Merge pull request #1654 from guardicore/1597-remove-unneeded-options

1597 remove unneeded options
2021-12-14 10:15:33 -05:00 · 2021-12-14 10:15:33 -05:00 · 966bef25d8
parent 6cd481637d 0bf7067cea
commit 966bef25d8
12 changed files with 6 additions and 143 deletions
--- a/.swm/AzD8XysWg1BBXCjCDkfq.swm
+++ b/.swm/AzD8XysWg1BBXCjCDkfq.swm
@ -1,67 +0,0 @@
 {
    "id": "AzD8XysWg1BBXCjCDkfq",
    "name": "Add a new configuration setting to the Agent ⚙",
    "task": {
        "dod": "Make the max victim number that Monkey will find before stopping configurable by the user instead of constant.",
        "tests": [],
        "hints": [
            "Look for `victims_max_exploit` - it's rather similar."
        ]
    },
    "content": [
        {
            "type": "text",
            "text": "# Make something configurable\n\nIn this unit, you will learn how to add a configuration option to Monkey and how to use it in the Monkey Agent code. \n\n![computer fire](https://media.giphy.com/media/7J4P7cUur2DlErijp3/giphy.gif \"computer fire\")\n\n## Why is this important?\n\nEnabling users to configure the Monkey's behaviour gives them a lot more freedom in how they want to use the Monkey and enables more use cases.\n\n## What is \"Max victims to find\"?\n\nThe Monkey has a function which finds \"victim\" machines on the network for the Monkey to try and exploit. It's called `get_victim_machines`. This function accepts an argument which limits how many machines the Monkey should find.\n\nWe want to make that value editable by the user instead of constant in the code.\n\n## Manual testing\n\n1. After you've performed the required changes, reload the Server and check your value exists in the Internal tab of the config (see image).\n\n![](https://i.imgur.com/e0XAxuV.png)\n\n2. Set the new value to 1, and run Monkey locally (from source). See that the Monkey only scans one machine."
        },
        {
            "type": "snippet",
            "path": "monkey/infection_monkey/config.py",
            "comments": [],
            "firstLineNumber": 103,
            "lines": [
                "     exploiter_classes = []",
                "     system_info_collector_classes = []",
                " ",
                "*    # how many victims to look for in a single scan iteration",
                "*    victims_max_find = 100",
                " ",
                "     # how many victims to exploit before stopping",
                "     victims_max_exploit = 100"
            ]
        },
        {
            "type": "snippet",
            "path": "monkey/monkey_island/cc/services/config_schema/internal.py",
            "comments": [],
            "firstLineNumber": 28,
            "lines": [
                "             \"title\": \"Monkey\",",
                "             \"type\": \"object\",",
                "             \"properties\": {",
                "*                \"victims_max_find\": {",
                "*                    \"title\": \"Max victims to find\",",
                "*                    \"type\": \"integer\",",
                "*                    \"default\": 100,",
                "*                    \"description\": \"Determines the maximum number of machines the monkey is \"",
                "*                    \"allowed to scan\",",
                "*                },",
                "                 \"victims_max_exploit\": {",
                "                     \"title\": \"Max victims to exploit\",",
                "                     \"type\": \"integer\","
            ]
        },
        {
            "type": "text",
            "text": "* When changing config schema by adding or deleting keys, you need to update the Blackbox Test configurations as well [here](https://github.com/guardicore/monkey/tree/develop/envs/monkey_zoo/blackbox/config_templates)."
