type: CloudProviders): def run_scoutsuite(cloud_type: str) -> Union[BaseProvider, dict]: - return scoutsuite_api.run(provider=cloud_type, - aws_access_key_id=WormConfiguration.aws_access_key_id, - aws_secret_access_key=WormConfiguration.aws_secret_access_key, - aws_session_token=WormConfiguration.aws_session_token) + return ScoutSuite.api_run.run(provider=cloud_type, + aws_access_key_id=WormConfiguration.aws_access_key_id, + aws_secret_access_key=WormConfiguration.aws_secret_access_key, + aws_session_token=WormConfiguration.aws_session_token) def send_scoutsuite_run_results(run_results: BaseProvider): diff --git a/monkey/infection_monkey/telemetry/scoutsuite_telem.py b/monkey/infection_monkey/telemetry/scoutsuite_telem.py index 16cf47bdd..ba112f8b9 100644 --- a/monkey/infection_monkey/telemetry/scoutsuite_telem.py +++ b/monkey/infection_monkey/telemetry/scoutsuite_telem.py @@ -1,5 +1,5 @@ -from common.cloud.scoutsuite.ScoutSuite.output.result_encoder import ScoutJsonEncoder -from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider +from ScoutSuite.output.result_encoder import ScoutJsonEncoder +from ScoutSuite.providers.base.provider import BaseProvider from common.common_consts.telem_categories import TelemCategoryEnum from infection_monkey.telemetry.base_telem import BaseTelem diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/__init__.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/__init__.py deleted file mode 100644 index e8a36338b..000000000 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/__init__.py +++ /dev/null @@ -1,13 +0,0 @@ -import pkgutil -import sys -from pathlib import PurePath - -_scoutsuite_api_package = pkgutil.get_loader('common.cloud.scoutsuite.ScoutSuite.__main__') - - -def _add_scoutsuite_to_python_path(): - scoutsuite_path = PurePath(_scoutsuite_api_package.path).parent.parent.__str__() - sys.path.append(scoutsuite_path) - - -_add_scoutsuite_to_python_path() diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py index b5d405234..701598168 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py @@ -14,7 +14,7 @@ def is_cloud_authentication_setup(provider: CloudProviders) -> Tuple[bool, str]: if is_aws_keys_setup(): return True, "AWS keys already setup." - import common.cloud.scoutsuite.ScoutSuite.providers.aws.authentication_strategy as auth_strategy + import ScoutSuite.providers.aws.authentication_strategy as auth_strategy try: profile = auth_strategy.AWSAuthenticationStrategy().authenticate() return True, f" Profile \"{profile.session.profile_name}\" is already setup. " diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index 3cb3a4e42..ddbf2418a 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -26,5 +26,6 @@ tqdm>=4.47 virtualenv>=20.0.26 werkzeug>=1.0.1 wheel>=0.34.2 +git+https://github.com/guardicode/ScoutSuite pyjwt>=1.5.1 # not directly required, pinned by Snyk to avoid a vulnerability From 90d9d5933a54754021321b1c1a349bbf1200bd0a Mon Sep 17 00:00:00 2001 From: Shreya Date: Mon, 15 Mar 2021 18:11:26 +0530 Subject: [PATCH 36/64] Handle UnicodeDecodeError when getting installed packages on Windows systems --- .../system_info/windows_info_collector.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 38feb6815..657746e84 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -47,8 +47,19 @@ class WindowsInfoCollector(InfoCollector): def get_installed_packages(self): LOG.info('getting installed packages') - self.info["installed_packages"] = os.popen("dism /online /get-packages").read() - self.info["installed_features"] = os.popen("dism /online /get-features").read() + + packages = subprocess.Popen("dism /online /get-packages", shell=True, stdout=subprocess.PIPE).stdout.read() + try: + self.info["installed_packages"] = packages.decode('utf-8') + except UnicodeDecodeError: + self.info["installed_packages"] = packages.decode('raw-unicode-escape') + + features = subprocess.Popen("dism /online /get-features", shell=True, stdout=subprocess.PIPE).stdout.read() + try: + self.info["installed_features"] = features.decode('utf-8') + except UnicodeDecodeError: + self.info["installed_features"] = features.decode('raw-unicode-escape') + LOG.debug('Got installed packages') def get_wmi_info(self): From ece4e6e9119318aa16f42980eed9065525031a95 Mon Sep 17 00:00:00 2001 From: Shreya Date: Tue, 16 Mar 2021 15:26:20 +0530 Subject: [PATCH 37/64] Change import --- monkey/infection_monkey/system_info/windows_info_collector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 657746e84..1960126a5 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -1,5 +1,5 @@ import logging -import os +import subprocess import sys from common.common_consts.system_info_collectors_names import MIMIKATZ_COLLECTOR From 5192953dd008e6a904dc55e68f304e5bb96f2bd4 Mon Sep 17 00:00:00 2001 From: Shreya Date: Tue, 16 Mar 2021 15:27:06 +0530 Subject: [PATCH 38/64] Unrelated log statement changes --- .../infection_monkey/system_info/windows_info_collector.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 1960126a5..81b0c8125 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -46,7 +46,7 @@ class WindowsInfoCollector(InfoCollector): return self.info def get_installed_packages(self): - LOG.info('getting installed packages') + LOG.info('Getting installed packages') packages = subprocess.Popen("dism /online /get-packages", shell=True, stdout=subprocess.PIPE).stdout.read() try: @@ -63,10 +63,10 @@ class WindowsInfoCollector(InfoCollector): LOG.debug('Got installed packages') def get_wmi_info(self): - LOG.info('getting wmi info') + LOG.info('Getting wmi info') for wmi_class_name in WMI_CLASSES: self.info['wmi'][wmi_class_name] = WMIUtils.get_wmi_class(wmi_class_name) - LOG.debug('finished get_wmi_info') + LOG.debug('Finished get_wmi_info') def get_mimikatz_info(self): LOG.info("Gathering mimikatz info") From 2925815fd3d6a098244b5c45925a95660e1a538c Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 17 Mar 2021 10:20:17 +0200 Subject: [PATCH 39/64] Removed ScoutSuite from travis, since it's no longer a submodule --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 668d9cdc3..8ac8db204 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,7 +27,6 @@ install: - pip install flake8 pytest pytest-cov dlint isort # for next stages - pip install coverage # for code coverage - pip install -r monkey/infection_monkey/requirements.txt # for unit tests -- pip install -r monkey/common/cloud/scoutsuite/requirements.txt - pip install pipdeptree # Fail builds on possible conflicting dependencies. - pipdeptree --warn fail @@ -56,7 +55,7 @@ install: script: # Check Python code ## Check syntax errors and fail the build if any are found. -- flake8 ./monkey --exclude=monkey/common/cloud/scoutsuite --config=./ci_scripts/flake8_syntax_check.ini +- flake8 ./monkey --config=./ci_scripts/flake8_syntax_check.ini ## Warn about linter issues. ### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build. From 9e27a93a3b0fd1b079257e90206dbd12a87663b0 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 17 Mar 2021 12:45:08 +0200 Subject: [PATCH 40/64] Minor spec file style improvement --- monkey/infection_monkey/monkey.