diff --git a/monkey_island/cc/island_config.py b/monkey_island/cc/island_config.py index c53d27004..0ff527415 100644 --- a/monkey_island/cc/island_config.py +++ b/monkey_island/cc/island_config.py @@ -1,4 +1,8 @@ __author__ = 'itay.mizeretz' ISLAND_PORT = 5000 -DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland" \ No newline at end of file +DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland" + +# TODO: remove this, and get from global config` +INITIAL_USERNAMES = ['Administrator', 'root', 'user'] +INITIAL_PASSWORDS = ["Password1!", "1234", "password", "12345678"] \ No newline at end of file diff --git a/monkey_island/cc/main.py b/monkey_island/cc/main.py index b1b240f8b..472752c4a 100644 --- a/monkey_island/cc/main.py +++ b/monkey_island/cc/main.py @@ -9,12 +9,7 @@ if BASE_PATH not in sys.path: from cc.app import init_app from cc.utils import init_collections, local_ip_addresses -from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT - -# TODO: remove this, and get from global config` -INITIAL_USERNAMES = ['Administrator', 'root', 'user'] -INITIAL_PASSWORDS = ["Password1!", "1234", "password", "12345678"] - +from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT, INITIAL_USERNAMES, INITIAL_PASSWORDS if __name__ == '__main__': from tornado.wsgi import WSGIContainer diff --git a/monkey_island/cc/resources/monkey.py b/monkey_island/cc/resources/monkey.py index e59a82b43..e1b3b618e 100644 --- a/monkey_island/cc/resources/monkey.py +++ b/monkey_island/cc/resources/monkey.py @@ -6,6 +6,7 @@ from flask import request import flask_restful from cc.database import mongo +from cc.services.config import ConfigService from cc.services.node import NodeService __author__ = 'Barak' @@ -77,7 +78,7 @@ class Monkey(flask_restful.Resource): # if new monkey telem, change config according to "new monkeys" config. db_monkey = mongo.db.monkey.find_one({"guid": monkey_json["guid"]}) if not db_monkey: - new_config = mongo.db.config.find_one({'name': 'newconfig'}) or {} + new_config = ConfigService.get_flat_config() monkey_json['config'] = monkey_json.get('config', {}) monkey_json['config'].update(new_config) else: diff --git a/monkey_island/cc/resources/monkey_configuration.py b/monkey_island/cc/resources/monkey_configuration.py index 1af35e647..2ae5bf4d4 100644 --- a/monkey_island/cc/resources/monkey_configuration.py +++ b/monkey_island/cc/resources/monkey_configuration.py @@ -4,776 +4,18 @@ from flask import request, jsonify import flask_restful from cc.database import mongo +from cc.services.config import ConfigService __author__ = 'Barak' -SCHEMA = { - "title": "Monkey", - "type": "object", - "definitions": { - "exploiter_classes": { - "title": "Exploit class", - "type": "string", - "anyOf": [ - { - "type": "string", - "enum": [ - "SmbExploiter" - ], - "title": "SmbExploiter" - }, - { - "type": "string", - "enum": [ - "WmiExploiter" - ], - "title": "WmiExploiter" - }, - { - "type": "string", - "enum": [ - "RdpExploiter" - ], - "title": "RdpExploiter" - }, - { - "type": "string", - "enum": [ - "Ms08_067_Exploiter" - ], - "title": "Ms08_067_Exploiter" - }, - { - "type": "string", - "enum": [ - "SSHExploiter" - ], - "title": "SSHExploiter" - }, - { - "type": "string", - "enum": [ - "ShellShockExploiter" - ], - "title": "ShellShockExploiter" - }, - { - "type": "string", - "enum": [ - "SambaCryExploiter" - ], - "title": "SambaCryExploiter" - } - ] - }, - "finger_classes": { - "title": "Fingerprint class", - "type": "string", - "anyOf": [ - { - "type": "string", - "enum": [ - "SMBFinger" - ], - "title": "SMBFinger" - }, - { - "type": "string", - "enum": [ - "SSHFinger" - ], - "title": "SSHFinger" - }, - { - "type": "string", - "enum": [ - "PingScanner" - ], - "title": "PingScanner" - }, - { - "type": "string", - "enum": [ - "HTTPFinger" - ], - "title": "HTTPFinger" - } - ] - } - }, - "properties": { - "monkey": { - "title": "Monkey", - "type": "object", - "properties": { - "general": { - "title": "General", - "type": "object", - "properties": { - "alive": { - "title": "Alive", - "type": "boolean", - "default": True, - "description": "Is the monkey alive" - }, - "depth": { - "title": "Depth", - "type": "integer", - "default": 2, - "description": "Amount of hops allowed from this monkey to spread" - } - } - }, - "behaviour": { - "title": "Behaviour", - "type": "object", - "properties": { - "self_delete_in_cleanup": { - "title": "Self delete on cleanup", - "type": "boolean", - "default": False, - "description": "Should the monkey delete its executable when going down" - }, - "use_file_logging": { - "title": "Use file logging", - "type": "boolean", - "default": True, - "description": "Should the monkey dump to a log file" - }, - "serialize_config": { - "title": "Serialize config", - "type": "boolean", - "default": False, - "description": "Should the monkey dump its config on startup" - } - } - }, - "life_cycle": { - "title": "Life cycle", - "type": "object", - "properties": { - "max_iterations": { - "title": "Max iterations", - "type": "integer", - "default": 1, - "description": "Determines how many iterations of the monkey's full lifecycle should occur" - }, - "victims_max_find": { - "title": "Max victims to find", - "type": "integer", - "default": 14, - "description": "Determines after how many discovered machines should the monkey stop scanning" - }, - "victims_max_exploit": { - "title": "Max victims to exploit", - "type": "integer", - "default": 7, - "description": "Determines after how many infected machines should the monkey stop infecting" - }, - "timeout_between_iterations": { - "title": "Wait time between iterations", - "type": "integer", - "default": 100, - "description": "Determines for how long (in seconds) should the monkey wait between iterations" - }, - "retry_failed_explotation": { - "title": "Retry failed exploitation", - "type": "boolean", - "default": True, - "description": "Determines whether the monkey should retry exploiting machines it didn't successfuly exploit on previous iterations" - } - } - } - } - }, - "internal": { - "title": "Internal", - "type": "object", - "properties": { - "general": { - "title": "General", - "type": "object", - "properties": { - "singleton_mutex_name": { - "title": "Singleton mutex name", - "type": "string", - "default": "{2384ec59-0df8-4ab9-918c-843740924a28}", - "description": "The name of the mutex used to determine whether the monkey is already running" - } - } - }, - "classes": { - "title": "Classes", - "type": "object", - "properties": { - "scanner_class": { - "title": "Scanner class", - "type": "string", - "default": "TcpScanner", - "enum": [ - "TcpScanner" - ], - "enumNames": [ - "TcpScanner" - ], - "description": "Determines class to scan for machines. (Shouldn't be changed)" - }, - "finger_classes": { - "title": "Fingerprint classes", - "type": "array", - "uniqueItems": True, - "items": { - "$ref": "#/definitions/finger_classes" - }, - "default": [ - "SMBFinger", - "SSHFinger", - "PingScanner", - "HTTPFinger" - ], - "description": "Determines which classes to use for fingerprinting" - }, - "exploiter_classes": { - "title": "Exploiter classes", - "type": "array", - "uniqueItems": True, - "items": { - "$ref": "#/definitions/exploiter_classes" - }, - "default": [ - "SmbExploiter", - "WmiExploiter", - "RdpExploiter", - "Ms08_067_Exploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter" - ], - "description": "Determines which classes to use for exploiting" - } - } - }, - "kill_file": { - "title": "Kill file", - "type": "object", - "properties": { - "kill_file_path_windows": { - "title": "Kill file path on Windows", - "type": "string", - "default": "C:\\Windows\\monkey.not", - "description": "Path of file which kills monkey if it exists (on Windows)" - }, - "kill_file_path_linux": { - "title": "Kill file path on Linux", - "type": "string", - "default": "/var/run/monkey.not", - "description": "Path of file which kills monkey if it exists (on Linux)" - } - } - }, - "dropper": { - "title": "Dropper", - "type": "object", - "properties": { - "dropper_set_date": { - "title": "Dropper sets date", - "type": "boolean", - "default": True, - "description": "Determines whether the dropper should set the monkey's file date to be the same as another file" - }, - "dropper_date_reference_path": { - "title": "Droper date reference path", - "type": "string", - "default": "\\windows\\system32\\kernel32.dll", - "description": "Determines which file the dropper should copy the date from if it's configured to do so (use fullpath)" - }, - "dropper_target_path_linux": { - "title": "Dropper target path on Linux", - "type": "string", - "default": "/tmp/monkey", - "description": "Determines where should the dropper place the monkey on a Linux machine" - }, - "dropper_target_path": { - "title": "Dropper target path on Windows", - "type": "string", - "default": "C:\\Windows\\monkey.exe", - "description": "Determines where should the dropper place the monkey on a Windows machine" - }, - "dropper_try_move_first": { - "title": "Try to move first", - "type": "boolean", - "default": True, - "description": "Determines whether the dropper should try to move itself instead of copying itself to target path" - } - } - }, - "logging": { - "title": "Logging", - "type": "object", - "properties": { - "dropper_log_path_linux": { - "title": "Dropper log file path on Linux", - "type": "string", - "default": "/tmp/user-1562", - "description": "The fullpath of the dropper log file on Linux" - }, - "dropper_log_path_windows": { - "title": "Dropper log file path on Windows", - "type": "string", - "default": "C:\\Users\\user\\AppData\\Local\\Temp\\~df1562.tmp", - "description": "The fullpath of the dropper log file on Windows" - }, - "monkey_log_path_linux": { - "title": "Monkey log file path on Linux", - "type": "string", - "default": "/tmp/user-1563", - "description": "The fullpath of the monkey log file on Linux" - }, - "monkey_log_path_windows": { - "title": "Monkey log file path on Windows", - "type": "string", - "default":"C:\\Users\\user\\AppData\\Local\\Temp\\~df1563.tmp", - "description": "The fullpath of the monkey log file on Windows" - } - } - } - } - }, - "cnc": { - "title": "C&C", - "type": "object", - "properties": { - "general": { - "title": "General", - "type": "object", - "properties": { - } - }, - "servers": { - "title": "Servers", - "type": "object", - "properties": { - "command_servers": { - "title": "Command servers", - "type": "array", - "uniqueItems": True, - "items": { - "type": "string" - }, - "default": [ - "41.50.73.31:5000" - ], - "description": "List of command servers to try and communicate with (format is :)" - }, - "internet_services": { - "title": "Internet services", - "type": "array", - "uniqueItems": True, - "items": { - "type": "string" - }, - "default": [ - "monkey.guardicore.com", - "www.google.com" - ], - "description": "List of internet services to try and communicate with to determine internet connectivity (use either ip or domain)" - }, - "current_server": { - "title": "Current server", - "type": "string", - "default": "41.50.73.31:5000", - "description": "The current command server the monkey is communicating with" - } - } - } - } - }, - "exploits": { - "title": "Exploits", - "type": "object", - "properties": { - "general": { - "title": "General", - "type": "object", - "properties": { - "skip_exploit_if_file_exist": { - "title": "Skip exploit if file exists", - "type": "boolean", - "default": True, - "description": "Determines whether the monkey should skip the exploit if the monkey's file is already on the remote machine" - }, - "credentials": { - "title": "Credentials", - "type": "object", - "properties": { - "exploit_user_list": { - "title": "Exploit user list", - "type": "array", - "uniqueItems": True, - "items": { - "type": "string" - }, - "default": [ - "Administrator", - "root", - "user" - ], - "description": "List of usernames to use on exploits using credentials" - }, - "exploit_password_list": { - "title": "Exploit password list", - "type": "array", - "uniqueItems": True, - "items": { - "type": "string" - }, - "default": [ - "Password1!", - "1234", - "password", - "12345678" - ], - "description": "List of password to use on exploits using credentials" - } - } - } - } - }, - "ms08_067": { - "title": "MS08_067", - "type": "object", - "properties": { - "ms08_067_exploit_attempts": { - "title": "MS08_067 exploit attempts", - "type": "integer", - "default": 5, - "description": "Number of attempts to exploit using MS08_067" - }, - "ms08_067_remote_user_add": { - "title": "MS08_067 remote user", - "type": "string", - "default": "Monkey_IUSER_SUPPORT", - "description": "Username to add on successful exploit" - }, - "ms08_067_remote_user_pass": { - "title": "MS08_067 remote user password", - "type": "string", - "default": "Password1!", - "description": "Password to use for created user" - } - } - }, - "rdp_grinder": { - "title": "RDP grinder", - "type": "object", - "properties": { - "rdp_use_vbs_download": { - "title": "Use VBS download", - "type": "boolean", - "default": True, - "description": "Determines whether to use VBS or BITS to download monkey to remote machine (true=VBS, false=BITS)" - } - } - }, - "sambacry": { - "title": "SambaCry", - "type": "object", - "properties": { - "sambacry_trigger_timeout": { - "title": "SambaCry trigger timeout", - "type": "integer", - "default": 5, - "description": "Timeout (in seconds) of SambaCry trigger" - }, - "sambacry_folder_paths_to_guess": { - "title": "SambaCry folder paths to guess", - "type": "array", - "uniqueItems": True, - "items": { - "type": "string" - }, - "default": [ - '/', - '/mnt', - '/tmp', - '/storage', - '/export', - '/share', - '/shares', - '/home' - ], - "description": "List of full paths to share folder for SambaCry to guess" - }, - "sambacry_shares_not_to_check": { - "title": "SambaCry shares not to check", - "type": "array", - "uniqueItems": True, - "items": { - "type": "string" - }, - "default": [ - "IPC$", "print$" - ], - "description": "These shares