Merge branch 'develop' into feature/run-aws-monkey

deployment_scripts/deploy_linux.sh

@@ -121,7 +121,7 @@ openssl req -new -key cc/server.key -out cc/server.csr \
 openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt || handle_error
 
 
-chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error
+sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error
 ${ISLAND_PATH}/linux/create_certificate.sh || handle_error
 
 # Install npm
@@ -142,16 +142,16 @@ npm run dist
 log_message "Installing monkey requirements"
 sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1
 cd ${monkey_home}/monkey/infection_monkey || handle_error
-python -m pip install --user -r requirements.txt || handle_error
+python -m pip install --user -r requirements_linux.txt || handle_error
 
 # Build samba
 log_message "Building samba binaries"
 sudo apt-get install gcc-multilib
 cd ${monkey_home}/monkey/infection_monkey/monkey_utils/sambacry_monkey_runner
-chmod +x ./build.sh || handle_error
+sudo chmod +x ./build.sh || handle_error
 ./build.sh
 
-chmod +x ${monkey_home}/monkey/infection_monkey/build_linux.sh
+sudo chmod +x ${monkey_home}/monkey/infection_monkey/build_linux.sh
 
 log_message "Deployment script finished."
-exit 0
+exit 0

deployment_scripts/deploy_windows.ps1

@@ -39,7 +39,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
         New-Item -ItemType directory -path $binDir
         "Bin directory added"
     }
-    
+
     # We check if python is installed
     try
     {
@@ -72,7 +72,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
     "Downloading Visual C++ Compiler for Python 2.7 ..."
     $webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER)
     Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop
-    $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") 
+    $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
     Remove-Item $TEMP_VC_FOR_PYTHON27_INSTALLER
 
     # Install requirements for island
@@ -86,7 +86,7 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
     }
     & python -m pip install --user -r $islandRequirements
     # Install requirements for monkey
-    $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements.txt"
+    $monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt"
     & python -m pip install --user -r $monkeyRequirements
 
     # Download mongodb

docker/.dockerignore

@@ -0,0 +1 @@
+*.md

docker/Dockerfile

@@ -1,19 +1,24 @@
-FROM debian:jessie-slim
+FROM debian:stretch-slim
 
 LABEL MAINTAINER="theonlydoo <theonlydoo@gmail.com>"
 
+ARG RELEASE=1.6
+ARG DEBIAN_FRONTEND=noninteractive
+
+EXPOSE 5000
+
 WORKDIR /app
 
-ADD https://github.com/guardicore/monkey/releases/download/1.5.2/infection_monkey_1.5.2_deb.tgz .
+ADD https://github.com/guardicore/monkey/releases/download/${RELEASE}/infection_monkey_deb.${RELEASE}.tgz .
 
-RUN tar xvf infection_monkey_1.5.2_deb.tgz  \
+RUN tar xvf infection_monkey_deb.${RELEASE}.tgz  \
-    && apt-get -yqq update                  \
+    && apt-get -yqq update                       \
-    && apt-get -yqq upgrade                 \
+    && apt-get -yqq upgrade                      \
-    && apt-get -yqq install python-pip      \
+    && apt-get -yqq install python-pip           \
-                            libssl-dev      \
+                            python-dev           \
-                            supervisor      \
+    && dpkg -i *.deb                             \
-    && dpkg -i *.deb    
+    && rm -f *.deb *.tgz
 
-COPY stack.conf /etc/supervisor/conf.d/stack.conf
+WORKDIR /var/monkey
-
+ENTRYPOINT ["/var/monkey/monkey_island/bin/python/bin/python"]
-ENTRYPOINT [ "supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf" ]
+CMD ["/var/monkey/monkey_island.py"]

docker/docker-compose.yml

@@ -0,0 +1,22 @@
+version: '3.3'
+
+services:
+  db:
+    image: mongo:4
+    restart: always
+    volumes:
+      - db_data:/data/db
+    environment:
+      MONGO_INITDB_DATABASE: monkeyisland
+  monkey:
+    depends_on:
+      - db
+    build: .
+    image: monkey:latest
+    ports:
+      - "5000:5000"
+    environment:
+      MONGO_URL: mongodb://db:27017/monkeyisland
+
+volumes:
+  db_data:

docker/stack.conf

@@ -1,4 +0,0 @@
-[program:mongod]
-command=/var/monkey_island/bin/mongodb/bin/mongod --quiet --dbpath /var/monkey_island/db
-[program:monkey]
-command=/var/monkey_island/ubuntu/systemd/start_server.sh

monkey/infection_monkey/monkey.spec

@@ -69,7 +69,6 @@ def process_datas(orig_datas):
 def get_binaries():
     binaries = get_windows_only_binaries() if is_windows() else get_linux_only_binaries()
     binaries += get_sc_binaries()
-    binaries += get_traceroute_binaries()
     return binaries
 
 
@@ -81,6 +80,7 @@ def get_windows_only_binaries():
 
 def get_linux_only_binaries():
     binaries = []
+    binaries += get_traceroute_binaries()
     return binaries
 
 

monkey/infection_monkey/post_breach/add_user.py

@@ -23,14 +23,17 @@ class BackdoorUser(object):
 
     def act(self):
         LOG.info("Adding a user")
-        if sys.platform.startswith("win"):
+        try:
-            retval = self.add_user_windows()
+            if sys.platform.startswith("win"):
-        else:
+                retval = self.add_user_windows()
-            retval = self.add_user_linux()
+            else:
-        if retval != 0:
+                retval = self.add_user_linux()
-            LOG.warn("Failed to add a user")
+            if retval != 0:
-        else:
+                LOG.warn("Failed to add a user")
-            LOG.info("Done adding user")
+            else:
+                LOG.info("Done adding user")
+        except OSError:
+            LOG.exception("Exception while adding a user")
 
     @staticmethod
     def add_user_linux():

monkey/infection_monkey/readme.txt

@@ -5,6 +5,7 @@ The monkey is composed of three separate parts.
 * The Infection Monkey itself - PyInstaller compressed python archives
 * Sambacry binaries - Two linux binaries, 32/64 bit.
 * Mimikatz binaries - Two windows binaries, 32/64 bit.
+* Traceroute binaries - Two linux binaries, 32/64bit.
 
 --- Windows ---
 
@@ -51,8 +52,11 @@ Tested on Ubuntu 16.04 and 17.04.
 		pip install -r requirements.txt
 2.	Build Sambacry binaries
 	a. Build/Download according to sections at the end of this readme.
-	b. Place the binaries under [code location]\infection_monkey\bin
+	b. Place the binaries under [code location]\infection_monkey\bin, under the names 'sc_monkey_runner32.so', 'sc_monkey_runner64.so'
-3.	To build, run in terminal:
+3.	Build Traceroute binaries
+	a. Build/Download according to sections at the end of this readme.
+	b. Place the binaries under [code location]\infection_monkey\bin, under the names 'traceroute32', 'traceroute64'
+4.	To build, run in terminal:
 		cd [code location]/infection_monkey
 		chmod +x build_linux.sh
 		./build_linux.sh
@@ -61,19 +65,45 @@ Tested on Ubuntu 16.04 and 17.04.
 -- Sambacry --
 
 Sambacry requires two standalone binaries to execute remotely.
-1.	Install gcc-multilib if it's not installed
+a. Build sambacry binaries yourself
-	sudo apt-get install gcc-multilib
+	a.1. Install gcc-multilib if it's not installed
-2.	Build the binaries
+		 sudo apt-get install gcc-multilib
-	cd [code location]/infection_monkey/monkey_utils/sambacry_monkey_runner
+	a.2. Build the binaries
-	./build.sh
+		 cd [code location]/infection_monkey/monkey_utils/sambacry_monkey_runner
+		 ./build.sh
+
+b. Download our pre-built sambacry binaries
+	b.1. Available here: 
+		32bit: https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so
+		64bit: https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so
 