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index 2031ee92a..f9b656611 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -18,9 +18,7 @@ def main(): hookspath=['./pyinstaller_hooks'], runtime_hooks=None, binaries=None, - datas=[ - ("../common/BUILD", "/common") - ], + datas=[("../common/BUILD", "/common")], excludes=None, win_no_prefer_redirects=None, win_private_assemblies=None, From aaf6a33f928e917c85a5f81d55428fe7be2e6918 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 16 Mar 2021 16:51:21 +0200 Subject: [PATCH 41/64] Small profiling decorator improvement --- monkey/monkey_island/cc/test_common/profiling/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/test_common/profiling/README.md b/monkey/monkey_island/cc/test_common/profiling/README.md index 1c1446b2f..d0cb92bfa 100644 --- a/monkey/monkey_island/cc/test_common/profiling/README.md +++ b/monkey/monkey_island/cc/test_common/profiling/README.md @@ -2,7 +2,7 @@ To profile specific methods on island a `@profile(sort_args=['cumulative'], print_args=[100])` decorator can be used. -Use it as any other decorator. After decorated method is used, a file will appear in a +Use it as a parameterised decorator(`@profile()`). After decorated method is used, a file will appear in a directory provided in `profiler_decorator.py`. Filename describes the path of the method that was profiled. For example if method `monkey_island/cc/resources/netmap.get` was profiled, then the results of this profiling will appear in From 2c1e89c7b35a58809998621e62ea1f1e62506485 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 17 Mar 2021 10:02:13 +0200 Subject: [PATCH 42/64] ScoutSuite performance upgrades. --- monkey/common/utils/code_utils.py | 10 ++++++++++ .../cc/services/telemetry/processing/scoutsuite.py | 7 ++++--- .../zero_trust/scoutsuite/data_parsing/rule_parser.py | 5 ++--- .../rule_path_building/abstract_rule_path_creator.py | 4 ++-- 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/monkey/common/utils/code_utils.py b/monkey/common/utils/code_utils.py index 214e6d108..d9ad573b1 100644 --- a/monkey/common/utils/code_utils.py +++ b/monkey/common/utils/code_utils.py @@ -1,5 +1,8 @@ # abstract, static method decorator # noinspection PyPep8Naming +from typing import List + + class abstractstatic(staticmethod): __slots__ = () @@ -8,3 +11,10 @@ class abstractstatic(staticmethod): function.__isabstractmethod__ = True __isabstractmethod__ = True + + +def get_value_from_dict(dict_data: dict, path: List[str]): + current_data = dict_data + for key in path: + current_data = current_data[key] + return current_data diff --git a/monkey/monkey_island/cc/services/telemetry/processing/scoutsuite.py b/monkey/monkey_island/cc/services/telemetry/processing/scoutsuite.py index 8ee4737e8..9160861ea 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/scoutsuite.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/scoutsuite.py @@ -3,6 +3,7 @@ import json from monkey_island.cc.database import mongo from monkey_island.cc.models.zero_trust.scoutsuite_data_json import ScoutSuiteRawDataJson from monkey_island.cc.services.zero_trust.scoutsuite.consts.scoutsuite_findings_list import SCOUTSUITE_FINDINGS +from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICES from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_parser import RuleParser from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_rule_service import ScoutSuiteRuleService from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_zt_finding_service import ScoutSuiteZTFindingService @@ -13,14 +14,14 @@ def process_scoutsuite_telemetry(telemetry_json): telemetry_json['data'] = json.dumps(telemetry_json['data']) ScoutSuiteRawDataJson.add_scoutsuite_data(telemetry_json['data']) scoutsuite_data = json.loads(telemetry_json['data'])['data'] - create_scoutsuite_findings(scoutsuite_data) + create_scoutsuite_findings(scoutsuite_data[SERVICES]) update_data(telemetry_json) -def create_scoutsuite_findings(scoutsuite_data): +def create_scoutsuite_findings(cloud_services: dict): for finding in SCOUTSUITE_FINDINGS: for rule in finding.rules: - rule_data = RuleParser.get_rule_data(scoutsuite_data, rule) + rule_data = RuleParser.get_rule_data(cloud_services, rule) rule = ScoutSuiteRuleService.get_rule_from_rule_data(rule_data) ScoutSuiteZTFindingService.process_rule(finding, rule) diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py index e07431541..935f1c989 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py @@ -1,7 +1,6 @@ from enum import Enum -import dpath.util - +from common.utils.code_utils import get_value_from_dict from common.utils.exceptions import RulePathCreatorNotFound from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators_list import \ RULE_PATH_CREATORS_LIST @@ -23,7 +22,7 @@ class RuleParser: @staticmethod def get_rule_data(scoutsuite_data: dict, rule_name: Enum) -> dict: rule_path = RuleParser._get_rule_path(rule_name) - return dpath.util.get(scoutsuite_data, rule_path) + return get_value_from_dict(scoutsuite_data, rule_path) @staticmethod def _get_rule_path(rule_name: Enum): diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py index b4767124b..ee7f7c38b 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py @@ -3,7 +3,7 @@ from enum import Enum from typing import List, Type from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum -from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import FINDINGS, SERVICES, SERVICE_TYPES +from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import FINDINGS, SERVICE_TYPES class AbstractRulePathCreator(ABC): @@ -21,4 +21,4 @@ class AbstractRulePathCreator(ABC): @classmethod def build_rule_path(cls, rule_name: Enum) -> List[str]: assert(rule_name in cls.supported_rules) - return [SERVICES, cls.service_type.value, FINDINGS, rule_name.value] + return [cls.service_type.value, FINDINGS, rule_name.value] From fd058c7ff0f10ca154e17d919262e1b859c4c059 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 16 Mar 