p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'develop' into 669/drupal 

# Conflicts:
#	monkey/monkey_island/cc/services/config_schema.py
This commit is contained in:
ophirharpazg 2020-08-30 18:03:54 +03:00
parent 6fa1801280 1b86e00d33
commit 3df5078ec1
441 changed files with 15353 additions and 8488 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,15 +1,20 @@
# What is this?
# What does this PR do?
Fixes #`put issue number here`.
Add any further explanations here.
## Checklist
## PR Checklist
* [ ] Have you added an explanation of what your changes do and why you'd like to include them?
* [ ] Have you successfully tested your changes locally?
* [ ] Is the TravisCI build passing?
## Proof that it works
If applicable, add screenshots or log transcripts of the feature working
## Testing Checklist
* [ ] Added relevant unit tests?
* [ ] Have you successfully tested your changes locally? Elaborate:
> Tested by {Running the Monkey locally with relevant config/running Island/...}
* [ ] If applicable, add screenshots or log transcripts of the feature working
## Explain Changes
## Changes
Are the commit messages enough? If not, elaborate.

2
.gitignore vendored
View File

@ -91,7 +91,7 @@ profiler_logs/
# vim swap files
*.swp
# Server config might contain credentials. Don't commit by default.
# Server config might contain credentials
/monkey/monkey_island/cc/server_config.json
# Virtualenv

2
.gitmodules vendored
View File

@ -4,4 +4,4 @@
url = https://github.com/guardicore/cti
[submodule "docs/themes/learn"]
path = docs/themes/learn
url = https://github.com/ShayNehmad/hugo-theme-learn.git
url = https://github.com/guardicode/hugo-theme-learn.git

15
.travis.yml
View File

@ -16,11 +16,15 @@ python:
os: linux
before_install:
# Init server_config.json to default
- cp monkey/monkey_island/cc/server_config.json.default monkey/monkey_island/cc/server_config.json
install:
# Python
- pip freeze
- pip install -r monkey/monkey_island/requirements.txt # for unit tests
- pip install flake8 pytest dlint # for next stages
- pip install flake8 pytest dlint isort # for next stages
- pip install coverage # for code coverage
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
- pip install pipdeptree
@ -50,7 +54,9 @@ install:
before_script:
# Set the server config to `testing`. This is required for for the UTs to pass.
- python monkey/monkey_island/cc/set_server_config.py testing
- pushd /home/travis/build/guardicore/monkey/monkey
- python monkey_island/cc/environment/set_server_config.py testing
- popd
script:
# Check Python code
@ -69,6 +75,9 @@ script:
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=120
- if [ $(tail -n 1 flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
## Check import order
- python -m isort . -c -p common -p infection_monkey -p monkey_island
## Run unit tests
- cd monkey # This is our source dir
- python -m pytest # Have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path.
@ -80,7 +89,7 @@ script:
- cd monkey_island/cc/ui
- npm ci # See https://docs.npmjs.com/cli/ci.html
- eslint ./src --quiet # Test for errors
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=70
- JS_WARNINGS_AMOUNT_UPPER_LIMIT=28
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
# Build documentation

11
README.md
View File

@ -51,17 +51,16 @@ The Infection Monkey uses the following techniques and exploits to propagate to
* SambaCry
* Elastic Search (CVE-2015-1427)
* Weblogic server
* and more
* and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.
## Setup
Check out the [Setup](https://github.com/guardicore/monkey/wiki/setup) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/wt/).
Check out the [Setup](https://www.guardicore.com/infectionmonkey/docs/setup/) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/docs/usage/getting-started/).
The Infection Monkey supports a variety of platforms, documented [in the wiki](https://github.com/guardicore/monkey/wiki/OS-compatibility).
The Infection Monkey supports a variety of platforms, documented [in our documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/operating_systems_support/).
## Building the Monkey from source
To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts) folder.
If you only want to build the monkey from source, see [Setup](https://github.com/guardicore/monkey/wiki/Setup#compile-it-yourself)
and follow the instructions at the readme files under [infection_monkey](monkey/infection_monkey) and [monkey_island](monkey/monkey_island).
To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts)
folder or follow documentation in [documentation hub](https://www.guardicore.com/infectionmonkey/docs/development/setup-development-environment/).
### Build status
| Branch | Status |

43
deployment_scripts/config
View File

@ -1,21 +1,44 @@
#!/usr/bin/env bash
# Absolute monkey's path
MONKEY_FOLDER_NAME="infection_monkey"
export MONKEY_FOLDER_NAME="infection_monkey"
# Url of public git repository that contains monkey's source code
MONKEY_GIT_URL="https://github.com/guardicore/monkey"
export MONKEY_GIT_URL="https://github.com/guardicore/monkey"
get_latest_release() {
curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub API
grep '"tag_name":' | # Get tag line
sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value
}
MONKEY_LATEST_RELEASE=$(get_latest_release "monkey/guardicore")
# Monkey binaries
LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/monkey-linux-32"
LINUX_32_BINARY_NAME="monkey-linux-32"
LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/monkey-linux-64"
LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-32"
export LINUX_32_BINARY_URL
export LINUX_32_BINARY_NAME
LINUX_64_BINARY_NAME="monkey-linux-64"
WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/monkey-windows-32.exe"
LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-64"
export LINUX_64_BINARY_URL
export LINUX_64_BINARY_NAME
WINDOWS_32_BINARY_NAME="monkey-windows-32.exe"
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/monkey-windows-64.exe"
WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-32.exe"
export WINDOWS_32_BINARY_URL
export WINDOWS_32_BINARY_NAME
WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-64.exe"
export WINDOWS_64_BINARY_URL
export WINDOWS_64_BINARY_NAME
# Other binaries for monkey
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/traceroute64"
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/traceroute32"
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/sc_monkey_runner64.so"
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/sc_monkey_runner32.so"
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute64"
export TRACEROUTE_64_BINARY_URL
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute32"
export TRACEROUTE_32_BINARY_URL
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner64.so"
export SAMBACRY_64_BINARY_URL
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner32.so"
export SAMBACRY_32_BINARY_URL

6
deployment_scripts/config.ps1
View File

@ -1,12 +1,14 @@
# Absolute monkey's path
$MONKEY_FOLDER_NAME = "infection_monkey"
# Url of public git repository that contains monkey's source code
$MONKEY_REPO = "guardicore/monkey"
$MONKEY_GIT_URL = "https://github.com/guardicore/monkey"
$MONKEY_RELEASES_URL = $MONKEY_GIT_URL + "/releases"
$MONKEY_LATEST_VERSION = "v1.7.0"
$MONKEY_API_RELEASES_URL = "https://api.github.com/repos/$MONKEY_REPO/releases"
$MONKEY_LATEST_VERSION = (Invoke-WebRequest $MONKEY_API_RELEASES_URL | ConvertFrom-Json)[0].tag_name
$MONKEY_DOWNLOAD_URL = $MONKEY_RELEASES_URL + "/download/" + $MONKEY_LATEST_VERSION + "/"
# Link to the latest python download or install it manually
$PYTHON_URL = "https://www.python.org/ftp/python/3.7.6/python-3.7.6-amd64.exe"
$PYTHON_URL = "https://www.python.org/ftp/python/3.7.7/python-3.7.7-amd64.exe"
# Monkey binaries

26
docs/content/development/add-zero-trust-test.md Normal file
View File

@ -0,0 +1,26 @@
---
title: "Adding Zero Trust Tests"
date: 2020-07-14T10:19:08+03:00
draft: false
weight: 100
---
## How to add a new Zero Trust test to the Monkey?
Assuming the Monkey agent is already sending the relevant telemetry, you'll need to add the test in two places.
### `zero_trust_consts.py`
In the file `/monkey/common/data/zero_trust_consts.py`,
1. Add the test name to the TESTS set
2. Add a relevant recommendation if exists
3. Add the test to the TESTS_MAP dict. Make sure that all statuses (except `STATUS_UNEXECUTED`) have finding explanations.
### `telemetry/processing.py`
Find the relevant telemetry type you wish to test the finding in. This can be found in `/monkey/monkey_island/cc/services/telemetry/processing.py`. In the relevant `process_*_telemetry` function, add your Zero Trust testing code. Please put the zero trust tests under the `/monkey/monkey_island/cc/services/telemetry/zero_trust_tests` directory. There you can find examples of existing tests as well, so you'll know pretty much what you need to write.
## How to test the new Zero Trust test I've implemented?
Test ALL possible finding statuses you've defined in a fake network. Observe the events as well and see they were formatted correctly. If there's an algorithmic part to your Zero Trust test, please cover it using a Unit Test.

2
docs/content/development/adding-exploits.md
View File

@ -2,4 +2,6 @@
title: "Adding Exploits"
date: 2020-06-08T19:53:00+03:00
draft: true
tags: ["contribute"]
weight: 50
---

72
docs/content/development/adding-post-breach-actions.md
View File

@ -1,6 +1,76 @@
---
title: "Adding Post Breach Actions"
date: 2020-06-08T19:53:13+03:00
draft: true
draft: false
tags: ["contribute"]
weight: 90
---
## What's this?
This guide will show you how to create a new _Post Breach action_ for the Infection Monkey. _Post Breach actions_ are "extra" actions that the Monkey can perform on the victim machines after it propagated to them.
## Do I need a new PBA?
If all you want is to execute shell commands, then there's no need to add a new PBA - just configure the required commands in the Monkey Island configuration! If you think that those specific commands have reuse value in all deployments and not just your own, you can add a new PBA. If you need to run actual Python code, you must add a new PBA.
## How to add a new PBA
### Monkey side
#### Framework
1. Create your new action in the following directory: `monkey/infection_monkey/post_breach/actions` by first creating a new file with the name of your action.
2. In that file, create a class that inherits from the `PBA` class:
```python
from infection_monkey.post_breach.pba import PBA
class MyNewPba(PBA):
```
3. Set the action name in the constructor, like so:
```python
class MyNewPba(PBA):
def __init__(self):
super(MyNewPba, self).__init__(name="MyNewPba")
```
#### Implementation
If your PBA consists only of simple shell commands, you can reuse the generic PBA by passing the commands into the constructor. See the `add_user.py` PBA for reference.
Otherwise, you'll need to override the `run` method with your own implementation. See the `communicate_as_new_user.py` PBA for reference. Make sure to send the relevant PostBreachTelem upon success/failure. You can log during the PBA as well.
### Island side
#### Configuration
You'll need to add your PBA to the `config_schema.py` file, under `post_breach_acts`, like so:
```json
"post_breach_acts": {
"title": "Post breach actions",
"type": "string",
"anyOf": [
# ...
{
"type": "string",
"enum": [
"MyNewPba"
],
"title": "My new PBA",
"attack_techniques": []
},
],
},
```
Now you can choose your PBA when configuring the Monkey on the Monkey island:
![PBA in configuration](https://i.imgur.com/9PrcWr0.png)
#### Telemetry processing
If you wish to process your Post Breach action telemetry (for example, to analyze it for report data), add a processing function to the `POST_BREACH_TELEMETRY_PROCESSING_FUNCS` which can be found at `monkey/monkey_island/cc/services/telemetry/processing/post_breach.py`. You can look at the `process_communicate_as_new_user_telemetry` method as an example.