 -- Mimikatz --
 
 Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile from sources (requires Visual Studio 2013 and up) or download the binaries from 
-https://github.com/guardicore/mimikatz/releases/tag/1.0.0
+You can either build them yourself or download pre-built binaries.
-Download both 32 and 64 bit zipped DLLs and place them under [code location]\infection_monkey\bin
+a. Build Mimikatz yourself
-Alternatively, if you build Mimikatz, put each version in a zip file.
+	a.0. Building mimikatz requires Visual Studio 2013 and up
-1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll
+	a.1. Clone our version of mimikatz from https://github.com/guardicore/mimikatz/tree/1.1.0
-2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'.
+	a.2. Build using Visual Studio.
-3. The zip file should be named mk32.zip/mk64.zip accordingly.
+	a.3. Put each version in a zip file
-4. Zipping with 7zip has been tested. Other zipping software may not work.
+		a.3.1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll
+		a.3.2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'.
+		a.3.3. The zip file should be named mk32.zip/mk64.zip accordingly.
+		a.3.4. Zipping with 7zip has been tested. Other zipping software may not work.
+		
+b. Download our pre-built traceroute binaries
+	b.1. Download both 32 and 64 bit zipped DLLs from https://github.com/guardicore/mimikatz/releases/tag/1.1.0
+	b.2. Place them under [code location]\infection_monkey\bin
+
+-- Traceroute --
+
+Traceroute requires two standalone binaries to execute remotely.
+The monkey carries the standalone binaries since traceroute isn't built in all Linux distributions.
+You can either build them yourself or download pre-built binaries.
+
+a. Build traceroute yourself
+	a.1. The sources of traceroute are available here with building instructions: http://traceroute.sourceforge.net
+b. Download our pre-built traceroute binaries
+	b.1. Available here: 
+		32bit: https://github.com/guardicore/monkey/releases/download/1.6/traceroute32
+		64bit: https://github.com/guardicore/monkey/releases/download/1.6/traceroute64

monkey/infection_monkey/requirements_linux.txt

@@ -0,0 +1,19 @@
+enum34
+impacket
+pycryptodome
+pyasn1
+cffi
+twisted
+rdpy
+requests
+odict
+paramiko
+psutil==3.4.2
+PyInstaller
+six
+ecdsa
+netifaces
+ipaddress
+wmi
+pymssql
+pyftpdlib

monkey/infection_monkey/requirements_windows.txt

@@ -1,6 +1,6 @@
 enum34
 impacket
-PyCrypto
+pycryptodome
 pyasn1
 cffi
 twisted

monkey/monkey_island/cc/encryptor.py

@@ -39,7 +39,7 @@ class Encryptor:
     def enc(self, message):
         cipher_iv = Random.new().read(AES.block_size)
         cipher = AES.new(self._cipher_key, AES.MODE_CBC, cipher_iv)
-        return base64.b64encode(cipher_iv + cipher.encrypt(self._pad(message)))
+        return base64.b64encode(cipher_iv + cipher.encrypt(str(self._pad(message))))  # ciper.encrypt expects str
 
     def dec(self, enc_message):
         enc_message = base64.b64decode(enc_message)

monkey/monkey_island/cc/environment/__init__.py

@@ -1,6 +1,7 @@
 import abc
 from datetime import timedelta
 import os
+from Crypto.Hash import SHA3_512
 
 __author__ = 'itay.mizeretz'
 
@@ -13,6 +14,12 @@ class Environment(object):
     _DEBUG_SERVER = False
     _AUTH_EXPIRATION_TIME = timedelta(hours=1)
 
+    def __init__(self):
+        self.config = None
+
+    def set_config(self, config):
+        self.config = config
+
     def get_island_port(self):
         return self._ISLAND_PORT
 
@@ -25,6 +32,11 @@ class Environment(object):
     def get_auth_expiration_time(self):
         return self._AUTH_EXPIRATION_TIME
 
+    def hash_secret(self, secret):
+        h = SHA3_512.new()
+        h.update(secret)
+        return h.hexdigest()
+
     @abc.abstractmethod
     def is_auth_enabled(self):
         return

monkey/monkey_island/cc/environment/aws.py

@@ -1,6 +1,7 @@
 import cc.auth
 from cc.environment import Environment
 from common.cloud.aws_instance import AwsInstance
+from Crypto.Hash import SHA3_512
 
 __author__ = 'itay.mizeretz'
 
@@ -23,5 +24,5 @@ class AwsEnvironment(Environment):
 
     def get_auth_users(self):
         return [
-            cc.auth.User(1, 'monkey', self._instance_id)
+            cc.auth.User(1, 'monkey', self.hash_secret(self._instance_id))
         ]

monkey/monkey_island/cc/environment/environment.py

@@ -1,16 +1,22 @@
 import json
 import logging
-import standard
+
-import aws
+from cc.environment import standard
+from cc.environment import aws
+from cc.environment import password
+
+__author__ = 'itay.mizeretz'
 
 logger = logging.getLogger(__name__)
 
 AWS = 'aws'
 STANDARD = 'standard'
+PASSWORD = 'password'
 
 ENV_DICT = {
-    'standard': standard.StandardEnvironment,
+    STANDARD: standard.StandardEnvironment,
-    'aws': aws.AwsEnvironment
+    AWS: aws.AwsEnvironment,
+    PASSWORD: password.PasswordEnvironment,
 }
 
