forked from p15670423/monkey
Merge branch 'master' of https://github.com/guardicore/monkey
This commit is contained in:
commit
9adffe86dc
20
README.md
20
README.md
|
@ -27,23 +27,22 @@ The monkey is the tool which infects other machines and propagates to them, whil
|
||||||
|
|
||||||
### Requirements
|
### Requirements
|
||||||
|
|
||||||
|
|
||||||
The C&C Server has been tested on Ubuntu 14.04.
|
The C&C Server has been tested on Ubuntu 14.04.
|
||||||
The Monkey itself has been tested on Windows XP, 7, 8.1 and 10. The Linux build has been tested on Ubuntu server 14.04 and 15.10.
|
The Monkey itself has been tested on Windows XP, 7, 8.1 and 10. The Linux build has been tested on Ubuntu server 14.04 and 15.10.
|
||||||
|
|
||||||
### Installation
|
### Installation
|
||||||
|
|
||||||
For off the shelf use, download our pre-compiled binaries from our website, to setup the C&C server follow the instructions in [Monkey Island readme](monkey_island/readme.txt). If you with to compile the binaries yourself, follow the build instructions later on in this readme.
|
For off the shelf use, download our pre-compiled binaries from our website, to setup the C&C server follow the instructions in [Monkey Island readme](monkey_island/readme.txt). If you with to compile the binaries yourself, follow the build instructions later on in this readme.
|
||||||
|
|
||||||
Usage
|
### Initial configuration.
|
||||||
-----
|
Whether by downloading or building from source, the Infection Monkey is basically 4 executable files for different platforms and a default configuration file.
|
||||||
|
|
||||||
### Configuring the Monkey
|
|
||||||
|
|
||||||
Monkey configuration is stored in two places:
|
Monkey configuration is stored in two places:
|
||||||
1. By default, the monkey uses a local configuration file (usually, config.bin). This configuration file must include the address of the Monkey's C&C server.
|
1. By default, the monkey uses a local configuration file (usually, config.bin). This configuration file must include the address of the Monkey's C&C server.
|
||||||
2. After successfully connecting to the C&C server, the monkey downloads a new configuration from the server and discards the local configuration. It is possible to change the default configuration from the C&C server's UI.
|
2. After successfully connecting to the C&C server, the monkey downloads a new configuration from the server and discards the local configuration. It is possible to change the default configuration from the C&C server's UI.
|
||||||
|
|
||||||
|
In both cases the command server hostname should be modified to point at your local instance of the Monkey Island (note this doesn't require connectivity right off the bat). In addition, to improve the Monkey's chances of spreading, you can pre-seed it with credentials and usernames commonly used.
|
||||||
|
|
||||||
Both configuration options use a JSON format for specifying options; see "Options" below for details.
|
Both configuration options use a JSON format for specifying options; see "Options" below for details.
|
||||||
|
|
||||||
### Running the C&C Server
|
### Running the C&C Server
|
||||||
|
@ -52,16 +51,13 @@ Running the C&C Server is as simple as installing our infected monkey debian pac
|
||||||
|
|
||||||
### Unleashing the Monkey
|
### Unleashing the Monkey
|
||||||
|
|
||||||
Download the latest Monkey binary from <> (alternatively, build it by yourself by following the instructions below).
|
Once configured, run the monkey using ```./monkey-linux-64 m0nk3y -c config.bin``` (Windows is identical). This can be done at multiple points in the network at once.
|
||||||
The download includes executables for various operating systems, and a default configuration file (config.bin).
|
|
||||||
You can edit the configuration file according the the options detailed below; the default configuration assumes <WHAT?>.
|
|
||||||
|
|
||||||
Once downloaded, run the monkey using ```./monkey-linux-64 m0nk3y -c config.bin```
|
|
||||||
|
|
||||||
Command line options include:
|
Command line options include:
|
||||||
* `-c`, `--config`: set configuration file. JSON file with configuration values, will override compiled configuration.
|
* `-c`, `--config`: set configuration file. JSON file with configuration values, will override compiled configuration.
