From b3499074b59393d1307e2dc9140343b200a2bd86 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 13:36:37 -0400 Subject: [PATCH 01/29] BB: Add TestConfiguration --- .../blackbox/test_configurations/__init__.py | 1 + .../test_configurations/test_configuration.py | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/__init__.py create mode 100644 envs/monkey_zoo/blackbox/test_configurations/test_configuration.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/__init__.py b/envs/monkey_zoo/blackbox/test_configurations/__init__.py new file mode 100644 index 000000000..676affca1 --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/__init__.py @@ -0,0 +1 @@ +from .test_configuration import TestConfiguration diff --git a/envs/monkey_zoo/blackbox/test_configurations/test_configuration.py b/envs/monkey_zoo/blackbox/test_configurations/test_configuration.py new file mode 100644 index 000000000..2755a501d --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/test_configuration.py @@ -0,0 +1,11 @@ +from dataclasses import dataclass +from typing import Tuple + +from common.configuration import AgentConfiguration +from common.credentials import Credentials + + +@dataclass +class TestConfiguration: + agent_configuration: AgentConfiguration + propagation_credentials: Tuple[Credentials, ...] From c42cfe3110cccd567ba9cff634fe48fecdae84d1 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 13:36:55 -0400 Subject: [PATCH 02/29] BB: Add noop_configuration --- .../noop_test_configuration.py | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/noop_test_configuration.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/noop_test_configuration.py b/envs/monkey_zoo/blackbox/test_configurations/noop_test_configuration.py new file mode 100644 index 000000000..1d0b70ff4 --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/noop_test_configuration.py @@ -0,0 +1,53 @@ +from common.configuration import ( + AgentConfiguration, + CustomPBAConfiguration, + ExploitationConfiguration, + ExploitationOptionsConfiguration, + ICMPScanConfiguration, + NetworkScanConfiguration, + PropagationConfiguration, + ScanTargetConfiguration, + TCPScanConfiguration, +) + +from . import TestConfiguration + +_custom_pba_configuration = CustomPBAConfiguration("", "", "", "") + +_tcp_scan_configuration = TCPScanConfiguration(timeout=3.0, ports=[]) +_icmp_scan_configuration = ICMPScanConfiguration(timeout=1.0) +_scan_target_configuration = ScanTargetConfiguration( + blocked_ips=[], inaccessible_subnets=[], local_network_scan=False, subnets=[] +) +_network_scan_configuration = NetworkScanConfiguration( + tcp=_tcp_scan_configuration, + icmp=_icmp_scan_configuration, + fingerprinters=[], + targets=_scan_target_configuration, +) + +_exploitation_options_configuration = ExploitationOptionsConfiguration(http_ports=[]) +_exploitation_configuration = ExploitationConfiguration( + options=_exploitation_options_configuration, brute_force=[], vulnerability=[] +) + +_propagation_configuration = PropagationConfiguration( + maximum_depth=0, + network_scan=_network_scan_configuration, + exploitation=_exploitation_configuration, +) + +_agent_configuration = AgentConfiguration( + keep_tunnel_open_time=0, + custom_pbas=_custom_pba_configuration, + post_breach_actions=[], + credential_collectors=[], + payloads=[], + propagation=_propagation_configuration, +) +_propagation_credentials = tuple() + +# This is an empty, NOOP configuration from which other configurations can be built +noop_test_configuration = TestConfiguration( + agent_configuration=_agent_configuration, propagation_credentials=_propagation_credentials +) From ed6b766cd1147382104d609face77b291152e6b8 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 14:27:08 -0400 Subject: [PATCH 03/29] BB: Add test_configurations/utils.py --- .../blackbox/test_configurations/utils.py | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/utils.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/utils.py b/envs/monkey_zoo/blackbox/test_configurations/utils.py new file mode 100644 index 000000000..05c91426a --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/utils.py @@ -0,0 +1,86 @@ +from dataclasses import replace +from typing import Sequence + +from common.configuration import ( + AgentConfiguration, + ExploitationConfiguration, + NetworkScanConfiguration, + PropagationConfiguration, + ScanTargetConfiguration, +) + +from . import TestConfiguration + + +def add_exploiters( + agent_configuration: AgentConfiguration, brute_force=[], vulnerability=[] +) -> AgentConfiguration: + exploitation_configuration = replace( + agent_configuration.propagation.exploitation, + brute_force=brute_force, + vulnerability=vulnerability, + ) + return replace_exploitation_configuration(agent_configuration, exploitation_configuration) + + +def add_tcp_ports( + agent_configuration: AgentConfiguration, tcp_ports: Sequence[int] +) -> AgentConfiguration: + tcp_scan_configuration = replace( + agent_configuration.propagation.network_scan.tcp, ports=tuple(tcp_ports) + ) + network_scan_configuration = replace( + agent_configuration.propagation.network_scan, tcp=tcp_scan_configuration + ) + + return replace_network_scan_configuration(agent_configuration, network_scan_configuration) + + +def add_subnets( + agent_configuration: AgentConfiguration, subnets: Sequence[str] +) -> AgentConfiguration: + scan_target_configuration = replace( + agent_configuration.propagation.network_scan.targets, subnets=subnets + ) + return replace_scan_target_configuration(agent_configuration, scan_target_configuration) + + +def replace_exploitation_configuration( + agent_configuration: AgentConfiguration, exploitation_configuration: ExploitationConfiguration +) -> AgentConfiguration: + propagation_configuration = replace( + agent_configuration.propagation, exploitation=exploitation_configuration + ) + + return replace_propagation_configuration(agent_configuration, propagation_configuration) + + +def replace_scan_target_configuration( + agent_configuration: AgentConfiguration, scan_target_configuration: ScanTargetConfiguration +) -> AgentConfiguration: + network_scan_configuration = replace( + agent_configuration.propagation.network_scan, targets=scan_target_configuration + ) + + return replace_network_scan_configuration(agent_configuration, network_scan_configuration) + + +def