Code changes that loosely implement the prototype of bootloader, but there still is a timeout

This commit is contained in:
VakarisZ 2020-01-27 17:44:18 +02:00
parent c8618e91cd
commit d349f2628c
6 changed files with 91 additions and 24 deletions

View File

@ -216,6 +216,10 @@ class InfectionMonkey(object):
# if host was exploited, before continue to closing the tunnel ensure the exploited host had its chance to # if host was exploited, before continue to closing the tunnel ensure the exploited host had its chance to
# connect to the tunnel # connect to the tunnel
#TODO change back
time.sleep(WormConfiguration.keep_tunnel_open_time)
if len(self._exploited_machines) > 0: if len(self._exploited_machines) > 0:
time_to_sleep = WormConfiguration.keep_tunnel_open_time time_to_sleep = WormConfiguration.keep_tunnel_open_time
LOG.info("Sleeping %d seconds for exploited machines to connect to tunnel", time_to_sleep) LOG.info("Sleeping %d seconds for exploited machines to connect to tunnel", time_to_sleep)

View File

@ -7,6 +7,8 @@ import urllib
from logging import getLogger from logging import getLogger
from urllib.parse import urlsplit from urllib.parse import urlsplit
import requests
import infection_monkey.monkeyfs as monkeyfs import infection_monkey.monkeyfs as monkeyfs
from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
from infection_monkey.network.tools import get_interface_to_target from infection_monkey.network.tools import get_interface_to_target
@ -110,6 +112,19 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler):
proxy_via = None # pseudonym of the proxy in Via header, set to None not to modify original Via header proxy_via = None # pseudonym of the proxy in Via header, set to None not to modify original Via header
protocol_version = "HTTP/1.1" protocol_version = "HTTP/1.1"
def do_POST(self):
content_length = int(self.headers['Content-Length']) # <--- Gets the size of data
post_data = self.rfile.read(content_length).decode() # <--- Gets the data itself
r = requests.post(url=self.path, data=post_data)
if (r.status_code != 200):
# somehow forward post request to the next proxy
r = requests.post(url=self.path, data=post_data, proxy=self.path)
if (r.status_code != 200):
return self.send_response(404)
self.send_response(200)
self.end_headers()
self.wfile.write(r.content)
def version_string(self): def version_string(self):
return "" return ""

View File

@ -126,7 +126,10 @@ class MonkeyTunnel(Thread):
def run(self): def run(self):
self._broad_sock = _set_multicast_socket(self._timeout) self._broad_sock = _set_multicast_socket(self._timeout)
self.l_ips = local_ips() self.l_ips = local_ips()
self.local_port = get_free_tcp_port()
#TODO change back
self.local_port = 5002
#self.local_port = get_free_tcp_port()
if not self.local_port: if not self.local_port:
return return

View File

@ -0,0 +1,41 @@
from http.server import HTTPServer, BaseHTTPRequestHandler
from urllib import parse
import urllib3
import requests
import pymongo
# Disable "unverified certificate" warnings when sending requests to island
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
class BootloaderHttpServer(HTTPServer):
def __init__(self, mongo_url):
self.mongo_client = pymongo.MongoClient(mongo_url)
server_address = ('', 5001)
super().__init__(server_address, BootloaderHTTPRequestHandler)
class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
def do_POST(self):
content_length = int(self.headers['Content-Length'])
post_data = self.rfile.read(content_length).decode()
conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'newconfig'})
if not conf:
conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'initial'})
island_server_path = BootloaderHTTPRequestHandler.get_bootloader_resource_path_from_config(conf)
r = requests.post(url=island_server_path, data=post_data, verify=False)
if r.status_code != 200:
self.send_response(404)
else:
self.send_response(200)
self.end_headers()
self.wfile.write(r.content)
self.connection.close()
@staticmethod
def get_bootloader_resource_path_from_config(config):
address = config['cnc']['servers']['current_server']
return parse.urljoin("https://"+address, "api/bootloader")

View File

@ -3,6 +3,7 @@ import os.path
import sys import sys
import time import time
import logging import logging
from threading import Thread
MINIMUM_MONGO_DB_VERSION_REQUIRED = "3.6.0" MINIMUM_MONGO_DB_VERSION_REQUIRED = "3.6.0"
@ -25,9 +26,24 @@ from monkey_island.cc.utils import local_ip_addresses
from monkey_island.cc.environment.environment import env from monkey_island.cc.environment.environment import env
from monkey_island.cc.database import is_db_server_up, get_db_version from monkey_island.cc.database import is_db_server_up, get_db_version
from monkey_island.cc.resources.monkey_download import MonkeyDownload from monkey_island.cc.resources.monkey_download import MonkeyDownload
from monkey_island.cc.bootloader_server import BootloaderHttpServer
def main(): def main():
logger.info("Starting bootloader server")
mongo_url = os.environ.get('MONGO_URL', env.get_mongo_url())
bootloader_server_thread = Thread(target=BootloaderHttpServer(mongo_url).serve_forever, daemon=True)
# island_server_thread = Thread(target=start_island_server)
bootloader_server_thread.start()
#island_server_thread.start()
start_island_server()
bootloader_server_thread.join()
#island_server_thread.join()
def start_island_server():
from tornado.wsgi import WSGIContainer from tornado.wsgi import WSGIContainer
from tornado.httpserver import HTTPServer from tornado.httpserver import HTTPServer
from tornado.ioloop import IOLoop from tornado.ioloop import IOLoop

View File

@ -1,24 +1,17 @@
import json
from datetime import datetime
import dateutil.parser
import flask_restful import flask_restful
from flask import request from flask import request, make_response
from monkey_island.cc.consts import DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS
from monkey_island.cc.database import mongo
from monkey_island.cc.models.monkey_ttl import create_monkey_ttl_document
from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.node import NodeService
WINDOWS_VERSIONS = { WINDOWS_VERSIONS = {
"5.0" : "Windows 2000", "5.0": "Windows 2000",
"5.1" : "Windows XP", "5.1": "Windows XP",
"5.2" : "Windows XP/server 2003", "5.2": "Windows XP/server 2003",
"6.0" : "Windows Vista/server 2008", "6.0": "Windows Vista/server 2008",
"6.1" : "Windows 7/server 2008R2", "6.1": "Windows 7/server 2008R2",
"6.2" : "Windows 8/server 2012", "6.2": "Windows 8/server 2012",
"6.3" : "Windows 8.1/server 2012R2", "6.3": "Windows 8.1/server 2012R2",
"10.0" : "Windows 10/server 2016-2019" "10.0": "Windows 10/server 2016-2019"
} }
@ -27,13 +20,8 @@ class Bootloader(flask_restful.Resource):
# Used by monkey. can't secure. # Used by monkey. can't secure.
def post(self, **kw): def post(self, **kw):
os_version = request.data.decode().split(" ") os_version = request.data.decode().split(" ")
if (os_version[0] == "W"): if (os_version[0][0] == "W"):
os_type = "windows" os_type = "windows"
os_version = os_version[1:] os_version = os_version[1:]
return make_response({"status": "OK"}, 200)
return {"id": "Abc"}
def get(self, guid=None, **kw):
NodeService.update_dead_monkeys()
return {}