97
docs/content/development/adding-system-info-collectors.md
View File

@ -1,6 +1,101 @@
---
title: "Adding System Info Collectors"
date: 2020-06-09T11:03:42+03:00
draft: true
draft: false
tags: ["contribute"]
weight: 80
---
## What's this?
This guide will show you how to create a new _System Info Collector_ for the Infection Monkey. _System Info Collectors_ are modules which each Monkey runs, that collect specific information and sends it back to the Island as part of the System Info Telemetry.
### Do I need a new System Info Controller?
If all you want is to execute a shell command, then there's no need to add a new collector - just configure the required commands in the Monkey Island configuration in the PBA section! Also, if there is a relevant collector and you only need to add more information to it, expand the existing one. Otherwise, you must add a new Collector.
## How to add a new System Info Collector
### Monkey side
#### Framework
1. Create your new collector in the following directory: `monkey/infection_monkey/system_info/collectors` by first creating a new file with the name of your collector.
2. In that file, create a class that inherits from the `SystemInfoCollector` class:
```py
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
class MyNewCollector(SystemInfoCollector):
```
3. Set the Collector name in the constructor, like so:
```py
class MyNewCollector(SystemInfoCollector):
def __init__(self):
super(MyNewCollector, self).__init__(name="MyNewCollector")
```
#### Implementation
Override the `collect` method with your own implementation. See the `EnvironmentCollector.py` Collector for reference. You can log during collection as well.
### Island side
#### Island Configuration
##### Definitions
You'll need to add your Collector to the `monkey_island/cc/services/config_schema.py` file, under `definitions/system_info_collectors_classes/anyOf`, like so:
```json
"system_info_collectors_classes": {
"title": "System Information Collectors",
"type": "string",
"anyOf": [
{
"type": "string",
"enum": [
"EnvironmentCollector"
],
"title": "Which Environment this machine is on (on prem/cloud)",
"attack_techniques": []
},
{ <=================================
"type": "string", <=================================
"enum": [ <=================================
"MyNewCollector" <=================================
], <=================================
"title": "My new title", <=================================
"attack_techniques": [] <=================================
},
],
},
```
##### properties
Also, you can add the Collector to be used by default by adding it to the `default` key under `properties/monkey/system_info/system_info_collectors_classes`:
```json
"system_info_collectors_classes": {
"title": "System info collectors",
"type": "array",
"uniqueItems": True,
"items": {
"$ref": "#/definitions/system_info_collectors_classes"
},
"default": [
"EnvironmentCollector",
"MyNewCollector" <=================================
],
"description": "Determines which system information collectors will collect information."
},
```
#### Telemetry processing
1. Add a process function under `monkey_island/cc/telemetry/processing/system_info_collectors/{DATA_NAME_HERE}.py`. The function should parse the collector's result. See `processing/system_info_collectors/environment.py` for example.
2. Add that function to `SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS` under `monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py`.

1
docs/content/development/contribute-documentation.md
View File

@ -2,6 +2,7 @@
title: "Contribute Documentation"
date: 2020-06-17T17:31:54+03:00
draft: false
weight: 1
tags: ["contribute"]
---

3
docs/content/development/setup-development-environment.md
View File

@ -1,7 +1,8 @@
---
title: "Setting up a development environment"
title: "Development setup"
date: 2020-06-08T19:53:00+03:00
draft: false
weight: 5
tags: ["contribute"]
---

14
docs/content/reference/_index.md Normal file
View File

@ -0,0 +1,14 @@
+++
title = "Reference"
date = 2020-05-26T20:55:04+03:00
weight = 30
chapter = true
pre = '<i class="fas fa-layer-group"></i> '
tags = ["reference"]
+++
# Reference
Find detailed information about Infection Monkey.
{{% children %}}

12
docs/content/reference/exploiters/ElasticGroovy.md Normal file
View File

@ -0,0 +1,12 @@
---
title: "ElasticGroovy"
date: 2020-07-14T08:41:40+03:00
draft: false
tags: ["exploit", "windows", "linux"]
---
CVE-2015-1427.
> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
Logic is based on [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).

8
docs/content/reference/exploiters/Hadoop.md Normal file
View File

@ -0,0 +1,8 @@
---
title: "Hadoop"
date: 2020-07-14T08:41:49+03:00
draft: false
tags: ["exploit", "linux", "windows"]
---
Remote code execution on HADOOP server with YARN and default settings. Logic based on [this vulhub module](https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn).

10
docs/content/reference/exploiters/MS08-067.md Normal file
View File

@ -0,0 +1,10 @@
---
title: "MS08 067"
date: 2020-07-14T08:42:54+03:00
draft: false
tags: ["exploit", "windows"]
---
[MS08-067](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) is a remote code execution vulnerability.
This exploiter is unsafe. If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If the crash in Svchost.exe occurs, the Server service will be affected. That might cause system crash due to the use of buffer overflow. It's therefore **not** enabled by default.

8
docs/content/reference/exploiters/MsSQL.md Normal file
View File

@ -0,0 +1,8 @@
---
title: "MsSQL"
date: 2020-07-14T08:41:56+03:00
draft: false
tags: ["exploit", "windows"]
---
The Monkey will try to brute force into MsSQL server and uses insecure configuration to execute commands on server.

8
docs/content/reference/exploiters/SMBExec.md Normal file
View File

@ -0,0 +1,8 @@
---
title: "SMBExec"
date: 2020-07-14T08:42:16+03:00
draft: false
tags: ["exploit", "windows"]
---
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by Mimikatz.

8
docs/content/reference/exploiters/SSHExec.md Normal file
View File

@ -0,0 +1,8 @@
---
title: "SSHExec"
date: 2020-07-14T08:42:21+03:00
draft: false
tags: ["exploit", "linux"]
---
Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration))and SSH keys gathered from systems.

8
docs/content/reference/exploiters/Sambacry.md Normal file
View File

@ -0,0 +1,8 @@
---
title: "Sambacry"
date: 2020-07-14T08:42:02+03:00
draft: false
tags: ["exploit", "linux"]
---
Bruteforces and searches for anonymous shares. Partially based on [the following implementation](https://github.com/CoreSecurity/impacket/blob/master/examples/sambaPipe.py) by CORE Security Technologies' impacket.

8
docs/content/reference/exploiters/Struts2.md Normal file
View File

@ -0,0 +1,8 @@
---
title: "Struts2"
date: 2020-07-14T08:42:30+03:00
draft: false
tags: ["exploit", "linux", "windows"]
---
Exploits struts2 java web framework. CVE-2017-5638. Logic based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).

8
docs/content/reference/exploiters/VSFTPD.md Normal file
View File

@ -0,0 +1,8 @@
---
title: "VSFTPD"
date: 2020-07-14T08:42:39+03:00
draft: false
tags: ["exploit", "linux"]
---
Exploits a malicious backdoor that was added to the VSFTPD download archive. Logic based on [this MetaSploit module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb).

8
docs/content/reference/exploiters/WMIExec.md Normal file
View File

@ -0,0 +1,8 @@
---
title: "WMIExec"
date: 2020-07-14T08:43:12+03:00
draft: false
tags: ["exploit", "windows"]
---
Brute forces WMI (Windows Management Instrumentation) using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by mimikatz.

8
docs/content/reference/exploiters/WebLogic.md Normal file
View File

@ -0,0 +1,8 @@
---
title: "WebLogic"
date: 2020-07-14T08:42:46+03:00
draft: false
tags: ["exploit", "linux", "windows"]
---
Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on a vulnerable WebLogic server.

16
docs/content/reference/exploiters/_index.md Normal file
View File

@ -0,0 +1,16 @@
+++
title = "Exploiters"
date = 2020-05-26T20:55:04+03:00
weight = 100
chapter = true
pre = '<i class="fas fa-ethernet"></i> '
tags = ["reference", "exploit"]
+++
# Exploiters
Infection Monkey uses various RCE exploiters. Most of these, in our knowledge, pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and vulnerabilities used by them.
{{% children %}}
You can check out the Exploiters' implementation yourself [in the Monkey's GitHub repository](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit).

10
docs/content/reference/exploiters/shellshock.md Normal file
View File

@ -0,0 +1,10 @@
---
title: "ShellShock"
date: 2020-07-14T08:41:32+03:00
draft: false
tags: ["exploit", "linux"]
---
CVE-2014-6271, based on [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
> GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock."

64
docs/content/reference/operating_systems_support.md Normal file
View File

@ -0,0 +1,64 @@
---
title: "Operating systems"
date: 2020-07-14T08:09:53+03:00
draft: false
pre: '<i class="fas fa-laptop"></i> '
weight: 10
tags: ["setup", "reference", "windows", "linux"]
---
The Infection Monkey project supports many popular OSes (but we can always do more).
The Monkey itself (the agent) has been tested to run on the following operating systems (on x64 architecture)
### Monkey support
#### Linux
Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributions are supported:
- Centos 7+
- Debian 7+
- Kali 2019+
- Oracle 7+
- Rhel 7+
- Suse 12+
- Ubuntu 14+
#### Windows
- Windows 2012+
- Windows 2012_R2+
- Windows 7/Server 2008_R2 if [KB2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) is installed.
- Windows vista/Server 2008 should also work if the same update is installed, but this wasn't tested.
### Island support
**The Monkey Island (control server)** runs out of the box on:
- Ubuntu 18.04
- Debian 9
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
We provide a dockerfile from our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
### Old machine bootloader
Some **Older machines** still get a partial compatibility as in they get exploited and reported, but monkey can't run on them. So instead of monkey, old machine bootloader (small c program) is ran, which reports some minor info like network interface configuration, GLIBC version, OS and so on.
**Old machine bootloader** also has a GLIBC 2.14+ requirement for linux, because bootloader is included into pyinstaller bootloader which uses python3.7, which in turn requires GLIBC 2.14+. If you think partial support for older machines is important, don't hesitate to open a new issue about it.
**Old machine bootloader** runs on machines with:
- Centos 7+
- Debian 7+
- Kali 2019+
- Oracle 7+
- Rhel 7+
- Suse 12+
- Ubuntu 14+
- **Windows XP/Server 2003+**
[^1]: GLIBC >= 2.14 requirement comes from the fact that monkey is built using this GLIBC version and GLIBC is not backwards compatible. We are also limited to the oldest GLIBC version compatible with ptyhon3.7

51
docs/content/reference/scanners/_index.md Normal file
View File

@ -0,0 +1,51 @@
---
title: "Scanners"
date: 2020-07-14T08:43:12+03:00
draft: false
weight: 20
pre: '<i class="fas fa-network-wired"></i> '
tags: ["reference"]
---
The Infection Monkey agent has two steps before attempting to exploit a victim, scanning and fingerprinting, it's possible to customize both steps in the configuration files.
## Scanning
Currently there are two scanners, [`PingScanner`][ping-scanner] and [`TcpScanner`][tcp-scanner] both inheriting from [`HostScanner`][host-scanner].
The sole interface required is the `is_host_alive` interface, which needs to return True/False.
[`TcpScanner`][tcp-scanner] is the default scanner and it checks for open ports based on the `tcp_target_ports` configuration setting.
[`PingScanner`][ping-scanner] sends a ping message using the host OS utility `ping`.
## Fingerprinting
Fingerprinters are modules that collect server information from a specific victim. They inherit from the [`HostFinger`][host-finger] class and are listed under `finger_classes` configuration option.
Currently implemented Fingerprint modules are:
1. [`SMBFinger`][smb-finger] - Fingerprints target machines over SMB. Extracts computer name and OS version.
2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22). Extracts the computer version and SSH banner.
3. [`PingScanner`][ping-scanner] - Fingerprints using the machines TTL, to differentiate between Linux and Windows hosts.
4. [`HTTPFinger`][http-finger] - Fingerprints over HTTP/HTTPS, using the ports listed in `HTTP_PORTS` in the configuration. Returns the server type and if it supports SSL.
5. [`MySQLFinger`][mysql-finger] - Fingerprints over MySQL (port 3306). Extracts MySQL banner info - Version, Major/Minor/Build and capabilities.
6. [`ElasticFinger`][elastic-finger] - Fingerprints over ElasticSearch (port 9200). Extracts the cluster name, node name and node version.
## Adding a scanner/fingerprinter
To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and should be imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
To be used by default, two files need to be changed - [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) and [`infection_monkey/example.conf`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/example.conf) to add references to the new class.
At this point, the Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
[elastic-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/elasticfinger.py
[http-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/httpfinger.py
[host-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
[host-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
[mysql-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/mysqlfinger.py
[ping-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/ping_scanner.py
[smb-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/smbfinger.py
[ssh-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/sshfinger.py
[tcp-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/tcp_scanner.py

8
docs/content/setup/_index.md
View File

@ -16,3 +16,11 @@ Once you've downloaded an installer, you can follow the relevant guide for your
{{% children %}}
Once you're done setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!
{{% notice tip %}}
You can find information about [operating system compatibility and support here](../reference/operating_systems_support).
{{% /notice %}}
{{% notice tip %}}
You can find the binary checksums of our installers to verify their integrity [in this page](../usage/file-checksums).
{{% /notice %}}

0
docs/content/usage/accounts-and-security.md → docs/content/setup/accounts-and-security.md
View File

2
docs/content/setup/debian.md
View File

@ -5,7 +5,7 @@ draft: false
pre: '<i class="fab fa-linux"></i> '
weight: 1
disableToc: false
tags: ["setup", "debian"]
tags: ["setup", "debian", "linux"]
---
## Deployment

6
docs/content/setup/docker.md
View File

@ -4,7 +4,7 @@ date: 2020-05-26T20:57:28+03:00
draft: false
pre: '<i class="fab fa-docker"></i> '
weight: 4
tags: ["setup", "docker"]
tags: ["setup", "docker", "linux", "windows"]
---
## Deployment
@ -14,11 +14,11 @@ To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
Once youve extracted the container from the tar.gz file, run the following commands:
```sh
sudo docker load -i dk.monkeyisland.latest.tar
sudo docker load -i dk.monkeyisland.1.9.0.tar
sudo docker pull mongo
sudo mkdir -p /var/monkey-mongo/data/db
sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.8.2
sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.9.0
```
## Upgrading

156
docs/content/usage/file-checksums.md
View File

@ -20,7 +20,7 @@ Get-FileHash '.\Monkey Island v1.8.2_3536_windows.exe' | Format-List
# Should print
# Algorithm : SHA256
# Hash : 2BE528685D675C882604D98382ADB739F5BA0A7E234E3569B21F535173BD9569
# Path : C:\Users\shay.nehmad\Desktop\work\compiled monkeys\1.8.2\Monkey Island v1.8.2_3536_windows.exe
# Path : C:\Users\shay.nehmad\Desktop\work\compiled monkeys\1.8.2\Monkey Island v1.8.2_3536_windows.exe <-- Your path will be different
```
### On Linux
@ -28,27 +28,151 @@ Get-FileHash '.\Monkey Island v1.8.2_3536_windows.exe' | Format-List
Use the `sha256sum` <i class="fas fa-terminal"></i> shell command, like so:
```sh
sha256sum monkey-linux-64
$ sha256sum monkey-linux-64
# Should print:
# 734dd2580f3d483210daf54c063a0a972911bbe9afb6ebc6278f86cd6b05e7ab monkey-linux-64
```
## Latest version checksums
| Filename | Type | Version | SHA256 hash |
|-|-|-|-|
monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550`
monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f`
monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5`
monkey-linux-32 | Linux Agent | 1.8.2 | `39d3fe1c7b33482a8cb9288d323dde17b539825ab2d736be66a9582764185478`
infection_monkey_deb.tgz | Debian Package | 1.8.2 | `2a6b4b9b846566724ff985c6cc8283222b981b3495dd5a8920b6bc3f34d556e2`
Monkey Island v1.8.2_3536_windows.exe | Windows Installer | 1.8.2 | `2be528685d675c882604d98382adb739f5ba0a7e234e3569b21f535173bd9569`
Monkey Island v1.8.2_3536_windowszt.exe | Windows Installer | 1.8.2 | `f282ce4dd50abe54671948fb5b3baf913087459444e451660971290a72fe244a`
infection_monkey_docker_docker_20200607_172156.tgz | Docker | 1.8.2 | `0e4bc731ef7e8bf19b759709672375890136c008526be454850d334d9ba5012d`
infection_monkey_docker_dockerzt_20200607_172521.tgz | Docker | 1.8.2 | `0f4b0cd6fd54dc14ea50c5d2fb3fc711e9863518bd5bffd04e08a0f17eb99e75`
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |
| monkey-linux-32 | Linux Agent | 1.9.0 | `4c24318026239530ed2437bfef1a01147bb1f3479696eb4eee6009326ce6b380` |
| infection_monkey_deb.tgz | Debian Package | 1.9.0 | `33c23ddae283e3aafe965d264bc88464b66db3dd6874fd7e5cbcd4e931b3bb25` |
| infection_monkey_debzt.tgz | Debian Package | 1.9.0 | `cc53fe9632f44248357d6bd20cf8629be9baf8688468fa6d3e186dcebf10cef6` |
| Monkey Island v1.9.0_3546_windows.exe | Windows Installer | 1.9.0 | `371f6d25e8cb16ea7ebdfd367092ee65b33db2ec35b44d96705716641eaa59e8` |
| Monkey Island v1.9.0_3546_windowszt.exe | Windows Installer | 1.9.0 | `662c611fb83bb8c7ef5f99c5d5ae04f5758727c688238d6a3cd4c58675581695` |
| infection_monkey_docker_docker_20200806_153913.tgz | Docker | 1.9.0 | `5da11c539045a395ced5dd572d331c4f0e9315a3ee192c06279ff4fef668b96e` |
| infection_monkey_docker_dockerzt_20200806_154742.tgz | Docker | 1.9.0 | `a84dbaad32ae42cc2d359ffbe062aec493a7253cf706a2d45f0d0b1c230f9348` |
| monkey-island-vmware.ova | OVA | 1.9.0 | `3861d46518e8a92e49992b26dbff9fe8e8a4ac5fd24d68e68b13e7fd3fa22247` |
| monkey-island-vmwarezt.ova | OVA | 1.9.0 | `03d356eb35e6515146f5bd798bb62cb15c56fcdf83a5281cf6cdc9b901586026` |
## All checksums
### 1.8.0 and older
## Older checksums
You can find all these checksums in [this page](https://www.guardicore.com/infectionmonkey/checksums.html).
| Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550` |
| monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f` |
| monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5` |
| monkey-linux-32 | Linux Agent | 1.8.2 | `39d3fe1c7b33482a8cb9288d323dde17b539825ab2d736be66a9582764185478` |
| infection_monkey_deb.tgz | Debian Package | 1.8.2 | `2a6b4b9b846566724ff985c6cc8283222b981b3495dd5a8920b6bc3f34d556e2` |
| Monkey Island v1.8.2_3536_windows.exe | Windows Installer | 1.8.2 | `2be528685d675c882604d98382adb739f5ba0a7e234e3569b21f535173bd9569` |
| Monkey Island v1.8.2_3536_windowszt.exe | Windows Installer | 1.8.2 | `f282ce4dd50abe54671948fb5b3baf913087459444e451660971290a72fe244a` |
| infection_monkey_docker_docker_20200607_172156.tgz | Docker | 1.8.2 | `0e4bc731ef7e8bf19b759709672375890136c008526be454850d334d9ba5012d` |
| infection_monkey_docker_dockerzt_20200607_172521.tgz | Docker | 1.8.2 | `0f4b0cd6fd54dc14ea50c5d2fb3fc711e9863518bd5bffd04e08a0f17eb99e75` |
| monkey-windows-64.exe | Windows Agent | 1.8.0 | `f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7` |
| monkey-windows-32.exe | Windows Agent | 1.8.0 | `1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08` |
| monkey-linux-64 | Linux Agent | 1.8.0 | `d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6` |
| monkey-linux-32 | Linux Agent | 1.8.0 | `217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2` |
| infection_monkey_deb.tgz | Debian Package | 1.8.0 | `9c5254583ce786768ea55df8063152bd19e0f21a83e6f4f873c5dccc5a1c9d5e` |
| infection_monkey_debzt.tgz | Debian Package | 1.8.0 | `90A0824EC98680944B15B86CF5CFA09D48EDA406300C4CAE54432DB05F486D07` |
| Monkey Island v1.8.0_3513_windows.exe | Windows Installer | 1.8.0 | `ce9a9d0539c14ebe2a10cf3b36991b309abd7b62dd7fb7522a549d8987b0f0f4` |
| Monkey Island v1.8.0_3514_windowszt.exe | Windows Installer | 1.8.0 | `0b535a802ac43455d702b45673859b940c1feb7702b46a6a2cbc699672b0c89d` |
| infection_monkey_docker_docker_20200330_201419.tgz | Docker | 1.8.0 | `4f15a5008e43d8c5184456771dd9e8d70104b4ec79e34b53d230662604a7d190` |
| infection_monkey_docker_dockerzt_20200401_174529.tgz | Docker | 1.8.0 | `d94404134d879f3d859c77454df4abd0dbca00b8cae4b1c52d3b38e847f34e4c` |
| monkey-island-vmware.ova | OVA | 1.8.0 | `6BC4E85A0EA81045BD88E2D5A9F98F0DD40DE99E94D1E343D13FA418045A6915` |
| monkey-island-vmwarezt.ova | OVA | 1.8.0 | `79A043D85521F94024F8B0428A7A33B4D3F5B13F9D2B83F72C73C8D0BB12ED91` |
| monkey-linux-64 | Debian Package | 1.8.0 | `b0de3931f6b9c2d986860151e5094e4c57aafa5e3e4aced828ecba36e4ece851` |
| infection_monkey_docker_docker_20200330_201419.tgz | Docker | 1.8.0 | `4f15a5008e43d8c5184456771dd9e8d70104b4ec79e34b53d230662604a7d190` |
| Monkey Island v1.8.0_3513_windows.exe | Windows Installer | 1.8.0 | `ce9a9d0539c14ebe2a10cf3b36991b309abd7b62dd7fb7522a549d8987b0f0f4` |
| monkey-windows-64.exe | Windows Agent | 1.8.0 | `f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7` |
| monkey-linux-64 | Linux Agent | 1.8.0 | `d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6` |
| monkey-windows-32.exe | Windows Agent | 1.8.0 | `1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08` |
| monkey-linux-32 | Linux Agent | 1.8.0 | `217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2` |
| infection_monkey_deb.tgz | Debian Package | 1.8.0 | `9c5254583ce786768ea55df8063152bd19e0f21a83e6f4f873c5dccc5a1c9d5e` |
| infection_monkey_debzt.tgz | Debian Package | 1.8.0 | `90A0824EC98680944B15B86CF5CFA09D48EDA406300C4CAE54432DB05F486D07` |
| infection_monkey_docker_docker_20200401_174048.tgz | Docker | 1.8.0 | `ae59b222a94e1ec83a1c36917bc5cd3d119057e146ac01242af91808f3dce37a` |
| infection_monkey_docker_dockerzt_20200401_174529.tgz | Docker | 1.8.0 | `d94404134d879f3d859c77454df4abd0dbca00b8cae4b1c52d3b38e847f34e4c` |
| Monkey Island v1.8.0_3514_windows.exe | Windows Installer | 1.8.0 | `a56bd98ca3d0dd260f26ac5ee46022fd5ca3f9081a43535b4f57cef43c345dc0` |
| Monkey Island v1.8.0_3514_windowszt.exe | Windows Installer | 1.8.0 | `0b535a802ac43455d702b45673859b940c1feb7702b46a6a2cbc699672b0c89d` |
| Monkey Island v1.8.0_3516_windows.exe | Windows Installer | 1.8.0 | `a31a3837d8ca722e8db10148704237b032e5ef62acc080a82ab80f009d8de6bd` |
| Monkey Island v1.8.0_3517_windows.exe | Windows Installer | 1.8.0 | `450e9ea58a5282f506f819bdc3d4477bbc917d74ee837ca0cc3e62b4a923fef1` |
| Monkey Island v1.8.0_3519_windows.exe | Windows Installer | 1.8.0 | `dfaf7b11b148a5648ca92887d731633f85b68dc82313616f0009eee123c47352` |
| Monkey Island v1.8.0_3520_windows.exe | Windows Installer | 1.8.0 | `719427a7f1878555d6940485330f51e2ddb3331c96b60a1719f6e21987efb3d3` |
| Monkey Island v1.8.0_3521_windows.exe | Windows Installer | 1.8.0 | `a9a37ec2677fc7d224c5993f914ba402c9f86c2f909dc5d649f67d08802dc847` |
| Monkey Island v1.8.0_3522_windows.exe | Windows Installer | 1.8.0 | `4aaa5a99a108ab3cb14b9268a32ac68cb2de4a001ae0e4374ca779824981ea64` |
| Monkey Island v1.8.0_3523_windows.exe | Windows Installer | 1.8.0 | `4f029d2683cf68e63f8b426fa19df9561add0ed169821b4fc83c2721f0939520` |
| Monkey Island v1.8.0_3525_windows.exe | Windows Installer | 1.8.0 | `4a660cf5eda5beae844e5a62031972304eaa0432c32708f11d94dc0a501be182` |
| Monkey Island v1.8.0_3525_windowszt.exe | Windows Installer | 1.8.0 | `980ba04ef9f6395e2885851f906ee3ed57d696a2e984aa1e7a59446a57ce0408` |
| infection_monkey_docker_docker_20200419_160310.tgz | Docker | 1.8.0 | `999edc833484f51475db5a56e0557b59d09f520453b8077c60f7d9359b504299` |
| infection_monkey_docker_dockerzt_20200419_160542.tgz | Docker | 1.8.0 | `87ec632837d4add968831ee7fd271871f89e5b29e251d046ebf100bc94bb755e` |
| Monkey Island v1.8.0_3526_windows.exe | Windows Installer | 1.8.0 | `6b6c05f3575eef9b95c1624f74953e54654211de4ae1ad738b287e661f002989` |
| Monkey Island v1.8.0_3526_windowszt.exe | Windows Installer | 1.8.0 | `f181e58820817d76274fab3ee2a7824fc0d5b1f637d7f5c7fe111eb7061844f2` |
| Monkey Island v1.8.0_3527_windows.exe | Windows Installer | 1.8.0 | `94c2e09ca103bc22206715783616af91e58fe773a04c975d6a09d48d9a5759b2` |
| infection_monkey_docker_docker_20200420_151527.tgz | Docker | 1.8.0 | `fe4512fd46c3be6c9416287e3a703e8453a46a17b05404ba72035036946f6dbd` |
| infection_monkey_docker_docker_20200420_153306.tgz | Docker | 1.8.0 | `17ef5de58a49168a70085cb80063355ac489139c88d029d175a09e36524fe224` |
| infection_monkey_docker_docker_20200420_174533.tgz | Docker | 1.8.0 | `fcf57ab8b1b77bcf678765c90798b950fd4a62019c48ebeeac37e9d3011b6b2e` |
| infection_monkey_docker_docker_20200427_184208.tgz | Docker | 1.8.0 | `082165abd8c45d9731472ae0877fecedfbcefcff8c0003b43d4300854908f0cb` |
| infection_monkey_docker_dockerzt_20200427_184441.tgz | Docker | 1.8.0 | `74f824ecb14f5d47182156999d5aeaf2177d719c6f53ed81b68606b2ed931647` |
| Monkey Island v1.8.0_3528_windows.exe | Windows Installer | 1.8.0 | `baa13321c88223acd0262137ba018f9cbea869b5d1920565a5e6c8eb2c83b80e` |
| Monkey Island v1.8.0_3528_windowszt.exe | Windows Installer | 1.8.0 | `466f7c3aa052163f10e154ec787b31a98b54ced8cffc17373525e8ca39ec2556` |
| monkey-island-vmware.ova | OVA | 1.8.0 | `6BC4E85A0EA81045BD88E2D5A9F98F0DD40DE99E94D1E343D13FA418045A6915` |
| monkey-island-vmwarezt.ova | OVA | 1.8.0 | `79A043D85521F94024F8B0428A7A33B4D3F5B13F9D2B83F72C73C8D0BB12ED91` |
| monkey_island_vmware.deb | VMWare Debian | 1.7.0 | `8F77347343B1D070C4BCC43A6CF5971F086665206F76AD1304359ADB388C55DE` |
| dk.monkeyisland.latest.tar | Docker | 1.7.0 | `E92CD45DB172342FE906FEFA7F26BACB2F59C2BE8484756B71CD1BDEBCCA8BFB` |
| monkey-windows-32.exe | Agent | 1.7.0 | `00E121EC8AA3519498D225066A3BC29984A7DA2A6F4F0641ED465FD64107A117` |
| Monkey Island v1.7.0.3478.exe | Windows Installer | 1.7.0 | `AFC969884939DBE37DA6B8AD4999CA6E9F18E54BA03AC0C04C59ABB6D6204634` |
| monkey_island.deb | Debian | 1.7.0 | `4AE051BC47B39FA05937994B3D24226771D03891AB2EA484FD7B4AADC0C5E220` |
| monkey-windows-64.exe | Agent | 1.7.0 | `BCF60E0C4BC2578361CCACDA0C183B726AF375F0142306CA9013A14BBA9B962C` |
| monkey-linux-64 | Agent | 1.7.0 | `333529B3061473BF5EE713FA7E3DF4B05DD01823840BB92E1E715488A749B9EA` |
| monkey-linux-32 | Agent | 1.7.0 | `EF7A72FFDDF3A54C74F458201A45B51B779A68C460A309B0D5FD247264D7137D` |
| Monkey Island 1.7.0 OVA 20191013.ova | OVA | 1.7.0 | `EB1D568F1EA9236B3402A65484EE1F06350FF5C4097288F3FE3312474ECB48C7` |
| dk.monkeyisland.latest.zt.tar | Docker | 1.7.0 | `C998FD7CC73F394CD39450E49586397F721D8B7F2DFA4CFE30EC797864588C72` |
| Monkey Island v1.7.0 zt.exe | Windows Installer | 1.7.0 | `5C6DADDD3BCF0766DB515DC911DC80D7D11DFF8A72BCBBBE21DEB3C9F78B6889` |
| monkey_island_zt.deb | Debian | 1.7.0 | `A0515FBCFD9590CEA739E1AFA95CE7FC406C5E4206A67A50C8CD2423540818C8` |
| monkey_island_vmware_zt.deb | VMWare Debian | 1.7.0 | `80EDB3FB846251C7B80B72259837629F17A4166C34FE440451BDD7ED8CC43F7F` |
| Monkey Island 1.7.0 ZT OVA 20191013.ova | OVA | 1.7.0 | `D220E171CF38DCD434AB4473C72CE29873A495B16FFAA8CA55658F5606398E34` |
| infection_monkey_deb_vmware.20190519_125330.tgz | VMWare | 1.6.3 | `22e51f089e6537e2cb349b07b4bf22c7a63c68ae12776a7b5239a0238bf02a05` |
| infection_monkey_deb_gcp.20190519_125239.tgz | GCP | 1.6.3 | `b8fdb976af8130329265bd3ad36b553864f6f7a2a2df912cfea4215584774686` |
| infection_monkey_docker.20190519_125632.tgz | Docker | 1.6.3 | `5576e20fe8ee502a7b452b504789961aedae214e49061a58ca0f248cc72c1c78` |
| monkey-windows-32.exe | Agent | 1.6.3 | `6f68d436a2a85852b02e4d72d4202919753a78e5285c36bd1a5481c8711b1d6b` |
| Monkey Island v1.6.3.3468.exe | Windows Installer | 1.6.3 | `69cb63612855165db97eb3c253e5a6f627fe216e0610eca5e5e6f875281a3604` |
| infection_monkey_deb.20190519_124555.tgz | Debian | 1.6.3 | `2389b553bd569defa4b81053984f0743b1b4093cdcfcf8561243b9d882d55e83` |
| monkey-windows-64.exe | Agent | 1.6.3 | `502c749ede6e09b8c40bc4bbfd2a46c95d3626a1aef74c72ac7b5641595e8c9c` |
| monkey-linux-64 | Agent | 1.6.3 | `6cfec4aea2f993294ca32f816a85347be8b155fb9c39706c82866bce8d8f87c1` |
| monkey-linux-32 | Agent | 1.6.3 | `996b3883e9b1114b274bf25426ee13060b65f8deb08c96b57857b99d8e8e3277` |
| Infection Monkey 1.6.3.ova | OVA | 1.6.3 | `a5b6e7d547ad4ae79508301698d99cbaf3b3ebfb1d2f0274ae1151d803def1e4` |
| infection_monkey_deb_azure.20190519_125317.tgz | Azure | 1.6.3 | `fcf1b6bf805f4422deb90f25752573f796d5a73e148086f49db310208b02c829` |
| infection_monkey_deb_aws.20190519_130517.tgz | AWS | 1.6.3 | `9c232f5d2f9dc24c9faea3cf597af783798baedb61334e0e650ca79bdac29fec` |
| Infection Monkey 1.6.2.ova | OVA | 1.6.2 | `00346E6383E7BBDB107C14B668D251513E150C089A26AAFA3E17040D96C7DEC9` |
| infection_monkey_deb.1.6.2.tgz | Debian | 1.6.2 | `56BF1D99DD6674F9D3504D5DD5A62D8B3520B4F25449ED0026E5A0DC99BD0683` |
| infection_monkey_1.5_docker.tgz | Docker | 1.6.2 | `2466B4FFFE175EC5DEF0CAACF93EE5CC7D8878DBA63B30F148C560A6AFA5B537` |
| Monkey Island v1.6.2.3434.exe | Windows Installer | 1.6.2 | `2B0BFD5721897787536F4F94D5641E061833CBEF0279C0E38C41BC1B3E76A380` |
| Monkey-Linux-32 | Agent | 1.6.1 | `9E5F8FA7F85FEB1BC31E0AE7D1F303139CA3FE5FA044E6C58F68B4917D27CACE` |
| Monkey-Linux-64 | Agent | 1.6.1 | `74F9FFBB504FF5E74EFF1399685C0C110EDE0D3244F61591D77EE7A22672457E` |
| Monkey-Windows-32.exe | Agent | 1.6.1 | `53AC0F047CA95A0476944559F6FC650ADA865891139FA1258B35A5A525BC6002` |
| Monkey-Windows-64.exe | Agent | 1.6.1 | `53019FD25CD4A0AE526696EB05E2EEDE32607263C5F29BE36554D637532D41C3` |
| infection_monkey_1.5.2.ova | OVA | 1.5.2 | `6E6CAABBA7CCDB20E981147560353EC731B1FC8955D0319886D36E9825C201C7` |
| infection_monkey_1.5_deb.tgz | Debian | 1.5.2 | `E84EFA3C20A417D13DC6EA64CB046D40ED7534A6FBB91EBF6EA061716A855A17` |
| infection_monkey_1.5_docker.tgz | Docker | 1.5.2 | `0D33C17556FAC28874A2FE9157DB311892B42669E51C043C4DAE2F68B0D74B8F` |
| Monkey-Linux-32 | Agent | 1.5.2 | `4DF689A845FD7092E81ECB0AB5207621836B3D46B71FB3829E5E5CF9DDAF52D0` |
| Monkey-Linux-64 | Agent | 1.5.2 | `99FC4BB24D2EFF1CD107CCE932EA0BDC006ED2226AE0DC19DD0BC7A97ADB553F` |
| Monkey-Windows-32.exe | Agent | 1.5.2 | `8FC1441B87BDFD786A3A262542C013E4C84AC870C847A919CDA0851F91A511B9` |
| Monkey-Windows-64.exe | Agent | 1.5.2 | `0AE8F0AB190E8BEAE78AB12C8477C924FE92B19B1E079B279F4F87AE4BD2A718` |
| infection_monkey_deb.20180402_184213.tgz | Debian | 1.5.1 | `4425FC97DE825715837783258FD8BCF88E87AAB3500F63D287384B9D74D54122` |
| Monkey Island v1.5.1.3377.exe | Windows Installer | 1.5.1 | `5A137ADA97F39F4C3CA278E851D2684B929911639E2876EB4DF1D1AC5D70E27D` |
| infection_monkey_docker.20180402_184212.tgz | Docker | 1.5.1 | `049831C3F9C959128C5C8D9843819A4ED960FF046B1536216B5FA5FF4B28D1A6` |
| Monkey-Linux-32 | Agent | 1.6 | `665E1263347B9D0245211676496E91669809B3865ED8B5AD1878DA54A9784F5C` |
| Monkey-Linux-64 | Agent | 1.6 | `F0D51E7431CF07A842D4D25AAE2DD8A6B9EE08744914729AF448F92088798F7F` |
| Monkey-Windows-32.exe | Agent | 1.6 | `77AC4264715A6E7D238F8B67ED04EE75CF75C07D360A4B649CA6E31C83CE7B21` |
| Monkey-Windows-64.exe | Agent | 1.6 | `0DEED0AA00F7D54B084EF6888731B0CFEC6382045A74B55162FDD3D00D0BE9F8` |
| Monkey Island v1.6.0.3414.exe | Windows installer | 1.6 | `242879983A709D7CD6D7D7EEC493442B7FACC8E215CBB21650915C5EECB8829A` |
| infection_monkey_1.6.ova | OVA | 1.6 | `831FBA09AA49940B1747164BEB6B4AF83BA04FCE35285912AB0B18A7FA1A39D8` |
| infection_monkey_deb.1.6.tgz | Debian | 1.6 | `339EC88DD6A2AB6CB917456AA8970B0F1D36D7335E7D2EE1A34B74047F843542` |
| infection_monkey_docker.1.6.tgz | Docker | 1.6 | `0624CF75C4D208DDC7475636CFE2869BA324DEB88C3860DB2934E7BDA3E664F6` |
| infection_monkey.ova | OVA | 1.5 | `A6773C4DA8FF7A09C0F3FEE45A25D45830C616AACCEC14C86542462ADCDA1F89` |
| infection_monkey_deb.20180208_175917.tgz | Debian | 1.5 | `04E3CD3CD301A44BEE508C1BF993948B89212EF3269D61FB13ECB9FDC25268DB` |
| infection_monkey_docker.20180119_112852.tgz | Docker | 1.5 | `4D94C6BB7B4A0177CC1F3E864FB714015619ACB4DD1C4E92D8986BA093F8BD87` |
| Monkey Island v1.5.0.exe | Windows installer | 1.5 | `A1D7725AF116AE33CEA9A0E641E61C96E51FAFCCCB598F668EB99E35DE799C7B` |
| infection_monkey_1.5_deb.tgz | Debian | 1.5 | `1433B8A5E778F12C9E8AE4B1BCBF2863E0CC5E001D661C8540804B909B9D83C5` |
| infection_monkey_1.5_docker.tgz | Docker | 1.5 | `22B7FDC4C213F0385AEB9F63E60665470C2862C8C1B45B5B49FBF320570A9082` |
| Monkey Island v1.5.0.3371.exe | Windows Installer | 1.5 | `B69997E9920E73F16896D3E793AB721388E5636DB1846D4BFEC1C7A372EE2059` |
| infection_monkey_1.5_deb.tgz | Debian | 1.5 | `00EB499FCC590950723E42784D3502B70EAD8AD396B916AF450AB1A48DF993ED` |
| infection_monkey_1.5_docker.tgz | Docker | 1.5 | `A8670280A07EF6A9F5DC9CEB4B11B25DD7B90C37AD94666A6FFAABD6D105F0CB` |
| Monkey Island v1.5.0.exe | Windows Installer | 1.5 | `55F39C8EEB04089F54C10C991A82FE1539BC072E1A7F364D0C720CBF0A28EBB7` |
| Monkey-Linux-32 | Agent | 1.5 | `B85E10AEF0B6935B0AF6EFEA03C9A684859F2DD078B31D9492E98585E2E89C39` |
| Monkey-Linux-64 | Agent | 1.5 | `44BA13A7391D4A16C46D5EF44F60B09E1EDCEB3C716C0AF4241F166619A62944` |

6
docs/content/usage/getting-started.md
View File

@ -7,11 +7,13 @@ pre: "<i class='fas fa-play-circle'></i> "
tags: ["usage"]
---
If you haven't deployed the Monkey Island yet, please [refer to our setup documentation](/setup)
## Using the Infection Monkey
After deploying the Monkey Island in your environment, navigate to `https://<server-ip>:5000`.
After deploying the Monkey Island in your environment, navigate to `https://<server-ip>:5000`.
### First-time setup
### First-time login
On your first login, you'll be asked to set up a username and password for the Monkey Island server. [See this page for more details](../accounts-and-security).

5
docs/content/usage/reports/mitre.md
View File

@ -18,13 +18,14 @@ Watch an overview video:
The MITRE ATT&CK report is centred around the ATT&CK matrix:
![MITRE Report](/images/usage/reports/mitre-report-0.jpg "MITRE Report")
![MITRE Report](/images/usage/reports/mitre-report-0.png "MITRE Report")
The Monkey rates your network on the attack techniques it attempted. For each technique, you can get
- {{< label danger Red >}}: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed.
- {{< label warning Yellow >}}: The Monkey **tried to use** the technique, but didnt manage to. That means your network isnt vulnerable to the way Monkey employs this technique.
- {{< label other Grey >}}: The Monkey **didn't try** the technique this time. Perhaps it wasn't relevant to this network or wasn't configured.
- {{< label unused "Dark Gray" >}}: The Monkey **didn't try** the technique. Perhaps it wasn't relevant to this network.
- {{< label disabled "Light Gray" >}}: The Monkey **didn't try** the technique since it wasn't configured.
Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, lets look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique thats a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:

104
docs/content/usage/scenarios.md
View File

@ -1,104 +0,0 @@
---
title: "Scenarios"
date: 2020-05-26T21:01:19+03:00
draft: false
weight: 2
tags: ["usage"]
pre: "<i class='fas fa-map-marked-alt'></i> "
---
In this page we show how you can use the Infection Monkey to simulate breach and attack scenarios as well as to share some cool tips and tricks you can use to up your Infection Monkey game. This page is aimed at both novice and experienced Monkey users. You can also refer to [our FAQ](../../faq) for more specific questions and answers.
Here are a few scenarios that can be replicated in your own environment by executing the Monkey from different locations within the network, or with some tweaks to the Monkeys configuration.
{{% notice note %}}
No worries! The Monkey does not cause any permanent system modifications that impact security or operations. You will be able to track the Monkey using the log files it leaves in well defined locations. [See our FAQ for more details](../faq).
{{% /notice %}}
- [Your network has been breached via internet facing servers](#your-network-has-been-breached-via-internet-facing-servers)
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey)
- [You are the newest victim of a phishing fraud! 🎣](#you-are-the-newest-victim-of-a-phishing-fraud)
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-1)
- [You want to test your network segmentation](#you-want-to-test-your-network-segmentation)
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-2)
- [You want to verify your security solutions, procedures and teams are working as intended](#you-want-to-verify-your-security-solutions-procedures-and-teams-are-working-as-intended)
- [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-3)
- [Other useful tips](#other-useful-tips)
## Your network has been breached via internet facing servers
Whether it was the [Hex-men campaign](https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit your Internet-facing DB server, a [cryptomining operation that attacked your WordPress site](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/) or any other malicious campaign the attackers are now trying to go deeper into your network.
### Simulate this scenario using the Monkey
To simulate this breach scenario, execute the Infection Monkey on different machines that host internet-facing services such as your web servers (Apache, Tomcat, NGINX…) or your VPN servers. To see how to execute the Monkey on these servers, [refer to this FAQ question](../../faq#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey).
{{% notice tip %}}
If you want to simulate a very “deep” attack into your network, see our [configuration documentation](../configuration).
{{% /notice %}}
After executing the Monkey, evaluate the results of this simulation using the information in the Report page. There you will find a summary of the most important things the simulation has discovered, a detailed report of all the Monkeys findings and more. You can also use the Infection Map to analyze the Monkeys progress through the network, and to see each Monkeys detailed telemetry and logs.
## You are the newest victim of a phishing fraud! 🎣
Almost everyone is prone to phishing attacks. Results of a successful phishing attempt can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
This scenario begins in a section of the network which is a potential phishing spot. Phishing attacks target human users - as such, these types of attacks try to penetrate the network via a service an employee is using, such as an email with an attached malware or social media message with a link redirecting to a malicious website. These are just two examples of where and how an attacker may choose to launch their campaign.
### Simulate this scenario using the Monkey
To simulate the damage from a successful phishing attack using the Infection Monkey, choose machines in your network from potentially problematic group of machines, such as the laptop of one of your heavy email users or one of your strong IT users (think of people who are more likely to correspond with people outside of your organization).
- After setting up the Island add the users **real** credentials (usernames and passwords) to the Monkeys configuration (Dont worry, this sensitive data is not accessible and is not distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Islands configuration). Now you can simulate an attacker attempting to probe deeper in the network with credentials “successfully” phished.
- You can configure these credentials for the Monkey as follows:
From the **“Basic - Credentials”** tab of the Islands configuration, under the **“Exploit password list”** press the + button and add the passwords you would like the Monkey to use. Do the same with usernames in the **“Exploit user list”**.
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
After supplying the Monkey with the passwords and usernames, execute the Monkey from the simulated “victim” machines. To do this, click “**2. Run Monkey**” from the left sidebar menu and choose “**Run on machine of your choice**”.
## You want to test your network segmentation
Segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually, typically using policies. A useful way to test the effectiveness of your segmentation is to ensure that your network segments are properly separated, e,g, your Development is separated from your Production, your applications are separated from one another etc. "to security test is to verify that your network segmentation is configured properly. This way you make sure that even if a certain attacker has breached your defenses, it cant move laterally from point A to point B.
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with its cross-segment traffic testing feature.
### Simulate this scenario using the Monkey
As an example, the following configuration makes sure machines in the “10.0.0.0/24” segment (segment A) and the “11.0.0.2/32” segment (segment B) cant communicate with each other, along with an additional machine in 13.37.41.50.
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
## You want to verify your security solutions, procedures and teams are working as intended
The Infection Monkey can help you verify that your security solutions are working the way you expected them to. These may include your IR and SOC teams, your SIEM, your firewall, your endpoint security solution, and more.
### Simulate this scenario using the Monkey
Run the Monkey with whichever configuration you prefer. The default is good enough for many cases; but for example, you can add some old users and passwords. Running the Monkey on both the Island and on a few other machines in the network is also recommended, as it increases coverage and propagation rates.
After running the Monkey, follow the Monkeys actions on the Monkey Islands infection map.
Now you can match this activity from the Monkey timeline display to your internal SIEM and make sure your security solutions are identifying and correctly alerting on different attacks.
- The red arrows indicate successful exploitations. If you see red arrows, those incidents ought to be reported as exploitation attempts, so check whether you are receiving alerts from your security systems as expected.
- The orange arrows indicate scanning activity, usually used by attackers to locate potential vulnerabilities. If you see orange arrows, those incidents ought to be reported as scanning attempts (and possibly as segmentation violations).
- The blue arrows indicate tunneling activity, usually used by attackers to infiltrate “protected” networks from the Internet. Perhaps someone is trying to bypass your firewall to gain access to a protected service in your network? Check if your micro-segmentation / firewall solution identify or report anything.
While running this scenario, be on the lookout for the action that should arise: Did you get a phone call telling you about suspicious activity inside your network? Are events flowing into your security events aggregators? Are you getting emails from your IR teams? Is the endpoint protection software you installed on machines in the network reporting on anything? Are your compliance scanners detecting anything wrong?
## Other useful tips
Here are a few tips which can help you push the Infection Monkey even further:
- Make sure the Monkey is configured to scan its local network but in addition, configure it with specific targets. To add these targets, add their IP addresses (or the IP ranges in which they reside) to the Scan IP/subnet list using the `+` button. Heres an example of how this is achieved:
![How to configure Scan IP/subnet list](/images/usage/scenarios/scan-list-config.png "How to configure Scan IP/subnet list")
- Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the islands configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
- To see the Monkey executing in real-time on your servers, add the **post-breach action** command: `wall “Infection Monkey was here”`. This post breach command will broadcast a message across all open terminals on the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server. let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored inside your network. See below:
![How to configure post breach commands](/images/usage/scenarios/pba-example.png "How to configure post breach commands.")

21
docs/content/usage/use-cases/_index.md Normal file
View File

@ -0,0 +1,21 @@
+++
title = "Use Cases"
date = 2020-08-12T12:52:59+03:00
weight = 3
chapter = true
pre = "<i class='fas fa-map-marked-alt'></i> "
+++
# Use cases
This section describes possible use cases for the Infection Monkey and helps to
understand how this tool can be configured.
You can also refer to [our FAQ](../../faq) for more specific questions and answers.
{{% notice note %}}
No worries! The Monkey uses safe exploiters and does not cause any permanent system modifications that impact security or operations.
{{% /notice %}}
## Section contents
{{% children description=True %}}

40
docs/content/usage/use-cases/credential-leak.md Normal file
View File

@ -0,0 +1,40 @@
---
title: "Credential Leak"
date: 2020-08-12T13:04:25+03:00
draft: false
description: "Assess the impact of successful phishing attack, insider threat, or other form of credentials leak."
weight: 4
---
## Overview
Numerous attack techniques(from phishing to dumpster diving) might result in a credential leak,
which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
Infection Monkey can help assess the impact of stolen credentials by automatically searching
where these credentials can be reused.
## Configuration
#### Important configuration values:
- **Exploits -> Credentials** After setting up the Island add the users **real** credentials
(usernames and passwords) to the Monkeys configuration (Dont worry, this sensitive data is not accessible and is not
distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Islands configuration).
- **Internal -> Exploits -> SSH keypair list** Monkey automatically gathers SSH keys on the current system.
For this to work, Monkey Island or initial Monkey needs to have access to SSH key files(grant permission or run Monkey as root).
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Monkey
(content of keys will not be displayed, it will appear as `<Object>`).
To simulate the damage from a successful phishing attack using the Infection Monkey, choose machines in your network
from potentially problematic group of machines, such as the laptop of one of your heavy email users or
one of your strong IT users (think of people who are more likely to correspond with people outside of
your organization). Execute the Monkey on chosen machines by clicking on “**1. Run Monkey**” from the left sidebar menu
and choosing “**Run on machine of your choice**”.
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
## Assessing results
To assess the impact of leaked credentials see Security report. It's possible, that credential leak resulted in even
more leaked credentials, for that look into **Security report -> Stolen credentials**.

55
docs/content/usage/use-cases/ids-test.md Normal file
View File

@ -0,0 +1,55 @@
---
title: "IDS/IPS Test"
date: 2020-08-12T13:07:47+03:00
draft: false
description: "Test your network defence solutions."
weight: 5
---
## Overview
The Infection Monkey can help you verify that your security solutions are working the way you expected them to.
These may include your IR and SOC teams, your SIEM, your firewall, your endpoint security solution, and more.
## Configuration
#### Important configuration values:
- **Monkey -> Post breach** Post breach actions simulate the actions an attacker would make on infected system.
To test something not present on the tool, you can provide your own file or command to be ran.
The default configuration is good enough for many cases, but configuring testing scope and adding brute-force
credentials is a good bet in any scenario.
Running the Monkey on both the Island and on a few other machines in the network manually is also recommended,
as it increases coverage and propagation rates.
![Post breach configuration](/images/usage/use-cases/ids-test.PNG "Post breach configuration")
## Assessing results
After running the Monkey, follow the Monkeys actions on the Monkey Islands infection map.
Now you can match this activity from the Monkey timeline display to your internal SIEM and make sure your security
solutions are identifying and correctly alerting on different attacks.
- The red arrows indicate successful exploitations. If you see red arrows, those incidents ought to be reported as
exploitation attempts, so check whether you are receiving alerts from your security systems as expected.
- The orange arrows indicate scanning activity, usually used by attackers to locate potential vulnerabilities.
If you see orange arrows, those incidents ought to be reported as scanning attempts (and possibly as segmentation violations).
- The blue arrows indicate tunneling activity, usually used by attackers to infiltrate “protected” networks from
the Internet. Perhaps someone is trying to bypass your firewall to gain access to a protected service in your network?
Check if your micro-segmentation / firewall solution identify or report anything.
While running this scenario, be on the lookout for the action that should arise:
Did you get a phone call telling you about suspicious activity inside your network? Are events flowing
into your security events aggregators? Are you getting emails from your IR teams?
Is the endpoint protection software you installed on machines in the network reporting on anything? Are your
compliance scanners detecting anything wrong?
Lastly, check Zero Trust and Mitre ATT&CK reports, to see which attacks can be executed on the network and how to
fix it.
![Map](/images/usage/use-cases/map-full-cropped.png "Map")

43
docs/content/usage/use-cases/network-breach.md Normal file
View File

@ -0,0 +1,43 @@
---
title: "Network Breach"
date: 2020-08-12T13:04:55+03:00
draft: false
description: "Simulate an internal network breach and assess the potential impact."
weight: 1
---
## Overview
Whether it was the [Hex-men campaign](https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit your
Internet-facing DB server, a [cryptomining operation that attacked your WordPress site](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/)
or any other malicious campaign the attackers are now trying to go deeper into your network.
Infection Monkey will help you assess the impact of internal network breach, by trying to propagate within it
using service vulnerabilities, brute-forcing and other safe attack methods.
## Configuration
#### Important configuration values:
- **Exploits -> Exploits** You can review the exploits Infection Monkey will be using. By default all
safe exploiters are selected.
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. We use most popular passwords
and usernames, but feel free to adjust it according to your native language and other factors. Keep in mind that long
lists means longer scanning times.
- **Network -> Scope** Make sure to properly configure the scope of the scan. You can select **Local network scan**
and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached or you can fine tune it by providing
specific network ranges in **Scan target list**. Scanning local network is more realistic, but providing specific
targets will make scanning process substantially faster.
- **(Optional) Internal -> Network -> TCP scanner** You can add custom ports your organization is using.
- **(Optional) Monkey -> Post Breach Actions** If you only want to test propagation in the network, you can turn off