replace_network_scan_configuration( + agent_configuration: AgentConfiguration, network_scan_configuration: NetworkScanConfiguration +) -> AgentConfiguration: + propagation_configuration = replace( + agent_configuration.propagation, network_scan=network_scan_configuration + ) + return replace_propagation_configuration(agent_configuration, propagation_configuration) + + +def replace_propagation_configuration( + agent_configuration: AgentConfiguration, propagation_configuration: PropagationConfiguration +) -> AgentConfiguration: + return replace(agent_configuration, propagation=propagation_configuration) + + +def replace_agent_configuration( + test_configuration: TestConfiguration, agent_configuration: AgentConfiguration +) -> TestConfiguration: + return replace(test_configuration, agent_configuration=agent_configuration) From 68c6625445ddf826eec142e3706bcb84871f129a Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 14:31:04 -0400 Subject: [PATCH 04/29] BB: Add a zerologon test configuration --- .../blackbox/test_configurations/zerologon.py | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/zerologon.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/zerologon.py b/envs/monkey_zoo/blackbox/test_configurations/zerologon.py new file mode 100644 index 000000000..34b797c7b --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/zerologon.py @@ -0,0 +1,29 @@ +from common.configuration import AgentConfiguration, PluginConfiguration + +from .noop_test_configuration import noop_test_configuration +from .utils import add_exploiters, add_subnets, add_tcp_ports, replace_agent_configuration + + +def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: + brute_force = [PluginConfiguration(name="SmbExploiter", options={})] + vulnerability = [PluginConfiguration(name="ZerologonExploiter", options={})] + + return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=vulnerability) + + +def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: + tcp_ports = [135, 445] + return add_tcp_ports(agent_configuration, tcp_ports) + + +def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: + subnets = ["10.2.2.25"] + return add_subnets(agent_configuration, subnets) + + +agent_configuration = _add_exploiters( + _add_tcp_ports(_add_subnets(noop_test_configuration.agent_configuration)) +) +zerologon_test_configuration = replace_agent_configuration( + noop_test_configuration, agent_configuration +) From 37e79f41e80bccc45133708632759cf5e0d10819 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 14:33:25 -0400 Subject: [PATCH 05/29] BB: Rename noop_test_configuration.py -> noop.py --- envs/monkey_zoo/blackbox/test_configurations/__init__.py | 1 + .../test_configurations/{noop_test_configuration.py => noop.py} | 0 envs/monkey_zoo/blackbox/test_configurations/zerologon.py | 2 +- 3 files changed, 2 insertions(+), 1 deletion(-) rename envs/monkey_zoo/blackbox/test_configurations/{noop_test_configuration.py => noop.py} (100%) diff --git a/envs/monkey_zoo/blackbox/test_configurations/__init__.py b/envs/monkey_zoo/blackbox/test_configurations/__init__.py index 676affca1..022b20e35 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/__init__.py +++ b/envs/monkey_zoo/blackbox/test_configurations/__init__.py @@ -1 +1,2 @@ from .test_configuration import TestConfiguration +from .zerologon import zerologon_test_configuration diff --git a/envs/monkey_zoo/blackbox/test_configurations/noop_test_configuration.py b/envs/monkey_zoo/blackbox/test_configurations/noop.py similarity index 100% rename from envs/monkey_zoo/blackbox/test_configurations/noop_test_configuration.py rename to envs/monkey_zoo/blackbox/test_configurations/noop.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/zerologon.py b/envs/monkey_zoo/blackbox/test_configurations/zerologon.py index 34b797c7b..e34b062cf 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/zerologon.py +++ b/envs/monkey_zoo/blackbox/test_configurations/zerologon.py @@ -1,6 +1,6 @@ from common.configuration import AgentConfiguration, PluginConfiguration -from .noop_test_configuration import noop_test_configuration +from .noop import noop_test_configuration from .utils import add_exploiters, add_subnets, add_tcp_ports, replace_agent_configuration From d11fbe92e86523758283c3e16014f8bf33898ae7 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 14:49:25 -0400 Subject: [PATCH 06/29] BB: Add missing type hints to add_exploiters() --- envs/monkey_zoo/blackbox/test_configurations/utils.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/utils.py b/envs/monkey_zoo/blackbox/test_configurations/utils.py index 05c91426a..929b5afcb 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/utils.py +++ b/envs/monkey_zoo/blackbox/test_configurations/utils.py @@ -5,6 +5,7 @@ from common.configuration import ( AgentConfiguration, ExploitationConfiguration, NetworkScanConfiguration, + PluginConfiguration, PropagationConfiguration, ScanTargetConfiguration, ) @@ -13,7 +14,9 @@ from . import TestConfiguration def add_exploiters( - agent_configuration: AgentConfiguration, brute_force=[], vulnerability=[] + agent_configuration: AgentConfiguration, + brute_force: Sequence[PluginConfiguration] = [], + vulnerability: Sequence[PluginConfiguration] = [], ) -> AgentConfiguration: exploitation_configuration = replace( agent_configuration.propagation.exploitation, From dbc138d26338c85607beadd6d8807e605af233dd Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 14:52:05 -0400 Subject: [PATCH 07/29] BB: Add replace_propagation_credentials() --- envs/monkey_zoo/blackbox/test_configurations/utils.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/utils.py b/envs/monkey_zoo/blackbox/test_configurations/utils.py index 929b5afcb..c9ef2dd01 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/utils.py +++ b/envs/monkey_zoo/blackbox/test_configurations/utils.py @@ -1,5 +1,5 @@ from dataclasses import replace -from typing import Sequence +from typing import Sequence, Tuple from common.configuration import ( AgentConfiguration, @@ -9,6 +9,7 @@ from common.configuration import ( PropagationConfiguration, ScanTargetConfiguration, ) +from common.credentials import Credentials from . import TestConfiguration @@ -87,3 +88,9 @@ def replace_agent_configuration( test_configuration: TestConfiguration, agent_configuration: AgentConfiguration ) -> TestConfiguration: return replace(test_configuration, agent_configuration=agent_configuration) + + +def replace_propagation_credentials( + test_configuration: TestConfiguration, propagation_credentials: Tuple[Credentials, ...] +): + return replace(test_configuration, propagation_credentials=propagation_credentials) From 138ce81f1b0fe26cb30d3343039e4e541cf21fc3 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 14:52:31 -0400 Subject: [PATCH 08/29] BB: Add add_credential_collectors() --- envs/monkey_zoo/blackbox/test_configurations/utils.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/envs/monkey_zoo/blackbox/test_configurations/utils.py b/envs/monkey_zoo/blackbox/test_configurations/utils.py index c9ef2dd01..b84b51e0f 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/utils.py +++ b/envs/monkey_zoo/blackbox/test_configurations/utils.py @@ -49,6 +49,12 @@ def add_subnets( return replace_scan_target_configuration(agent_configuration, scan_target_configuration) +def add_credential_collectors( + agent_configuration: AgentConfiguration, credential_collectors: Sequence[PluginConfiguration] +) -> AgentConfiguration: + return replace(agent_configuration, credential_collectors=tuple(credential_collectors)) + + def replace_exploitation_configuration( agent_configuration: AgentConfiguration, exploitation_configuration: ExploitationConfiguration ) -> AgentConfiguration: From c2028f15a435170b448e377aa3c06b869c884cb1 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 15:00:06 -0400 Subject: [PATCH 09/29] BB: Add depth_1_a_test_configuration --- .../blackbox/test_configurations/__init__.py | 1 + .../blackbox/test_configurations/depth_1_a.py | 65 +++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/__init__.py b/envs/monkey_zoo/blackbox/test_configurations/__init__.py index 022b20e35..0e2c06c53 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/__init__.py +++ b/envs/monkey_zoo/blackbox/test_configurations/__init__.py @@ -1,2 +1,3 @@ from .test_configuration import TestConfiguration from .zerologon import zerologon_test_configuration +from .depth_1_a import depth_1_a_test_configuration diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py new file mode 100644 index 000000000..1c5193fb6 --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -0,0 +1,65 @@ +from common.configuration import AgentConfiguration, PluginConfiguration +from common.credentials import Credentials, Password, Username + +from .noop import noop_test_configuration +from .utils import ( + add_credential_collectors, + add_exploiters, + add_subnets, + replace_agent_configuration, + replace_propagation_credentials, +) + +credentials = ( + Credentials(Username("m0nk3y"), None), + Credentials(None, Password("Ivrrw5zEzs")), + Credentials(None, Password("Xk8VDTsC")), +) + + +def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: + brute_force = [ + PluginConfiguration(name="HadoopExploiter", options={}), + PluginConfiguration(name="Log4ShellExploiter", options={}), + PluginConfiguration(name="MSSQLExploiter", options={}), + PluginConfiguration(name="SmbExploiter", options={}), + PluginConfiguration(name="SSHExploiter", options={}), + ] + vulnerability = [PluginConfiguration(name="ZerologonExploiter", options={})] + + return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=vulnerability) + + +def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: + subnets = [ + "10.2.2.2", + "10.2.2.3", + "10.2.3.55", + "10.2.3.56", + "10.2.3.49", + "10.2.3.50", + "10.2.3.51", + "10.2.3.52", + "10.2.2.16", + "10.2.2.14", + "10.2.2.15", + ] + return add_subnets(agent_configuration, subnets) + + +def _add_credential_collectors(agent_configuration: AgentConfiguration) -> AgentConfiguration: + return add_credential_collectors( + agent_configuration, [PluginConfiguration("MimikatzCollector", {})] + ) + + +agent_configuration = _add_exploiters( + _add_subnets(_add_credential_collectors(noop_test_configuration.agent_configuration)) +) + +depth_1_a_test_configuration = replace_agent_configuration( + noop_test_configuration, agent_configuration +) +depth_1_a_test_configuration = replace_propagation_credentials( + depth_1_a_test_configuration, credentials +) From 5a1a40a51525a69a73100eaa1498608814f96dca Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 15:03:52 -0400 Subject: [PATCH 10/29] BB: Add set_maximum_depth() --- envs/monkey_zoo/blackbox/test_configurations/utils.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/envs/monkey_zoo/blackbox/test_configurations/utils.py b/envs/monkey_zoo/blackbox/test_configurations/utils.py index b84b51e0f..8934c8931 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/utils.py +++ b/envs/monkey_zoo/blackbox/test_configurations/utils.py @@ -55,6 +55,15 @@ def add_credential_collectors( return replace(agent_configuration, credential_collectors=tuple(credential_collectors)) +def set_maximum_depth( + agent_configuration: AgentConfiguration, maximum_depth: int +) -> AgentConfiguration: + propagation_configuration = replace( + agent_configuration.propagation, maximum_depth=maximum_depth + ) + return replace_propagation_configuration(agent_configuration, propagation_configuration) + + def replace_exploitation_configuration( agent_configuration: AgentConfiguration, exploitation_configuration: ExploitationConfiguration ) -> AgentConfiguration: From 365b4098e4126060a1266dd5c483b3b58523ac44 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 15:09:50 -0400 Subject: [PATCH 11/29] BB: Set maximum depth in zerologon_test_configuration --- .../blackbox/test_configurations/zerologon.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/zerologon.py b/envs/monkey_zoo/blackbox/test_configurations/zerologon.py index e34b062cf..56e0c60ba 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/zerologon.py +++ b/envs/monkey_zoo/blackbox/test_configurations/zerologon.py @@ -1,7 +1,13 @@ from common.configuration import AgentConfiguration, PluginConfiguration from .noop import noop_test_configuration -from .utils import add_exploiters, add_subnets, add_tcp_ports, replace_agent_configuration +from .utils import ( + add_exploiters, + add_subnets, + add_tcp_ports, + replace_agent_configuration, + set_maximum_depth, +) def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: @@ -21,9 +27,11 @@ def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: return add_subnets(agent_configuration, subnets) -agent_configuration = _add_exploiters( - _add_tcp_ports(_add_subnets(noop_test_configuration.agent_configuration)) -) +agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 1) +agent_configuration = _add_exploiters(agent_configuration) +agent_configuration = _add_tcp_ports(agent_configuration) +agent_configuration = _add_subnets(agent_configuration) + zerologon_test_configuration = replace_agent_configuration( noop_test_configuration, agent_configuration ) From 0a0cb5de19d043bc25f49dfd38c9bac2e2e19c1c Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 15:10:05 -0400 Subject: [PATCH 12/29] BB: Set maximum depth in depth_1_a_test_configuration --- envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index 1c5193fb6..ffd9ed882 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -8,6 +8,7 @@ from .utils import ( add_subnets, replace_agent_configuration, replace_propagation_credentials, + set_maximum_depth, ) credentials = ( @@ -53,9 +54,10 @@ def _add_credential_collectors(agent_configuration: AgentConfiguration) -> Agent ) -agent_configuration = _add_exploiters( - _add_subnets(_add_credential_collectors(noop_test_configuration.agent_configuration)) -) +agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 1) +agent_configuration = _add_exploiters(agent_configuration) +agent_configuration = _add_subnets(agent_configuration) +agent_configuration = _add_credential_collectors(agent_configuration) depth_1_a_test_configuration = replace_agent_configuration( noop_test_configuration, agent_configuration From f1d9ea64e5a62f8ce4bb22fc9675782d4e5d2904 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 18 Jul 2022 15:15:10 -0400 Subject: [PATCH 13/29] BB: Add tcp ports to depth_1_a_test_configuration --- envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index ffd9ed882..d29451568 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -6,6 +6,7 @@ from .utils import ( add_credential_collectors, add_exploiters, add_subnets, + add_tcp_ports, replace_agent_configuration, replace_propagation_credentials, set_maximum_depth, @@ -54,6 +55,11 @@ def _add_credential_collectors(agent_configuration: AgentConfiguration) -> Agent ) +def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: + ports = [445, 8088, 22] + return add_tcp_ports(agent_configuration, ports) + + agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 1) agent_configuration = _add_exploiters(agent_configuration) agent_configuration = _add_subnets(agent_configuration) From 0c6764daf596f525d3ca6c0d70f891515e814ff7 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 08:12:46 -0400 Subject: [PATCH 14/29] BB: Add add_http_ports() --- .../blackbox/test_configurations/utils.py | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/envs/monkey_zoo/blackbox/test_configurations/utils.py b/envs/monkey_zoo/blackbox/test_configurations/utils.py index 8934c8931..f1191f59a 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/utils.py +++ b/envs/monkey_zoo/blackbox/test_configurations/utils.py @@ -4,6 +4,7 @@ from typing import Sequence, Tuple from common.configuration import ( AgentConfiguration, ExploitationConfiguration, + ExploitationOptionsConfiguration, NetworkScanConfiguration, PluginConfiguration, PropagationConfiguration, @@ -55,6 +56,19 @@ def add_credential_collectors( return replace(agent_configuration, credential_collectors=tuple(credential_collectors)) +def add_http_ports( + agent_configuration: AgentConfiguration, http_ports: Sequence[int] +) -> AgentConfiguration: + exploitation_options_configuration = agent_configuration.propagation.exploitation.options + exploitation_options_configuration = replace( + exploitation_options_configuration, http_ports=http_ports + ) + + return replace_exploitation_options_configuration( + agent_configuration, exploitation_options_configuration + ) + + def set_maximum_depth( agent_configuration: AgentConfiguration, maximum_depth: int ) -> AgentConfiguration: @@ -99,6 +113,17 @@ def replace_propagation_configuration( return replace(agent_configuration, propagation=propagation_configuration) +def replace_exploitation_options_configuration( + agent_configuration: AgentConfiguration, + exploitation_options_configuration: ExploitationOptionsConfiguration, +) -> AgentConfiguration: + exploitation_configuration = agent_configuration.propagation.exploitation + exploitation_configuration = replace( + exploitation_configuration, options=exploitation_options_configuration + ) + return replace_exploitation_configuration(agent_configuration, exploitation_configuration) + + def replace_agent_configuration( test_configuration: TestConfiguration, agent_configuration: AgentConfiguration ) -> TestConfiguration: From 189e2ad3d18e0567c8c492c5b15b42be31db7fec Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 08:13:09 -0400 Subject: [PATCH 15/29] BB: Add HTTP ports to depth_1_a_test_configuration --- envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index d29451568..cf15d74f1 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -5,6 +5,7 @@ from .noop import noop_test_configuration from .utils import ( add_credential_collectors, add_exploiters, + add_http_ports, add_subnets, add_tcp_ports, replace_agent_configuration, @@ -60,10 +61,16 @@ def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguratio return add_tcp_ports(agent_configuration, ports) +def _add_http_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: + http_ports = [8080, 8983, 9600] + return add_http_ports(agent_configuration, http_ports) + + agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 1) agent_configuration = _add_exploiters(agent_configuration) agent_configuration = _add_subnets(agent_configuration) agent_configuration = _add_credential_collectors(agent_configuration) +agent_configuration = _add_http_ports(agent_configuration) depth_1_a_test_configuration = replace_agent_configuration( noop_test_configuration, agent_configuration From 707aa97a659eae31ebb9b47c0b11f7af30516108 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 08:13:23 -0400 Subject: [PATCH 16/29] BB: Add TCP ports to depth_1_a_test_configuration --- .../monkey_zoo/blackbox/test_configurations/depth_1_a.