|
||||||
* `-p`, `--parent`: set monkey’s parent uuid, allows better recognition of exploited monkeys in c&c
|
* `-p`, `--parent`: set monkey’s parent uuid, allows better recognition of exploited monkeys in c&c
|
||||||
* `-t`, `--tunnel`: ip:port, set default tunnel for monkey when connecting to c&c.
|
* `-t`, `--tunnel`: ip:port, set default tunnel for monkey when connecting to c&c.
|
||||||
|
* `-d`, `--depth` : sets the monkeys current operation depth.
|
||||||
|
|
||||||
|
|
||||||
Monkey Modus Operandi
|
Monkey Modus Operandi
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
REM c:\Python27\python -m PyInstaller.main --name monkey -F -y --clean -i monkey.ico main.py
|
REM c:\Python27\python -m PyInstaller.main --name monkey -F -y --clean -i monkey.ico main.py
|
||||||
c:\python27\Scripts\pyinstaller --upx-dir=.\bin monkey.spec
|
c:\python27\Scripts\pyinstaller --log-level=DEBUG --clean --upx-dir=.\bin monkey.spec
|
||||||
|
|
|
@ -103,6 +103,12 @@ class Configuration(object):
|
||||||
dropper_target_path = r"C:\Windows\monkey.exe"
|
dropper_target_path = r"C:\Windows\monkey.exe"
|
||||||
dropper_target_path_linux = '/bin/monkey'
|
dropper_target_path_linux = '/bin/monkey'
|
||||||
|
|
||||||
|
###########################
|
||||||
|
# Kill file
|
||||||
|
###########################
|
||||||
|
kill_file_path_windows = os.path.expandvars("%temp%\~df4150.tmp")
|
||||||
|
kill_file_path_linux = '/tmp/user-4150'
|
||||||
|
|
||||||
###########################
|
###########################
|
||||||
# monkey config
|
# monkey config
|
||||||
###########################
|
###########################
|
||||||
|
@ -143,7 +149,7 @@ class Configuration(object):
|
||||||
# sets whether or not to retry failed hosts on next scan
|
# sets whether or not to retry failed hosts on next scan
|
||||||
retry_failed_explotation = True
|
retry_failed_explotation = True
|
||||||
|
|
||||||
# addresses of internet servers to ping and check if the monkey has internet acccess.
|
#addresses of internet servers to ping and check if the monkey has internet acccess.
|
||||||
internet_services = ["monkey.guardicore.com", "www.google.com"]
|
internet_services = ["monkey.guardicore.com", "www.google.com"]
|
||||||
|
|
||||||
###########################
|
###########################
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
"41.50.73.31:5000"
|
"41.50.73.31:5000"
|
||||||
],
|
],
|
||||||
"internet_services": = [
|
"internet_services": = [
|
||||||
"www.guardicore.com",
|
"monkey.guardicore.com",
|
||||||
"www.google.com"
|
"www.google.com"
|
||||||
],
|
],
|
||||||
"range_class": "RelativeRange",
|
"range_class": "RelativeRange",
|
||||||
|
@ -35,6 +35,9 @@
|
||||||
"dropper_set_date": true,
|
"dropper_set_date": true,
|
||||||
"dropper_target_path": "C:\\Windows\\monkey.exe",
|
"dropper_target_path": "C:\\Windows\\monkey.exe",
|
||||||
"dropper_target_path_linux": "/bin/monkey",
|
"dropper_target_path_linux": "/bin/monkey",
|
||||||
|
|
||||||
|
"kill_path_linux": "/tmp/user-4150",
|
||||||
|
"kill_path_windows": "%temp%\\~df4150.tmp",
|
||||||
"dropper_try_move_first": false,
|
"dropper_try_move_first": false,
|
||||||
"exploiter_classes": [
|
"exploiter_classes": [
|
||||||
"SSHExploiter",
|
"SSHExploiter",
|
||||||
|
|
|
@ -3,7 +3,6 @@ import sys
|
||||||
import socket
|
import socket
|
||||||
import struct
|
import struct
|
||||||
import array
|
import array
|
||||||
import psutil
|
|
||||||
import ipaddress
|
import ipaddress
|
||||||
from random import randint
|
from random import randint
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue