forked from p15670423/monkey
Merge pull request #1255 from guardicore/ransomware_stub
Adds ransomware stub
This commit is contained in:
commit
ccc3557021
|
@ -193,7 +193,11 @@ class Configuration(object):
|
||||||
ms08_067_exploit_attempts = 5
|
ms08_067_exploit_attempts = 5
|
||||||
user_to_add = "Monkey_IUSER_SUPPORT"
|
user_to_add = "Monkey_IUSER_SUPPORT"
|
||||||
|
|
||||||
# User and password dictionaries for exploits.
|
###########################
|
||||||
|
# ransomware config
|
||||||
|
###########################
|
||||||
|
|
||||||
|
ransomware = ""
|
||||||
|
|
||||||
def get_exploit_user_password_pairs(self):
|
def get_exploit_user_password_pairs(self):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -19,6 +19,7 @@ from infection_monkey.network.HostFinger import HostFinger
|
||||||
from infection_monkey.network.network_scanner import NetworkScanner
|
from infection_monkey.network.network_scanner import NetworkScanner
|
||||||
from infection_monkey.network.tools import get_interface_to_target, is_running_on_island
|
from infection_monkey.network.tools import get_interface_to_target, is_running_on_island
|
||||||
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
||||||
|
from infection_monkey.ransomware.ransomware_payload import RansomewarePayload
|
||||||
from infection_monkey.system_info import SystemInfoCollector
|
from infection_monkey.system_info import SystemInfoCollector
|
||||||
from infection_monkey.system_singleton import SystemSingleton
|
from infection_monkey.system_singleton import SystemSingleton
|
||||||
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
||||||
|
@ -232,6 +233,8 @@ class InfectionMonkey(object):
|
||||||
if not self._keep_running:
|
if not self._keep_running:
|
||||||
break
|
break
|
||||||
|
|
||||||
|
RansomewarePayload(WormConfiguration.ransomware).run_payload()
|
||||||
|
|
||||||
if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1):
|
if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1):
|
||||||
time_to_sleep = WormConfiguration.timeout_between_iterations
|
time_to_sleep = WormConfiguration.timeout_between_iterations
|
||||||
LOG.info("Sleeping %d seconds before next life cycle iteration", time_to_sleep)
|
LOG.info("Sleeping %d seconds before next life cycle iteration", time_to_sleep)
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
import logging
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class RansomewarePayload:
|
||||||
|
def __init__(self, config: dict):
|
||||||
|
self.config = config
|
||||||
|
|
||||||
|
def run_payload(self):
|
||||||
|
LOG.info(
|
||||||
|
f"Windows dir configured for encryption is " f"{self.config['windows_dir_ransom']}"
|
||||||
|
)
|
||||||
|
LOG.info(f"Linux dir configured for encryption is " f"{self.config['linux_dir_ransom']}")
|
||||||
|
|
||||||
|
file_list = self._find_files()
|
||||||
|
self._encrypt_files(file_list)
|
||||||
|
|
||||||
|
def _find_files(self):
|
||||||
|
return []
|
||||||
|
|
||||||
|
def _encrypt_files(self, file_list):
|
||||||
|
for file in file_list:
|
||||||
|
self._encrypt_file(file)
|
||||||
|
|
||||||
|
def _encrypt_file(self, file):
|
||||||
|
pass
|
|
@ -106,6 +106,10 @@ class ConfigService:
|
||||||
config_json = ConfigService.get_config(is_initial_config, should_decrypt)
|
config_json = ConfigService.get_config(is_initial_config, should_decrypt)
|
||||||
flat_config_json = {}
|
flat_config_json = {}
|
||||||
for i in config_json:
|
for i in config_json:
|
||||||
|
if i == "ransomware":
|
||||||
|
# Don't flatten the ransomware because ransomware payload expects a dictionary #1260
|
||||||
|
flat_config_json[i] = config_json[i]
|
||||||
|
continue
|
||||||
for j in config_json[i]:
|
for j in config_json[i]:
|
||||||
for k in config_json[i][j]:
|
for k in config_json[i][j]:
|
||||||
if isinstance(config_json[i][j][k], dict):
|
if isinstance(config_json[i][j][k], dict):
|
||||||
|
|
|
@ -10,6 +10,7 @@ from monkey_island.cc.services.config_schema.definitions.system_info_collector_c
|
||||||
)
|
)
|
||||||
from monkey_island.cc.services.config_schema.internal import INTERNAL
|
from monkey_island.cc.services.config_schema.internal import INTERNAL
|
||||||
from monkey_island.cc.services.config_schema.monkey import MONKEY
|
from monkey_island.cc.services.config_schema.monkey import MONKEY
|
||||||
|
from monkey_island.cc.services.config_schema.ransomware import RANSOMWARE
|
||||||
|
|
||||||
SCHEMA = {
|
SCHEMA = {
|
||||||
"title": "Monkey",
|
"title": "Monkey",
|
||||||
|
@ -27,6 +28,7 @@ SCHEMA = {
|
||||||
"basic": BASIC,
|
"basic": BASIC,
|
||||||
"basic_network": BASIC_NETWORK,
|
"basic_network": BASIC_NETWORK,
|
||||||
"monkey": MONKEY,
|
"monkey": MONKEY,
|
||||||
|
"ransomware": RANSOMWARE,
|
||||||
"internal": INTERNAL,
|
"internal": INTERNAL,
|
||||||
},
|
},
|
||||||
"options": {"collapsed": True},
|
"options": {"collapsed": True},
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
RANSOMWARE = {
|
||||||
|
"title": "Ransomware",
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"directories": {
|
||||||
|
"title": "Directories to encrypt",
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"linux_dir": {
|
||||||
|
"title": "Linux encryptable directory",
|
||||||
|
"type": "string",
|
||||||
|
"default": "",
|
||||||
|
"description": "Files in the specified directory will be encrypted "
|
||||||
|
"using bitflip to simulate ransomware.",
|
||||||
|
},
|
||||||
|
"windows_dir": {
|
||||||
|
"title": "Windows encryptable directory",
|
||||||
|
"type": "string",
|
||||||
|
"default": "",
|
||||||
|
"description": "Files in the specified directory will be encrypted "
|
||||||
|
"using bitflip to simulate ransomware.",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
},
|
||||||
|
}
|
|
@ -30,7 +30,7 @@ class ConfigurePageComponent extends AuthComponent {
|
||||||
this.currentFormData = {};
|
this.currentFormData = {};
|
||||||
this.initialConfig = {};
|
this.initialConfig = {};
|
||||||
this.initialAttackConfig = {};
|
this.initialAttackConfig = {};
|
||||||
this.sectionsOrder = ['attack', 'basic', 'basic_network', 'monkey', 'internal'];
|
this.sectionsOrder = ['attack', 'basic', 'basic_network', 'ransomware', 'monkey', 'internal'];
|
||||||
|
|
||||||
this.state = {
|
this.state = {
|
||||||
attackConfig: {},
|
attackConfig: {},
|
||||||
|
|
Loading…
Reference in New Issue