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index cf15d74f1..ddcae5476 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -56,17 +56,20 @@ def _add_credential_collectors(agent_configuration: AgentConfiguration) -> Agent ) +HTTP_PORTS = [8080, 8983, 9600] + + def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: - ports = [445, 8088, 22] + ports = [22, 445] + HTTP_PORTS return add_tcp_ports(agent_configuration, ports) def _add_http_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: - http_ports = [8080, 8983, 9600] - return add_http_ports(agent_configuration, http_ports) + return add_http_ports(agent_configuration, HTTP_PORTS) agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 1) +agent_configuration = _add_tcp_ports(agent_configuration) agent_configuration = _add_exploiters(agent_configuration) agent_configuration = _add_subnets(agent_configuration) agent_configuration = _add_credential_collectors(agent_configuration) From 87363d30964c647af551dee35d93619b3f738a39 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 08:57:19 -0400 Subject: [PATCH 17/29] BB: Rename credentials -> CREDENTIALS --- envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index ddcae5476..2c757af26 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -13,7 +13,7 @@ from .utils import ( set_maximum_depth, ) -credentials = ( +CREDENTIALS = ( Credentials(Username("m0nk3y"), None), Credentials(None, Password("Ivrrw5zEzs")), Credentials(None, Password("Xk8VDTsC")), @@ -79,5 +79,5 @@ depth_1_a_test_configuration = replace_agent_configuration( noop_test_configuration, agent_configuration ) depth_1_a_test_configuration = replace_propagation_credentials( - depth_1_a_test_configuration, credentials + depth_1_a_test_configuration, CREDENTIALS ) From 4cd1c6bf3cbbc9f67a43b2bdffc7d0862c4b98d0 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 08:59:10 -0400 Subject: [PATCH 18/29] BB: Reorder some things in depth_1_a.py --- .../blackbox/test_configurations/depth_1_a.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index 2c757af26..5875469c2 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -13,12 +13,6 @@ from .utils import ( set_maximum_depth, ) -CREDENTIALS = ( - Credentials(Username("m0nk3y"), None), - Credentials(None, Password("Ivrrw5zEzs")), - Credentials(None, Password("Xk8VDTsC")), -) - def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: brute_force = [ @@ -69,15 +63,22 @@ def _add_http_ports(agent_configuration: AgentConfiguration) -> AgentConfigurati agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 1) -agent_configuration = _add_tcp_ports(agent_configuration) agent_configuration = _add_exploiters(agent_configuration) agent_configuration = _add_subnets(agent_configuration) +agent_configuration = _add_tcp_ports(agent_configuration) agent_configuration = _add_credential_collectors(agent_configuration) agent_configuration = _add_http_ports(agent_configuration) depth_1_a_test_configuration = replace_agent_configuration( noop_test_configuration, agent_configuration ) + + +CREDENTIALS = ( + Credentials(Username("m0nk3y"), None), + Credentials(None, Password("Ivrrw5zEzs")), + Credentials(None, Password("Xk8VDTsC")), +) depth_1_a_test_configuration = replace_propagation_credentials( depth_1_a_test_configuration, CREDENTIALS ) From 3480b18e3917776484db4d204257c3d8e6cfa42c Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 09:00:51 -0400 Subject: [PATCH 19/29] BB: Remove zerologon exploiter from depth_1_a_test_configuration --- envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index 5875469c2..b441b1cfe 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -22,9 +22,8 @@ def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfigurati PluginConfiguration(name="SmbExploiter", options={}), PluginConfiguration(name="SSHExploiter", options={}), ] - vulnerability = [PluginConfiguration(name="ZerologonExploiter", options={})] - return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=vulnerability) + return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: From 9bff20e92fb3aa38a47a75ce0db5986749002e7f Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 13:15:13 -0400 Subject: [PATCH 20/29] BB: Add depth_2_a_test_configuration --- .../blackbox/test_configurations/__init__.py | 1 + .../blackbox/test_configurations/depth_2_a.py | 51 +++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/depth_2_a.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/__init__.py b/envs/monkey_zoo/blackbox/test_configurations/__init__.py index 0e2c06c53..bfddf917d 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/__init__.py +++ b/envs/monkey_zoo/blackbox/test_configurations/__init__.py @@ -1,3 +1,4 @@ from .test_configuration import TestConfiguration from .zerologon import zerologon_test_configuration from .depth_1_a import depth_1_a_test_configuration +from .depth_2_a import depth_2_a_test_configuration diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_2_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_2_a.py new file mode 100644 index 000000000..d2c261805 --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_2_a.py @@ -0,0 +1,51 @@ +from common.configuration import AgentConfiguration, PluginConfiguration +from common.credentials import Credentials, Password, Username + +from .noop import noop_test_configuration +from .utils import ( + add_exploiters, + add_subnets, + add_tcp_ports, + replace_agent_configuration, + replace_propagation_credentials, + set_maximum_depth, +) + + +def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: + brute_force = [ + PluginConfiguration(name="SSHExploiter", options={}), + ] + return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) + + +def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: + subnets = [ + "10.2.2.11", + "10.2.2.12", + ] + return add_subnets(agent_configuration, subnets) + + +def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: + ports = [22] + return add_tcp_ports(agent_configuration, ports) + + +agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 2) +agent_configuration = _add_exploiters(agent_configuration) +agent_configuration = _add_subnets(agent_configuration) +agent_configuration = _add_tcp_ports(agent_configuration) + +depth_2_a_test_configuration = replace_agent_configuration( + noop_test_configuration, agent_configuration +) + + +CREDENTIALS = ( + Credentials(Username("m0nk3y"), None), + Credentials(None, Password("^NgDvY59~8")), +) +depth_2_a_test_configuration = replace_propagation_credentials( + depth_2_a_test_configuration, CREDENTIALS +) From 6e730394bf71c7ad15ed4a56eda3ba9fcbc61b72 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 13:24:00 -0400 Subject: [PATCH 21/29] BB: Add set_keep_tunnel_open_time() --- envs/monkey_zoo/blackbox/test_configurations/utils.