won't be checked when exploiting with SambaCry" - }, - "sambacry_commandline_filename": { - "title": "SambaCry commandline filename", - "type": "string", - "default": "monkey_commandline.txt", - }, - "sambacry_runner_result_filename": { - "title": "SambaCry runner result filename", - "type": "string", - "default": "monkey_runner_result", - }, - "sambacry_runner_filename_32": { - "title": "SambaCry runner filename (32 bit)", - "type": "string", - "default": "sc_monkey_runner32.so", - }, - "sambacry_runner_filename_64": { - "title": "SambaCry runner filename (64 bit)", - "type": "string", - "default": "sc_monkey_runner64.so", - }, - "sambacry_monkey_filename_32": { - "title": "SambaCry monkey filename (32 bit)", - "type": "string", - "default": "monkey32", - }, - "sambacry_monkey_filename_64": { - "title": "SambaCry monkey filename (64 bit)", - "type": "string", - "default": "monkey64", - }, - "sambacry_monkey_copy_filename_32": { - "title": "SambaCry monkey copy filename (32 bit)", - "type": "string", - "default": "monkey32_2", - }, - "sambacry_monkey_copy_filename_64": { - "title": "SambaCry monkey copy filename (64 bit)", - "type": "string", - "default": "monkey64_2", - } - } - }, - "smb_service": { - "title": "SMB service", - "type": "object", - "properties": { - "smb_download_timeout": { - "title": "SMB download timeout", - "type": "integer", - "default": 300, - "description": "Timeout (in seconds) for SMB download operation (used in various exploits using SMB)" - }, - "smb_service_name": { - "title": "SMB service name", - "type": "string", - "default": "InfectionMonkey", - "description": "Name of the SMB service that will be set up to download monkey" - } - } - } - } - }, - "system_info": { - "title": "System info", - "type": "object", - "properties": { - "general": { - "title": "General", - "type": "object", - "properties": { - "collect_system_info": { - "title": "Collect system info", - "type": "boolean", - "default": True, - "description": "Determines whether to collect system info" - } - } - }, - "mimikatz": { - "title": "Mimikatz", - "type": "object", - "properties": { - "mimikatz_dll_name": { - "title": "Mimikatz DLL name", - "type": "string", - "default": "mk.dll", - "description": "Name of Mimikatz DLL (should be the same as in the monkey's pyinstaller spec file)" - } - } - } - } - }, - "network": { - "title": "Network", - "type": "object", - "properties": { - "general": { - "title": "General", - "type": "object", - "properties": { - "blocked_ips": { - "title": "Blocked IPs", - "type": "array", - "uniqueItems": True, - "items": { - "type": "string" - }, - "default": [ - ], - "description": "List of IPs to not scan" - }, - "local_network_scan": { - "title": "Local network scan", - "type": "boolean", - "default": False, - "description": "Determines whether monkey should also scan its own IPs" - }, - "network_range": { - "title": "Network range", - "type": "object", - "properties": { - "range_class": { - "title": "Range class", - "type": "string", - "default": "FixedRange", - "enum": [ - "FixedRange", - "RelativeRange", - "ClassCRange" - ], - "enumNames": [ - "FixedRange", - "RelativeRange", - "ClassCRange" - ], - "description": "Determines which class to use to determine scan range" - }, - "range_size": { - "title": "Relative range size", - "type": "integer", - "default": 1, - "description": "Determines the size of the RelativeRange - amount of IPs to include" - }, - "range_fixed": { - "title": "Fixed range IP list", - "type": "array", - "uniqueItems": True, - "items": { - "type": "string" - }, - "default": [ - "172.16.0.67" - ], - "description": "List of IPs to include when using FixedRange" - } - } - } - } - }, - "scanners": { - "title": "Scanners", - "type": "object", - "properties": { - "tcp_scanner": { - "title": "TCP scanner", - "type": "object", - "properties": { - "HTTP_PORTS": { - "title": "HTTP ports", - "type": "array", - "uniqueItems": True, - "items": { - "type": "integer" - }, - "default": [ - 80, - 8080, - 443, - 8008 - ], - "description": "List of ports the monkey will check if are being used for HTTP" - }, - "tcp_target_ports": { - "title": "TCP target ports", - "type": "array", - "uniqueItems": True, - "items": { - "type": "integer" - }, - "default": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008 - ], - "description": "List of TCP ports the monkey will check whether they're open" - }, - "tcp_scan_interval": { - "title": "TCP scan interval", - "type": "integer", - "default": 200, - "description": "Time to sleep (in milliseconds) between scans" - }, - "tcp_scan_timeout": { - "title": "TCP scan timeout", - "type": "integer", - "default": 3000, - "description": "Maximum