forked from p15670423/monkey
fixes and improvements after test-run 1
This commit is contained in:
parent
e9e21b77da
commit
4a42fc540e
|
@ -37,6 +37,7 @@ class SmbExploiter(HostExploiter):
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self._config = __import__('config').WormConfiguration
|
self._config = __import__('config').WormConfiguration
|
||||||
|
self._guid = __import__('config').GUID
|
||||||
|
|
||||||
def is_os_supported(self, host):
|
def is_os_supported(self, host):
|
||||||
if host.os.get('type') in self._target_os_type:
|
if host.os.get('type') in self._target_os_type:
|
||||||
|
@ -103,6 +104,8 @@ class SmbExploiter(HostExploiter):
|
||||||
else:
|
else:
|
||||||
cmdline = MONKEY_CMDLINE_DETACHED % {'monkey_path': remote_full_path}
|
cmdline = MONKEY_CMDLINE_DETACHED % {'monkey_path': remote_full_path}
|
||||||
|
|
||||||
|
cmdline += " -p " + self._guid
|
||||||
|
|
||||||
if host.default_tunnel:
|
if host.default_tunnel:
|
||||||
cmdline += " -t " + host.default_tunnel
|
cmdline += " -t " + host.default_tunnel
|
||||||
if host.default_server:
|
if host.default_server:
|
||||||
|
|
|
@ -19,6 +19,7 @@ class SSHExploiter(HostExploiter):
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self._config = __import__('config').WormConfiguration
|
self._config = __import__('config').WormConfiguration
|
||||||
|
self._guid = __import__('config').GUID
|
||||||
self._update_timestamp = 0
|
self._update_timestamp = 0
|
||||||
|
|
||||||
def log_transfer(self, transferred, total):
|
def log_transfer(self, transferred, total):
|
||||||
|
@ -117,6 +118,7 @@ class SSHExploiter(HostExploiter):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
|
cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
|
||||||
|
cmdline += " -p " + self._guid
|
||||||
if host.default_tunnel:
|
if host.default_tunnel:
|
||||||
cmdline += " -t " + host.default_tunnel
|
cmdline += " -t " + host.default_tunnel
|
||||||
if host.default_server:
|
if host.default_server:
|
||||||
|
|
|
@ -393,7 +393,7 @@ def get_target_monkey(host):
|
||||||
if host.os.get('type') == platform.system().lower():
|
if host.os.get('type') == platform.system().lower():
|
||||||
# if exe not found, and we have the same arch or arch is unknown and we are 32bit, use our exe
|
# if exe not found, and we have the same arch or arch is unknown and we are 32bit, use our exe
|
||||||
if (not host.os.get('machine') and sys.maxsize < 2**32) or \
|
if (not host.os.get('machine') and sys.maxsize < 2**32) or \
|
||||||
host.os.get('machine','').lower() == platform.machine().lower():
|
host.os.get('machine','').lower() == platform.machine().lower():
|
||||||
monkey_path = sys.executable
|
monkey_path = sys.executable
|
||||||
|
|
||||||
return monkey_path
|
return monkey_path
|
|
@ -171,6 +171,7 @@ class Ms08_067_Exploiter(HostExploiter):
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self._config = __import__('config').WormConfiguration
|
self._config = __import__('config').WormConfiguration
|
||||||
|
self._guid = __import__('config').GUID
|
||||||
|
|
||||||
def is_os_supported(self, host):
|
def is_os_supported(self, host):
|
||||||
if host.os.get('type') in self._target_os_type and \
|
if host.os.get('type') in self._target_os_type and \
|
||||||
|
@ -249,6 +250,8 @@ class Ms08_067_Exploiter(HostExploiter):
|
||||||
else:
|
else:
|
||||||
cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
|
cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
|
||||||
|
|
||||||
|
cmdline += " -p " + self._guid
|
||||||
|
|
||||||
if host.default_tunnel:
|
if host.default_tunnel:
|
||||||
cmdline += " -t " + host.default_tunnel
|
cmdline += " -t " + host.default_tunnel
|
||||||
if host.default_server:
|
if host.default_server:
|
||||||
|
|
|
@ -15,6 +15,7 @@ class WmiExploiter(HostExploiter):
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self._config = __import__('config').WormConfiguration
|
self._config = __import__('config').WormConfiguration
|
||||||
|
self._guid = __import__('config').GUID
|
||||||
|
|
||||||
@WmiTools.dcom_wrap
|
@WmiTools.dcom_wrap
|
||||||
def exploit_host(self, host, depth=-1, src_path=None):
|
def exploit_host(self, host, depth=-1, src_path=None):
|
||||||
|
|
|
@ -93,6 +93,7 @@ class ChaosMonkey(object):
|
||||||
|
|
||||||
if 0 == WormConfiguration.depth:
|
if 0 == WormConfiguration.depth:
|
||||||
LOG.debug("Reached max depth, shutting down")
|
LOG.debug("Reached max depth, shutting down")
|
||||||
|
ControlClient.send_telemetry("trace", "Reached max depth, shutting down")
|
||||||
return
|
return
|
||||||
else:
|
else:
|
||||||
LOG.debug("Running with depth: %d" % WormConfiguration.depth)
|
LOG.debug("Running with depth: %d" % WormConfiguration.depth)
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# -*- mode: python -*-
|
# -*- mode: python -*-
|
||||||
|
import os
|
||||||
import platform
|
import platform
|
||||||
a = Analysis(['main.py'],
|
a = Analysis(['main.py'],
|
||||||
pathex=['.'],
|
pathex=['.'],
|
||||||
|
@ -12,7 +13,7 @@ if platform.system().find("Windows")>= 0:
|
||||||
pyz = PYZ(a.pure)
|
pyz = PYZ(a.pure)
|
||||||
exe = EXE(pyz,
|
exe = EXE(pyz,
|
||||||
a.scripts,
|
a.scripts,
|
||||||
a.binaries,
|
a.binaries + [('msvcr100.dll', os.environ['WINDIR'] + '\system32\msvcr100.dll', 'BINARY')],
|
||||||
a.zipfiles,
|
a.zipfiles,
|
||||||
a.datas,
|
a.datas,
|
||||||
name='monkey.exe',
|
name='monkey.exe',
|
||||||
|
|
|
@ -5,8 +5,11 @@ Windows:
|
||||||
https://www.python.org/download/releases/2.7
|
https://www.python.org/download/releases/2.7
|
||||||
2. install pywin32-219.win32-py2.7.exe
|
2. install pywin32-219.win32-py2.7.exe
|
||||||
http://sourceforge.net/projects/pywin32/files/pywin32/Build%20219/
|
http://sourceforge.net/projects/pywin32/files/pywin32/Build%20219/
|
||||||
3. install VCForPython27.msi
|
3. a. install VCForPython27.msi
|
||||||
http://www.microsoft.com/en-us/download/details.aspx?id=44266
|
http://www.microsoft.com/en-us/download/details.aspx?id=44266
|
||||||
|
b. if not installed, install Microsoft Visual C++ 2010 SP1 Redistributable Package
|
||||||
|
32bit: http://www.microsoft.com/en-us/download/details.aspx?id=8328
|
||||||
|
64bit: http://www.microsoft.com/en-us/download/details.aspx?id=13523
|
||||||
4. Download & Run get-pip.py
|
4. Download & Run get-pip.py
|
||||||
https://bootstrap.pypa.io/get-pip.py
|
https://bootstrap.pypa.io/get-pip.py
|
||||||
5. Run:
|
5. Run:
|
||||||
|
|
|
@ -309,45 +309,44 @@ function createTunnels() {
|
||||||
}
|
}
|
||||||
|
|
||||||
function createScanned() {
|
function createScanned() {
|
||||||
var genTime = temelGenerationDate; // save the initial value as it's going to be changed in each json call
|
// Gets all the scans performed by monkeys
|
||||||
// For each existing monkey, gets all the scans performed by it
|
|
||||||
// For each non exploited machine, adds a new node and connects it as a scanned node.
|
// For each non exploited machine, adds a new node and connects it as a scanned node.
|
||||||
for (var i = 0; i < monkeys.length; i++) {
|
|
||||||
var monkey = monkeys[i];
|
|
||||||
// Get scans for each monkey
|
|
||||||
// Reading the JSON file containing the monkeys' informations
|
|
||||||
$.getJSON(jsonFileTelemetry +'?timestamp='+ genTime + "&monkey_guid=" + monkey.guid+"&telem_type=scan", function(json) {
|
|
||||||
temelGenerationDate = json.timestamp;
|
|
||||||
var scans = json.objects;
|
|
||||||
for (var i = 0; i < scans.length; i++) {
|
|
||||||
var scan = scans[i];
|
|
||||||
//Check if we already exploited this machine from another PoV, if so no point in scanning.
|
|
||||||
if (null != getMonkeyByIP(scan.data.machine.ip_addr)) {
|
|
||||||
//if so, make sure we don't already have such a node
|
|
||||||
nodes = nodes.filter(function (node) {
|
|
||||||
return (node.id != ip_addr);
|
|
||||||
});
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
//And check if we've already added this scanned machine
|
|
||||||
var machineNode = getScannedByIP(scan.data.machine.ip_addr)
|
|
||||||
if (null == machineNode) {
|
|
||||||
machineNode = createMachineNode(scan.data.machine);
|
|
||||||
scannedMachines.push(machineNode);
|
|
||||||
nodes.push(machineNode);
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!edgeExists([monkey.id, machineNode.id, EDGE_TYPE_SCAN])) {
|
// Reading the JSON file containing the monkeys' informations
|
||||||
edges.push({from: monkey.id, to: machineNode.id, arrows:'middle', type: EDGE_TYPE_SCAN, color: EDGE_COLOR_SCAN});
|
$.getJSON(jsonFileTelemetry +'?timestamp='+ temelGenerationDate + "&telem_type=scan", function(json) {
|
||||||
numOfScanLinks++;
|
temelGenerationDate = json.timestamp;
|
||||||
}
|
var scans = json.objects;
|
||||||
|
for (var i = 0; i < scans.length; i++) {
|
||||||
|
var scan = scans[i];
|
||||||
|
var monkey = getMonkeyByGuid(scan.monkey_guid);
|
||||||
|
|
||||||
|
//Check if we already exploited this machine from another PoV, if so no point in scanning.