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/envs/monkey_zoo/blackbox/test_configurations/utils.py b/envs/monkey_zoo/blackbox/test_configurations/utils.py index f1191f59a..eef23b329 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/utils.py +++ b/envs/monkey_zoo/blackbox/test_configurations/utils.py @@ -69,6 +69,12 @@ def add_http_ports( ) +def set_keep_tunnel_open_time( + agent_configuration: AgentConfiguration, keep_tunnel_open_time: int +) -> AgentConfiguration: + return replace(agent_configuration, keep_tunnel_open_time=keep_tunnel_open_time) + + def set_maximum_depth( agent_configuration: AgentConfiguration, maximum_depth: int ) -> AgentConfiguration: From d354622f9ad138962fe214d50deb57e9ebae0bfe Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 13:25:35 -0400 Subject: [PATCH 22/29] BB: Add depth_3_a_test_configuration --- .../blackbox/test_configurations/__init__.py | 1 + .../blackbox/test_configurations/depth_3_a.py | 75 +++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/__init__.py b/envs/monkey_zoo/blackbox/test_configurations/__init__.py index bfddf917d..a9927752f 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/__init__.py +++ b/envs/monkey_zoo/blackbox/test_configurations/__init__.py @@ -2,3 +2,4 @@ from .test_configuration import TestConfiguration from .zerologon import zerologon_test_configuration from .depth_1_a import depth_1_a_test_configuration from .depth_2_a import depth_2_a_test_configuration +from .depth_3_a import depth_3_a_test_configuration diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py new file mode 100644 index 000000000..f9ddbfbf9 --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py @@ -0,0 +1,75 @@ +from common.configuration import AgentConfiguration, PluginConfiguration +from common.credentials import Credentials, NTHash, Password, Username + +from .noop import noop_test_configuration +from .utils import ( + add_exploiters, + add_subnets, + add_tcp_ports, + replace_agent_configuration, + replace_propagation_credentials, + set_keep_tunnel_open_time, + set_maximum_depth, +) + +# Tests: +# Powershell (10.2.3.45, 10.2.3.46, 10.2.3.47, 10.2.3.48) +# Tunneling (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.12, 10.2.0.11) +# WMI pass the hash (10.2.2.15) + + +def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: + brute_force = [ + PluginConfiguration(name="PowerShellExploiter", options={}), + PluginConfiguration(name="SSHExploiter", options={}), + PluginConfiguration(name="WmiExploiter", options={}), + ] + + return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) + + +def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: + subnets = [ + "10.2.2.9", + "10.2.3.45", + "10.2.3.46", + "10.2.3.47", + "10.2.3.48", + "10.2.1.10", + "10.2.0.12", + "10.2.0.11", + "10.2.2.15", + ] + return add_subnets(agent_configuration, subnets) + + +def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: + ports = [22, 135, 5985, 5986] + return add_tcp_ports(agent_configuration, ports) + + +agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 3) +agent_configuration = set_keep_tunnel_open_time(noop_test_configuration.agent_configuration, 20) +agent_configuration = _add_exploiters(agent_configuration) +agent_configuration = _add_subnets(agent_configuration) +agent_configuration = _add_tcp_ports(agent_configuration) + +depth_3_a_test_configuration = replace_agent_configuration( + noop_test_configuration, agent_configuration +) + + +CREDENTIALS = ( + Credentials(Username("m0nk3y"), None), + Credentials(Username("m0nk3y-user"), None), + Credentials(None, Password("Passw0rd!")), + Credentials(None, Password("3Q=(Ge(+&w]*")), + Credentials(None, Password("`))jU7L(w}")), + Credentials(None, Password("t67TC5ZDmz")), + Credentials(None, NTHash("d0f0132b308a0c4e5d1029cc06f48692")), + Credentials(None, NTHash("5da0889ea2081aa79f6852294cba4a5e")), + Credentials(None, NTHash("50c9987a6bf1ac59398df9f911122c9b")), +) +depth_3_a_test_configuration = replace_propagation_credentials( + depth_3_a_test_configuration, CREDENTIALS +) From cde0474eb2965f33a4a8ecddf2595ceea32439f5 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 13:29:46 -0400 Subject: [PATCH 23/29] BB: Add "Tests" comment to depth_1_a.py --- envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index b441b1cfe..2329cff17 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -13,6 +13,12 @@ from .utils import ( set_maximum_depth, ) +# Tests: +# Hadoop (10.2.2.2, 10.2.2.3) +# Log4shell (10.2.3.55, 10.2.3.56, 10.2.3.49, 10.2.3.50, 10.2.3.51, 10.2.3.52) +# MSSQL (10.2.2.16) +# SMB mimikatz password stealing and brute force (10.2.2.14 and 10.2.2.15) + def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: brute_force = [ From a605db7625314433c5b795f253f60aeecc5215e3 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 13:31:16 -0400 Subject: [PATCH 24/29] BB: Add Tests comment to depth_2_a.py --- envs/monkey_zoo/blackbox/test_configurations/depth_2_a.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_2_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_2_a.py index d2c261805..0fc6b57d6 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_2_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_2_a.py @@ -12,6 +12,8 @@ from .utils import ( ) +# Tests: +# SSH password and key brute-force, key stealing (10.2.2.11, 10.2.2.12) def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: brute_force = [ PluginConfiguration(name="SSHExploiter", options={}), From 367b6de9015af9d9cea6a7d69b7fcb2c27462b7d Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 13:48:06 -0400 Subject: [PATCH 25/29] BB: Add powershell_credentials_reuse_test_configuration --- .../blackbox/test_configurations/__init__.py | 1 + .../powershell_credentials_reuse.py | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/powershell_credentials_reuse.