2021 09:11:45 +0200 Subject: [PATCH 43/64] Refactored ScoutSuite into a separate package rather than submodule --- .gitmodules | 3 --- monkey/common/cloud/scoutsuite | 1 - monkey/infection_monkey/monkey.spec | 27 ++++++++++++------- monkey/infection_monkey/requirements.txt | 1 + .../scoutsuite_collector/__init__.py | 15 ----------- .../scoutsuite_collector/scoutsuite_api.py | 5 ---- .../scoutsuite_collector.py | 13 ++++----- .../telemetry/scoutsuite_telem.py | 4 +-- .../zero_trust/scoutsuite/__init__.py | 13 --------- .../scoutsuite/scoutsuite_auth_service.py | 2 +- monkey/monkey_island/requirements.txt | 1 + 11 files changed, 29 insertions(+), 56 deletions(-) delete mode 160000 monkey/common/cloud/scoutsuite delete mode 100644 monkey/infection_monkey/system_info/collectors/scoutsuite_collector/__init__.py delete mode 100644 monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_api.py delete mode 100644 monkey/monkey_island/cc/services/zero_trust/scoutsuite/__init__.py diff --git a/.gitmodules b/.gitmodules index b898f160a..2fb33dd37 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,6 +4,3 @@ [submodule "docs/themes/learn"] path = docs/themes/learn url = https://github.com/guardicode/hugo-theme-learn.git -[submodule "monkey/infection_monkey/system_info/collectors/scoutsuite"] - path = monkey/common/cloud/scoutsuite - url = https://github.com/guardicode/ScoutSuite.git diff --git a/monkey/common/cloud/scoutsuite b/monkey/common/cloud/scoutsuite deleted file mode 160000 index 9de1e78ba..000000000 --- a/monkey/common/cloud/scoutsuite +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 9de1e78ba475f925c66c5b645564ec9eb08e2309 diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index 51bd4bb83..2031ee92a 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -1,15 +1,17 @@ # -*- mode: python -*- import os -import sys import platform - +import sys __author__ = 'itay.mizeretz' +from PyInstaller.utils.hooks import collect_data_files + block_cipher = None def main(): + print(collect_data_files('policyuniverse')) a = Analysis(['main.py'], pathex=['..'], hiddenimports=get_hidden_imports(), @@ -17,7 +19,7 @@ def main(): runtime_hooks=None, binaries=None, datas=[ - ("../common/BUILD", "/common") + ("../common/BUILD", "/common") ], excludes=None, win_no_prefer_redirects=None, @@ -48,7 +50,7 @@ def is_windows(): def is_32_bit(): - return sys.maxsize <= 2**32 + return sys.maxsize <= 2 ** 32 def get_bin_folder(): @@ -79,7 +81,12 @@ def get_linux_only_binaries(): def get_hidden_imports(): - return ['_cffi_backend', 'queue', '_mssql'] if is_windows() else ['_cffi_backend','_mssql'] + imports = ['ScoutSuite'] + if is_windows(): + imports.extend(['_cffi_backend', 'queue', '_mssql']) + else: + imports.extend(['_cffi_backend', '_mssql']) + return imports def get_sc_binaries(): @@ -94,15 +101,15 @@ def get_traceroute_binaries(): def get_monkey_filename(): name = 'monkey-' if is_windows(): - name = name+"windows-" + name = name + "windows-" else: - name = name+"linux-" + name = name + "linux-" if is_32_bit(): - name = name+"32" + name = name + "32" else: - name = name+"64" + name = name + "64" if is_windows(): - name = name+".exe" + name = name + ".exe" return name diff --git a/monkey/infection_monkey/requirements.txt b/monkey/infection_monkey/requirements.txt index dc0ab227e..e478095ac 100644 --- a/monkey/infection_monkey/requirements.txt +++ b/monkey/infection_monkey/requirements.txt @@ -16,3 +16,4 @@ pypykatz==0.3.12 pysmb==1.2.5 requests>=2.24 wmi==1.5.1 ; sys_platform == 'win32' +git+https://github.com/guardicode/ScoutSuite diff --git a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/__init__.py b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/__init__.py deleted file mode 100644 index 97e736b4b..000000000 --- a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -import pkgutil -import sys -from pathlib import PurePath - -_scoutsuite_api_package = pkgutil.get_loader('common.cloud.scoutsuite.ScoutSuite.__main__') - - -def _add_scoutsuite_to_python_path(): - scoutsuite_path = PurePath(_scoutsuite_api_package.path).parent.parent.__str__() - sys.path.append(scoutsuite_path) - - -# Add ScoutSuite to python path because this way -# we don't need to change any imports in ScoutSuite code -_add_scoutsuite_to_python_path() diff --git a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_api.py b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_api.py deleted file mode 100644 index 88ef32293..000000000 --- a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_api.py +++ /dev/null @@ -1,5 +0,0 @@ -import common.cloud.scoutsuite.ScoutSuite.api_run as scoutsuite_api - - -def run(*args, **kwargs): - return scoutsuite_api.run(*args, **kwargs) diff --git a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_collector.py b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_collector.py index c637e3593..79aabea56 100644 --- a/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_collector.py +++ b/monkey/infection_monkey/system_info/collectors/scoutsuite_collector/scoutsuite_collector.py @@ -1,8 +1,9 @@ import logging from typing import Union -import infection_monkey.system_info.collectors.scoutsuite_collector.scoutsuite_api as scoutsuite_api -from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider +import ScoutSuite.api_run +from ScoutSuite.providers.base.provider import BaseProvider + from common.cloud.scoutsuite_consts import CloudProviders from common.utils.exceptions import ScoutSuiteScanError from infection_monkey.config import WormConfiguration @@ -22,10 +23,10 @@ def scan_cloud_security(cloud_type: CloudProviders): def run_scoutsuite(cloud_type: str) -> Union[BaseProvider, dict]: - return scoutsuite_api.run(provider=cloud_type, - aws_access_key_id=WormConfiguration.aws_access_key_id, - aws_secret_access_key=WormConfiguration.aws_secret_access_key, - aws_session_token=WormConfiguration.aws_session_token) + return ScoutSuite.api_run.run(provider=cloud_type, + aws_access_key_id=WormConfiguration.aws_access_key_id, + aws_secret_access_key=WormConfiguration.aws_secret_access_key, + aws_session_token=WormConfiguration.aws_session_token) def send_scoutsuite_run_results(run_results: BaseProvider): diff --git a/monkey/infection_monkey/telemetry/scoutsuite_telem.py b/monkey/infection_monkey/telemetry/scoutsuite_telem.py index 16cf47bdd..ba112f8b9 100644 --- a/monkey/infection_monkey/telemetry/scoutsuite_telem.py +++ b/monkey/infection_monkey/telemetry/scoutsuite_telem.py @@ -1,5 +1,5 @@ -from common.cloud.scoutsuite.ScoutSuite.output.result_encoder import ScoutJsonEncoder -from common.cloud.scoutsuite.ScoutSuite.providers.base.provider import BaseProvider +from ScoutSuite.output.result_encoder import ScoutJsonEncoder +from ScoutSuite.providers.base.provider import BaseProvider from common.common_consts.telem_categories import TelemCategoryEnum from infection_monkey.telemetry.base_telem import BaseTelem diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/__init__.