Merge pull request #459 from VakarisZ/monkeyzoo_update

Monkeyzoo update and config_schema improvements
2019-10-14 16:39:17 +03:00 · 2019-10-14 16:39:17 +03:00 · 341dc478bf
parent f4b2874698 1ce17a3bc8
commit 341dc478bf
12 changed files with 33 additions and 225 deletions
--- a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf
+++ b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf
@ -24,7 +24,7 @@
      "local_network_scan": false,
      "subnet_scan_list": [
        "10.2.2.3",
-        "10.2.2.10"
+        "10.2.2.2"
      ]
    },
    "network_analysis": {
--- a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf
+++ b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf
@ -23,7 +23,7 @@
      "depth": 2,
      "local_network_scan": false,
      "subnet_scan_list": [
-        "10.2.2.38"
+        "10.2.2.8"
      ]
    },
    "network_analysis": {
--- a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf
+++ b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf
@ -21,7 +21,7 @@
      "depth": 2,
      "local_network_scan": false,
      "subnet_scan_list": [
-        "10.2.2.44",
+        "10.2.2.14",
        "10.2.2.15"
      ]
    },
--- a/envs/monkey_zoo/blackbox/island_configs/SSH.conf
+++ b/envs/monkey_zoo/blackbox/island_configs/SSH.conf
@ -22,8 +22,8 @@
      "depth": 2,
      "local_network_scan": false,
      "subnet_scan_list": [
-        "10.2.2.41",
-        "10.2.2.42"
+        "10.2.2.11",
+        "10.2.2.12"
      ]
    },
    "network_analysis": {
--- a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf
+++ b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf
@ -23,8 +23,8 @@
      "depth": 2,
      "local_network_scan": false,
      "subnet_scan_list": [
-        "10.2.2.9",
-        "10.2.2.11"
+        "10.2.2.23",
+        "10.2.2.24"
      ]
    },
    "network_analysis": {
--- a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf
+++ b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf
@ -5,10 +5,15 @@
        "Password1!",
        "3Q=(Ge(+&w]*",
        "`))jU7L(w}",
-        "12345678"
+        "12345678",
+        "another_one",
+        "and_another_one",
+        "one_more"
      ],
      "exploit_user_list": [
        "Administrator",
+        "rand",
+        "rand2",
        "m0nk3y",
        "user"
      ]
@ -23,7 +28,7 @@
      "depth": 3,
      "local_network_scan": false,
      "subnet_scan_list": [
-        "10.2.2.32",
+        "10.2.2.9",
        "10.2.1.10",
        "10.2.0.11"
      ]
--- a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf
+++ b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf
@ -21,7 +21,7 @@
      "depth": 2,
      "local_network_scan": false,
      "subnet_scan_list": [
-        "10.2.2.44",
+        "10.2.2.14",
        "10.2.2.15"
      ]
    },
--- a/envs/monkey_zoo/blackbox/test_blackbox.py
+++ b/envs/monkey_zoo/blackbox/test_blackbox.py
@ -13,9 +13,9 @@ from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHand

 DEFAULT_TIMEOUT_SECONDS = 5*60
 MACHINE_BOOTUP_WAIT_SECONDS = 30
-GCP_TEST_MACHINE_LIST = ['sshkeys-11', 'sshkeys-12', 'elastic-4', 'elastic-5', 'haddop-2-v3', 'hadoop-3', 'mssql-16',
-                         'mimikatz-14', 'mimikatz-15', 'final-test-struts2-23', 'final-test-struts2-24',
-                         'tunneling-9', 'tunneling-10', 'tunneling-11', 'weblogic-18', 'weblogic-19', 'shellshock-8']
+GCP_TEST_MACHINE_LIST = ['sshkeys-11', 'sshkeys-12', 'elastic-4', 'elastic-5', 'haddop-2', 'hadoop-3', 'mssql-16',
+                         'mimikatz-14', 'mimikatz-15', 'struts2-23', 'struts2-24', 'tunneling-9', 'tunneling-10',
+                         'tunneling-11', 'weblogic-18', 'weblogic-19', 'shellshock-8']
 LOG_DIR_PATH = "./logs"
 LOGGER = logging.getLogger(__name__)