time (in milliseconds) to wait for TCP response" - }, - "tcp_scan_get_banner": { - "title": "TCP scan - get banner", - "type": "boolean", - "default": True, - "description": "Determines whether the TCP scan should try to get the banner" - } - } - }, - "ping_scanner": { - "title": "Ping scanner", - "type": "object", - "properties": { - "ping_scan_timeout": { - "title": "Ping scan timeout", - "type": "integer", - "default": 1000, - "description": "Maximum time (in milliseconds) to wait for ping response" - } - } - } - } - } - } - } - }, - "options": { - "collapsed": True - } -} - - class MonkeyConfiguration(flask_restful.Resource): def get(self): - return jsonify(schema=SCHEMA, configuration=self._get_configuration()) + return jsonify(schema=ConfigService.get_config_schema(), configuration=ConfigService.get_config()) def post(self): config_json = json.loads(request.data) - mongo.db.config.update({'name': 'newconfig'}, {"$set": config_json}, upsert=True) - return jsonify(schema=SCHEMA, configuration=self._get_configuration()) - @classmethod - def _get_configuration(cls): - config = mongo.db.config.find_one({'name': 'newconfig'}) or {} - for field in ('name', '_id'): - config.pop(field, None) - return config + mongo.db.config.update({'name': 'newconfig'}, {"$set": config_json}, upsert=True) + return jsonify(schema=ConfigService.get_config_schema(), configuration=ConfigService.get_config()) + diff --git a/monkey_island/cc/services/config.py b/monkey_island/cc/services/config.py new file mode 100644 index 000000000..2f27bd809 --- /dev/null +++ b/monkey_island/cc/services/config.py @@ -0,0 +1,786 @@ +from cc.database import mongo + +__author__ = "itay.mizeretz" + +SCHEMA = { + "title": "Monkey", + "type": "object", + "definitions": { + "exploiter_classes": { + "title": "Exploit class", + "type": "string", + "anyOf": [ + { + "type": "string", + "enum": [ + "SmbExploiter" + ], + "title": "SmbExploiter" + }, + { + "type": "string", + "enum": [ + "WmiExploiter" + ], + "title": "WmiExploiter" + }, + { + "type": "string", + "enum": [ + "RdpExploiter" + ], + "title": "RdpExploiter" + }, + { + "type": "string", + "enum": [ + "Ms08_067_Exploiter" + ], + "title": "Ms08_067_Exploiter" + }, + { + "type": "string", + "enum": [ + "SSHExploiter" + ], + "title": "SSHExploiter" + }, + { + "type": "string", + "enum": [ + "ShellShockExploiter" + ], + "title": "ShellShockExploiter" + }, + { + "type": "string", + "enum": [ + "SambaCryExploiter" + ], + "title": "SambaCryExploiter" + } + ] + }, + "finger_classes": { + "title": "Fingerprint class", + "type": "string", + "anyOf": [ + { + "type": "string", + "enum": [ + "SMBFinger" + ], + "title": "SMBFinger" + }, + { + "type": "string", + "enum": [ + "SSHFinger" + ], + "title": "SSHFinger" + }, + { + "type": "string", + "enum": [ + "PingScanner" + ], + "title": "PingScanner" + }, + { + "type": "string", + "enum": [ + "HTTPFinger" + ], + "title": "HTTPFinger" + } + ] + } + }, + "properties": { + "monkey": { + "title": "Monkey", + "type": "object", + "properties": { + "general": { + "title": "General", + "type": "object", + "properties": { + "alive": { + "title": "Alive", + "type": "boolean", + "default": True, + "description": "Is the monkey alive" + }, + "depth": { + "title": "Depth", + "type": "integer", + "default": 2, + "description": "Amount of hops allowed from this monkey to spread" + } + } + }, + "behaviour": { + "title": "Behaviour", + "type": "object", + "properties": { + "self_delete_in_cleanup": { + "title": "Self delete on cleanup", + "type": "boolean", + "default": False, + "description": "Should the monkey delete its executable when going down" + }, + "use_file_logging": { + "title": "Use file logging", + "type": "boolean", + "default": True, + "description": "Should the monkey dump to a log file" + }, + "serialize_config": { + "title": "Serialize config", + "type": "boolean", + "default": False, + "description": "Should the monkey dump its config on startup" + } + } + }, + "life_cycle": { + "title": "Life cycle", + "type": "object", + "properties": { + "max_iterations": { + "title": "Max iterations", + "type": "integer", + "default": 1, + "description": "Determines how many iterations of the monkey's full lifecycle should occur" + }, + "victims_max_find": { + "title": "Max victims to find", + "type": "integer", + "default": 14, + "description": "Determines after how many discovered machines should the monkey stop scanning" + }, + "victims_max_exploit": { + "title": "Max victims to exploit", + "type": "integer", + "default": 7, + "description": "Determines after how many infected machines should the monkey stop infecting" + }, + "timeout_between_iterations": { + "title": "Wait time between iterations", + "type": "integer", + "default": 100, + "description": "Determines for how long (in seconds) should the monkey wait between iterations" + }, + "retry_failed_explotation": { + "title": "Retry failed exploitation", + "type": "boolean", + "default": True, + "description": "Determines whether the monkey should retry exploiting machines it didn't successfuly exploit on previous iterations" + } + } + } + } + }, + "internal": { + "title": "Internal", + "type": "object", + "properties": { + "general": { + "title": "General", + "type": "object", + "properties": { + "singleton_mutex_name": { + "title": "Singleton mutex name", + "type": "string", + "default": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "description": "The name of the mutex used to determine whether the monkey is already running" + } + } + }, + "classes": { + "title": "Classes", + "type": "object", + "properties": { + "scanner_class": { + "title": "Scanner class", + "type": "string", + "default": "TcpScanner", + "enum": [ + "TcpScanner" + ], + "enumNames": [ + "TcpScanner" + ], + "description": "Determines class to scan for machines. (Shouldn't be changed)" + }, + "finger_classes": { + "title": "Fingerprint classes", + "type": "array", + "uniqueItems": True, + "items": { + "$ref": "#/definitions/finger_classes" + }, + "default": [ + "SMBFinger", + "SSHFinger", + "PingScanner", + "HTTPFinger" + ], + "description": "Determines which classes to use for fingerprinting" + }, + "exploiter_classes": { + "title": "Exploiter classes", + "type": "array", + "uniqueItems": True, + "items": { + "$ref": "#/definitions/exploiter_classes" + }, + "default": [ + "SmbExploiter", + "WmiExploiter", + "RdpExploiter", + "Ms08_067_Exploiter", + "SSHExploiter", + "ShellShockExploiter", + "SambaCryExploiter" + ], + "description": "Determines which classes to use for exploiting" + } + } + }, + "kill_file": { + "title": "Kill file", + "type": "object", + "properties": { + "kill_file_path_windows": { + "title": "Kill file path on Windows", + "type": "string", + "default": "C:\\Windows\\monkey.not", + "description": "Path of file which kills monkey if it exists (on Windows)" + }, + "kill_file_path_linux": { + "title": "Kill file path on Linux", + "type": "string", + "default": "/var/run/monkey.not", + "description": "Path of file which kills monkey if it exists (on Linux)" + } + } + }, + "dropper": { + "title": "Dropper", + "type": "object", + "properties": { + "dropper_set_date": { + "title": "Dropper sets date", + "type": "boolean", + "default": True, + "description": "Determines whether the dropper should set the monkey's file date to be the same as another file" + }, + "dropper_date_reference_path": { + "title": "Droper date reference path", + "type": "string", + "default": "\\windows\\system32\\kernel32.dll", + "description": "Determines which file the dropper should copy the date from if it's configured to do so (use fullpath)" + }, + "dropper_target_path_linux": { + "title": "Dropper target path on Linux", + "type": "string", + "default": "/tmp/monkey", + "description": "Determines where should the dropper place the monkey on a Linux machine" + }, + "dropper_target_path": { + "title": "Dropper target path on Windows", + "type": "string", + "default": "C:\\Windows\\monkey.exe", + "description": "Determines where should the dropper place the monkey on a Windows machine" + }, + "dropper_try_move_first": { + "title": "Try to move first", + "type": "boolean", + "default": True, + "description": "Determines whether the dropper should try to move itself instead of copying itself to target path" + } + } + }, + "logging": { + "title": "Logging", + "type": "object", + "properties": { + "dropper_log_path_linux": { + "title": "Dropper log file path on Linux", + "type": "string", + "default": "/tmp/user-1562", + "description": "The fullpath of the dropper log file on Linux" + }, + "dropper_log_path_windows": { + "title": "Dropper log file path on Windows", + "type": "string", + "default": "C:\\Users\\user\\AppData\\Local\\Temp\\~df1562.tmp", + "description": "The fullpath of the dropper log file on Windows" + }, + "monkey_log_path_linux": { + "title": "Monkey log file path on Linux", + "type": "string", + "default": "/tmp/user-1563", + "description": "The fullpath of the monkey log file on Linux" + }, + "monkey_log_path_windows": { + "title": "Monkey log file path on Windows", + "type": "string", + "default":"C:\\Users\\user\\AppData\\Local\\Temp\\~df1563.tmp", + "description": "The fullpath of the monkey log file on Windows" + } + } + } + } + }, + "cnc": { + "title": "C&C", + "type": "object", + "properties": { + "general": { + "title": "General", + "type": "object", + "properties": { + } + }, + "servers": { + "title": "Servers", + "type": "object", + "properties": { + "command_servers": { + "title": "Command servers", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + "41.50.73.31:5000" + ], + "description": "List of command servers to try and communicate with (format is :)" + }, + "internet_services": { + "title": "Internet services", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + "monkey.guardicore.com", + "www.google.com" + ], + "description": "List of internet services to try and communicate with to determine internet connectivity (use either ip or domain)" + }, + "current_server": { + "title": "Current server", + "type": "string", + "default": "41.50.73.31:5000", + "description": "The current command server the monkey is communicating with" + } + } + } + } + }, + "exploits": { + "title": "Exploits", + "type": "object", + "properties": { + "general": { + "title": "General", + "type": "object", + "properties": { + "skip_exploit_if_file_exist": { + "title": "Skip exploit if file exists", + "type": "boolean", + "default": True, + "description": "Determines whether the monkey should skip the exploit if the monkey's file is already on the remote machine" + }, + "credentials": { + "title": "Credentials", + "type": "object", + "properties": { + "exploit_user_list": { + "title": "Exploit user list", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + "Administrator", + "root", + "user" + ], + "description": "List of usernames to use on exploits using credentials" + }, + "exploit_password_list": { + "title": "Exploit password list", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + "Password1!", + "1234", + "password", + "12345678" + ], + "description": "List of password to use on exploits using credentials" + } + } + } + } + }, + "ms08_067": { + "title": "MS08_067", + "type": "object", + "properties": { + "ms08_067_exploit_attempts": { + "title": "MS08_067 exploit attempts", + "type": "integer", + "default": 5, + "description": "Number of attempts to exploit using MS08_067" + }, + "ms08_067_remote_user_add": { + "title": "MS08_067 remote user", + "type": "string", + "default": "Monkey_IUSER_SUPPORT", + "description": "Username to add on successful exploit" + }, + "ms08_067_remote_user_pass": { + "title": "MS08_067 remote user password", + "type": "string", + "default": "Password1!", + "description": "Password to use for created user" + } + } + }, + "rdp_grinder": { + "title": "RDP grinder", + "type": "object", + "properties": { + "rdp_use_vbs_download": { + "title": "Use VBS download", + "type": "boolean", + "default": True, + "description": "Determines whether to use VBS or BITS to download monkey to remote machine (true=VBS, false=BITS)" + } + } + }, + "sambacry": { + "title": "SambaCry", + "type": "object", + "properties": { + "sambacry_trigger_timeout": { + "title": "SambaCry trigger timeout", + "type": "integer", + "default": 5, + "description": "Timeout (in seconds) of SambaCry trigger" + }, + "sambacry_folder_paths_to_guess": { + "title": "SambaCry folder paths to guess", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + '/', + '/mnt', + '/tmp', + '/storage', + '/export', + '/share', + '/shares', + '/home' + ], + "description": "List of full paths to share folder for SambaCry to guess" + }, + "sambacry_shares_not_to_check": { + "title": "SambaCry shares not to check", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + "IPC$", "print$" + ], + "description": "These shares won't be checked when exploiting with SambaCry" + }, + "sambacry_commandline_filename": { + "title": "SambaCry commandline filename", + "type": "string", + "default": "monkey_commandline.txt", + }, + "sambacry_runner_result_filename": { + "title": "SambaCry runner result filename", + "type": "string", + "default": "monkey_runner_result", + }, + "sambacry_runner_filename_32": { + "title": "SambaCry runner filename (32 bit)", + "type": "string", + "default": "sc_monkey_runner32.so", + }, + "sambacry_runner_filename_64": { + "title": "SambaCry runner filename (64 bit)", + "type": "string", + "default": "sc_monkey_runner64.so", + }, + "sambacry_monkey_filename_32": { + "title": "SambaCry monkey filename (32 bit)", + "type": "string", + "default": "monkey32", + }, + "sambacry_monkey_filename_64": { + "title": "SambaCry monkey filename (64 bit)", + "type": "string", + "default": "monkey64", + }, + "sambacry_monkey_copy_filename_32": { + "title": "SambaCry monkey copy filename (32 bit)", + "type": "string", + "default": "monkey32_2", + }, + "sambacry_monkey_copy_filename_64": { + "title": "SambaCry monkey