Improved configuration by removing unused method and separating config value paths to a separate file

This commit is contained in:
VakarisZ 2020-10-01 12:54:41 +03:00
parent 9dc0211341
commit 708d1a697d
4 changed files with 34 additions and 25 deletions

View File

@ -36,16 +36,6 @@ class Configuration(object):
self.max_depth = self.depth self.max_depth = self.depth
return unknown_items return unknown_items
def from_json(self, json_data):
"""
Gets a json data object, parses it and applies it to the configuration
:param json_data:
:return:
"""
formatted_data = json.loads(json_data)
result = self.from_kv(formatted_data)
return result
@staticmethod @staticmethod
def hide_sensitive_info(config_dict): def hide_sensitive_info(config_dict):
for field in SENSITIVE_FIELDS: for field in SENSITIVE_FIELDS:

View File

@ -14,6 +14,10 @@ from monkey_island.cc.services.config_schema.config_schema import SCHEMA
__author__ = "itay.mizeretz" __author__ = "itay.mizeretz"
from monkey_island.cc.services.config_schema.config_value_paths import STARTED_ON_ISLAND_PATH, \
EXPORT_MONKEY_TELEMS_PATH, SSH_KEYS_PATH, USER_LIST_PATH, PASSWORD_LIST_PATH, \
LM_HASH_LIST_PATH, NTLM_HASH_LIST_PATH, AWS_KEYS_PATH
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
# This should be used for config values of array type (array of strings only) # This should be used for config values of array type (array of strings only)
@ -118,34 +122,34 @@ class ConfigService:
@staticmethod @staticmethod
def creds_add_username(username): def creds_add_username(username):
ConfigService.add_item_to_config_set_if_dont_exist('basic.credentials.exploit_user_list', ConfigService.add_item_to_config_set_if_dont_exist(USER_LIST_PATH,
username, username,
should_encrypt=False) should_encrypt=False)
@staticmethod @staticmethod
def creds_add_password(password): def creds_add_password(password):
ConfigService.add_item_to_config_set_if_dont_exist('basic.credentials.exploit_password_list', ConfigService.add_item_to_config_set_if_dont_exist(PASSWORD_LIST_PATH,
password, password,
should_encrypt=True) should_encrypt=True)
@staticmethod @staticmethod
def creds_add_lm_hash(lm_hash): def creds_add_lm_hash(lm_hash):
ConfigService.add_item_to_config_set_if_dont_exist('internal.exploits.exploit_lm_hash_list', ConfigService.add_item_to_config_set_if_dont_exist(LM_HASH_LIST_PATH,
lm_hash, lm_hash,
should_encrypt=True) should_encrypt=True)
@staticmethod @staticmethod
def creds_add_ntlm_hash(ntlm_hash): def creds_add_ntlm_hash(ntlm_hash):
ConfigService.add_item_to_config_set_if_dont_exist('internal.exploits.exploit_ntlm_hash_list', ConfigService.add_item_to_config_set_if_dont_exist(NTLM_HASH_LIST_PATH,
ntlm_hash, ntlm_hash,
should_encrypt=True) should_encrypt=True)
@staticmethod @staticmethod
def ssh_add_keys(public_key, private_key, user, ip): def ssh_add_keys(public_key, private_key, user, ip):
if not ConfigService.ssh_key_exists( if not ConfigService.ssh_key_exists(
ConfigService.get_config_value(['internal', 'exploits', 'exploit_ssh_keys'], False, False), user, ip): ConfigService.get_config_value(SSH_KEYS_PATH, False, False), user, ip):
ConfigService.add_item_to_config_set_if_dont_exist( ConfigService.add_item_to_config_set_if_dont_exist(
'internal.exploits.exploit_ssh_keys', SSH_KEYS_PATH,
{ {
"public_key": public_key, "public_key": public_key,
"private_key": private_key, "private_key": private_key,
@ -280,7 +284,7 @@ class ConfigService:
""" """
Same as decrypt_config but for a flat configuration Same as decrypt_config but for a flat configuration
""" """
keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS] keys = [config_arr_as_array[-1] for config_arr_as_array in ENCRYPTED_CONFIG_VALUES]
for key in keys: for key in keys:
if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], str): if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], str):
@ -295,7 +299,7 @@ class ConfigService:
@staticmethod @staticmethod
def _encrypt_or_decrypt_config(config, is_decrypt=False): def _encrypt_or_decrypt_config(config, is_decrypt=False):
for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS: for config_arr_as_array in ENCRYPTED_CONFIG_VALUES:
config_arr = config config_arr = config
parent_config_arr = None parent_config_arr = None
@ -328,8 +332,8 @@ class ConfigService:
@staticmethod @staticmethod
def is_test_telem_export_enabled(): def is_test_telem_export_enabled():
return ConfigService.get_config_value(['internal', 'testing', 'export_monkey_telems']) return ConfigService.get_config_value(EXPORT_MONKEY_TELEMS_PATH)
@staticmethod @staticmethod
def set_started_on_island(value: bool): def set_started_on_island(value: bool):
ConfigService.set_config_value(['internal', 'general', 'started_on_island'], value) ConfigService.set_config_value(STARTED_ON_ISLAND_PATH, value)

