Remove username/password lists from code. get/set from global config

monkey_island/cc/island_config.py

@@ -1,8 +1,4 @@
 __author__ = 'itay.mizeretz'
 
 ISLAND_PORT = 5000
-DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland"
+DEFAULT_MONGO_URL = "mongodb://localhost:27017/monkeyisland"
-
-# TODO: remove this, and get from global config`
-INITIAL_USERNAMES = ['Administrator', 'root', 'user']
-INITIAL_PASSWORDS = ["Password1!", "1234", "password", "12345678"]

monkey_island/cc/main.py

@@ -8,8 +8,8 @@ if BASE_PATH not in sys.path:
     sys.path.insert(0, BASE_PATH)
 
 from cc.app import init_app
-from cc.utils import init_collections, local_ip_addresses
+from cc.utils import local_ip_addresses
-from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT, INITIAL_USERNAMES, INITIAL_PASSWORDS
+from cc.island_config import DEFAULT_MONGO_URL, ISLAND_PORT
 
 if __name__ == '__main__':
     from tornado.wsgi import WSGIContainer
@@ -17,8 +17,6 @@ if __name__ == '__main__':
     from tornado.ioloop import IOLoop
 
     app = init_app(os.environ.get('MONGO_URL', DEFAULT_MONGO_URL))
-    with app.app_context():
-        init_collections(INITIAL_USERNAMES, INITIAL_PASSWORDS)
     http_server = HTTPServer(WSGIContainer(app),
                              ssl_options={'certfile': os.environ.get('SERVER_CRT', 'server.crt'),
                                           'keyfile': os.environ.get('SERVER_KEY', 'server.key')})

monkey_island/cc/resources/monkey.py

@@ -33,10 +33,6 @@ class Monkey(flask_restful.Resource):
 
         if guid:
             monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
-            monkey_json['config']['exploit_user_list'] = \
-                map(lambda x: x['username'], mongo.db.usernames.find({}, {'_id': 0, 'username': 1}).sort([('count', -1)]))
-            monkey_json['config']['exploit_password_list'] = \
-                map(lambda x: x['password'], mongo.db.passwords.find({}, {'_id': 0, 'password': 1}).sort([('count', -1)]))
             return monkey_json
         else:
             result = {'timestamp': datetime.now().isoformat()}

monkey_island/cc/resources/root.py

@@ -5,7 +5,7 @@ import flask_restful
 
 from cc.database import mongo
 
-from cc.utils import init_collections, local_ip_addresses
+from cc.utils import local_ip_addresses
 
 __author__ = 'Barak'
 
@@ -22,11 +22,8 @@ class Root(flask_restful.Resource):
             mongo.db.config.drop()
             mongo.db.monkey.drop()
             mongo.db.telemetry.drop()
-            mongo.db.usernames.drop()
-            mongo.db.passwords.drop()
             mongo.db.node.drop()
             mongo.db.edge.drop()
-            init_collections()
             return jsonify(status='OK')
         elif action == "killall":
             mongo.db.monkey.update({}, {'$set': {'config.alive': False, 'modifytime': datetime.now()}}, upsert=False,

monkey_island/cc/resources/telemetry.py

@@ -9,8 +9,7 @@ import flask_restful
 from cc.database import mongo
 from cc.services.edge import EdgeService
 from cc.services.node import NodeService
-
+from cc.services.config import ConfigService
-from cc.utils import creds_add_username, creds_add_password
 
 __author__ = 'Barak'
 
@@ -93,10 +92,9 @@ class Telemetry(flask_restful.Resource):
         if 'credentials' in telemetry_json['data']:
             creds = telemetry_json['data']['credentials']
             for user in creds:
-                creds_add_username(user)
+                ConfigService.creds_add_username(user)
-
                 if 'password' in creds[user]:
-                    creds_add_password(creds[user]['password'])
+                    ConfigService.creds_add_password(creds[user]['password'])
 
     def add_scan_to_edge(self, edge, telemetry_json):
         data = telemetry_json['data']['machine']
@@ -125,9 +123,6 @@ class Telemetry(flask_restful.Resource):
                                          {"$set": {"os.version": scan_os["version"]}},
                                          upsert=False)
 
-
-
-
     def add_exploit_to_edge(self, edge, telemetry_json):
         data = telemetry_json['data']
         data["machine"].pop("ip_addr")

monkey_island/cc/services/config.py

@@ -749,6 +749,7 @@ SCHEMA = {
     }
 }
 
+
 class ConfigService:
     def __init__(self):
         pass
@@ -775,6 +776,22 @@ class ConfigService:
     def get_config_schema():
         return SCHEMA
 
+    @staticmethod
+    def creds_add_username(username):
+        mongo.db.config.update(
+            {'name': 'newconfig'},
+            {'$addToSet': {'exploits.credentials.exploit_user_list': username}},
+            upsert=False
+        )
+
+    @staticmethod
+    def creds_add_password(password):
+        mongo.db.config.update(
+            {'name': 'newconfig'},
+            {'$addToSet': {'exploits.credentials.exploit_password_list': password}},
+            upsert=False
+        )
+
     @staticmethod
     def update_config():
         pass

monkey_island/cc/utils.py

@@ -11,36 +11,6 @@ from cc.database import mongo
 __author__ = 'Barak'
 
 
-# data structures
-
-def creds_add_username(username):
-    mongo.db.usernames.update(
-        {'username': username},
-        {'$inc': {'count': 1}},
-        upsert=True
-    )
-
-
-def creds_add_password(password):
-    mongo.db.passwords.update(
-        {'password': password},
-        {'$inc': {'count': 1}},
-        upsert=True
-    )
-
-
-def init_collections(usernames, passwords):
-    if "usernames" not in mongo.db.collection_names():
-        mongo.db.usernames.create_index([("username", 1)], unique=True)
-        for username in usernames:
-            creds_add_username(username)
-
-    if "passwords" not in mongo.db.collection_names():
-        mongo.db.passwords.create_index([("password", 1)], unique=True)
-        for password in passwords:
-            creds_add_password(password)
-
-
 # Local ips function
 if sys.platform == "win32":
     def local_ips():