copy filename (64 bit)", + "type": "string", + "default": "monkey64_2", + } + } + }, + "smb_service": { + "title": "SMB service", + "type": "object", + "properties": { + "smb_download_timeout": { + "title": "SMB download timeout", + "type": "integer", + "default": 300, + "description": "Timeout (in seconds) for SMB download operation (used in various exploits using SMB)" + }, + "smb_service_name": { + "title": "SMB service name", + "type": "string", + "default": "InfectionMonkey", + "description": "Name of the SMB service that will be set up to download monkey" + } + } + } + } + }, + "system_info": { + "title": "System info", + "type": "object", + "properties": { + "general": { + "title": "General", + "type": "object", + "properties": { + "collect_system_info": { + "title": "Collect system info", + "type": "boolean", + "default": True, + "description": "Determines whether to collect system info" + } + } + }, + "mimikatz": { + "title": "Mimikatz", + "type": "object", + "properties": { + "mimikatz_dll_name": { + "title": "Mimikatz DLL name", + "type": "string", + "default": "mk.dll", + "description": "Name of Mimikatz DLL (should be the same as in the monkey's pyinstaller spec file)" + } + } + } + } + }, + "network": { + "title": "Network", + "type": "object", + "properties": { + "general": { + "title": "General", + "type": "object", + "properties": { + "blocked_ips": { + "title": "Blocked IPs", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + ], + "description": "List of IPs to not scan" + }, + "local_network_scan": { + "title": "Local network scan", + "type": "boolean", + "default": False, + "description": "Determines whether monkey should also scan its own IPs" + }, + "network_range": { + "title": "Network range", + "type": "object", + "properties": { + "range_class": { + "title": "Range class", + "type": "string", + "default": "FixedRange", + "enum": [ + "FixedRange", + "RelativeRange", + "ClassCRange" + ], + "enumNames": [ + "FixedRange", + "RelativeRange", + "ClassCRange" + ], + "description": "Determines which class to use to determine scan range" + }, + "range_size": { + "title": "Relative range size", + "type": "integer", + "default": 1, + "description": "Determines the size of the RelativeRange - amount of IPs to include" + }, + "range_fixed": { + "title": "Fixed range IP list", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + "172.16.0.67" + ], + "description": "List of IPs to include when using FixedRange" + } + } + } + } + }, + "scanners": { + "title": "Scanners", + "type": "object", + "properties": { + "tcp_scanner": { + "title": "TCP scanner", + "type": "object", + "properties": { + "HTTP_PORTS": { + "title": "HTTP ports", + "type": "array", + "uniqueItems": True, + "items": { + "type": "integer" + }, + "default": [ + 80, + 8080, + 443, + 8008 + ], + "description": "List of ports the monkey will check if are being used for HTTP" + }, + "tcp_target_ports": { + "title": "TCP target ports", + "type": "array", + "uniqueItems": True, + "items": { + "type": "integer" + }, + "default": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008 + ], + "description": "List of TCP ports the monkey will check whether they're open" + }, + "tcp_scan_interval": { + "title": "TCP scan interval", + "type": "integer", + "default": 200, + "description": "Time to sleep (in milliseconds) between scans" + }, + "tcp_scan_timeout": { + "title": "TCP scan timeout", + "type": "integer", + "default": 3000, + "description": "Maximum time (in milliseconds) to wait for TCP response" + }, + "tcp_scan_get_banner": { + "title": "TCP scan - get banner", + "type": "boolean", + "default": True, + "description": "Determines whether the TCP scan should try to get the banner" + } + } + }, + "ping_scanner": { + "title": "Ping scanner", + "type": "object", + "properties": { + "ping_scan_timeout": { + "title": "Ping scan timeout", + "type": "integer", + "default": 1000, + "description": "Maximum time (in milliseconds) to wait for ping response" + } + } + } + } + } + } + } + }, + "options": { + "collapsed": True + } +} + +class ConfigService: + def __init__(self): + pass + + @staticmethod + def get_config(): + config = mongo.db.config.find_one({'name': 'newconfig'}) or {} + for field in ('name', '_id'): + config.pop(field, None) + return config + + @staticmethod + def get_flat_config(): + config_json = ConfigService.get_config() + flat_config_json = {} + for i in config_json: + for j in config_json[i]: + for k in config_json[i][j]: + flat_config_json[k] = config_json[i][j][k] + + return flat_config_json + + @staticmethod + def get_config_schema(): + return SCHEMA + + @staticmethod + def update_config(): + pass