|
||||||
|
if (null != getMonkeyByIP(scan.data.machine.ip_addr)) {
|
||||||
|
//if so, make sure we don't already have such a node
|
||||||
|
nodes = nodes.filter(function (node) {
|
||||||
|
return (node.id != ip_addr);
|
||||||
|
});
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
if (scans.length > 0) {
|
|
||||||
refreshDrawing();
|
//And check if we've already added this scanned machine
|
||||||
updateCounters();
|
var machineNode = getScannedByIP(scan.data.machine.ip_addr)
|
||||||
|
if (null == machineNode) {
|
||||||
|
machineNode = createMachineNode(scan.data.machine);
|
||||||
|
scannedMachines.push(machineNode);
|
||||||
|
nodes.push(machineNode);
|
||||||
}
|
}
|
||||||
});
|
|
||||||
}
|
if(!edgeExists([monkey.id, machineNode.id, EDGE_TYPE_SCAN])) {
|
||||||
|
edges.push({from: monkey.id, to: machineNode.id, arrows:'middle', type: EDGE_TYPE_SCAN, color: EDGE_COLOR_SCAN});
|
||||||
|
numOfScanLinks++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (scans.length > 0) {
|
||||||
|
refreshDrawing();
|
||||||
|
updateCounters();
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -414,7 +413,6 @@ function prepareSearchEngine() {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Manage the key presses events
|
* Manage the key presses events
|
||||||
*/
|
*/
|
||||||
|
@ -441,7 +439,6 @@ function onDoubleClick(properties) {
|
||||||
onSelect(properties);
|
onSelect(properties);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Manage the event when an object is selected
|
* Manage the event when an object is selected
|
||||||
*/
|
*/
|
||||||
|
@ -482,7 +479,6 @@ function onNodeSelect(nodeId) {
|
||||||
}
|
}
|
||||||
|
|
||||||
$("#selectionInfo").html(htmlContent);
|
$("#selectionInfo").html(htmlContent);
|
||||||
|
|
||||||
$('#monkey-config').show()
|
$('#monkey-config').show()
|
||||||
$('#btnConfigLoad, #btnConfigUpdate').show();
|
$('#btnConfigLoad, #btnConfigUpdate').show();
|
||||||
|
|
||||||
|
@ -496,7 +492,7 @@ function onNodeSelect(nodeId) {
|
||||||
}
|
}
|
||||||
$('#monkey-enabled').show();
|
$('#monkey-enabled').show();
|
||||||
|
|
||||||
$.getJSON('/api/telemetry/' + monkey.guid, function(json) {
|
$.getJSON('/api/telemetry?monkey_guid=' + monkey.guid, function(json) {
|
||||||
telemTable.clear();
|
telemTable.clear();
|
||||||
var telemetries = json.objects;
|
var telemetries = json.objects;
|
||||||
|
|
||||||
|
@ -666,6 +662,29 @@ function selectNode(hostname, zoom) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function resetDB() {
|
||||||
|
if (confirm('Are you sure you want to empty the database?')) {
|
||||||
|
$.ajax({
|
||||||
|
headers : {
|
||||||
|
'Accept' : 'application/json',
|
||||||
|
},
|
||||||
|
url : '/api?action=reset',
|
||||||
|
type : 'GET',
|
||||||
|
success : function(response, textStatus, jqXhr) {
|
||||||
|
console.log("DB was successfully reset!");
|
||||||
|
location.reload();
|
||||||
|
},
|
||||||
|
error : function(jqXHR, textStatus, errorThrown) {
|
||||||
|
// log the error to the console
|
||||||
|
console.log("The following error occured: " + textStatus, errorThrown);
|
||||||
|
},
|
||||||
|
complete : function() {
|
||||||
|
console.log("Trying to reset DB...");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a monkey from its id
|
* Get a monkey from its id
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -26,7 +26,7 @@ MONKEY_DOWNLOADS = [
|
||||||
{
|
{
|
||||||
'type': 'windows',
|
'type': 'windows',
|
||||||
'machine': 'x86',
|
'machine': 'x86',
|
||||||
'filename': 'monkey-linux-32.exe',
|
'filename': 'monkey-windows-32.exe',
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'type': 'windows',
|
'type': 'windows',
|
||||||
|
@ -202,7 +202,7 @@ class MonkeyDownload(restful.Resource):
|
||||||
def post(self):
|
def post(self):
|
||||||
host_json = json.loads(request.data)
|
host_json = json.loads(request.data)
|
||||||
host_os = host_json.get('os')
|
host_os = host_json.get('os')
|
||||||
if os:
|
if host_os:
|
||||||
result = None
|
result = None
|
||||||
for download in MONKEY_DOWNLOADS:
|
for download in MONKEY_DOWNLOADS:
|
||||||
if host_os.get('type') == download.get('type') and \
|
if host_os.get('type') == download.get('type') and \
|
||||||
|
|
Loading…
Reference in New Issue