Merge branch 'release/1.11.0' into develop
72
CHANGELOG.md
|
@ -1,11 +1,12 @@
|
||||||
# Changelog
|
# Changelog
|
||||||
All notable changes to this project will be documented in this file.
|
All notable changes to this project will be documented in this
|
||||||
|
file.
|
||||||
|
|
||||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
The format is based on [Keep a
|
||||||
|
Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
|
|
||||||
## [Unreleased]
|
## [1.11.0] - 2021-08-XX
|
||||||
### Added
|
### Added
|
||||||
- PostgreSQL fingerprinter. #892
|
|
||||||
- A runtime-configurable option to specify a data directory where runtime
|
- A runtime-configurable option to specify a data directory where runtime
|
||||||
configuration and other artifacts can be stored. #994
|
configuration and other artifacts can be stored. #994
|
||||||
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
|
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
|
||||||
|
@ -13,53 +14,58 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- A ransomware simulation payload. #1238
|
- A ransomware simulation payload. #1238
|
||||||
- The capability for a user to specify their own SSL certificate. #1208
|
- The capability for a user to specify their own SSL certificate. #1208
|
||||||
- API endpoint for ransomware report. #1297
|
- API endpoint for ransomware report. #1297
|
||||||
- Add ransomware report. #1240
|
- A ransomware report. #1240
|
||||||
- A script to build a docker image locally. #1140
|
- A script to build a docker image locally. #1140
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
- server_config.json can be selected at runtime. #963
|
- Select server_config.json at runtime. #963
|
||||||
- Logger configuration can be selected at runtime. #971
|
- Select Logger configuration at runtime. #971
|
||||||
- `mongo_key.bin` file location can be selected at runtime. #994
|
- Select `mongo_key.bin` file location at runtime. #994
|
||||||
- Monkey agents are stored in the configurable data_dir when monkey is "run
|
- Store Monkey agents in the configurable data_dir when monkey is "run from the
|
||||||
from the island". #997
|
island". #997
|
||||||
- Reformated all code using black. #1070
|
- Reformat all code using black. #1070
|
||||||
- Sorted all imports usind isort. #1081
|
- Sort all imports using isort. #1081
|
||||||
- Addressed all flake8 issues. #1071
|
- Address all flake8 issues. #1071
|
||||||
- Use pipenv for python dependency management. #1091
|
- Use pipenv for python dependency management. #1091
|
||||||
- Moved unit tests to a dedicated `tests/` directory to improve pytest
|
- Move unit tests to a dedicated `tests/` directory to improve pytest collection
|
||||||
collection time. #1102
|
time. #1102
|
||||||
- Default BB test suite behavior: if `--run-performance-tests` flag is not
|
- Skip BB performance tests by default. Run them if `--run-performance-tests`
|
||||||
specified, performance tests are skipped.
|
flag is specified.
|
||||||
- Zerologon exploiter writes runtime artifacts to a secure temporary directory
|
- Write Zerologon exploiter's runtime artifacts to a secure temporary directory
|
||||||
instead of $HOME. #1143
|
instead of $HOME. #1143
|
||||||
- Authentication mechanism to use bcrypt on server side. #1139
|
- Put environment config options in `server_config.json` into a separate
|
||||||
- `server_config.json` puts environment config options in a separate section
|
section named "environment". #1161
|
||||||
named "environment". #1161
|
- Automatically register if BlackBox tests are run on a fresh installation.