 
@@ -25,8 +31,10 @@ def load_env_from_file():
     return config_json['server_config']
 
 try:
-    __env_type = load_env_from_file()
+    config_json = load_server_configuration_from_file()
+    __env_type = config_json['server_config']
     env = ENV_DICT[__env_type]()
+    env.set_config(config_json)
     logger.info('Monkey\'s env is: {0}'.format(env.__class__.__name__))
 except Exception:
     logger.error('Failed initializing environment', exc_info=True)

monkey/monkey_island/cc/environment/password.py

@@ -0,0 +1,15 @@
+from cc.environment import Environment
+import cc.auth
+
+__author__ = 'itay.mizeretz'
+
+
+class PasswordEnvironment(Environment):
+
+    def is_auth_enabled(self):
+        return True
+
+    def get_auth_users(self):
+        return [
+            cc.auth.User(1, self.config['user'], self.config['hash'])
+        ]

monkey/monkey_island/cc/resources/telemetry_feed.py

@@ -52,7 +52,7 @@ class TelemetryFeed(flask_restful.Resource):
     @staticmethod
     def get_state_telem_brief(telem):
         if telem['data']['done']:
-            return 'Monkey died.'
+            return '''Monkey finishing it's execution.'''
         else:
             return 'Monkey started.'
 

monkey/monkey_island/cc/ui/package.json

@@ -90,6 +90,7 @@
     "react-router-dom": "^4.3.1",
     "react-table": "^6.8.6",
     "react-toggle": "^4.0.1",
-    "redux": "^4.0.0"
+    "redux": "^4.0.0",
+    "sha3": "^2.0.0"
   }
 }

monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js

@@ -0,0 +1,9 @@
+import BaseConfig from './BaseConfig';
+
+class PasswordConfig extends BaseConfig{
+  isAuthEnabled() {
+    return true;
+  }
+}
+
+export default PasswordConfig;

monkey/monkey_island/cc/ui/src/server_config/ServerConfig.js

@@ -1,12 +1,14 @@
 import StandardConfig from './StandardConfig';
 import AwsConfig from './AwsConfig';
+import PasswordConfig from "./PasswordConfig";
 
 const SERVER_CONFIG_JSON = require('../../../server_config.json');
 
 const CONFIG_DICT =
   {
     'standard': StandardConfig,
-    'aws': AwsConfig
+    'aws': AwsConfig,
+    'password': PasswordConfig
   };
 
 export const SERVER_CONFIG = new CONFIG_DICT[SERVER_CONFIG_JSON['server_config']]();

monkey/monkey_island/cc/ui/src/services/AuthService.js

@@ -1,3 +1,4 @@
+import { SHA3 } from 'sha3';
 import decode from 'jwt-decode';
 import {SERVER_CONFIG} from '../server_config/ServerConfig';
 
@@ -6,7 +7,7 @@ export default class AuthService {
 
   login = (username, password) => {
     if (this.AUTH_ENABLED) {
-      return this._login(username, password);
+      return this._login(username, this.hashSha3(password));
     } else {
       return {result: true};
     }
@@ -20,6 +21,12 @@ export default class AuthService {
     }
   };
 
+  hashSha3(text) {
+    let hash = new SHA3(512);
+    hash.update(text);
+    return this._toHexStr(hash.digest());
+  }
+
   _login = (username, password) => {
     return this._authFetch('/api/auth', {
       method: 'POST',
@@ -103,4 +110,9 @@ export default class AuthService {
     return localStorage.getItem('jwt')
   }
 
+  _toHexStr(byteArr) {
+    return byteArr.reduce((acc, x) => (acc + ('0' + x.toString(0x10)).slice(-2)), '');
+  }
+
+
 }

monkey/monkey_island/deb-package/monkey_island_pip_requirements.txt

@@ -13,7 +13,7 @@ jsonschema
 netifaces
 ipaddress
 enum34
-PyCrypto
+pycryptodome
 boto3
 awscli
 virtualenv