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/__init__.py deleted file mode 100644 index e8a36338b..000000000 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/__init__.py +++ /dev/null @@ -1,13 +0,0 @@ -import pkgutil -import sys -from pathlib import PurePath - -_scoutsuite_api_package = pkgutil.get_loader('common.cloud.scoutsuite.ScoutSuite.__main__') - - -def _add_scoutsuite_to_python_path(): - scoutsuite_path = PurePath(_scoutsuite_api_package.path).parent.parent.__str__() - sys.path.append(scoutsuite_path) - - -_add_scoutsuite_to_python_path() diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py index b5d405234..701598168 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py @@ -14,7 +14,7 @@ def is_cloud_authentication_setup(provider: CloudProviders) -> Tuple[bool, str]: if is_aws_keys_setup(): return True, "AWS keys already setup." - import common.cloud.scoutsuite.ScoutSuite.providers.aws.authentication_strategy as auth_strategy + import ScoutSuite.providers.aws.authentication_strategy as auth_strategy try: profile = auth_strategy.AWSAuthenticationStrategy().authenticate() return True, f" Profile \"{profile.session.profile_name}\" is already setup. " diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index 3cb3a4e42..ddbf2418a 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -26,5 +26,6 @@ tqdm>=4.47 virtualenv>=20.0.26 werkzeug>=1.0.1 wheel>=0.34.2 +git+https://github.com/guardicode/ScoutSuite pyjwt>=1.5.1 # not directly required, pinned by Snyk to avoid a vulnerability From 24564fd0f04c1cc861fa81f8ff810f20f3dd91b4 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 17 Mar 2021 10:20:17 +0200 Subject: [PATCH 44/64] Removed ScoutSuite from travis, since it's no longer a submodule --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 668d9cdc3..8ac8db204 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,7 +27,6 @@ install: - pip install flake8 pytest pytest-cov dlint isort # for next stages - pip install coverage # for code coverage - pip install -r monkey/infection_monkey/requirements.txt # for unit tests -- pip install -r monkey/common/cloud/scoutsuite/requirements.txt - pip install pipdeptree # Fail builds on possible conflicting dependencies. - pipdeptree --warn fail @@ -56,7 +55,7 @@ install: script: # Check Python code ## Check syntax errors and fail the build if any are found. -- flake8 ./monkey --exclude=monkey/common/cloud/scoutsuite --config=./ci_scripts/flake8_syntax_check.ini +- flake8 ./monkey --config=./ci_scripts/flake8_syntax_check.ini ## Warn about linter issues. ### --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build. From 80776f2b1db81a9f2770119ddffecd7ec3975e19 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 17 Mar 2021 12:45:08 +0200 Subject: [PATCH 45/64] Minor spec file style improvement --- monkey/infection_monkey/monkey.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index 2031ee92a..f9b656611 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -18,9 +18,7 @@ def main(): hookspath=['./pyinstaller_hooks'], runtime_hooks=None, binaries=None, - datas=[ - ("../common/BUILD", "/common") - ], + datas=[("../common/BUILD", "/common")], excludes=None, win_no_prefer_redirects=None, win_private_assemblies=None, From 6a13fa90e60e2cdf944c776de454ca5bb1bad373 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 16 Mar 2021 16:51:21 +0200 Subject: [PATCH 46/64] Small profiling decorator improvement --- monkey/monkey_island/cc/test_common/profiling/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/test_common/profiling/README.md b/monkey/monkey_island/cc/test_common/profiling/README.md index 1c1446b2f..d0cb92bfa 100644 --- a/monkey/monkey_island/cc/test_common/profiling/README.md +++ b/monkey/monkey_island/cc/test_common/profiling/README.md @@ -2,7 +2,7 @@ To profile specific methods on island a `@profile(sort_args=['cumulative'], print_args=[100])` decorator can be used. -Use it as any other decorator. After decorated method is used, a file will appear in a +Use it as a parameterised decorator(`@profile()`). After decorated method is used, a file will appear in a directory provided in `profiler_decorator.py`. Filename describes the path of the method that was profiled. For example if method `monkey_island/cc/resources/netmap.get` was profiled, then the results of this profiling will appear in From 3ca7537a99e11b192d233ed5ad471c1c3d91c540 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 17 Mar 2021 10:02:13 +0200 Subject: [PATCH 47/64] ScoutSuite performance upgrades. --- monkey/common/utils/code_utils.py | 10 ++++++++++ .../cc/services/telemetry/processing/scoutsuite.py | 7 ++++--- .../zero_trust/scoutsuite/data_parsing/rule_parser.py | 5 ++--- .../rule_path_building/abstract_rule_path_creator.py | 4 ++-- 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/monkey/common/utils/code_utils.py b/monkey/common/utils/code_utils.py index 214e6d108..d9ad573b1 100644 --- a/monkey/common/utils/code_utils.py +++ b/monkey/common/utils/code_utils.py @@ -1,5 +1,8 @@ # abstract, static method decorator # noinspection PyPep8Naming +from typing import List + + class abstractstatic(staticmethod): __slots__ = () @@ -8,3 +11,10 @@ class abstractstatic(staticmethod): function.__isabstractmethod__ = True __isabstractmethod__ = True + + +def get_value_from_dict(dict_data: dict, path: List[str]): + current_data = dict_data + for key in path: + current_data = current_data[key] + return current_data diff --git a/monkey/monkey_island/cc/services/telemetry/processing/scoutsuite.py b/monkey/monkey_island/cc/services/telemetry/processing/scoutsuite.py index 8ee4737e8..9160861ea 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/scoutsuite.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/scoutsuite.py @@ -3,6 +3,7 @@ import json from monkey_island.cc.database import mongo from monkey_island.cc.models.zero_trust.scoutsuite_data_json import ScoutSuiteRawDataJson from monkey_island.cc.services.zero_trust.scoutsuite.consts.scoutsuite_findings_list import SCOUTSUITE_FINDINGS +from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICES from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_parser import RuleParser from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_rule_service import ScoutSuiteRuleService from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_zt_finding_service import ScoutSuiteZTFindingService @@ -13,14 +14,14 @@ def process_scoutsuite_telemetry(telemetry_json): telemetry_json['data'] = json.dumps(telemetry_json['data']) ScoutSuiteRawDataJson.add_scoutsuite_data(telemetry_json['data']) scoutsuite_data = json.loads(telemetry_json['data'])['data'] - create_scoutsuite_findings(scoutsuite_data) + create_scoutsuite_findings(scoutsuite_data[SERVICES]) update_data(telemetry_json) -def create_scoutsuite_findings(scoutsuite_data): +def create_scoutsuite_findings(cloud_services: dict): for finding in SCOUTSUITE_FINDINGS: for rule in finding.rules: - rule_data = RuleParser.get_rule_data(scoutsuite_data, rule) + rule_data = RuleParser.get_rule_data(cloud_services, rule) rule = ScoutSuiteRuleService.get_rule_from_rule_data(rule_data) ScoutSuiteZTFindingService.process_rule(finding, rule) diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py index e07431541..935f1c989 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py @@ -1,7 +1,6 @@ from enum import Enum -import dpath.util - +from common.utils.code_utils import get_value_from_dict from common.utils.exceptions import RulePathCreatorNotFound from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators_list import \ RULE_PATH_CREATORS_LIST @@ -23,7 +22,7 @@ class RuleParser: @staticmethod def get_rule_data(scoutsuite_data: dict, rule_name: Enum) -> dict: rule_path = RuleParser._get_rule_path(rule_name) - return dpath.util.get(scoutsuite_data, rule_path) + return get_value_from_dict(scoutsuite_data, rule_path) @staticmethod def _get_rule_path(rule_name: Enum): diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py index b4767124b..ee7f7c38b 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py @@ -3,7 +3,7 @@ from enum import Enum from typing import List, Type from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum -from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import FINDINGS, SERVICES, SERVICE_TYPES +from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import FINDINGS, SERVICE_TYPES class AbstractRulePathCreator(ABC): @@ -21,4 +21,4 @@ class AbstractRulePathCreator(ABC): @classmethod def build_rule_path(cls, rule_name: Enum) -> List[str]: assert(rule_name in cls.supported_rules) - return [SERVICES, cls.service_type.value, FINDINGS, rule_name.value] + return [cls.service_type.value, FINDINGS, rule_name.value] From 4cd105abe4f02bc15dbd4bdde419232d0f67aff1 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 18 Mar 2021 09:31:45 +0200 Subject: [PATCH 48/64] Fixed ScoutSuite unit test --- .../zero_trust/scoutsuite/data_parsing/test_rule_parser.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/test_rule_parser.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/test_rule_parser.py index 5a7572eb0..afe14c54c 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/test_rule_parser.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/test_rule_parser.py @@ -4,6 +4,7 @@ import pytest from common.utils.exceptions import RulePathCreatorNotFound from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ec2_rules import EC2Rules +from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICES from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_parser import RuleParser from monkey_island.cc.services.zero_trust.test_common.raw_scoutsute_data import RAW_SCOUTSUITE_DATA @@ -28,9 +29,9 @@ EXPECTED_RESULT = {'description': 'Security Group Opens All Ports to All', def test_get_rule_data(): # Test proper parsing of the raw data to rule - results = RuleParser.get_rule_data(RAW_SCOUTSUITE_DATA, ALL_PORTS_OPEN) + results = RuleParser.get_rule_data(RAW_SCOUTSUITE_DATA[SERVICES], ALL_PORTS_OPEN) assert results == EXPECTED_RESULT with pytest.raises(RulePathCreatorNotFound): - RuleParser.get_rule_data(RAW_SCOUTSUITE_DATA, ExampleRules.NON_EXSISTENT_RULE) + RuleParser.get_rule_data(RAW_SCOUTSUITE_DATA[SERVICES], ExampleRules.NON_EXSISTENT_RULE) pass From ed589bd46aff7ec869156bd952f475d5f2f86f71 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 18 Mar 2021 09:41:29 +0200 Subject: [PATCH 49/64] Specified pyjwt requirement to be 1.7 --- monkey/monkey_island/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index ddbf2418a..b5be47a88 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -28,4 +28,4 @@ werkzeug>=1.0.1 wheel>=0.34.2 git+https://github.com/guardicode/ScoutSuite -pyjwt>=1.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +pyjwt==1.7 # not directly required, pinned by Snyk to avoid a vulnerability From a83c97519cbe8d31c88613ea2a5124c4fdc551a5 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 18 Mar 2021 13:14:26 +0530 Subject: [PATCH 50/64] CR changes --- .../system_info/windows_info_collector.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 81b0c8125..8a53898c7 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -48,17 +48,11 @@ class WindowsInfoCollector(InfoCollector): def get_installed_packages(self): LOG.info('Getting installed packages') - packages = subprocess.Popen("dism /online /get-packages", shell=True, stdout=subprocess.PIPE).stdout.read() - try: - self.info["installed_packages"] = packages.decode('utf-8') - except UnicodeDecodeError: - self.info["installed_packages"] = packages.decode('raw-unicode-escape') + packages = subprocess.check_output("dism /online /get-packages", shell=True) + self.info["installed_packages"] = packages.decode('utf-8', errors='ignore') - features = subprocess.Popen("dism /online /get-features", shell=True, stdout=subprocess.PIPE).stdout.read() - try: - self.info["installed_features"] = features.decode('utf-8') - except UnicodeDecodeError: - self.info["installed_features"] = features.decode('raw-unicode-escape') + features = subprocess.check_output("dism /online /get-features", shell=True) + self.info["installed_features"] = features.decode('utf-8', errors='ignore') LOG.debug('Got installed packages') From 91577c6464f8b071330190afc13c51bb4229ea27 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 18 Mar 2021 13:30:18 +0530 Subject: [PATCH 51/64] Add try/except to system info collection so agent doesn't crash if exception is encountered --- monkey/infection_monkey/monkey.