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/__init__.py b/envs/monkey_zoo/blackbox/test_configurations/__init__.py index a9927752f..722bd38e8 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/__init__.py +++ b/envs/monkey_zoo/blackbox/test_configurations/__init__.py @@ -3,3 +3,4 @@ from .zerologon import zerologon_test_configuration from .depth_1_a import depth_1_a_test_configuration from .depth_2_a import depth_2_a_test_configuration from .depth_3_a import depth_3_a_test_configuration +from .powershell_credentials_reuse import powershell_credentials_reuse_test_configuration diff --git a/envs/monkey_zoo/blackbox/test_configurations/powershell_credentials_reuse.py b/envs/monkey_zoo/blackbox/test_configurations/powershell_credentials_reuse.py new file mode 100644 index 000000000..4b7aa351c --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/powershell_credentials_reuse.py @@ -0,0 +1,40 @@ +from common.configuration import AgentConfiguration, PluginConfiguration + +from .noop import noop_test_configuration +from .utils import ( + add_exploiters, + add_subnets, + add_tcp_ports, + replace_agent_configuration, + set_maximum_depth, +) + + +def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: + brute_force = [ + PluginConfiguration(name="PowerShellExploiter", options={}), + ] + + return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) + + +def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: + subnets = [ + "10.2.3.46", + ] + return add_subnets(agent_configuration, subnets) + + +def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: + ports = [5985, 5986] + return add_tcp_ports(agent_configuration, ports) + + +agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 1) +agent_configuration = _add_exploiters(agent_configuration) +agent_configuration = _add_subnets(agent_configuration) +agent_configuration = _add_tcp_ports(agent_configuration) + +powershell_credentials_reuse_test_configuration = replace_agent_configuration( + noop_test_configuration, agent_configuration +) From 27197ee70abcd86336ef0264bbacfbf23d39bb3f Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 14:09:12 -0400 Subject: [PATCH 26/29] BB: Add smb_pth_test_configuration --- .../blackbox/test_configurations/__init__.py | 1 + .../blackbox/test_configurations/smb_pth.py | 59 +++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/smb_pth.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/__init__.py b/envs/monkey_zoo/blackbox/test_configurations/__init__.py index 722bd38e8..d97bad95a 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/__init__.py +++ b/envs/monkey_zoo/blackbox/test_configurations/__init__.py @@ -4,3 +4,4 @@ from .depth_1_a import depth_1_a_test_configuration from .depth_2_a import depth_2_a_test_configuration from .depth_3_a import depth_3_a_test_configuration from .powershell_credentials_reuse import powershell_credentials_reuse_test_configuration +from .smb_pth import smb_pth_test_configuration diff --git a/envs/monkey_zoo/blackbox/test_configurations/smb_pth.py b/envs/monkey_zoo/blackbox/test_configurations/smb_pth.py new file mode 100644 index 000000000..e54f98132 --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/smb_pth.py @@ -0,0 +1,59 @@ +from common.configuration import AgentConfiguration, PluginConfiguration +from common.credentials import Credentials, NTHash, Password, Username + +from .noop import noop_test_configuration +from .utils import ( + add_exploiters, + add_subnets, + add_tcp_ports, + replace_agent_configuration, + replace_propagation_credentials, + set_keep_tunnel_open_time, + set_maximum_depth, +) + + +def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: + brute_force = [ + PluginConfiguration(name="SmbExploiter", options={}), + ] + + return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) + + +def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: + subnets = [ + "10.2.2.15", + ] + return add_subnets(agent_configuration, subnets) + + +def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: + ports = [445] + return add_tcp_ports(agent_configuration, ports) + + +agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 3) +agent_configuration = set_keep_tunnel_open_time(noop_test_configuration.agent_configuration, 20) +agent_configuration = _add_exploiters(agent_configuration) +agent_configuration = _add_subnets(agent_configuration) +agent_configuration = _add_tcp_ports(agent_configuration) + +smb_pth_test_configuration = replace_agent_configuration( + noop_test_configuration, agent_configuration +) + + +CREDENTIALS = ( + Credentials(Username("Administrator"), None), + Credentials(Username("m0nk3y"), None), + Credentials(Username("user"), None), + Credentials(None, Password("Ivrrw5zEzs")), + Credentials(None, Password("Password1!")), + Credentials(None, NTHash("d0f0132b308a0c4e5d1029cc06f48692")), + Credentials(None, NTHash("5da0889ea2081aa79f6852294cba4a5e")), + Credentials(None, NTHash("50c9987a6bf1ac59398df9f911122c9b")), +) +smb_pth_test_configuration = replace_propagation_credentials( + smb_pth_test_configuration, CREDENTIALS +) From 0605470af9db5626c7957730bd299788c80b9ed7 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 14:17:06 -0400 Subject: [PATCH 27/29] BB: Move Hadoop and Log4Shell to vulnerability exploiters --- envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index 2329cff17..4193cb8f6 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -22,14 +22,16 @@ from .utils import ( def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: brute_force = [ - PluginConfiguration(name="HadoopExploiter", options={}), - PluginConfiguration(name="Log4ShellExploiter", options={}), PluginConfiguration(name="MSSQLExploiter", options={}), PluginConfiguration(name="SmbExploiter", options={}), PluginConfiguration(name="SSHExploiter", options={}), ] + vulnerability = [ + PluginConfiguration(name="HadoopExploiter", options={}), + PluginConfiguration(name="Log4ShellExploiter", options={}), + ] - return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) + return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=vulnerability) def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: From 0e2cef181a36b6ceee9e4b2bbe9f0137ab7aea00 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 19 Jul 2022 14:19:43 -0400 Subject: [PATCH 28/29] BB: Add wmi_mimikatz_test_configuration --- .../blackbox/test_configurations/__init__.py | 1 + .../test_configurations/wmi_mimikatz.py | 64 +++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 envs/monkey_zoo/blackbox/test_configurations/wmi_mimikatz.py diff --git a/envs/monkey_zoo/blackbox/test_configurations/__init__.py