monkey/monkey_island/readme.txt

@@ -6,26 +6,23 @@ How to set up the Monkey Island server:
 ---------------- On Windows ----------------:
 0. Exclude the folder you are planning to install the Monkey in from your AV software, as it might block or delete files from the installation.
 1. Create folder "bin" under monkey_island
-2. Place portable version of Python 2.7
+2. Place portable version of Python 2.7.15
-	2.1. Download and install from: https://www.python.org/download/releases/2.7/
+	2.1. Download and install from: https://www.python.org/downloads/release/python-2715/
-	2.2. Install the required python libraries using "python -m pip install -r monkey_island\requirements.txt"
+	2.2. Install virtualenv using "python -m pip install virtualenv"
-	2.3. Copy contents from installation path (Usually C:\Python27) to monkey_island\bin\Python27
+	2.3. Create a virtualenv using "python -m virtualenv --always-copy <PATH TO BIN>\Python27" Where <PATH TO BIN> is the path to the bin folder created on step 1.
-	2.4. Copy Python27.dll from System32 folder (Usually C:\Windows\System32 or C:\Python27) to monkey_island\bin\Python27
+	2.4. Run "python -m virtualenv --relocatable <PATH TO BIN>\Python27"
-	2.5. (Optional) You may uninstall Python27 if you like.
+	2.5. Install the required python libraries using "<PATH TO BIN>\Python27\Scripts\python -m pip install -r monkey_island\requirements.txt"
+	2.6. Copy DLLs from installation path (Usually C:\Python27\DLLs) to <PATH TO BIN>\Python27\DLLs
+	2.7. (Optional) You may uninstall Python27 if you like.
 3. Setup mongodb (Use one of the following two options):
-    3.1 Place portable version of mongodb
+    3.a Place portable version of mongodb
-	   3.1.1 Download from: https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip
+	   3.a.1. Download from: https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip
- 	   3.2.1 Extract contents from bin folder to monkey_island\bin\mongodb.
+ 	   3.a.2. Extract contents from bin folder to monkey_island\bin\mongodb.
-	   3.3.1 Create monkey_island\db folder.
+	   3.a.3. Create monkey_island\db folder.
-	
 	OR
-
+    3.b. Use already running instance of mongodb
-    3.1 If you have an instance of mongodb running on a different host, set the MONKEY_MONGO_URL environment variable:
+		3.b.1. Run 'set MONKEY_MONGO_URL="mongodb://<SERVER ADDR>:27017/monkeyisland"'. Replace '<SERVER ADDR>' with address of mongo server
-
+        
-        example for mongodb running on host with IP address 192.168.10.10:
-
-        set MONKEY_MONGO_URL="mongodb://192.168.10.10:27107/monkeyisland"
-
 4. Place portable version of OpenSSL
 	4.1. Download from: https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip
 	4.2. Extract content from bin folder to monkey_island\bin\openssl
@@ -67,23 +64,16 @@ How to run:
 	monkey-windows-64.exe - monkey binary for windows 64bi
 
 4. Setup MongoDB (Use one of the two following options):
-
+        4.a. Download MongoDB and extract it to /var/monkey_island/bin/mongodb
-        4.1 Download MongoDB and extract it to /var/monkey_island/bin/mongodb
                 for debian64 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz
                 for ubuntu64 16.10 - https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz
                 find more at - https://www.mongodb.org/downloads#production
                 untar.gz with: tar -zxvf filename.tar.gz -C /var/monkey_island/bin/mongodb
                 (make sure the content of the mongo folder is in this directory, meaning this path exists:
-                        /var/monkey_island/bin/mongodb/bin)
+                        /var/monkey_island/bin/mongodb/bin)        
-        
         OR
-
+        4.b. Use already running instance of mongodb
-        4.1 If you have an instance of mongodb running on a different host, set the MONKEY_MONGO_URL environment variable:
+			4.b.1. Run 'set MONKEY_MONGO_URL="mongodb://<SERVER ADDR>:27017/monkeyisland"'. Replace '<SERVER ADDR>' with address of mongo server
-
-            example for mongodb running on host with IP address 192.168.10.10:
-
-                set MONKEY_MONGO_URL="mongodb://192.168.10.10:27107/monkeyisland"
-
 
 5. install OpenSSL
     sudo apt-get install openssl

monkey/monkey_island/requirements.txt

@@ -13,6 +13,6 @@ jsonschema
 netifaces
 ipaddress
 enum34
-PyCrypto
+pycryptodome
 boto3
 awscli

monkey/monkey_island/windows/run_cc.bat

@@ -1,4 +1,4 @@
 @title C^&C Server
 @pushd ..
-@monkey_island\bin\Python27\python monkey_island.py
+@monkey_island\bin\Python27\Scripts\python monkey_island.py
 @popd