        }
    ],
    "symbols": {},
    "file_version": "2.0.3",
    "meta": {
        "app_version": "0.6.6-2",
        "file_blobs": {
            "monkey/infection_monkey/config.py": "8f4984ba6563564343282765ab498efca5d89ba8",
            "monkey/monkey_island/cc/services/config_schema/internal.py": "86318eaf19b9991a8af5de861a3eb085238e17a4"
        }
    }
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -36,6 +36,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - MITRE ATT&CK configuration screen. #1532
 - Propagation credentials from "GET /api/monkey/<string:guid>" endpoint. #1538
 - "GET /api/monkey_control/check_remote_port/<string:port>" endpoint. #1635
 - Max victims to find/exploit, TCP scan interval and TCP scan get banner internal options. #1597
 - MySQL fingerprinter. #1648
 ### Fixed
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@ -103,12 +103,6 @@ class Configuration(object):
    exploiter_classes = []
    system_info_collector_classes = []
    # how many victims to look for in a single scan iteration
    victims_max_find = 100
    # how many victims to exploit before stopping
    victims_max_exploit = 100
    # depth of propagation
    depth = 2
    max_depth = None
@ -142,8 +136,6 @@ class Configuration(object):
    tcp_target_ports = [22, 2222, 445, 135, 3389, 80, 8080, 443, 8008, 3306, 9200]
    tcp_target_ports.extend(HTTP_PORTS)
    tcp_scan_timeout = 3000  # 3000 Milliseconds
    tcp_scan_interval = 0  # in milliseconds
    tcp_scan_get_banner = True
    # Ping Scanner
    ping_scan_timeout = 1000
--- a/monkey/infection_monkey/example.conf
+++ b/monkey/infection_monkey/example.conf
@ -56,8 +56,6 @@
  "exploit_ntlm_hash_list": [],
  "exploit_ssh_keys": [],
  "local_network_scan": false,
  "tcp_scan_get_banner": true,
  "tcp_scan_interval": 0,
  "tcp_scan_timeout": 10000,
  "tcp_target_ports": [
    22,
@ -73,8 +71,6 @@
    7001,
    8088
  ],
  "victims_max_exploit": 100,
  "victims_max_find": 100,
  "post_breach_actions": []
  custom_PBA_linux_cmd = ""
  custom_PBA_windows_cmd = ""
--- a/monkey/infection_monkey/network/network_scanner.py
+++ b/monkey/infection_monkey/network/network_scanner.py
@ -1,5 +1,4 @@
 import logging
 import time
 from multiprocessing.dummy import Pool
 from common.network.network_range import NetworkRange
@ -108,9 +107,6 @@ class NetworkScanner(object):
                if victims_count >= max_find:
                    logger.debug("Found max needed victims (%d), stopping scan", max_find)
                    return
            if WormConfiguration.tcp_scan_interval:
                # time.sleep uses seconds, while config is in milliseconds
                time.sleep(WormConfiguration.tcp_scan_interval / float(1000))
    @staticmethod
    def _is_any_ip_in_subnet(ip_addresses, subnet_str):
--- a/monkey/infection_monkey/network/tools.py
+++ b/monkey/infection_monkey/network/tools.py
@ -76,14 +76,13 @@ def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
    return True, banner
-def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False):
+def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT):
    """
    Checks whether any of the given ports are open on a target IP.
    :param ip:  IP of host to attack
    :param ports: List of ports to attack. Must not be empty.
    :param timeout: Amount of time to wait for connection
-    :param get_banner: T/F if to get first packets from server
+    :return: List of open ports.
    :return: list of open ports. If get_banner=True, then a matching list of banners.
    """
    sockets = [socket.socket(socket.AF_INET, socket.SOCK_STREAM) for _ in range(len(ports))]
    [s.setblocking(False) for s in sockets]
@ -130,7 +129,7 @@ def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False):
                % (str(ip), ",".join([str(s[0]) for s in connected_ports_sockets]))
            )
            banners = []
-            if get_banner and (len(connected_ports_sockets) != 0):
+            if len(connected_ports_sockets) != 0:
                readable_sockets, _, _ = select.select(
                    [s[1] for s in connected_ports_sockets], [], [], 0
                )
--- a/monkey/monkey_island/cc/services/config_schema/internal.py
+++ b/monkey/monkey_island/cc/services/config_schema/internal.py
@ -1,5 +1,3 @@
 from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN
 INTERNAL = {
    "title": "Internal",
    "type": "object",
@ -21,24 +19,6 @@ INTERNAL = {
            "title": "Monkey",
            "type": "object",
            "properties": {
                "victims_max_find": {
                    "title": "Max victims to find",
                    "type": "integer",
                    "default": 100,
                    "description": "Determines the maximum number of machines the monkey is "
                    "allowed to scan",
                },
                "victims_max_exploit": {
                    "title": "Max victims to exploit",
                    "type": "integer",
                    "default": 100,
                    "description": "Determines the maximum number of machines the monkey"
                    " is allowed to successfully exploit. "
                    + WARNING_SIGN
                    + " Note that setting this value too high may result in the "
                    "monkey propagating to "
                    "a high number of machines",
                },
                "alive": {
                    "title": "Alive",
                    "type": "boolean",
@ -116,12 +96,6 @@ INTERNAL = {
                            "description": "List of TCP ports the monkey will check whether "
                            "they're open",
                        },
                        "tcp_scan_interval": {
                            "title": "TCP scan interval",
                            "type": "integer",
                            "default": 0,
                            "description": "Time to sleep (in milliseconds) between scans",
                        },
                        "tcp_scan_timeout": {
                            "title": "TCP scan timeout",
                            "type": "integer",
@ -129,13 +103,6 @@ INTERNAL = {
                            "description": "Maximum time (in milliseconds) "
                            "to wait for TCP response",
                        },
                        "tcp_scan_get_banner": {
                            "title": "TCP scan - get banner",
                            "type": "boolean",
                            "default": True,
                            "description": "Determines whether the TCP scan should try to get the "
                            "banner",
                        },
                    },
                },
                "ping_scanner": {
--- a/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js
+++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js
@ -4,7 +4,6 @@ import {Nav} from 'react-bootstrap';
 const sectionOrder = [
  'network',
  'monkey',
  'island_server',
  'logging',
  'exploits',
--- a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js
+++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js
@ -123,14 +123,6 @@ export default function UiSchema(props) {
          'ui:widget': AdvancedMultiSelect
        }
      },
      monkey: {
        alive: {
          classNames: 'config-field-hidden'
        },
        aws_keys: {
          classNames: 'config-field-hidden'
        }
      },
      exploits: {
        exploit_lm_hash_list:{
          items: {
--- a/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss
+++ b/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss
@ -49,10 +49,6 @@
  font-size: 1.2em;
 }
 .config-field-hidden {
  display: none;
 }
 .field-description {
  white-space: pre-wrap;
 }
--- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json
+++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json
@ -105,8 +105,6 @@
        "ProcessListCollector",
        "MimikatzCollector"
    ],
    "tcp_scan_get_banner": true,
    "tcp_scan_interval": 0,
    "tcp_scan_timeout": 3000,
    "tcp_target_ports": [
        22,
@ -122,7 +120,5 @@
        7001,
        8088
    ],
-    "user_to_add": "Monkey_IUSER_SUPPORT",
+    "user_to_add": "Monkey_IUSER_SUPPORT"
    "victims_max_exploit": 100,
    "victims_max_find": 100
 }
--- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json
+++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json
@ -47,8 +47,6 @@
        "keep_tunnel_open_time": 60
      },
      "monkey": {
        "victims_max_find": 100,
        "victims_max_exploit": 100,
        "alive": true,
        "aws_keys": {
          "aws_access_key_id": "",
@ -88,9 +86,7 @@
            7001,
            8088
          ],
-          "tcp_scan_interval": 0,
+          "tcp_scan_timeout": 3000
          "tcp_scan_timeout": 3000,
          "tcp_scan_get_banner": true
        },
        "ping_scanner": {
          "ping_scan_timeout": 1000