p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fix horrid encryption bug where monkeys would not receive new credentials. 

Note the change in config.py is not optimal but should be fixed as part of another PR
This commit is contained in:
Daniel Goldberg 2018-03-27 12:51:05 +03:00
parent 9b44fc8b98
commit b06d92331d
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey_island/cc/resources/monkey.py
View File

@ -24,6 +24,7 @@ class Monkey(flask_restful.Resource):
if guid: if guid:
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid}) monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
monkey_json['config'] = ConfigService.decrypt_flat_config(monkey_json['config'])
return monkey_json return monkey_json
return {} return {}
@ -65,7 +66,8 @@ class Monkey(flask_restful.Resource):
# if new monkey telem, change config according to "new monkeys" config. # if new monkey telem, change config according to "new monkeys" config.
db_monkey = mongo.db.monkey.find_one({"guid": monkey_json["guid"]}) db_monkey = mongo.db.monkey.find_one({"guid": monkey_json["guid"]})
if not db_monkey: if not db_monkey:
new_config = ConfigService.get_flat_config(False, True) # we pull it encrypted because we then decrypt it for the monkey in get
new_config = ConfigService.get_flat_config(False, False)
monkey_json['config'] = monkey_json.get('config', {}) monkey_json['config'] = monkey_json.get('config', {})
monkey_json['config'].update(new_config) monkey_json['config'].update(new_config)
else: else:

14
monkey_island/cc/services/config.py
View File

@ -1,4 +1,5 @@
import copy import copy
import collections
import functools import functools
from jsonschema import Draft4Validator, validators from jsonschema import Draft4Validator, validators
@ -985,6 +986,19 @@ class ConfigService:
def encrypt_config(config): def encrypt_config(config):
ConfigService._encrypt_or_decrypt_config(config, False) ConfigService._encrypt_or_decrypt_config(config, False)
@staticmethod
def decrypt_flat_config(flat_config):
"""
Same as decrypt_config but for a flat configuration
"""
keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS]
for key in keys:
if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], basestring):
flat_config[key] = [encryptor.dec(item) for item in flat_config[key]]
else:
flat_config[key] = encryptor.dec(flat_config[key])
return flat_config
@staticmethod @staticmethod
def _encrypt_or_decrypt_config(config, is_decrypt=False): def _encrypt_or_decrypt_config(config, is_decrypt=False):
for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS: for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS: