forked from p15670423/monkey
Merge pull request #1654 from guardicore/1597-remove-unneeded-options
1597 remove unneeded options
This commit is contained in:
commit
966bef25d8
|
@ -1,67 +0,0 @@
|
|||
{
|
||||
"id": "AzD8XysWg1BBXCjCDkfq",
|
||||
"name": "Add a new configuration setting to the Agent ⚙",
|
||||
"task": {
|
||||
"dod": "Make the max victim number that Monkey will find before stopping configurable by the user instead of constant.",
|
||||
"tests": [],
|
||||
"hints": [
|
||||
"Look for `victims_max_exploit` - it's rather similar."
|
||||
]
|
||||
},
|
||||
"content": [
|
||||
{
|
||||
"type": "text",
|
||||
"text": "# Make something configurable\n\nIn this unit, you will learn how to add a configuration option to Monkey and how to use it in the Monkey Agent code. \n\n![computer fire](https://media.giphy.com/media/7J4P7cUur2DlErijp3/giphy.gif \"computer fire\")\n\n## Why is this important?\n\nEnabling users to configure the Monkey's behaviour gives them a lot more freedom in how they want to use the Monkey and enables more use cases.\n\n## What is \"Max victims to find\"?\n\nThe Monkey has a function which finds \"victim\" machines on the network for the Monkey to try and exploit. It's called `get_victim_machines`. This function accepts an argument which limits how many machines the Monkey should find.\n\nWe want to make that value editable by the user instead of constant in the code.\n\n## Manual testing\n\n1. After you've performed the required changes, reload the Server and check your value exists in the Internal tab of the config (see image).\n\n![](https://i.imgur.com/e0XAxuV.png)\n\n2. Set the new value to 1, and run Monkey locally (from source). See that the Monkey only scans one machine."
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/infection_monkey/config.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 103,
|
||||
"lines": [
|
||||
" exploiter_classes = []",
|
||||
" system_info_collector_classes = []",
|
||||
" ",
|
||||
"* # how many victims to look for in a single scan iteration",
|
||||
"* victims_max_find = 100",
|
||||
" ",
|
||||
" # how many victims to exploit before stopping",
|
||||
" victims_max_exploit = 100"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "snippet",
|
||||
"path": "monkey/monkey_island/cc/services/config_schema/internal.py",
|
||||
"comments": [],
|
||||
"firstLineNumber": 28,
|
||||
"lines": [
|
||||
" \"title\": \"Monkey\",",
|
||||
" \"type\": \"object\",",
|
||||
" \"properties\": {",
|
||||
"* \"victims_max_find\": {",
|
||||
"* \"title\": \"Max victims to find\",",
|
||||
"* \"type\": \"integer\",",
|
||||
"* \"default\": 100,",
|
||||
"* \"description\": \"Determines the maximum number of machines the monkey is \"",
|
||||
"* \"allowed to scan\",",
|
||||
"* },",
|
||||
" \"victims_max_exploit\": {",
|
||||
" \"title\": \"Max victims to exploit\",",
|
||||
" \"type\": \"integer\","
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "text",
|
||||
"text": "* When changing config schema by adding or deleting keys, you need to update the Blackbox Test configurations as well [here](https://github.com/guardicore/monkey/tree/develop/envs/monkey_zoo/blackbox/config_templates)."