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index f5af73d43..3a5c5619f 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -252,9 +252,12 @@ class InfectionMonkey(object): def collect_system_info_if_configured(self): LOG.debug("Calling for system info collection") - system_info_collector = SystemInfoCollector() - system_info = system_info_collector.get_info() - SystemInfoTelem(system_info).send() + try: + system_info_collector = SystemInfoCollector() + system_info = system_info_collector.get_info() + SystemInfoTelem(system_info).send() + except Exception as e: + LOG.exception(f"Exception encountered during system info collection: {str(e)}") def shutdown_by_not_alive_config(self): if not WormConfiguration.alive: From 739afa4fbedc50e5c4b3759ebfa044ff94e7c609 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 19 Mar 2021 16:52:01 +0200 Subject: [PATCH 52/64] Fixed urlib dependency issue --- monkey/infection_monkey/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/monkey/infection_monkey/requirements.txt b/monkey/infection_monkey/requirements.txt index e478095ac..a6565b2da 100644 --- a/monkey/infection_monkey/requirements.txt +++ b/monkey/infection_monkey/requirements.txt @@ -16,4 +16,5 @@ pypykatz==0.3.12 pysmb==1.2.5 requests>=2.24 wmi==1.5.1 ; sys_platform == 'win32' +urllib3==1.25.8 git+https://github.com/guardicode/ScoutSuite From e8c03f9bc4e23e223a6241bfbb5f59f927b8b3bd Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 19 Mar 2021 16:53:31 +0200 Subject: [PATCH 53/64] Fixed tunneling test configuration template --- envs/monkey_zoo/blackbox/config_templates/tunneling.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/tunneling.py b/envs/monkey_zoo/blackbox/config_templates/tunneling.py index ac735eea4..ac46eb110 100644 --- a/envs/monkey_zoo/blackbox/config_templates/tunneling.py +++ b/envs/monkey_zoo/blackbox/config_templates/tunneling.py @@ -16,6 +16,8 @@ class Tunneling(ConfigTemplate): "10.2.1.10", "10.2.0.11", "10.2.0.12"], + "basic_network.scope.depth": 3, + "internal.general.keep_tunnel_open_time": 180, "basic.credentials.exploit_password_list": ["Password1!", "3Q=(Ge(+&w]*", "`))jU7L(w}", From 9f839c1743c184a550bd0792cf7ebae7c7a06b23 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 23 Mar 2021 14:15:07 +0200 Subject: [PATCH 54/64] Removed outdated ScoutSuite setup from deployment scripts --- deployment_scripts/deploy_linux.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index 718773fad..408aa3148 100755 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -66,7 +66,6 @@ MONGO_PATH="$ISLAND_PATH/bin/mongodb" ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries" INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey" MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin" -SCOUTSUITE_DIR="$monkey_home/monkey/common/cloud/scoutsuite" if ! has_sudo; then log_message "You need root permissions for some of this script operations. \ @@ -142,10 +141,6 @@ sudo apt-get install -y libffi-dev upx libssl-dev libc++1 requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt" ${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error -log_message "Installing ScoutSuite requirements" -requirements_scoutsuite="$SCOUTSUITE_DIR/requirements.txt" -${python_cmd} -m pip install -r "${requirements_scoutsuite}" --user --upgrade || handle_error - agents=${3:-true} # Download binaries if [ "$agents" = true ] ; then From 9c8e0a8270af82aa647244a43f35f9ddaa51fda6 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 23 Mar 2021 14:15:57 +0200 Subject: [PATCH 55/64] Removed unnecessary explicit ScoutSuite import in monkey spec file --- monkey/infection_monkey/monkey.spec | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index f9b656611..6248f4d2b 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -79,11 +79,9 @@ def get_linux_only_binaries(): def get_hidden_imports(): - imports = ['ScoutSuite'] + imports = ['_cffi_backend', '_mssql'] if is_windows(): - imports.extend(['_cffi_backend', 'queue', '_mssql']) - else: - imports.extend(['_cffi_backend', '_mssql']) + imports.append('queue') return imports From c612e7e4b52ff86f8b0e42567dd03a9a2a6494c0 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 23 Mar 2021 16:58:26 +0200 Subject: [PATCH 56/64] Added simplejson requirements to monkey requirements --- monkey/infection_monkey/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/monkey/infection_monkey/requirements.txt b/monkey/infection_monkey/requirements.txt index a6565b2da..069d1ce07 100644 --- a/monkey/infection_monkey/requirements.txt +++ b/monkey/infection_monkey/requirements.txt @@ -18,3 +18,4 @@ requests>=2.24 wmi==1.5.1 ; sys_platform == 'win32' urllib3==1.25.8 git+https://github.com/guardicode/ScoutSuite +simplejson From 9dfebe24600a4b469518bc4f76af0c8329f1b5af Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 24 Mar 2021 08:31:54 -0400 Subject: [PATCH 57/64] docs: Fix FAQ links by removing emojis Fixes #995 --- docs/content/FAQ/_index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/content/FAQ/_index.md b/docs/content/FAQ/_index.md index 89bbf8aba..2d46310cd 100644 --- a/docs/content/FAQ/_index.md +++ b/docs/content/FAQ/_index.md @@ -7,7 +7,7 @@ pre: " " Here are some of the most common questions we receive about the Infection Monkey. If the answer you're looking for isn't here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/join/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey). -- [Where can I get the latest Monkey version? πŸ“°](#where-can-i-get-the-latest-monkey-version) +- [Where can I get the latest Monkey version?](#where-can-i-get-the-latest-monkey-version) - [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit) - [How to reset the password?](#how-to-reset-the-password) - [Should I run the Monkey continuously?](#should-i-run-the-monkey-continuously) @@ -24,9 +24,9 @@ Here are some of the most common questions we receive about the Infection Monkey - [After I've set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey) - [How can I make the monkey propagate β€œdeeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network) - [The report returns a blank screen](#the-report-returns-a-blank-screen) -- [How can I get involved with the project? πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»](#how-can-i-get-involved-with-the-project) +- [How can I get involved with the project?](#how-can-i-get-involved-with-the-project) -## Where can I get the latest Monkey version? πŸ“° +## Where can I get the latest Monkey version? For the latest **stable** release for users, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**! @@ -167,7 +167,7 @@ This is sometimes caused when Monkey Island is installed with an old version of - **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/). - **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of mongodb using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Island again and everything should work. -## How can I get involved with the project? πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’» +## How can I get involved with the project? The Monkey is an open-source project, and we weclome contributions and contributors. Check out the [contribution documentation](../development) for more information. From bae0ed38a1249a03bd5aad212c3ca162ec39df1f Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 24 Mar 2021 14:44:09 +0200 Subject: [PATCH 58/64] Moved elastic port to HTTP ports to fix a bug of "All web-ports are closed" --- monkey/monkey_island/cc/services/config_schema/internal.