all post breach actions. These actions simulate attacker's behaviour after getting access to a new system, but in no
way helps to exploit new machines.
![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector")
## Assessing results
Check infection map and security report to see how far monkey managed to propagate in the network and which
vulnerabilities it used in doing so. If you left post breach actions selected, you should also check ATT&CK and
Zero Trust reports.
![Map](/images/usage/use-cases/map-full-cropped.png "Map")

51
docs/content/usage/use-cases/network-segmentation.md Normal file
View File

@ -0,0 +1,51 @@
---
title: "Network Segmentation"
date: 2020-08-12T13:05:05+03:00
draft: false
description: "Test network segmentation policies for apps that need ringfencing or tiers that require microsegmentation."
weight: 3
---
## Overview
Segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to
isolate workloads from one another and secure them individually, typically using policies.
A useful way to test the effectiveness of your segmentation is to ensure that your network segments are
properly separated, e,g, your Development is separated from your Production, your applications are separated from one
another etc. To security test is to verify that your network segmentation is configured properly. This way you make
sure that even if a certain attacker has breached your defenses, it cant move laterally from point A to point B.
[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing
the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with
its cross-segment traffic testing feature.
## Configuration
#### Important configuration values:
- **Network -> Network analysis -> Network segmentation testing** This configuration setting allows you to define
subnets that should be segregated from each other. If any of provided networks can reach each other, you'll see it
in security report.
- **(Optional) Network -> Scope** You can disable **Local network scan** and leave other options by default if you only want to
test for network segmentation without any lateral movement.
- **(Optional) Monkey -> Post Breach Actions** If you only want to test segmentation in the network, you can turn off
all post breach actions. These actions simulate attacker's behaviour after getting access to a new system, so they
might trigger your defence solutions which will interrupt segmentation test.
Execute Monkeys on machines in different subnetworks manually, by choosing “**1. Run Monkey**” from the left sidebar menu
and clicking on “**Run on machine of your choice**”.
Alternatively, you could provide valid credentials and allow Monkey to propagate to relevant subnetworks by itself.
Note that if Monkey can't communicate to the Island, it will
not be able to send scan results, so make sure all machines can reach the island.
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
## Assessing results
Check infection map and security report for segmentation problems. Ideally, all scanned nodes should only have
edges with the Island Server.
![Map](/images/usage/use-cases/segmentation-map.PNG "Map")

42
docs/content/usage/use-cases/other.md Normal file
View File

@ -0,0 +1,42 @@
---
title: "Other"
date: 2020-08-12T13:07:55+03:00
draft: false
description: "Tips and tricks about configuring monkey for your needs."
weight: 100
---
## Overview
This page provides additional information about configuring monkeys, tips and tricks and creative usage scenarios.
## ATT&CK & Zero Trust scanning
You can use **ATT&CK** configuration section to select which techniques you want to scan. Keep in mind that ATT&CK
matrix configuration just changes the overall configuration by modifying related fields, thus you should start by
modifying and saving the matrix. After that you can change credentials and scope of the scan, but exploiters,
post breach actions and other configuration values will be already chosen based on ATT&CK matrix and shouldn't be
modified.
There's currently no way to configure monkey using Zero Trust framework, but regardless of configuration options,
you'll always be able to see ATT&CK and Zero Trust reports.
## Tips and tricks
- Use **Monkey -> Persistent scanning** configuration section to either have periodic scans or to increase
reliability of exploitations.
- To increase propagation run monkey as root/administrator. This will ensure that monkey will gather credentials
on current system and use them to move laterally.
- Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the islands configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
- To see the Monkey executing in real-time on your servers, add the **post-breach action** command: `wall “Infection Monkey was here”`. This post breach command will broadcast a message across all open terminals on the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server. let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored inside your network. See below:
![How to configure post breach commands](/images/usage/scenarios/pba-example.png "How to configure post breach commands.")
- If you're scanning a large network, consider narrowing the scope and scanning it bit by bit if scan times become too
long. Lowering the amount of credentials, exploiters or post breach actions can also help to lower scanning times.

13
docs/layouts/shortcodes/homepage_shortcuts.html
View File

@ -59,21 +59,28 @@
<section id="homepage-shortcuts">
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-4 col-sm-6 mb-3">
<div class="col-lg-3 col-sm-6 mb-3">
<a href="setup/" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-cogs d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Setup</h4>
<p class="mb-0">See how to install the Infection Monkey.</p>
</a>
</div>
<div class="col-lg-4 col-sm-6 mb-3">
<div class="col-lg-3 col-sm-6 mb-3">
<a href="usage/getting-started/" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-play-circle d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Getting Started</h4>
<p class="mb-0">Set the Monkey wild in your datacenter.</p>
</a>
</div>
<div class="col-lg-4 col-sm-6 mb-3">
<div class="col-lg-3 col-sm-6 mb-3">
<a href="usage/use-cases" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Use Cases</h4>
<p class="mb-0">Learn about use cases of the Infection Monkey.</p>
</a>
</div>
<div class="col-lg-3 col-sm-6 mb-3">
<a href="faq/" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-question d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">FAQs</h4>

3
docs/static/css/labels.css vendored
View File

@ -9,4 +9,5 @@
.info {background-color: #2196F3;} /* Blue */
.warning {background-color: #ff9800;} /* Orange */
.danger {background-color: #f44336;} /* Red */
.other {background-color: #e7e7e7; color: black;} /* Gray */
.unused {background-color: #8d8d8d;} /* Dark Gray */
.disabled {background-color: #cfcfcf; color: black;} /* Light Gray */

BIN
docs/static/images/usage/reports/mitre-report-0.jpg vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 172 KiB

BIN
docs/static/images/usage/reports/mitre-report-0.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 159 KiB

BIN
docs/static/images/usage/use-cases/ids-test.PNG vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
docs/static/images/usage/use-cases/map-full-cropped.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.5 MiB

BIN
docs/static/images/usage/use-cases/network-breach.PNG vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 86 KiB

BIN
docs/static/images/usage/use-cases/segmentation-map.PNG vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

7
envs/monkey_zoo/blackbox/README.md
View File

@ -2,7 +2,8 @@
### Prerequisites
1. Download google sdk: https://cloud.google.com/sdk/docs/
2. Download service account key for MonkeyZoo project (if you deployed MonkeyZoo via terraform scripts then you already have it).
GCP console -> IAM -> service accounts(you can use the same key used to authenticate terraform scripts)
GCP console -> IAM -> service accounts(you can use the same key used to authenticate terraform scripts).
Place the key in `envs/monkey_zoo/gcp_keys/gcp_key.json`.
3. Deploy the relevant branch + complied executables to the Island machine on GCP.
### Running the tests
@ -21,8 +22,8 @@ Example run command:
`monkey\envs\monkey_zoo\blackbox>python -m pytest -s --island=35.207.152.72:5000 test_blackbox.py`
#### Running in PyCharm
Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72` on the
`monkey\envs\monkey_zoo\blackbox`.
Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72`, and to run from
directory `monkey\envs\monkey_zoo\blackbox`.
### Running telemetry performance test

3
envs/monkey_zoo/blackbox/analyzers/performance_analyzer.py
View File

@ -3,7 +3,8 @@ from datetime import timedelta
from typing import Dict
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
LOGGER = logging.getLogger(__name__)

2
envs/monkey_zoo/blackbox/island_client/island_config_parser.py
View File

@ -9,7 +9,7 @@ class IslandConfigParser(object):
self.config_json = json.loads(self.config_raw)
def get_ips_of_targets(self):
return self.config_json['basic_network']['general']['subnet_scan_list']
return self.config_json['basic_network']['scope']['subnet_scan_list']
@staticmethod
def get_conf_file_path(conf_file_name):

4
envs/monkey_zoo/blackbox/island_client/monkey_island_client.py
View File

@ -1,11 +1,11 @@
import json
import logging
from time import sleep
from bson import json_util
from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import MonkeyIslandRequests
from envs.monkey_zoo.blackbox.island_client.monkey_island_requests import \
MonkeyIslandRequests
SLEEP_BETWEEN_REQUESTS_SECONDS = 0.5
MONKEY_TEST_ENDPOINT = 'api/test/monkey'

13
envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py
View File

@ -1,13 +1,12 @@
from typing import Dict
import functools
import logging
from datetime import timedelta
from typing import Dict
import requests
import functools
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
import logging
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
SupportedRequestMethod
# SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \
@ -105,4 +104,4 @@ class MonkeyIslandRequests(object):
@_Decorators.refresh_jwt_token
def get_jwt_header(self):
return {"Authorization": "JWT " + self.token}
return {"Authorization": "Bearer " + self.token}

219
envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf
View File

@ -2,10 +2,13 @@
"basic": {
"credentials": {
"exploit_password_list": [
"Password1!",
"1234",
"root",
"123456",
"password",
"12345678"
"123456789",
"qwerty",
"111111",
"iloveyou"
],
"exploit_user_list": [
"Administrator",
@ -13,71 +16,24 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"ElasticGroovyExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
"subnet_scan_list": [
"10.2.2.4",
"10.2.2.5"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"ElasticGroovyExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
]
}
},
"internal": {
@ -104,12 +60,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -121,63 +109,76 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

224
envs/monkey_zoo/blackbox/island_configs/HADOOP.conf
View File

@ -2,10 +2,13 @@
"basic": {
"credentials": {
"exploit_password_list": [
"Password1!",
"1234",
"root",
"123456",
"password",
"12345678"
"123456789",
"qwerty",
"111111",
"iloveyou"
],
"exploit_user_list": [
"Administrator",
@ -13,12 +16,17 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"HadoopExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
@ -26,58 +34,6 @@
"10.2.2.3",
"10.2.2.2"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"HadoopExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -103,15 +59,45 @@
},
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [
"e1c0dc690821c13b10a41dccfc72e43a"
],
"exploit_ssh_keys": []
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -123,63 +109,77 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
"post_breach_actions": [
]
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

215
envs/monkey_zoo/blackbox/island_configs/MSSQL.conf
View File

@ -13,70 +13,21 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"MSSQLExploiter"
]
}
},
"basic_network": {
"general": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
"subnet_scan_list": [
"10.2.2.16"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"MSSQLExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": true,
"subnet_scan_list": []
}
},
"internal": {