--- a/envs/monkey_zoo/configs/fullTest.conf
+++ b/envs/monkey_zoo/configs/fullTest.conf
@ -1,202 +0,0 @@
-{
-  "basic": {
-    "credentials": {
-      "exploit_password_list": [
-        "`))jU7L(w}",
-        "3Q=(Ge(+&w]*",
-        "^NgDvY59~8",
-        "Ivrrw5zEzs",
-        "YbS,<tpS.2av"
-      ],
-      "exploit_user_list": [
-        "m0nk3y"
-      ]
-    }
-  },
-  "basic_network": {
-    "general": {
-      "blocked_ips": [],
-      "depth": 2,
-      "local_network_scan": false,
-      "subnet_scan_list": [
-        "10.2.2.2",
-        "10.2.2.3",
-        "10.2.2.4",
-        "10.2.2.5",
-        "10.2.2.8",
-        "10.2.2.9",
-        "10.2.1.9",
-        "10.2.1.10",
-        "10.2.2.11",
-        "10.2.2.12",
-        "10.2.2.14",
-        "10.2.2.15",
-        "10.2.2.16",
-        "10.2.2.18",
-        "10.2.2.19",
-        "10.2.2.20",
-        "10.2.2.21",
-        "10.2.2.23",
-        "10.2.2.24"
-      ]
-    },
-    "network_analysis": {
-      "inaccessible_subnets": []
-    }
-  },
-  "cnc": {
-    "servers": {
-      "command_servers": [
-        "192.168.56.1:5000",
-        "158.129.18.132:5000"
-      ],
-      "current_server": "192.168.56.1:5000",
-      "internet_services": [
-        "monkey.guardicore.com",
-        "www.google.com"
-      ]
-    }
-  },
-  "exploits": {
-    "general": {
-      "exploiter_classes": [
-        "SmbExploiter",
-        "WmiExploiter",
-        "ShellShockExploiter",
-        "SambaCryExploiter",
-        "ElasticGroovyExploiter",
-        "Struts2Exploiter",
-        "WebLogicExploiter",
-        "HadoopExploiter"
-      ],
-      "skip_exploit_if_file_exist": false
-    },
-    "ms08_067": {
-      "ms08_067_exploit_attempts": 5,
-      "ms08_067_remote_user_add": "Monkey_IUSER_SUPPORT",
-      "ms08_067_remote_user_pass": "Password1!",
-      "remote_user_pass": "Password1!",
-      "user_to_add": "Monkey_IUSER_SUPPORT"
-    },
-    "sambacry": {
-      "sambacry_folder_paths_to_guess": [
-        "/",
-        "/mnt",
-        "/tmp",
-        "/storage",
-        "/export",
-        "/share",
-        "/shares",
-        "/home"
-      ],
-      "sambacry_shares_not_to_check": [
-        "IPC$",
-        "print$"
-      ],
-      "sambacry_trigger_timeout": 5
-    },
-    "smb_service": {
-      "smb_download_timeout": 300,
-      "smb_service_name": "InfectionMonkey"
-    }
-  },
-  "internal": {
-    "classes": {
-      "finger_classes": [
-        "SMBFinger",
-        "SSHFinger",
-        "PingScanner",
-        "HTTPFinger",
-        "MySQLFinger",
-        "MSSQLFinger",
-        "ElasticFinger"
-      ],
-      "scanner_class": "TcpScanner"
-    },
-    "dropper": {
-      "dropper_date_reference_path_linux": "/bin/sh",
-      "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll",
-      "dropper_set_date": true,
-      "dropper_target_path_linux": "/tmp/monkey",
-      "dropper_target_path_win_32": "C:\\Windows\\monkey32.exe",
-      "dropper_target_path_win_64": "C:\\Windows\\monkey64.exe",
-      "dropper_try_move_first": true
-    },
-    "exploits": {
-      "exploit_lm_hash_list": [],
-      "exploit_ntlm_hash_list": [],
-      "exploit_ssh_keys": []
-    },
-    "general": {
-      "keep_tunnel_open_time": 60,
-      "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
-    },
-    "kill_file": {
-      "kill_file_path_linux": "/var/run/monkey.not",
-      "kill_file_path_windows": "%windir%\\monkey.not"
-    },
-    "logging": {
-      "dropper_log_path_linux": "/tmp/user-1562",
-      "dropper_log_path_windows": "%temp%\\~df1562.tmp",
-      "monkey_log_path_linux": "/tmp/user-1563",
-      "monkey_log_path_windows": "%temp%\\~df1563.tmp",
-      "send_log_to_server": true
-    }
-  },
-  "monkey": {
-    "behaviour": {
-      "self_delete_in_cleanup": false,
-      "serialize_config": false,
-      "use_file_logging": true
-    },
-    "general": {
-      "alive": true,
-      "post_breach_actions": [
-        "BackdoorUser"
-      ]
-    },
-    "life_cycle": {
-      "max_iterations": 1,
-      "retry_failed_explotation": true,
-      "timeout_between_iterations": 100,
-      "victims_max_exploit": 30,
-      "victims_max_find": 30
-    },
-    "system_info": {
-      "collect_system_info": true,
-      "extract_azure_creds": true,
-      "should_use_mimikatz": true
-    }
-  },
-  "network": {
-    "ping_scanner": {
-      "ping_scan_timeout": 1000
-    },
-    "tcp_scanner": {
-      "HTTP_PORTS": [
-        80,
-        8080,
-        443,
-        8008,
-        7001
-      ],
-      "tcp_scan_get_banner": true,
-      "tcp_scan_interval": 200,
-      "tcp_scan_timeout": 3000,
-      "tcp_target_ports": [
-        22,
-        2222,
-        445,
-        135,
-        3389,
-        80,
-        8080,
-        443,
-        8008,
-        3306,
-        9200,
-        7001
-      ]
-    }
-  }
-}
--- a/envs/monkey_zoo/terraform/firewalls.tf
+++ b/envs/monkey_zoo/terraform/firewalls.tf
@ -35,7 +35,7 @@ resource "google_compute_firewall" "monkeyzoo-in" {