|
||||
}
|
||||
],
|
||||
"symbols": {},
|
||||
"file_version": "2.0.3",
|
||||
"meta": {
|
||||
"app_version": "0.6.6-2",
|
||||
"file_blobs": {
|
||||
"monkey/infection_monkey/config.py": "8f4984ba6563564343282765ab498efca5d89ba8",
|
||||
"monkey/monkey_island/cc/services/config_schema/internal.py": "86318eaf19b9991a8af5de861a3eb085238e17a4"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -36,6 +36,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- MITRE ATT&CK configuration screen. #1532
|
||||
- Propagation credentials from "GET /api/monkey/<string:guid>" endpoint. #1538
|
||||
- "GET /api/monkey_control/check_remote_port/<string:port>" endpoint. #1635
|
||||
- Max victims to find/exploit, TCP scan interval and TCP scan get banner internal options. #1597
|
||||
- MySQL fingerprinter. #1648
|
||||
|
||||
### Fixed
|
||||
|
|
|
@ -103,12 +103,6 @@ class Configuration(object):
|
|||
exploiter_classes = []
|
||||
system_info_collector_classes = []
|
||||
|
||||
# how many victims to look for in a single scan iteration
|
||||
victims_max_find = 100
|
||||
|
||||
# how many victims to exploit before stopping
|
||||
victims_max_exploit = 100
|
||||
|
||||
# depth of propagation
|
||||
depth = 2
|
||||
max_depth = None
|
||||
|
@ -142,8 +136,6 @@ class Configuration(object):
|
|||
tcp_target_ports = [22, 2222, 445, 135, 3389, 80, 8080, 443, 8008, 3306, 9200]
|
||||
tcp_target_ports.extend(HTTP_PORTS)
|
||||
tcp_scan_timeout = 3000 # 3000 Milliseconds
|
||||
tcp_scan_interval = 0 # in milliseconds
|
||||
tcp_scan_get_banner = True
|
||||
|
||||
# Ping Scanner
|
||||
ping_scan_timeout = 1000
|
||||
|
|
|
@ -56,8 +56,6 @@
|
|||
"exploit_ntlm_hash_list": [],
|
||||
"exploit_ssh_keys": [],
|
||||
"local_network_scan": false,
|
||||
"tcp_scan_get_banner": true,
|
||||
"tcp_scan_interval": 0,
|
||||
"tcp_scan_timeout": 10000,
|
||||
"tcp_target_ports": [
|
||||
22,
|
||||
|
@ -73,8 +71,6 @@
|
|||
7001,
|
||||
8088
|
||||
],
|
||||
"victims_max_exploit": 100,
|
||||
"victims_max_find": 100,
|
||||
"post_breach_actions": []
|
||||
custom_PBA_linux_cmd = ""
|
||||
custom_PBA_windows_cmd = ""
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
import logging
|
||||
import time
|
||||
from multiprocessing.dummy import Pool
|
||||
|
||||
from common.network.network_range import NetworkRange
|
||||
|
@ -108,9 +107,6 @@ class NetworkScanner(object):
|
|||
if victims_count >= max_find:
|
||||
logger.debug("Found max needed victims (%d), stopping scan", max_find)
|
||||
return
|
||||
if WormConfiguration.tcp_scan_interval:
|
||||
# time.sleep uses seconds, while config is in milliseconds
|
||||
time.sleep(WormConfiguration.tcp_scan_interval / float(1000))
|
||||
|
||||
@staticmethod
|
||||
def _is_any_ip_in_subnet(ip_addresses, subnet_str):
|
||||
|
|
|
@ -76,14 +76,13 @@ def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
|||
return True, banner
|
||||
|
||||
|
||||
def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
||||
def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT):
|
||||
"""
|
||||
Checks whether any of the given ports are open on a target IP.
|
||||
:param ip: IP of host to attack
|
||||
:param ports: List of ports to attack. Must not be empty.
|
||||
:param timeout: Amount of time to wait for connection
|
||||
:param get_banner: T/F if to get first packets from server
|
||||
:return: list of open ports. If get_banner=True, then a matching list of banners.
|
||||
:return: List of open ports.