View File

@ -0,0 +1,13 @@
AWS_KEYS_PATH = ['internal', 'monkey', 'aws_keys']
STARTED_ON_ISLAND_PATH = ['internal', 'general', 'started_on_island']
EXPORT_MONKEY_TELEMS_PATH = ['internal', 'testing', 'export_monkey_telems']
CURRENT_SERVER_PATH = ['internal', 'island_server', 'current_server']
SSH_KEYS_PATH = ['internal', 'exploits', 'exploit_ssh_keys']
INACCESSIBLE_SUBNETS_PATH = ['basic_network', 'network_analysis', 'inaccessible_subnets']
USER_LIST_PATH = ['basic', 'credentials', 'exploit_user_list']
PASSWORD_LIST_PATH = ['basic', 'credentials', 'exploit_password_list']
EXPLOITER_CLASSES_PATH = ['basic', 'exploiters', 'exploiter_classes']
SUBNET_SCAN_LIST_PATH = ['basic_network', 'scope', 'subnet_scan_list']
LOCAL_NETWORK_SCAN_PATH = ['basic_network', 'scope', 'local_network_scan']
LM_HASH_LIST_PATH = ['internal', 'exploits', 'exploit_lm_hash_list']
NTLM_HASH_LIST_PATH = ['internal', 'exploits', 'exploit_ntlm_hash_list']

View File

@ -12,6 +12,8 @@ from monkey_island.cc.database import mongo
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.network_utils import get_subnets, local_ip_addresses from monkey_island.cc.network_utils import get_subnets, local_ip_addresses
from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.services.config_schema.config_value_paths import USER_LIST_PATH, \
PASSWORD_LIST_PATH, EXPLOITER_CLASSES_PATH, SUBNET_SCAN_LIST_PATH, LOCAL_NETWORK_SCAN_PATH
from monkey_island.cc.services.configuration.utils import \ from monkey_island.cc.services.configuration.utils import \
get_config_network_segments_as_subnet_groups get_config_network_segments_as_subnet_groups
from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.node import NodeService
@ -619,15 +621,15 @@ class ReportService:
@staticmethod @staticmethod
def get_config_users(): def get_config_users():
return ConfigService.get_config_value(['basic', 'credentials', 'exploit_user_list'], True, True) return ConfigService.get_config_value(USER_LIST_PATH, True, True)
@staticmethod @staticmethod
def get_config_passwords(): def get_config_passwords():
return ConfigService.get_config_value(['basic', 'credentials', 'exploit_password_list'], True, True) return ConfigService.get_config_value(PASSWORD_LIST_PATH, True, True)
@staticmethod @staticmethod
def get_config_exploits(): def get_config_exploits():
exploits_config_value = ['basic', 'exploiters', 'exploiter_classes'] exploits_config_value = EXPLOITER_CLASSES_PATH
default_exploits = ConfigService.get_default_config(False) default_exploits = ConfigService.get_default_config(False)
for namespace in exploits_config_value: for namespace in exploits_config_value:
default_exploits = default_exploits[namespace] default_exploits = default_exploits[namespace]
@ -641,11 +643,11 @@ class ReportService:
@staticmethod @staticmethod
def get_config_ips(): def get_config_ips():
return ConfigService.get_config_value(['basic_network', 'scope', 'subnet_scan_list'], True, True) return ConfigService.get_config_value(SUBNET_SCAN_LIST_PATH, True, True)
@staticmethod @staticmethod
def get_config_scan(): def get_config_scan():
return ConfigService.get_config_value(['basic_network', 'scope', 'local_network_scan'], True, True) return ConfigService.get_config_value(LOCAL_NETWORK_SCAN_PATH, True, True)
@staticmethod @staticmethod
def get_issues_overview(issues, config_users, config_passwords): def get_issues_overview(issues, config_users, config_passwords):