  direction = "INGRESS"
  priority = "65534"
-  source_ranges = ["10.2.2.0/24", "10.2.1.0/27"]
+  source_ranges = ["10.2.2.0/24"]
 }

 resource "google_compute_firewall" "monkeyzoo-out" {
@ -48,7 +48,7 @@ resource "google_compute_firewall" "monkeyzoo-out" {

  direction = "EGRESS"
  priority = "65534"
-  destination_ranges = ["10.2.2.0/24", "10.2.1.0/27"]
+  destination_ranges = ["10.2.2.0/24"]
 }

 resource "google_compute_firewall" "tunneling-in" {
@ -60,7 +60,7 @@ resource "google_compute_firewall" "tunneling-in" {
  }

  direction = "INGRESS"
-  source_ranges = ["10.2.2.0/24", "10.2.0.0/28"]
+  source_ranges = ["10.2.1.0/24"]
 }

 resource "google_compute_firewall" "tunneling-out" {
@ -72,8 +72,9 @@ resource "google_compute_firewall" "tunneling-out" {
  }

  direction = "EGRESS"
-  destination_ranges = ["10.2.2.0/24", "10.2.0.0/28"]
+  destination_ranges = ["10.2.1.0/24"]
 }
+
 resource "google_compute_firewall" "tunneling2-in" {
  name    = "${local.resource_prefix}tunneling2-in"
  network = "${google_compute_network.tunneling2.name}"
@ -83,7 +84,7 @@ resource "google_compute_firewall" "tunneling2-in" {
  }

  direction = "INGRESS"
-  source_ranges = ["10.2.1.0/27"]
+  source_ranges = ["10.2.0.0/24"]
 }

 resource "google_compute_firewall" "tunneling2-out" {
@ -95,5 +96,5 @@ resource "google_compute_firewall" "tunneling2-out" {
  }

  direction = "EGRESS"
-  destination_ranges = ["10.2.1.0/27"]
+  destination_ranges = ["10.2.0.0/24"]
 }
--- a/monkey/infection_monkey/example.conf
+++ b/monkey/infection_monkey/example.conf
@ -44,7 +44,8 @@
        "Struts2Exploiter",
        "WebLogicExploiter",
        "HadoopExploiter",
-        "VSFTPDExploiter"
+        "VSFTPDExploiter",
+        "MSSQLExploiter"
    ],
    "finger_classes": [
        "SSHFinger",
@ -93,7 +94,8 @@
        3306,
        8008,
        9200,
-        7001
+        7001,
+        8088
    ],
    "timeout_between_iterations": 10,
    "use_file_logging": true,
--- a/monkey/monkey_island/cc/services/config_schema.py
+++ b/monkey/monkey_island/cc/services/config_schema.py
@ -753,7 +753,8 @@ SCHEMA = {
                                "Struts2Exploiter",
                                "WebLogicExploiter",
                                "HadoopExploiter",
-                                "VSFTPDExploiter"
+                                "VSFTPDExploiter",
+                                "MSSQLExploiter"
                            ],
                            "description":
                                "Determines which exploits to use. " + WARNING_SIGN
@ -899,7 +900,8 @@ SCHEMA = {
                                8008,
                                3306,
                                9200,
-                                7001
+                                7001,
+                                8088
                            ],
                            "description": "List of TCP ports the monkey will check whether they're open"
                        },