|
||||
"""
|
||||
sockets = [socket.socket(socket.AF_INET, socket.SOCK_STREAM) for _ in range(len(ports))]
|
||||
[s.setblocking(False) for s in sockets]
|
||||
|
@ -130,7 +129,7 @@ def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
|||
% (str(ip), ",".join([str(s[0]) for s in connected_ports_sockets]))
|
||||
)
|
||||
banners = []
|
||||
if get_banner and (len(connected_ports_sockets) != 0):
|
||||
if len(connected_ports_sockets) != 0:
|
||||
readable_sockets, _, _ = select.select(
|
||||
[s[1] for s in connected_ports_sockets], [], [], 0
|
||||
)
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN
|
||||
|
||||
INTERNAL = {
|
||||
"title": "Internal",
|
||||
"type": "object",
|
||||
|
@ -21,24 +19,6 @@ INTERNAL = {
|
|||
"title": "Monkey",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"victims_max_find": {
|
||||
"title": "Max victims to find",
|
||||
"type": "integer",
|
||||
"default": 100,
|
||||
"description": "Determines the maximum number of machines the monkey is "
|
||||
"allowed to scan",
|
||||
},
|
||||
"victims_max_exploit": {
|
||||
"title": "Max victims to exploit",
|
||||
"type": "integer",
|
||||
"default": 100,
|
||||
"description": "Determines the maximum number of machines the monkey"
|
||||
" is allowed to successfully exploit. "
|
||||
+ WARNING_SIGN
|
||||
+ " Note that setting this value too high may result in the "
|
||||
"monkey propagating to "
|
||||
"a high number of machines",
|
||||
},
|
||||
"alive": {
|
||||
"title": "Alive",
|
||||
"type": "boolean",
|
||||
|
@ -116,12 +96,6 @@ INTERNAL = {
|
|||
"description": "List of TCP ports the monkey will check whether "
|
||||
"they're open",
|
||||
},
|
||||
"tcp_scan_interval": {
|
||||
"title": "TCP scan interval",
|
||||
"type": "integer",
|
||||
"default": 0,
|
||||
"description": "Time to sleep (in milliseconds) between scans",
|
||||
},
|
||||
"tcp_scan_timeout": {
|
||||
"title": "TCP scan timeout",
|
||||
"type": "integer",
|
||||
|
@ -129,13 +103,6 @@ INTERNAL = {
|
|||
"description": "Maximum time (in milliseconds) "
|
||||
"to wait for TCP response",
|
||||
},
|
||||
"tcp_scan_get_banner": {
|
||||
"title": "TCP scan - get banner",
|
||||
"type": "boolean",
|
||||
"default": True,
|
||||
"description": "Determines whether the TCP scan should try to get the "
|
||||
"banner",
|
||||
},
|
||||
},
|
||||
},
|
||||
"ping_scanner": {
|
||||
|
|
|
@ -4,7 +4,6 @@ import {Nav} from 'react-bootstrap';
|
|||
|
||||
const sectionOrder = [
|
||||
'network',
|
||||
'monkey',
|
||||
'island_server',
|
||||
'logging',
|
||||
'exploits',
|
||||
|
|
|
@ -123,14 +123,6 @@ export default function UiSchema(props) {
|
|||
'ui:widget': AdvancedMultiSelect
|
||||
}
|
||||
},
|
||||
monkey: {
|
||||
alive: {
|
||||
classNames: 'config-field-hidden'
|
||||
},
|
||||
aws_keys: {
|
||||
classNames: 'config-field-hidden'
|
||||
}
|
||||
},
|
||||
exploits: {
|
||||
exploit_lm_hash_list:{
|
||||
items: {
|
||||
|
|
|
@ -49,10 +49,6 @@
|
|||
font-size: 1.2em;
|
||||
}
|
||||
|
||||
.config-field-hidden {
|
||||
display: none;
|
||||
}
|
||||
|
||||
.field-description {
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
|
|
|
@ -105,8 +105,6 @@
|
|||
"ProcessListCollector",
|
||||
"MimikatzCollector"
|
||||
],
|
||||
"tcp_scan_get_banner": true,
|
||||
"tcp_scan_interval": 0,
|
||||
"tcp_scan_timeout": 3000,
|
||||
"tcp_target_ports": [
|
||||
22,
|
||||
|
@ -122,7 +120,5 @@
|
|||
7001,
|
||||
8088
|
||||
],
|
||||
"user_to_add": "Monkey_IUSER_SUPPORT",
|
||||
"victims_max_exploit": 100,
|
||||
"victims_max_find": 100
|
||||
"user_to_add": "Monkey_IUSER_SUPPORT"
|
||||
}
|
||||
|
|
|
@ -47,8 +47,6 @@
|
|||
"keep_tunnel_open_time": 60
|
||||
},
|
||||
"monkey": {
|
||||
"victims_max_find": 100,
|
||||
"victims_max_exploit": 100,
|
||||
"alive": true,
|
||||
"aws_keys": {
|
||||
"aws_access_key_id": "",
|
||||
|
@ -88,9 +86,7 @@
|
|||
7001,
|
||||
8088
|
||||
],
|
||||
"tcp_scan_interval": 0,
|
||||
"tcp_scan_timeout": 3000,
|
||||
"tcp_scan_get_banner": true
|
||||
"tcp_scan_timeout": 3000
|
||||
},
|
||||
"ping_scanner": {
|
||||
"ping_scan_timeout": 1000
|
||||
|
|
Loading…
Reference in New Issue