|
||||||
- BlackBox tests can now register if they are ran on a fresh installation. #1180
|
#1180
|
||||||
- Limit the ports used for scanning in blackbox tests. #1368
|
- Limit the ports used for scanning in blackbox tests. #1368
|
||||||
- Limit the propagation depth of most blackbox tests. #1400
|
- Limit the propagation depth of most blackbox tests. #1400
|
||||||
- Blackbox tests wait less time for monkeys to die. #1400
|
- Wait less time for monkeys to die when running BlackBox tests. #1400
|
||||||
- Improved the structure of unit tests by scoping fixtures only to relevant modules
|
- Improve the structure of unit tests by scoping fixtures only to relevant
|
||||||
instead of having a one huge fixture file, improved and renamed the directory
|
modules instead of having a one huge fixture file. #1178
|
||||||
structure of unit tests and unit test infrastructure. #1178
|
- Improve and rename the directory structure of unit tests and unit test
|
||||||
- MongoDb now gets launched by the Island via python. #1148
|
infrastructure. #1178
|
||||||
- Create/check data directory on Island init. #1170
|
- Launch MongoDB when the Island starts via python. #1148
|
||||||
- The formatting of some log messages to make them more readable. #1283
|
- Create/check data directory on Island initialization. #1170
|
||||||
- Some unit tests to run faster. #1125
|
- Format some log messages to make them more readable. #1283
|
||||||
|
- Improve runtime of some unit tests. #1125
|
||||||
|
- Run curl OR wget (not both) when attempting to communicate as a new user on
|
||||||
|
Linux. #1407
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
- Relevant dead code as reported by Vulture. #1149
|
- Relevant dead code as reported by Vulture. #1149
|
||||||
- Island logger config and --logger-config CLI option. #1151
|
- Island logger config and --logger-config CLI option. #1151
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
- Attempted to delete a directory when monkey config reset was called. #1054
|
- Attempt to delete a directory when monkey config reset was called. #1054
|
||||||
- An errant space in the windows commands to run monkey manually. #1153
|
- An errant space in the windows commands to run monkey manually. #1153
|
||||||
- gevent tracebacks in console output. #859
|
- Gevent tracebacks in console output. #859
|
||||||
- Crash and failure to run PBAs if max depth reached. #1374
|
- Crash and failure to run PBAs if max depth reached. #1374
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
- Address minor issues discovered by Dlint. #1075
|
- Address minor issues discovered by Dlint. #1075
|
||||||
- Generate random passwords when creating a new user (create user PBA, ms08_67 exploit). #1174
|
- Hash passwords on server-side instead of client side. #1139
|
||||||
|
- Generate random passwords when creating a new user (create user PBA, ms08_67
|
||||||
|
exploit). #1174
|
||||||
- Implemented configuration encryption/decryption. #1189, #1204
|
- Implemented configuration encryption/decryption. #1189, #1204
|
||||||
- Create local custom PBA directory with secure permissions. #1270
|
- Create local custom PBA directory with secure permissions. #1270
|
||||||
- Create encryption key file for MongoDB with secure permissions. #1232
|
- Create encryption key file for MongoDB with secure permissions. #1232
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
title: "MITRE ATT&CK report"
|
title: "MITRE ATT&CK report"
|
||||||
description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base"
|
description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base"
|
||||||
date: 2020-06-24T21:17:18+03:00
|
date: 2020-06-24T21:17:18+03:00
|
||||||
|
weight: 3
|
||||||
draft: false
|
draft: false
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
---
|
||||||
|
title: "Ransomware report"
|
||||||
|
date: 2021-08-05T13:23:10+03:00
|
||||||
|
weight: 4
|
||||||
|
draft: false
|
||||||
|
description: "Provides information about ransomware simulation on your network"
|
||||||
|
---
|
||||||
|
|
||||||
|
{{% notice info %}}
|
||||||
|
Check out [the Infection Monkey's ransomware simulation documentation]({{< ref
|
||||||
|
"/usage/scenarios/ransomware-simulation" >}}) and [the documentation for other
|
||||||
|
available reports]({{< ref "/reports" >}}).
