forked from p34709852/monkey
Update and rename README.textile to README.md
This commit is contained in:
parent
68eb19afb1
commit
730f2a58d9
|
@ -0,0 +1,139 @@
|
|||
Infected Chaos Monkey
|
||||
====================
|
||||
|
||||
Datacenter Security Tool
|
||||
------------------------
|
||||
|
||||
### http://www.guardicore.com/the-infected-chaos-monkey/
|
||||
|
||||
The Infected Chaos Monkey is a security tool which tests your Data Center's ability to withstand perimeter breaches and internal server infection. It uses various methods to propagate through a data center, and reports its success to a centralized C&C server.
|
||||
|
||||
Features include:
|
||||
|
||||
* Multiple propagation techniques:
|
||||
* Predefined passwords
|
||||
* Common exploits
|
||||
* Multiple propagation protocols:
|
||||
* SSH
|
||||
* SMB
|
||||
* RDP
|
||||
* A C&C server with a dedicated UI to visualize the Monkey's progress inside the data center
|
||||
|
||||
Getting Started
|
||||
---------------
|
||||
|
||||
The Infected Chaos Monkey is comprised of two parts: the Monkey and the C&C server.
|
||||
The monkey is the tool which infects other machines and propagates to them, while the C&C server collects all Monkey reports and displays them to the user.
|
||||
|
||||
### Requirements
|
||||
|
||||
<Supported OS Versions for monkey>
|
||||
<Supported OS Versions for C&C Server>
|
||||
|
||||
### Installation
|
||||
|
||||
Usage
|
||||
-----
|
||||
|
||||
### Configuring the Monkey
|
||||
|
||||
Monkey configuration is stored in two places:
|
||||
1. By default, the monkey uses a local configuration file (usually, config.bin). This configuration file must include the address of the Monkey's C&C server.
|
||||
2. After successfully connecting to the C&C server, the monkey downloads a new configuration from the server and discards the local configuration. It is possible to change the default configuration from the C&C server's UI.
|
||||
|
||||
Both configuration options use a JSON format for specifying options; see "Options" below for details.
|
||||
|
||||
### Running the C&C Server
|
||||
|
||||
### Unleashing the Monkey
|
||||
|
||||
Download the latest Monkey binary from <> (alternatively, build it by yourself by following the instructions below).
|
||||
The download includes executables for various operating systems, and a default configuration file (config.bin).
|
||||
You can edit the configuration file according the the options detailed below; the default configuration assumes <WHAT?>.
|
||||
|
||||
Once downloaded, run the monkey using ```./monkey-linux-64 m0nk3y -c config.bin```
|
||||
|
||||
Command line options include:
|
||||
* `-c`, `--config`: set configuration file. JSON file with configuration values, will override compiled configuration.
|
||||
* `-p`, `--parent`: set monkey’s parent uuid, allows better recognition of exploited monkeys in c&c
|
||||
* `-t`, `--tunnel`: ip:port, set default tunnel for monkey when connecting to c&c.
|
||||
|
||||
|
||||
Monkey Modus Operandi
|
||||
---------------------
|
||||
|
||||
1. Wakeup connection to c&c, sends basic info of the current machine and the configuration the monkey uses to the c&c.
|
||||
1. First try direct connection to c&c.
|
||||
2. If direct connection fails, try connection through a tunnel, a tunnel is found according to specified parameter (the default tunnel) or by sending a multicast query and waiting for another monkey to answer.
|
||||
3. If no connection can be made to c&c, continue without it.
|
||||
2. If a firewall app is running on the machine (supports Windows Firewall for Win XP and Windows Advanced Firewall for Win 7+), try to add a rule to allow all our traffic.
|
||||
3. Startup of tunnel for other monkeys (if connection to c&c works).
|
||||
1. firewall is checked to allow listening sockets (if we failed to add a rule to windows firewall for example, the tunnel will not be created)
|
||||
2. will answer multicast requests from other monkeys in search of a tunnel.
|
||||
4. Running exploitation sessions, will run x sessions according to configuration:
|
||||
1. Connect to c&c and get the latest configuration
|
||||
2. Scan ip ranges according to configuration.
|
||||
3. Try fingerprinting each host that answer, using the classes defined in the configuration (SMBFinger, SSHFinger, etc)
|
||||
4. Try exploitation on each host found, for each exploit class in configuration:
|
||||
1. check exploit class supports target host (can be disabled by configuration)
|
||||
2. each exploitation class will use the data acquired in fingerprinting, or during the exploit, to find the suitable monkey executable for the host from the c&c.
|
||||
1. If c&c connection fails, and the source monkey’s executable is suitable, we use it.
|
||||
2. If a suitable executable isn’t found, exploitation will fail.
|
||||
3. Executables are cached in memory.
|
||||
5. will skip hosts that are already exploited in next run
|
||||
6. will skip hosts that failed during exploitation in next run (can be disabled by configuration)
|
||||
5. Close tunnel before exiting
|
||||
Wait for monkeys using the tunnel to unregister for it
|
||||
Cleanup
|
||||
Remove firewall rules if added
|
||||
|
||||
Configuration Options
|
||||
---------------------
|
||||
|
||||
Key | Type | Description | Possible Values
|
||||
--- | ---- | ----------- | ---------------
|
||||
singleton_mutex_name | string | string of the mutex name for single instance | example: {2384ec59-0df8-4ab9-918c-843740924a28}
|
||||
alive | bool | sets whether or not the monkey is alive. if false will stop scanning and exploiting.