b/envs/monkey_zoo/blackbox/test_configurations/__init__.py index d97bad95a..9aa48000e 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/__init__.py +++ b/envs/monkey_zoo/blackbox/test_configurations/__init__.py @@ -5,3 +5,4 @@ from .depth_2_a import depth_2_a_test_configuration from .depth_3_a import depth_3_a_test_configuration from .powershell_credentials_reuse import powershell_credentials_reuse_test_configuration from .smb_pth import smb_pth_test_configuration +from .wmi_mimikatz import wmi_mimikatz_test_configuration diff --git a/envs/monkey_zoo/blackbox/test_configurations/wmi_mimikatz.py b/envs/monkey_zoo/blackbox/test_configurations/wmi_mimikatz.py new file mode 100644 index 000000000..3ed662764 --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_configurations/wmi_mimikatz.py @@ -0,0 +1,64 @@ +from common.configuration import AgentConfiguration, PluginConfiguration +from common.credentials import Credentials, Password, Username + +from .noop import noop_test_configuration +from .utils import ( + add_credential_collectors, + add_exploiters, + add_subnets, + add_tcp_ports, + replace_agent_configuration, + replace_propagation_credentials, + set_maximum_depth, +) + + +def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: + brute_force = [ + PluginConfiguration(name="WmiExploiter", options={}), + ] + + return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) + + +def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration: + subnets = [ + "10.2.2.14", + "10.2.2.15", + ] + return add_subnets(agent_configuration, subnets) + + +def _add_credential_collectors(agent_configuration: AgentConfiguration) -> AgentConfiguration: + return add_credential_collectors( + agent_configuration, [PluginConfiguration("MimikatzCollector", {})] + ) + + +def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration: + ports = [135] + return add_tcp_ports(agent_configuration, ports) + + +agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 1) +agent_configuration = _add_exploiters(agent_configuration) +agent_configuration = _add_subnets(agent_configuration) +agent_configuration = _add_credential_collectors(agent_configuration) +agent_configuration = _add_tcp_ports(agent_configuration) +agent_configuration = _add_credential_collectors(agent_configuration) + +wmi_mimikatz_test_configuration = replace_agent_configuration( + noop_test_configuration, agent_configuration +) + + +CREDENTIALS = ( + Credentials(Username("Administrator"), None), + Credentials(Username("m0nk3y"), None), + Credentials(Username("user"), None), + Credentials(None, Password("Ivrrw5zEzs")), + Credentials(None, Password("Password1!")), +) +wmi_mimikatz_test_configuration = replace_propagation_credentials( + wmi_mimikatz_test_configuration, CREDENTIALS +) From f049688160b3566aa4e8f7f617dcc88d2fe57416 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 20 Jul 2022 07:47:27 -0400 Subject: [PATCH 29/29] BB: Add smb_download_timeout to test_configurations --- envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py | 2 +- envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py | 2 +- envs/monkey_zoo/blackbox/test_configurations/smb_pth.py | 2 +- envs/monkey_zoo/blackbox/test_configurations/wmi_mimikatz.py | 2 +- envs/monkey_zoo/blackbox/test_configurations/zerologon.py | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py index 4193cb8f6..e6e118637 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_1_a.py @@ -23,7 +23,7 @@ from .utils import ( def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: brute_force = [ PluginConfiguration(name="MSSQLExploiter", options={}), - PluginConfiguration(name="SmbExploiter", options={}), + PluginConfiguration(name="SmbExploiter", options={"smb_download_timeout": 30}), PluginConfiguration(name="SSHExploiter", options={}), ] vulnerability = [ diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py index f9ddbfbf9..4b0d4ce72 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py +++ b/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py @@ -22,7 +22,7 @@ def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfigurati brute_force = [ PluginConfiguration(name="PowerShellExploiter", options={}), PluginConfiguration(name="SSHExploiter", options={}), - PluginConfiguration(name="WmiExploiter", options={}), + PluginConfiguration(name="WmiExploiter", options={"smb_download_timeout": 30}), ] return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) diff --git a/envs/monkey_zoo/blackbox/test_configurations/smb_pth.py b/envs/monkey_zoo/blackbox/test_configurations/smb_pth.py index e54f98132..ee3378286 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/smb_pth.py +++ b/envs/monkey_zoo/blackbox/test_configurations/smb_pth.py @@ -15,7 +15,7 @@ from .utils import ( def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: brute_force = [ - PluginConfiguration(name="SmbExploiter", options={}), + PluginConfiguration(name="SmbExploiter", options={"smb_download_timeout": 30}), ] return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) diff --git a/envs/monkey_zoo/blackbox/test_configurations/wmi_mimikatz.py b/envs/monkey_zoo/blackbox/test_configurations/wmi_mimikatz.py index 3ed662764..e95e1b91b 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/wmi_mimikatz.py +++ b/envs/monkey_zoo/blackbox/test_configurations/wmi_mimikatz.py @@ -15,7 +15,7 @@ from .utils import ( def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: brute_force = [ - PluginConfiguration(name="WmiExploiter", options={}), + PluginConfiguration(name="WmiExploiter", options={"smb_download_timeout": 30}), ] return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[]) diff --git a/envs/monkey_zoo/blackbox/test_configurations/zerologon.py b/envs/monkey_zoo/blackbox/test_configurations/zerologon.py index 56e0c60ba..344ab3246 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/zerologon.py +++ b/envs/monkey_zoo/blackbox/test_configurations/zerologon.py @@ -11,7 +11,7 @@ from .utils import ( def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration: - brute_force = [PluginConfiguration(name="SmbExploiter", options={})] + brute_force = [PluginConfiguration(name="SmbExploiter", options={"smb_download_timeout": 30})] vulnerability = [PluginConfiguration(name="ZerologonExploiter", options={})] return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=vulnerability)