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py index 156dae7ad..f6b3523f0 100644 --- a/monkey/monkey_island/cc/services/config_schema/internal.py +++ b/monkey/monkey_island/cc/services/config_schema/internal.py @@ -159,7 +159,8 @@ INTERNAL = { 8080, 443, 8008, - 7001 + 7001, + 9200 ], "description": "List of ports the monkey will check if are being used for HTTP" }, @@ -181,7 +182,6 @@ INTERNAL = { 443, 8008, 3306, - 9200, 7001, 8088 ], From 66ce163067be5359eeefa88c65b238f639077592 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 24 Mar 2021 15:20:34 +0200 Subject: [PATCH 59/64] Bumped version number to 1.10 --- monkey/common/version.py | 2 +- monkey/monkey_island/cc/ui/package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/common/version.py b/monkey/common/version.py index c4e38239e..5e8dd4bf4 100644 --- a/monkey/common/version.py +++ b/monkey/common/version.py @@ -3,7 +3,7 @@ import argparse from pathlib import Path MAJOR = "1" -MINOR = "9" +MINOR = "10" PATCH = "0" build_file_path = Path(__file__).parent.joinpath("BUILD") with open(build_file_path, "r") as build_file: diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index 618f02d5e..1cc781c03 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -1,6 +1,6 @@ { "private": true, - "version": "1.9.0", + "version": "1.10.0", "name": "infection-monkey", "description": "Infection Monkey C&C UI", "scripts": { From d6b2c4e1c42bb095caeb07cb39fa2739fc080d54 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 26 Mar 2021 09:57:18 -0400 Subject: [PATCH 60/64] docs: update docker setup guide for v1.10.0 --- docs/content/setup/docker.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/content/setup/docker.md b/docs/content/setup/docker.md index fb70347f2..14454bdc6 100644 --- a/docs/content/setup/docker.md +++ b/docs/content/setup/docker.md @@ -14,11 +14,11 @@ To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`. Once you've extracted the container from the tar.gz file, run the following commands: ```sh -sudo docker load -i dk.monkeyisland.1.9.0.tar -sudo docker pull mongo +sudo docker load -i dk.monkeyisland.1.10.0.tar +sudo docker pull mongo:4.2 sudo mkdir -p /var/monkey-mongo/data/db -sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo -sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.9.0 +sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo:4.2 +sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.10.0 ``` ## Upgrading From e197008c2f4357681914d461f7dbaa27285a67a7 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 24 Mar 2021 14:37:14 -0400 Subject: [PATCH 61/64] docs: update vmware OVA static IP configuration instructions for v1.9.0 --- docs/content/setup/vmware.md | 52 +++++++++++++++++++++++------------- 1 file changed, 33 insertions(+), 19 deletions(-) diff --git a/docs/content/setup/vmware.md b/docs/content/setup/vmware.md index 21522f820..17eadd331 100644 --- a/docs/content/setup/vmware.md +++ b/docs/content/setup/vmware.md @@ -16,8 +16,9 @@ tags: ["setup", "vmware"] 1. Log in to the machine with the following credentials: 1. Username: **monkeyuser** 1. Password: **Noon.Earth.Always** -1. It's recommended you change the machine passwords by running the following - commands: `sudo passwd monkeyuser`, `sudo passwd root`. +1. For security purposes, it's recommended that you change the machine + passwords by running the following commands: `sudo passwd monkeyuser`, `sudo + passwd root`. ## OVA network modes @@ -26,37 +27,50 @@ You can use the OVA in one of two modes: 1. In a network with the DHCP configured β€” In this case, the Monkey Island will automatically query and receive an IP address from the network. 1. With a static IP address β€” In this case, you should log in to the VM console - with the username `root` and the password `G3aJ9szrvkxTmfAG`. After logging - in, edit the interfaces file by entering the following command in the + with the username `monkeyuser` and the password `Noon.Earth.Always`. After logging + in, edit the Netplan configuration by entering the following command in the prompt: ```sh - sudo nano /etc/network/interfaces + sudo nano /etc/netplan/50-cloud-init.yaml ``` - Change the lines: + Make the following changes: - ```sh - auto ens160 - iface ens160 inet dhcp + ```diff + # This file is generated from information provided by + # the datasource. Changes to it will not persist across an instance. + # To disable cloud-init's network configuration capabilities, write a file + # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: + # network: {config: disabled} + network: + version: 2 + ethernets: + ens192: + - dhcp4: true + - dhcp-identifier: mac + + dhcp4: false + + addresses: [XXX.XXX.XXX.XXX/24] + + gateway4: YYY.YYY.YYY.YYY + nameservers: + search: [gc.guardicore.com] + - addresses: [10.0.0.8, 10.0.0.5] + + addresses: [1.1.1.1] ``` - to the following: - - ```sh - auto ens160 - iface ens160 inet static - address AAA.BBB.CCC.DDD - netmask XXX.XXX.XXX.XXX - gateway YYY.YYY.YYY.YYY - ``` + Replace `XXX.XXX.XXX.XXX` with the desired IP addess of the VM. Replace + `YYY.YYY.YYY.YYY` with the default gateway. Save the changes then run the command: ```sh - sudo ifdown ens160 && ifup ens160 + sudo netplan apply ``` + If this configuration does not suit your needs, see + https://netplan.io/examples/ for more information about how to configure + Netplan. + ## Upgrading Currently, there's no "upgrade-in-place" option when a new version is released. From 5d68bc6e1de4e3a040bb5ec04c8269c00bab4d49 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 26 Mar 2021 12:23:43 -0400 Subject: [PATCH 62/64] docs: update vmware OVA static IP configuration instructions for v1.10.0 --- docs/content/setup/vmware.md | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/docs/content/setup/vmware.md b/docs/content/setup/vmware.md index 17eadd331..c6519672b 100644 --- a/docs/content/setup/vmware.md +++ b/docs/content/setup/vmware.md @@ -32,30 +32,23 @@ You can use the OVA in one of two modes: prompt: ```sh - sudo nano /etc/netplan/50-cloud-init.yaml + sudo nano /etc/netplan/00-installer-config.yaml ``` Make the following changes: ```diff - # This file is generated from information provided by - # the datasource. Changes to it will not persist across an instance. - # To disable cloud-init's network configuration capabilities, write a file - # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: - # network: {config: disabled} - network: - version: 2 - ethernets: - ens192: - - dhcp4: true - - dhcp-identifier: mac - + dhcp4: false - + addresses: [XXX.XXX.XXX.XXX/24] - + gateway4: YYY.YYY.YYY.YYY - nameservers: - search: [gc.guardicore.com] - - addresses: [10.0.0.8, 10.0.0.5] - + addresses: [1.1.1.1] + # This is the network config written by 'subiquity' + network: + ethernets: + ens160: + - dhcp4: true + + dhcp4: false + + addresses: [XXX.XXX.XXX.XXX/24] + + gateway4: YYY.YYY.YYY.YYY + + nameservers: + + addresses: [1.1.1.1] + version: 2 ``` Replace `XXX.XXX.XXX.XXX` with the desired IP addess of the VM. Replace From 962621aaef4597815e09c134a9b8daf26ba81f5e Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 29 Mar 2021 11:22:32 -0400 Subject: [PATCH 63/64] docs: add distro compatibility and focal instructions do debian setup --- docs/content/setup/debian.md | 59 ++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/docs/content/setup/debian.md b/docs/content/setup/debian.md index c2e875b68..b76d27ec0 100644 --- a/docs/content/setup/debian.md +++ b/docs/content/setup/debian.md @@ -8,33 +8,48 @@ disableToc: false tags: ["setup", "debian", "linux"] --- + +## Supported Distros + +This Debian package has been tested on Ubuntu Bionic 18.04 LTS and Ubuntu Focal 20.04 LTS. + ## Deployment -To extract the `tar.gz` file, run `tar -xvzf monkey-island-debian.tar.gz`. +1. Update your package list by running: + ```sh + sudo apt update + ``` +1. If you are using Ubuntu Focal 20.04, run the following commands to install + Python 3.7: + ```sh + sudo apt install software-properties-common + sudo add-apt-repository ppa:deadsnakes/ppa + sudo apt install python3.7 python3.7-dev + ``` +1. Extract the tarball by running: + ```sh + tar -xvzf monkey-island-debian.tgz + ``` +1. Install the Monkey Island Debian package: + ```sh + sudo dpkg -i monkey_island.deb # this might print errors + ``` +1. If, at this point, you receive dpkg errors that look like this: -Once you've extracted the package, deploy it using run the following commands: + ```sh + dpkg: error processing package gc-monkey-island (--install): + dependency problems - leaving unconfigured + Errors were encountered while processing: + gc-monkey-island + ``` -```sh -sudo apt update -sudo dpkg -i monkey_island.deb # this might print errors -``` + It just means that not all dependencies were pre-installed on your system. + That's no problem! Just run the following command, which will install all + dependencies, and then install the Monkey Island: -If, at this point, you receive dpkg printed errors that look like this: - -```sh -dpkg: error processing package gc-monkey-island (--install): - dependency problems - leaving unconfigured -Errors were encountered while processing: - gc-monkey-island -``` - -It just means that not all dependencies were pre-installed on your system. -That's no problem! Just run the following command, which will install all -dependencies, and then install the Monkey Island: - -```sh -sudo apt install -f -``` + ```sh + sudo apt install -f + ``` ## Troubleshooting From 6c034f26625e7ba57e15a43e6bb76d28bb6bff5c Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 29 Mar 2021 19:16:39 +0300 Subject: [PATCH 64/64] Updated checksums page --- docs/content/usage/file-checksums.md | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/docs/content/usage/file-checksums.md b/docs/content/usage/file-checksums.md index 9c09f570f..b063550ed 100644 --- a/docs/content/usage/file-checksums.md +++ b/docs/content/usage/file-checksums.md @@ -35,6 +35,24 @@ $ sha256sum monkey-linux-64 ## Latest version checksums +| Filename | Type | Version | SHA256 | +|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------| +| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` | +| monkey-windows-32.exe | Windows Agent | 1.10.0 | `8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f` | +| monkey-linux-64 | Linux Agent | 1.10.0 | `932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93` | +| monkey-linux-32 | Linux Agent | 1.10.0 | `a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5` | +| infection_monkey_deb.tgz | Debian Package | 1.10.0 | `534d85c4abc78e2c86a74d8b88759b091b62077dd9e32f02eeb43d716d359ff6` | +| infection_monkey_debzt.tgz | Debian Package | 1.10.0 | `bd01d8482f80990e6cc0ed654c07dbd80da71eebe3dd244365e9bc00f86b1c03` | +| Monkey Island v1.10.0_3593_windows.exe | Windows Installer | 1.10.0 | `ebd2c5627d21dd8670def02c3a5a995f9e799ba567cf4caacd702654264ddf06` | +| Monkey Island v1.10.0_3593_windowszt.exe | Windows Installer | 1.10.0 | `60aaf3b32e5d06c91fe0d4f1b950529517ac33796f67e9ccfef0e8ce1c5372d8` | +| infection_monkey_docker_docker_20210326_171631.tgz | Docker | 1.10.0 | `e4f9c7c5aafe7e38b33d2927a9c0cf6a3ac27858d3d0e3f2252c2e91809a78db` | +| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` | +| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` | +| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` | + + +## Older checksums + | Filename | Type | Version | SHA256 | |------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------| | monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` | @@ -49,12 +67,6 @@ $ sha256sum monkey-linux-64 | infection_monkey_docker_dockerzt_20200806_154742.tgz | Docker | 1.9.0 | `a84dbaad32ae42cc2d359ffbe062aec493a7253cf706a2d45f0d0b1c230f9348` | | monkey-island-vmware.ova | OVA | 1.9.0 | `3861d46518e8a92e49992b26dbff9fe8e8a4ac5fd24d68e68b13e7fd3fa22247` | | monkey-island-vmwarezt.ova | OVA | 1.9.0 | `03d356eb35e6515146f5bd798bb62cb15c56fcdf83a5281cf6cdc9b901586026` | - - -## Older checksums - -| Filename | Type | Version | SHA256 | -|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------| | monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550` | | monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f` | | monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5` |