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
|
The Infection Monkey can be configured to [simulate a ransomware
|
||||||
|
attack](/usage/scenarios/ransomware-simulation) on your network. After running,
|
||||||
|
it generates a **Ransomware Report** that provides you with insight into how
|
||||||
|
ransomware might behave within your environment.
|
||||||
|
|
||||||
|
The report is split into three sections:
|
||||||
|
|
||||||
|
- [Breach](#breach)
|
||||||
|
- [Lateral Movement](#lateral-movement)
|
||||||
|
- [Attack](#attack)
|
||||||
|
|
||||||
|
## Breach
|
||||||
|
|
||||||
|
The breach section shows when and where the ransomware infection began.
|
||||||
|
|
||||||
|
![Breach](/images/usage/reports/ransomware_report_1_breach.png "Breach")
|
||||||
|
|
||||||
|
|
||||||
|
## Lateral movement
|
||||||
|
|
||||||
|
The lateral movement section provides information about how the simulated
|
||||||
|
ransomware was able to propagate through your network.
|
||||||
|
|
||||||
|
|
||||||
|
![Lateral
|
||||||
|
Movement](/images/usage/reports/ransomware_report_2_lateral_movement.png
|
||||||
|
"Lateral Movement")
|
||||||
|
|
||||||
|
|
||||||
|
## Attack
|
||||||
|
|
||||||
|
The attack section shows the details of what the simulated ransomware
|
||||||
|
successfully encrypted, including a list of specific files.
|
||||||
|
|
||||||
|
![Attack](/images/usage/reports/ransomware_report_3_attack.png "Attack")
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
title: "Security report"
|
title: "Security report"
|
||||||
date: 2020-06-24T21:16:10+03:00
|
date: 2020-06-24T21:16:10+03:00
|
||||||
|
weight: 1
|
||||||
draft: false
|
draft: false
|
||||||
description: "Provides actionable recommendations and insight into an attacker's view of your network"
|
description: "Provides actionable recommendations and insight into an attacker's view of your network"
|
||||||
---
|
---
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
title: "Zero Trust report"
|
title: "Zero Trust report"
|
||||||
date: 2020-06-24T21:16:18+03:00
|
date: 2020-06-24T21:16:18+03:00
|
||||||
|
weight: 2
|
||||||
draft: false
|
draft: false
|
||||||
description: "Generates a status report with detailed explanations of Zero Trust security gaps and prescriptive instructions on how to rectify them"
|
description: "Generates a status report with detailed explanations of Zero Trust security gaps and prescriptive instructions on how to rectify them"
|
||||||
---
|
---
|
||||||
|
|
|
@ -29,7 +29,7 @@ The Infection Monkey Docker container works on Linux only. It is not compatible
|
||||||
1. Load the Monkey Island Docker image:
|
1. Load the Monkey Island Docker image:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo docker load -i dk.monkeyisland.1.10.0.tar
|
sudo docker load -i dk.monkeyisland.VERSION.tar
|
||||||
```
|
```
|
||||||
|
|
||||||
### 2. Start MongoDB
|
### 2. Start MongoDB
|
||||||
|
@ -58,7 +58,7 @@ been signed by a private certificate authority.
|
||||||
sudo docker run \
|
sudo docker run \
|
||||||
--name monkey-island \
|
--name monkey-island \
|
||||||
--network=host \
|
--network=host \
|
||||||
guardicore/monkey-island:1.10.0
|
guardicore/monkey-island:VERSION
|
||||||
```
|
```
|
||||||
|
|
||||||
### 3b. Start Monkey Island with user-provided certificate
|
### 3b. Start Monkey Island with user-provided certificate
|
||||||
|
@ -81,7 +81,7 @@ been signed by a private certificate authority.
|
||||||
--network=host \
|
--network=host \
|
||||||
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
||||||
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
||||||
guardicore/monkey-island:1.10.0 --setup-only
|
guardicore/monkey-island:VERSION --setup-only
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Move your `.crt` and `.key` files to `./monkey_island_data`.
|
1. Move your `.crt` and `.key` files to `./monkey_island_data`.
|
||||||
|
@ -122,7 +122,7 @@ been signed by a private certificate authority.
|
||||||
--network=host \
|
--network=host \
|
||||||
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
--user "$(id -u ${USER}):$(id -g ${USER})" \
|
||||||
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
|
||||||
guardicore/monkey-island:1.10.0
|
guardicore/monkey-island:VERSION
|
||||||
```
|
```
|
||||||
|
|
||||||
### 4. Accessing Monkey Island
|
### 4. Accessing Monkey Island
|
||||||
|
@ -152,7 +152,7 @@ to store data in the `monkey-mongo` container.
|
||||||
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte
|
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte
|
||||||
```
|
```
|
||||||
|
|
||||||
Starting a new container from the `guardicore/monkey-island:1.10.0` image
|
Starting a new container from the `guardicore/monkey-island:VERSION` image
|
||||||
generates a new secret key for storing sensitive information in MongoDB. If you
|
generates a new secret key for storing sensitive information in MongoDB. If you
|
||||||
have an old database instance running (from a previous instance of Infection
|
have an old database instance running (from a previous instance of Infection
|
||||||
Monkey), the data stored in the `monkey-mongo` container has been encrypted
|
Monkey), the data stored in the `monkey-mongo` container has been encrypted
|
||||||
|
|
|
@ -18,10 +18,10 @@ installed, but the ones that we've tested are:
|
||||||
- Kali 2021.2
|
- Kali 2021.2
|
||||||
- Parrot 4.11
|
- Parrot 4.11
|
||||||
- Rocky 8
|
- Rocky 8
|
||||||
- Suse Leap 15.3
|
- openSUSE Leap 15.3
|
||||||
- Ubuntu 18.04
|
- Ubuntu Bionic 18.04
|
||||||
- Ubuntu 20.04
|
- Ubuntu Focal 20.04
|
||||||
- Ubuntu 21.04
|
- Ubuntu Hirsute 21.04
|
||||||
|
|
||||||
## Deployment
|
## Deployment
|
||||||
|
|
||||||
|
|
|
@ -1,75 +0,0 @@
|
||||||
---
|
|
||||||
title: "VMware"
|
|
||||||
date: 2020-05-26T20:57:14+03:00
|
|
||||||
draft: false
|
|
||||||
pre: '<i class="fas fa-laptop-code"></i> '
|
|
||||||
weight: 3
|
|
||||||
tags: ["setup", "vmware"]
|
|
||||||
---
|
|
||||||
|
|
||||||
## Deployment
|
|
||||||
|
|
||||||
1. Deploy the Infection Monkey OVA by choosing **Deploy OVF Template** and
|
|
||||||
following the wizard instructions. *Note: make sure ports 5000 and 5001 on
|
|
||||||
the machine are accessible for inbound TCP traffic.*
|
|
||||||
1. Turn on the Infection Monkey VM.
|
|
||||||
1. Log in to the machine with the following credentials:
|
|
||||||
1. Username: **monkeyuser**
|
|
||||||
1. Password: **Noon.Earth.Always**
|
|
||||||
1. For security purposes, it's recommended that you change the machine
|
|
||||||
passwords by running the following commands: `sudo passwd monkeyuser`, `sudo
|
|
||||||
passwd root`.
|
|
||||||
|
|
||||||
## OVA network modes
|
|
||||||
|
|
||||||
You can use the OVA in one of two modes:
|
|
||||||
|
|
||||||
1. In a network with the DHCP configured — In this case, the Monkey Island will
|
|
||||||
automatically query and receive an IP address from the network.
|
|
||||||
1. With a static IP address — In this case, you should log in to the VM console
|
|
||||||
with the username `monkeyuser` and the password `Noon.Earth.Always`. After logging
|
|
||||||
in, edit the Netplan configuration by entering the following command in the
|
|
||||||
prompt:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
sudo nano /etc/netplan/00-installer-config.yaml
|
|
||||||
```
|
|
||||||
|
|
||||||
Make the following changes:
|
|
||||||
|
|
||||||
```diff
|
|
||||||
# This is the network config written by 'subiquity'
|
|
||||||
network:
|
|
||||||
ethernets:
|
|
||||||
ens160:
|
|
||||||
- dhcp4: true
|
|
||||||
+ dhcp4: false
|
|
||||||
+ addresses: [XXX.XXX.XXX.XXX/24]
|
|
||||||
+ gateway4: YYY.YYY.YYY.YYY
|
|
||||||
+ nameservers:
|
|
||||||
+ addresses: [1.1.1.1]
|
|
||||||
version: 2
|
|
||||||
```
|
|
||||||
|
|
||||||
Replace `XXX.XXX.XXX.XXX` with the desired IP addess of the VM. Replace
|
|
||||||
`YYY.YYY.YYY.YYY` with the default gateway.
|
|
||||||
|
|
||||||
Save the changes then run the command:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
sudo netplan apply
|
|
||||||
```
|
|
||||||
|
|
||||||
If this configuration does not suit your needs, see
|
|
||||||
https://netplan.io/examples/ for more information about how to configure
|
|
||||||
Netplan.
|
|
||||||
|
|
||||||
## Upgrading
|
|
||||||
|
|
||||||
Currently, there's no "upgrade-in-place" option when a new version is released.
|
|
||||||
To get an updated version, download the updated OVA file.
|
|
||||||
|
|
||||||
If you'd like to keep your existing configuration, you can export it to a file
|
|
||||||
using the *Export config* button and then import it to the new Monkey Island.
|
|
||||||
|
|
||||||
![Export configuration](../../images/setup/export-configuration.png "Export configuration")
|
|
|
@ -20,7 +20,7 @@ After running the installer, the following prompt should appear on the screen:
|
||||||
1. Follow the steps to complete the installation.
|
1. Follow the steps to complete the installation.
|
||||||
1. Run the Monkey Island by clicking on the desktop shortcut.
|
1. Run the Monkey Island by clicking on the desktop shortcut.
|
||||||
|
|
||||||
### Start Monkey Island with user-provided certificcate
|
### Start Monkey Island with user-provided certificate
|
||||||
|
|
||||||
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
|
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
|
||||||
enterprise or other security-sensitive environments, it is recommended that the
|
enterprise or other security-sensitive environments, it is recommended that the
|
||||||
|
|
|
@ -35,6 +35,19 @@ $ sha256sum monkey-linux-64
|
||||||
|
|
||||||
## Latest version checksums
|
## Latest version checksums
|
||||||
|
|
||||||
|
| Filename | Type | Version | SHA256 |
|
||||||
|
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
||||||
|
| monkey-windows-64.exe | Windows Agent | 1.11.0 | `12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a` |
|
||||||
|
| monkey-windows-32.exe | Windows Agent | 1.11.0 | `e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849` |
|
||||||
|
| monkey-linux-64 | Linux Agent | 1.11.0 | `fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462` |
|
||||||
|
| monkey-linux-32 | Linux Agent | 1.11.0 | `88d6d717f99047ae6f8ff9527b41ff004217c99b1b027f112d062dd9e66d11ab` |
|
||||||
|
| Infection_Monkey-1.11.0-x86_64.AppImage | Linux Package | 1.11.0 | `6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2` |
|
||||||
|