|
||||
self_delete_in_cleanup | bool | sets whether or not to self delete the monkey executable when stopped.
|
||||
use_file_logging | bool | sets whether or not to use a log file.
|
||||
timeout_between_iterations | int | how long to wait between scan iterations
|
||||
max_iterations | int | how many scan iterations to perform on each run
|
||||
victims_max_find | int | how many victims to look for in a single scan iteration
|
||||
victims_max_exploit | int | how many victims to exploit before stopping
|
||||
command_servers | array | addresses of c&c servers to try to connect | example: ["russian-mail-brides.com:5000"]
|
||||
serialize_config | bool | sets whether or not to save the monkey to disk when finished (will be loaded in next run), saved next to the monkey exe with the name monkey.bin
|
||||
retry_failed_explotation | bool | sets whether or not to retry failed hosts on next scan
|
||||
range_class | class name | sets which ip ranges class is used to construct the list of ips to scan | `FixedRange` - scan list is a static ips list, `RelativeRange` - scan list will be constructed according to ip address of the machine and size of the scan, `ClassCRange` - will scan the entire class c the machine is in.
|
||||
scanner_class | class name | sets which scan class to use when scanning for hosts to exploit | `TCPScanner` - searches for hosts according to open tcp ports, `PingScanner` - searches for hosts according to ping scan
|
||||
finger_classes | tuple of class names | sets which fingerprinting classes to use. | in the list: `SMBFinger` - get host os info by checking smb info, `SSHFinger` - get host os info by checking ssh banner, `PingScanner` - get host os type by checking ping ttl. For example: `(SMBFinger, SSHFinger, PingScanner)`
|
||||
exploiter_classes | tuple of class names | | `SmbExploiter` - exploit using smb connection, `WmiExploiter` - exploit using wmi connection, `RdpExploiter` - exploit using rdp connection, `Ms08_067_Exploiter` - exploit using ms08_067 smb exploit, `SSHExploiter` - exploit using ssh connection
|
||||
range_fixed | tuple of strings | list of ips to scan
|
||||
RelativeRange range_size | int | number of hosts to scan in relative range.
|
||||
TCPScanner tcp_target_ports | list of int | which ports to scan using tcp scan.
|
||||
tcp_scan_timeout | int | timeout for tcp connection in tcp scan (in milliseconds).
|
||||
tcp_scan_interval | int | time to wait between ports in the tcp scan (in milliseconds).
|
||||
tcp_scan_get_banner | bool | sets whether or not to read a banner from the tcp ports when scanning
|
||||
PingScanner ping_scan_timeout | int | timeout for the ping command (in milliseconds).
|
||||
SmbExploiter/WmiExploiter/RdpExploiter psexec_user | string | user to use for connection
|
||||
psexec_passwords | list of strings | list of passwords to use when trying to exploit
|
||||
SmbExploiter skip_exploit_if_file_exist | bool | sets whether or not to abort exploit if the monkey already exists in target.
|
||||
RdpExploiter rdp_use_vbs_download | bool | sets whether to use vbs payload for rdp exploitation. If false, bits payload is used (will fail if bitsadmin.exe doesn’t exist).
|
||||
Ms08_067_Exploiter ms08_067_exploit_attempt | int | number of times to try and exploit using ms08_067 exploit.
|
||||
ms08_067_remote_user_add | string | user to add to target when using ms08_067 exploit
|
||||
ms08_067_remote_user_pass | string | password of the user the exploit will add
|
||||
SSHExploiter ssh_user | string | user to use for ssh connection
|
||||
ssh_passwords | list of strings | list of passwords to use when trying to exploit
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Building the Monkey from source
|
||||
-------------------------------
|
||||
<how to build the monkey>
|
||||
|
||||
|
||||
License
|
||||
=======
|
||||
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
h1. Infected Chaos Monkey
|
||||
|
||||
h2. Datacenter Security Tool
|
||||
|
||||
h3. "http://www.guardicore.com/the-infected-chaos-monkey/":http://www.guardicore.com/the-infected-chaos-monkey/
|
||||
|
||||
The Infected Chaos Monkey is a security tool which tests your Data Center's ability to withstand perimeter breaches and internal server infection.
|
||||
It uses various methods to propagate through a data center, and reports its success to a centralized C&C server.
|
||||
|
||||
Features include:
|
||||
|
||||
* Multiple propagation techniques:
|
||||
** Predefined passwords
|
||||
** Common exploits
|
||||
* Multiple propagation protocols:
|
||||
** SSH
|
||||
** SMB
|
||||
** RDP
|
||||
* A C&C server with a dedicated UI to visualize the Monkey's progress inside the data center
|
||||
|
||||
h2. Getting Started
|
||||
|
||||
h3. Requirements
|
||||
|
||||
h3. Installation
|
||||
|
||||
h2. Usage
|
||||
|
||||
h3. Running the C&C Server
|
||||
|
||||
h3. Unleashing the Monkey
|
||||
|
||||
h2. Options
|
||||
|
||||
|
||||
h1. License
|
||||
|
||||
|
Loading…
Reference in New Issue