@ -103,12 +54,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -120,63 +103,77 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
"post_breach_actions": [
]
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

249
envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf
View File

@ -13,12 +13,36 @@
"m0nk3y"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"SmbExploiter",
"WmiExploiter",
"SSHExploiter",
"ShellShockExploiter",
"SambaCryExploiter",
"ElasticGroovyExploiter",
"Struts2Exploiter",
"WebLogicExploiter",
"HadoopExploiter",
"VSFTPDExploiter",
"MSSQLExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": [
"10.2.2.0/30",
"10.2.2.8/30",
"10.2.2.24/32",
"10.2.2.23/32",
"10.2.2.21/32",
"10.2.2.19/32",
"10.2.2.18/32",
"10.2.2.17/32"
]
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
@ -44,74 +68,6 @@
"10.2.2.23",
"10.2.2.24"
]
},
"network_analysis": {
"inaccessible_subnets": [
"10.2.2.0/30",
"10.2.2.8/30",
"10.2.2.24/32",
"10.2.2.23/32",
"10.2.2.21/32",
"10.2.2.19/32",
"10.2.2.18/32",
"10.2.2.17/32"
]
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"SmbExploiter",
"WmiExploiter",
"SSHExploiter",
"ShellShockExploiter",
"SambaCryExploiter",
"ElasticGroovyExploiter",
"Struts2Exploiter",
"WebLogicExploiter",
"HadoopExploiter",
"VSFTPDExploiter",
"MSSQLExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -138,12 +94,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -156,74 +144,83 @@
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": true
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": [
"CommunicateAsNewUser"
"BackdoorUser",
"CommunicateAsNewUser",
"ModifyShellStartupFiles",
"HiddenFiles",
"TrapCommand",
"ChangeSetuidSetgid",
"ScheduleJobs"
]
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 15,
"victims_max_find": 100
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true,
"system_info_collectors_classes": [
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector"
]
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

208
envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf
View File

@ -13,70 +13,23 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"ShellShockExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
"subnet_scan_list": [
"10.2.2.8"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"ShellShockExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -103,12 +56,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -120,63 +105,76 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

208
envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf
View File

@ -11,12 +11,17 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"SmbExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
@ -24,58 +29,6 @@
"10.2.2.14",
"10.2.2.15"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"SmbExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -102,12 +55,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -119,63 +104,76 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

211
envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf
View File

@ -10,70 +10,23 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"SmbExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
"subnet_scan_list": [
"10.2.2.15"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"SmbExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -99,13 +52,46 @@
},
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [ "f7e457346f7743daece17258667c936d" ],
"exploit_ssh_keys": []
"exploit_ntlm_hash_list": [ "5da0889ea2081aa79f6852294cba4a5e",
"50c9987a6bf1ac59398df9f911122c9b" ],
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -117,63 +103,76 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

220
envs/monkey_zoo/blackbox/island_configs/SSH.conf
View File

@ -12,12 +12,17 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"SSHExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
@ -25,67 +30,6 @@
"10.2.2.11",
"10.2.2.12"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"SmbExploiter",
"WmiExploiter",
"SSHExploiter",
"ShellShockExploiter",
"SambaCryExploiter",
"ElasticGroovyExploiter",
"Struts2Exploiter",
"WebLogicExploiter",
"HadoopExploiter",
"VSFTPDExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -112,12 +56,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -129,63 +105,77 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 2,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
"post_breach_actions": [
]
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

208
envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf
View File

@ -14,12 +14,17 @@
"vakaris_zilius"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"Struts2Exploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
@ -27,55 +32,6 @@
"10.2.2.23",
"10.2.2.24"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"Struts2Exploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -102,12 +58,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -119,72 +107,76 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": [
"CommunicateAsNewUser"
]
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 15,
"victims_max_find": 100
"post_breach_actions": []
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true,
"system_info_collectors_classes": [
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector"
]
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

225
envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf
View File

@ -6,25 +6,28 @@
"3Q=(Ge(+&w]*",
"`))jU7L(w}",
"t67TC5ZDmz",
"12345678",
"another_one",
"and_another_one",
"one_more"
"12345678"
],
"exploit_user_list": [
"Administrator",
"rand",
"rand2",
"m0nk3y",
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"SmbExploiter",
"WmiExploiter",
"SSHExploiter",
"MSSQLExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 3,
"local_network_scan": false,
@ -34,67 +37,6 @@
"10.2.0.11",
"10.2.0.12"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"SmbExploiter",
"WmiExploiter",
"SSHExploiter",
"ShellShockExploiter",
"SambaCryExploiter",
"ElasticGroovyExploiter",
"Struts2Exploiter",
"WebLogicExploiter",
"HadoopExploiter",
"VSFTPDExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -121,12 +63,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -138,63 +112,76 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

217
envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf
View File

@ -2,10 +2,13 @@
"basic": {
"credentials": {
"exploit_password_list": [
"Password1!",
"1234",
"root",
"123456",
"password",
"12345678"
"123456789",
"qwerty",
"111111",
"iloveyou"
],
"exploit_user_list": [
"Administrator",
@ -13,12 +16,17 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"WebLogicExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
@ -26,58 +34,6 @@
"10.2.2.18",
"10.2.2.19"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"WebLogicExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -104,12 +60,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -121,63 +109,76 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

216
envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf
View File

@ -11,12 +11,17 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"WmiExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
@ -24,66 +29,6 @@
"10.2.2.14",
"10.2.2.15"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"WmiExploiter",
"SSHExploiter",
"ShellShockExploiter",
"SambaCryExploiter",
"ElasticGroovyExploiter",
"Struts2Exploiter",
"WebLogicExploiter",
"HadoopExploiter",
"VSFTPDExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -110,12 +55,44 @@
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [],
"exploit_ssh_keys": []
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -127,63 +104,76 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

219
envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf
View File

@ -10,78 +10,23 @@
"user"
]
},
"general": {
"should_exploit": true
"exploiters": {
"exploiter_classes": [
"WmiExploiter"
]
}
},
"basic_network": {
"general": {
"network_analysis": {
"inaccessible_subnets": []
},
"scope": {
"blocked_ips": [],
"depth": 2,
"local_network_scan": false,
"subnet_scan_list": [
"10.2.2.15"
]
},
"network_analysis": {
"inaccessible_subnets": []
}
},
"cnc": {
"servers": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000",
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
]
}
},
"exploits": {
"general": {
"exploiter_classes": [
"WmiExploiter",
"SSHExploiter",
"ShellShockExploiter",
"SambaCryExploiter",
"ElasticGroovyExploiter",
"Struts2Exploiter",
"WebLogicExploiter",
"HadoopExploiter",
"VSFTPDExploiter"
],
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"remote_user_pass": "Password1!",
"user_to_add": "Monkey_IUSER_SUPPORT"
},
"rdp_grinder": {
"rdp_use_vbs_download": true
},
"sambacry": {
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
],
"sambacry_trigger_timeout": 5
},
"smb_service": {
"smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey"
}
},
"internal": {
@ -107,13 +52,46 @@
},
"exploits": {
"exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [ "f7e457346f7743daece17258667c936d" ],
"exploit_ssh_keys": []
"exploit_ntlm_hash_list": [ "5da0889ea2081aa79f6852294cba4a5e",
"50c9987a6bf1ac59398df9f911122c9b"],
"exploit_ssh_keys": [],
"general": {
"skip_exploit_if_file_exist": false
},
"ms08_067": {
"ms08_067_exploit_attempts": 5,
"user_to_add": "Monkey_IUSER_SUPPORT",
"remote_user_pass": "Password1!"
},
"sambacry": {
"sambacry_trigger_timeout": 5,
"sambacry_folder_paths_to_guess": [
"/",
"/mnt",
"/tmp",
"/storage",
"/export",
"/share",
"/shares",
"/home"
],
"sambacry_shares_not_to_check": [
"IPC$",
"print$"
]
}
},
"general": {
"keep_tunnel_open_time": 1,
"keep_tunnel_open_time": 60,
"monkey_dir_name": "monkey_dir",
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}"
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"started_on_island": false
},
"island_server": {
"command_servers": [
"10.2.2.251:5000"
],
"current_server": "10.2.2.251:5000"
},
"kill_file": {
"kill_file_path_linux": "/var/run/monkey.not",
@ -125,63 +103,76 @@
"monkey_log_path_linux": "/tmp/user-1563",
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
"send_log_to_server": true
},
"monkey": {
"alive": true,
"internet_services": [
"monkey.guardicore.com",
"www.google.com"
],
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true,
"victims_max_exploit": 100,
"victims_max_find": 100
},
"network": {
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001,
8088
],
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_scan_get_banner": true
},
"ping_scanner": {
"ping_scan_timeout": 1000
}
},
"testing": {
"export_monkey_telems": false
}
},
"monkey": {
"behaviour": {
"persistent_scanning": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100
},
"post_breach": {
"PBA_linux_filename": "",
"PBA_windows_filename": "",
"custom_PBA_linux_cmd": "",
"custom_PBA_windows_cmd": "",
"self_delete_in_cleanup": true,
"serialize_config": false,
"use_file_logging": true
},
"general": {
"alive": true,
"post_breach_actions": []
},
"life_cycle": {
"max_iterations": 1,
"retry_failed_explotation": true,
"timeout_between_iterations": 100,
"victims_max_exploit": 7,
"victims_max_find": 30
},
"system_info": {
"collect_system_info": true,
"extract_azure_creds": true,
"should_use_mimikatz": true
}
},
"network": {
"ping_scanner": {
"ping_scan_timeout": 1000
},
"tcp_scanner": {
"HTTP_PORTS": [
80,
8080,
443,
8008,
7001
],
"tcp_scan_get_banner": true,
"tcp_scan_interval": 0,
"tcp_scan_timeout": 3000,
"tcp_target_ports": [
22,
2222,
445,
135,
3389,
80,
8080,
443,
8008,
3306,
9200,
7001
"system_info_collector_classes": [
"EnvironmentCollector",
"AwsCollector",
"HostnameCollector",
"ProcessListCollector",
"MimikatzCollector",
"AzureCollector"
]
}
}

6
envs/monkey_zoo/blackbox/log_handlers/test_logs_handler.py
View File

@ -2,8 +2,10 @@ import logging
import os
import shutil
from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import MonkeyLogParser
from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import MonkeyLogsDownloader
from envs.monkey_zoo.blackbox.log_handlers.monkey_log_parser import \
MonkeyLogParser
from envs.monkey_zoo.blackbox.log_handlers.monkey_logs_downloader import \
MonkeyLogsDownloader
LOG_DIR_NAME = 'logs'
LOGGER = logging.getLogger(__name__)

30
envs/monkey_zoo/blackbox/test_blackbox.py
View File

@ -1,20 +1,28 @@
import os
import logging
import pytest
import os
from time import sleep
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import CommunicationAnalyzer
from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHandler
import pytest
from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import \
CommunicationAnalyzer
from envs.monkey_zoo.blackbox.island_client.island_config_parser import \
IslandConfigParser
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
MonkeyIslandClient
from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import \
TestLogsHandler
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation import MapGenerationTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import MapGenerationFromTelemetryTest
from envs.monkey_zoo.blackbox.tests.performance.report_generation import ReportGenerationTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation import \
MapGenerationTest
from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import \
MapGenerationFromTelemetryTest
from envs.monkey_zoo.blackbox.tests.performance.report_generation import \
ReportGenerationTest
from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import \
ReportGenerationFromTelemetryTest
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \
TelemetryPerformanceTest
from envs.monkey_zoo.blackbox.utils import gcp_machine_handlers
DEFAULT_TIMEOUT_SECONDS = 5*60

12
envs/monkey_zoo/blackbox/tests/performance/endpoint_performance_test.py
View File

@ -1,10 +1,14 @@
import logging
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \
PerformanceAnalyzer
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
SupportedRequestMethod
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
LOGGER = logging.getLogger(__name__)

9
envs/monkey_zoo/blackbox/tests/performance/map_generation.py
View File

@ -1,9 +1,12 @@
from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \
PerformanceTestWorkflow
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)

6
envs/monkey_zoo/blackbox/tests/performance/map_generation_from_telemetries.py
View File

@ -1,7 +1,9 @@
from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
TelemetryPerformanceTestWorkflow

6
envs/monkey_zoo/blackbox/tests/performance/performance_test_workflow.py
View File

@ -1,7 +1,9 @@
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \
EndpointPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
class PerformanceTestWorkflow(BasicTest):

9
envs/monkey_zoo/blackbox/tests/performance/report_generation.py
View File

@ -1,9 +1,12 @@
from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import PerformanceTestWorkflow
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test_workflow import \
PerformanceTestWorkflow
MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)

6
envs/monkey_zoo/blackbox/tests/performance/report_generation_from_telemetries.py
View File

@ -1,7 +1,9 @@
from datetime import timedelta
from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.performance_test import \
PerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
TelemetryPerformanceTestWorkflow

2
envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_file_parser.py
View File

@ -1,7 +1,7 @@
import json
import logging
from os import listdir, path
from typing import List, Dict
from typing import Dict, List
from tqdm import tqdm

4
envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/fake_monkey.py
View File

@ -1,7 +1,7 @@
import random
from envs.monkey_zoo.blackbox.tests.performance.\
telem_sample_parsing.sample_multiplier.fake_ip_generator import FakeIpGenerator
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \
FakeIpGenerator
class FakeMonkey:

12
envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/sample_multiplier.py
View File

@ -2,14 +2,16 @@ import copy
import json
import logging
import sys
from typing import List, Dict
from typing import Dict, List
from tqdm import tqdm
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser
from envs.monkey_zoo.blackbox.tests.performance.\
telem_sample_parsing.sample_multiplier.fake_ip_generator import FakeIpGenerator
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import FakeMonkey
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \
SampleFileParser
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \
FakeIpGenerator
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_monkey import \
FakeMonkey
TELEM_DIR_PATH = './tests/performance/telemetry_sample'
LOGGER = logging.getLogger(__name__)

4
envs/monkey_zoo/blackbox/tests/performance/telem_sample_parsing/sample_multiplier/test_fake_ip_generator.py
View File

@ -1,7 +1,7 @@
from unittest import TestCase
from envs.monkey_zoo.blackbox.tests.performance.\
telem_sample_parsing.sample_multiplier.fake_ip_generator import FakeIpGenerator
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_multiplier.fake_ip_generator import \
FakeIpGenerator
class TestFakeIpGenerator(TestCase):

15
envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test.py
View File

@ -4,11 +4,16 @@ from datetime import timedelta
from tqdm import tqdm
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import PerformanceAnalyzer
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.supported_request_method import SupportedRequestMethod
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import SampleFileParser
from envs.monkey_zoo.blackbox.analyzers.performance_analyzer import \
PerformanceAnalyzer
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.supported_request_method import \
SupportedRequestMethod
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telem_sample_parsing.sample_file_parser import \
SampleFileParser
LOGGER = logging.getLogger(__name__)

9
envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py
View File

@ -1,7 +1,10 @@
from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import \
EndpointPerformanceTest
from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import \
PerformanceTestConfig
from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import \
TelemetryPerformanceTest
class TelemetryPerformanceTestWorkflow(BasicTest):

4
envs/os_compatibility/test_compatibility.py
View File

@ -1,7 +1,7 @@
import pytest
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import \
MonkeyIslandClient
machine_list = {
"10.0.0.36": "centos_6",

11
monkey/common/cloud/aws/aws_instance.py
View File

@ -1,14 +1,15 @@
import json
import re
import urllib.request
import urllib.error
import logging
__author__ = 'itay.mizeretz'
import re
import urllib.error
import urllib.request
from common.cloud.environment_names import Environment
from common.cloud.instance import CloudInstance
__author__ = 'itay.mizeretz'
AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS = "169.254.169.254"
AWS_LATEST_METADATA_URI_PREFIX = 'http://{0}/latest/'.format(AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS)
ACCOUNT_ID_KEY = "accountId"

6
monkey/common/cloud/aws/aws_service_test.py
View File

@ -1,7 +1,7 @@
from unittest import TestCase
from .aws_service import filter_instance_data_from_aws_response
import json
from unittest import TestCase
from .aws_service import filter_instance_data_from_aws_response
__author__ = 'shay.nehmad'

1
monkey/common/cloud/azure/azure_instance.py
View File

@ -1,4 +1,5 @@
import logging
import requests
from common.cloud.environment_names import Environment

1
monkey/common/cloud/gcp/gcp_instance.py
View File

@ -1,4 +1,5 @@
import logging
import requests
from common.cloud.environment_names import Environment

2
monkey/common/cmd/cmd_runner.py
View File

@ -1,5 +1,5 @@
import time
import logging
import time
from abc import abstractmethod
from common.cmd.cmd import Cmd

1
monkey/common/data/api_url_consts.py Normal file
View File

@ -0,0 +1 @@
T1216_PBA_FILE_DOWNLOAD_PATH = '/api/t1216-pba/download'

6
monkey/common/data/post_breach_consts.py
View File

@ -3,3 +3,9 @@ POST_BREACH_BACKDOOR_USER = "Backdoor user"
POST_BREACH_FILE_EXECUTION = "File execution"
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = "Modify shell startup file"
POST_BREACH_HIDDEN_FILES = "Hide files and directories"
POST_BREACH_TRAP_COMMAND = "Execute command when a particular signal is received"
POST_BREACH_SETUID_SETGID = "Setuid and Setgid"
POST_BREACH_JOB_SCHEDULING = "Schedule jobs"
POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC = "Signed script proxy execution"
POST_BREACH_ACCOUNT_DISCOVERY = "Account discovery"
POST_BREACH_CLEAR_CMD_HISTORY = "Clear command history"

2
monkey/common/data/system_info_collectors_names.py
View File

@ -2,3 +2,5 @@ AWS_COLLECTOR = "AwsCollector"
HOSTNAME_COLLECTOR = "HostnameCollector"
ENVIRONMENT_COLLECTOR = "EnvironmentCollector"
PROCESS_LIST_COLLECTOR = "ProcessListCollector"
MIMIKATZ_COLLECTOR = "MimikatzCollector"
AZURE_CRED_COLLECTOR = "AzureCollector"

3
monkey/common/data/validation_formats.py Normal file
View File

@ -0,0 +1,3 @@
# Defined in UI on ValidationFormats.js
IP_RANGE = "ip-range"
IP = "ip"

2
monkey/common/data/zero_trust_consts.py
View File

@ -57,7 +57,7 @@ PRINCIPLES = {
PRINCIPLE_ENDPOINT_SECURITY: "Use anti-virus and other traditional endpoint security solutions.",
PRINCIPLE_DATA_TRANSIT: "Secure data at transit by encrypting it.",
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.",
PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandetory "
PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandatory "
"Access Control) only.",
}

5
monkey/common/network/network_range.py
View File

@ -1,11 +1,10 @@
import ipaddress
import logging
import random
import socket
import struct
from abc import ABCMeta, abstractmethod
import ipaddress
import logging
__author__ = 'itamar'
LOG = logging.getLogger(__name__)

2
monkey/common/utils/attack_utils.py
View File

@ -8,6 +8,8 @@ class ScanStatus(Enum):
SCANNED = 1
# Technique was attempted and succeeded
USED = 2
# Techique was disabled
DISABLED = 3
class UsageEnum(Enum):

5
monkey/common/utils/mongo_utils.py
View File

@ -1,4 +1,5 @@
import sys
if sys.platform == 'win32':
import win32com
import wmi
@ -24,7 +25,7 @@ class MongoUtils:
return o
elif isinstance(o, str):
# mongo dosn't like unprintable chars, so we use repr :/
# mongo doesn't like unprintable chars, so we use repr :/
return repr(o)
elif hasattr(o, "__class__") and o.__class__ == wmi._wmi_object:
@ -32,7 +33,7 @@ class MongoUtils:
elif hasattr(o, "__class__") and o.__class__ == win32com.client.CDispatch:
try:
# objectSid property of ds_user is problematic and need thie special treatment.
# objectSid property of ds_user is problematic and need this special treatment.
# ISWbemObjectEx interface. Class Uint8Array ?
if str(o._oleobj_.GetTypeInfo().GetTypeAttr().iid) == "{269AD56A-8A67-4129-BC8C-0506DCFE9880}":
return o.Value

23
monkey/common/utils/shellcode_obfuscator.py Normal file
View File

@ -0,0 +1,23 @@
# This code is used to obfuscate shellcode
# Usage:
# shellcode_obfuscator.py [your normal shellcode].
# For example:
# shellcode_obfuscator.py "\x52\x3d\xf6\xc9\x4b\x5d\xe0\x62\x7e\x3d\xa8\x07\x7b\x76\x30"
# This returns "\x30\x76\x7b\x07\xa8\x3d\x7e\x62\xe0\x5d\x4b\xc9\xf6\x3d\x52"
# Verify that it's the same shellcode, just reversed and paste it in code.
# Then clarify it before usage to reverse it on runtime.
import sys
def obfuscate(shellcode: str) -> str:
shellcode = shellcode.split('\\')[::-1]
return '\\'+'\\'.join(shellcode)[:-1]
def clarify(shellcode: str) -> str:
return shellcode[::-1]
if __name__ == "__main__":
print(obfuscate(sys.argv[1]))

17
monkey/common/utils/test_shellcode_obfuscator.py Normal file
View File

@ -0,0 +1,17 @@
from unittest import TestCase
from common.utils.shellcode_obfuscator import clarify, obfuscate
SHELLCODE_FROM_CMD_PARAM = '\\x52\\x3d\\xf6\\xc9\\x4b\\x5d\\xe0\\x62\\x7e\\x3d\\xa8\\x07\\x7b\\x76\\x30'
OBFUSCATED_PARAM_OUTPUT = '\\x30\\x76\\x7b\\x07\\xa8\\x3d\\x7e\\x62\\xe0\\x5d\\x4b\\xc9\\xf6\\x3d\\x52'
OBFUSCATED_SHELLCODE = "\x30\x76\x7b\x07\xa8\x3d\x7e\x62\xe0\x5d\x4b\xc9\xf6\x3d\x52"
CLARIFIED_SHELLCODE = "\x52\x3d\xf6\xc9\x4b\x5d\xe0\x62\x7e\x3d\xa8\x07\x7b\x76\x30"
class TestShellcodeObfuscator(TestCase):
def test_obfuscate(self):
self.assertEqual(obfuscate(SHELLCODE_FROM_CMD_PARAM), OBFUSCATED_PARAM_OUTPUT)
def test_clarify(self):
self.assertEqual(clarify(OBFUSCATED_SHELLCODE), CLARIFIED_SHELLCODE)

8
monkey/common/utils/wmi_utils.py
View File

@ -1,4 +1,10 @@
import wmi
import sys
if sys.platform.startswith("win"):
import pythoncom
pythoncom.CoInitialize()
import wmi
from .mongo_utils import MongoUtils

Some files were not shown because too many files have changed in this diff Show More