| infection_monkey_docker_20210811_211212.tgz | Docker | 1.11.0 | `40f203387cadd153f97c6a21dfdddacd4d4eeea334a9300d862bfb4ba528e2e6` |
|
||||||
|
| Monkey Island v1.11.0_3789.exe | Windows Installer | 1.11.0 | `20633c1993ea5f86b57b3a48d6875e8f72881f856f4713d747f07a559da05ccc` |
|
||||||
|
|
||||||
|
|
||||||
|
## Older checksums
|
||||||
|
|
||||||
| Filename | Type | Version | SHA256 |
|
| Filename | Type | Version | SHA256 |
|
||||||
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
||||||
| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` |
|
| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` |
|
||||||
|
@ -49,12 +62,6 @@ $ sha256sum monkey-linux-64
|
||||||
| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
|
| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
|
||||||
| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
|
| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
|
||||||
| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
|
| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
|
||||||
|
|
||||||
|
|
||||||
## Older checksums
|
|
||||||
|
|
||||||
| Filename | Type | Version | SHA256 |
|
|
||||||
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
|
|
||||||
| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
|
| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
|
||||||
| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
|
| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
|
||||||
| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |
|
| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |
|
||||||
|
|
|
@ -74,10 +74,10 @@
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-lg-3 col-sm-6 mb-3">
|
<div class="col-lg-3 col-sm-6 mb-3">
|
||||||
<a href="usage/use-cases" class="px-4 py-5 bg-white shadow text-center d-block">
|
<a href="usage/scenarios" class="px-4 py-5 bg-white shadow text-center d-block">
|
||||||
<i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i>
|
<i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i>
|
||||||
<h4 class="mb-3 mt-0">Use Cases</h4>
|
<h4 class="mb-3 mt-0">Scenarios</h4>
|
||||||
<p class="mb-0">Learn about use cases of the Infection Monkey.</p>
|
<p class="mb-0">Learn about scenarios of the Infection Monkey.</p>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-lg-3 col-sm-6 mb-3">
|
<div class="col-lg-3 col-sm-6 mb-3">
|
||||||
|
|
After Width: | Height: | Size: 135 KiB |
After Width: | Height: | Size: 138 KiB |
After Width: | Height: | Size: 257 KiB |
Before Width: | Height: | Size: 310 KiB After Width: | Height: | Size: 278 KiB |
Before Width: | Height: | Size: 296 KiB After Width: | Height: | Size: 283 KiB |
Before Width: | Height: | Size: 136 KiB After Width: | Height: | Size: 140 KiB |
|
@ -1 +1 @@
|
||||||
dev
|
release
|
||||||
|
|
|
@ -4,7 +4,7 @@ import argparse
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
MAJOR = "1"
|
MAJOR = "1"
|
||||||
MINOR = "10"
|
MINOR = "11"
|
||||||
PATCH = "0"
|
PATCH = "0"
|
||||||
build_file_path = Path(__file__).parent.joinpath("BUILD")
|
build_file_path = Path(__file__).parent.joinpath("BUILD")
|
||||||
with open(build_file_path, "r") as build_file:
|
with open(build_file_path, "r") as build_file:
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import logging
|
import logging
|
||||||
import random
|
import random
|
||||||
|
import shutil
|
||||||
import string
|
import string
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
|
@ -64,11 +65,13 @@ class CommunicateAsNewUser(PBA):
|
||||||
'Invoke-WebRequest {url} -UseBasicParsing"'
|
'Invoke-WebRequest {url} -UseBasicParsing"'
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
# true || false -> 0. false || true -> 0. false || false -> 1. So:
|
|
||||||
# if curl works, we're good.
|
# if curl works, we're good.
|
||||||
# If curl doesn't exist or fails and wget work, we're good.
|
# If curl doesn't exist or fails and wget work, we're good.
|
||||||
# And if both don't exist: we'll call it a win.
|
# And if both don't exist: we'll call it a win.
|
||||||
format_string = "curl {url} || wget -O/dev/null -q {url}"
|
if shutil.which("curl") is not None:
|
||||||
|
format_string = "curl {url}"
|
||||||
|
else:
|
||||||
|
format_string = "wget -O/dev/null -q {url}"
|
||||||
return format_string.format(url=url)
|
return format_string.format(url=url)
|
||||||
|
|
||||||
def send_result_telemetry(self, exit_status, commandline, username):
|
def send_result_telemetry(self, exit_status, commandline, username):
|
||||||
|
|
|
@ -2,7 +2,7 @@ import os
|
||||||
|
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
|
|
||||||
TEMP_COMSPEC = os.path.join(os.getcwd(), "random_executable.exe")
|
TEMP_COMSPEC = os.path.join(os.getcwd(), "T1216_random_executable.exe")
|
||||||
|
|
||||||
|
|
||||||
def get_windows_commands_to_proxy_execution_using_signed_script():
|
def get_windows_commands_to_proxy_execution_using_signed_script():
|
||||||
|
|
|
@ -16,5 +16,5 @@ class T1216PBAFileDownload(flask_restful.Resource):
|
||||||
executable_file_name = "T1216_random_executable.exe"
|
executable_file_name = "T1216_random_executable.exe"
|
||||||
return send_from_directory(
|
return send_from_directory(
|
||||||
directory=os.path.join(MONKEY_ISLAND_ABS_PATH, "cc", "resources", "pba"),
|
directory=os.path.join(MONKEY_ISLAND_ABS_PATH, "cc", "resources", "pba"),
|
||||||
filename=executable_file_name,
|
path=executable_file_name,
|
||||||
)
|
)
|
||||||
|
|
|
@ -18,7 +18,7 @@ def setup_data_dir(island_args: IslandCmdArgs) -> Tuple[IslandConfigOptions, str
|
||||||
def _setup_config_by_cmd_arg(server_config_path) -> Tuple[IslandConfigOptions, str]:
|
def _setup_config_by_cmd_arg(server_config_path) -> Tuple[IslandConfigOptions, str]:
|
||||||
server_config_path = expand_path(server_config_path)
|
server_config_path = expand_path(server_config_path)
|
||||||
config = server_config_handler.load_server_config_from_file(server_config_path)
|
config = server_config_handler.load_server_config_from_file(server_config_path)
|
||||||
create_secure_directory(config.data_dir)
|
create_secure_directory(str(config.data_dir))
|
||||||
return config, server_config_path
|
return config, server_config_path
|
||||||
|
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@ def _setup_default_config() -> Tuple[IslandConfigOptions, str]:
|
||||||
default_config = server_config_handler.load_server_config_from_file(DEFAULT_SERVER_CONFIG_PATH)
|
default_config = server_config_handler.load_server_config_from_file(DEFAULT_SERVER_CONFIG_PATH)
|
||||||
default_data_dir = default_config.data_dir
|
default_data_dir = default_config.data_dir
|
||||||
|
|
||||||
create_secure_directory(default_data_dir)
|
create_secure_directory(str(default_data_dir))
|
||||||
|
|
||||||
server_config_path = server_config_handler.create_default_server_config_file(default_data_dir)
|
server_config_path = server_config_handler.create_default_server_config_file(default_data_dir)
|
||||||
config = server_config_handler.load_server_config_from_file(server_config_path)
|
config = server_config_handler.load_server_config_from_file(server_config_path)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "infection-monkey",
|
"name": "infection-monkey",
|
||||||
"version": "1.10.0",
|
"version": "1.11.0",
|
||||||
"lockfileVersion": 1,
|
"lockfileVersion": 1,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"private": true,
|
"private": true,
|
||||||
"version": "1.10.0",
|
"version": "1.11.0",
|
||||||
"name": "infection-monkey",
|
"name": "infection-monkey",
|
||||||
"description": "Infection Monkey C&C UI",
|
"description": "Infection Monkey C&C UI",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
|
|
@ -10,7 +10,7 @@ const LATERAL_MOVEMENT_DESCRIPTION = 'After the initial breach, the attacker wil
|
||||||
<br /> \
|
<br /> \
|
||||||
<br /> \
|
<br /> \
|
||||||
<a \
|
<a \
|
||||||
href="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/" \
|
href="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/?utm_medium=monkey-request&utm_source=web-report&utm_campaign=monkey-security-report" \
|
||||||
target="_blank" \
|
target="_blank" \
|
||||||
> \
|
> \
|
||||||
See some real-world examples on Guardicore\'s blog. \
|
See some real-world examples on Guardicore\'s blog. \
|
||||||
|
|