From 5a9153858a8c17625dd8ad8c2a83580d17a7c437 Mon Sep 17 00:00:00 2001 From: acepace Date: Sun, 10 Jul 2016 11:47:07 +0300 Subject: [PATCH 1/5] Changed DNS path to monkey.guardicore.com --- chaos_monkey/config.py | 2 +- chaos_monkey/example.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chaos_monkey/config.py b/chaos_monkey/config.py index 1e99cfc73..47d8724ae 100644 --- a/chaos_monkey/config.py +++ b/chaos_monkey/config.py @@ -144,7 +144,7 @@ class Configuration(object): retry_failed_explotation = True #addresses of internet servers to ping and check if the monkey has internet acccess. - internet_services = ["www.guardicore.com", "www.google.com"] + internet_services = ["monkey.guardicore.com", "www.google.com"] ########################### # scanners config diff --git a/chaos_monkey/example.conf b/chaos_monkey/example.conf index 6aac82c1c..5d933b6d3 100644 --- a/chaos_monkey/example.conf +++ b/chaos_monkey/example.conf @@ -4,7 +4,7 @@ "41.50.73.31:5000" ], "internet_services": = [ - "www.guardicore.com", + "monkey.guardicore.com", "www.google.com" ], "range_class": "RelativeRange", From 6871a3da4f359936bcaf0f814976c55de8651289 Mon Sep 17 00:00:00 2001 From: acepace Date: Mon, 18 Jul 2016 23:43:17 +0300 Subject: [PATCH 2/5] Removed unused import. Added kill file option. --- chaos_monkey/config.py | 6 ++++++ chaos_monkey/example.conf | 3 +++ chaos_monkey/network/info.py | 1 - 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/chaos_monkey/config.py b/chaos_monkey/config.py index 47d8724ae..3ea1e37e7 100644 --- a/chaos_monkey/config.py +++ b/chaos_monkey/config.py @@ -103,6 +103,12 @@ class Configuration(object): dropper_target_path = r"C:\Windows\monkey.exe" dropper_target_path_linux = '/bin/monkey' + ########################### + # Kill file + ########################### + kill_file_path_windows = os.path.expandvars("%temp%\~df4150.tmp") + kill_file_path_linux = '/tmp/user-4150' + ########################### # monkey config ########################### diff --git a/chaos_monkey/example.conf b/chaos_monkey/example.conf index 5d933b6d3..ef4c2ca0c 100644 --- a/chaos_monkey/example.conf +++ b/chaos_monkey/example.conf @@ -35,6 +35,9 @@ "dropper_set_date": true, "dropper_target_path": "C:\\Windows\\monkey.exe", "dropper_target_path_linux": "/bin/monkey", + + "kill_path_linux": "/tmp/user-4150", + "kill_path_windows": "%temp%\\~df4150.tmp", "dropper_try_move_first": false, "exploiter_classes": [ "SSHExploiter", diff --git a/chaos_monkey/network/info.py b/chaos_monkey/network/info.py index 09c484605..c59971faa 100644 --- a/chaos_monkey/network/info.py +++ b/chaos_monkey/network/info.py @@ -3,7 +3,6 @@ import sys import socket import struct import array -import psutil from random import randint __author__ = 'hoffer' From d6e6429761009987bd551001a4ee097bf78a4a0b Mon Sep 17 00:00:00 2001 From: Daniel Goldberg Date: Wed, 20 Jul 2016 08:30:54 +0300 Subject: [PATCH 3/5] Fixed typo + added command line option. --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a47e488f1..c86a20269 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ Both configuration options use a JSON format for specifying options; see "Option ### Running the C&C Server -Running the C&C Server is as simple as installing our infected monkey debian package on a specific server. The initial infected machine doesn not require a direct link to this server. +Running the C&C Server is as simple as installing our infected monkey debian package on a specific server. The initial infected machine does not require a direct link to this server. ### Unleashing the Monkey @@ -62,6 +62,7 @@ Command line options include: * `-c`, `--config`: set configuration file. JSON file with configuration values, will override compiled configuration. * `-p`, `--parent`: set monkey’s parent uuid, allows better recognition of exploited monkeys in c&c * `-t`, `--tunnel`: ip:port, set default tunnel for monkey when connecting to c&c. +* `-d`, `--depth` : manually sets the current depth of the monkey. Monkey Modus Operandi From c5eb3a3f6d6e53f924bd1e0198d0ba1e5970a81b Mon Sep 17 00:00:00 2001 From: acepace Date: Wed, 20 Jul 2016 08:53:13 +0300 Subject: [PATCH 4/5] Improved getting started. --- README.md | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index a47e488f1..f5e6cf83a 100644 --- a/README.md +++ b/README.md @@ -27,23 +27,22 @@ The monkey is the tool which infects other machines and propagates to them, whil ### Requirements - The C&C Server has been tested on Ubuntu 14.04. The Monkey itself has been tested on Windows XP, 7, 8.1 and 10. The Linux build has been tested on Ubuntu server 14.04 and 15.10. ### Installation -For off the shelf use, download our pre-compiled binaries from our website, to setup the C&C server follow the instructions in [Monkey Island readme](monkey_island/readme.txt). If you with to compile the binaries yourself, follow the build instructions later on in this readme. - -Usage ------ - -### Configuring the Monkey +For off the shelf use, download our pre-compiled binaries from our website, to setup the C&C server follow the instructions in [Monkey Island readme](monkey_island/readme.txt). If you with to compile the binaries yourself, follow the build instructions later on in this readme. + +### Initial configuration. +Whether by downloading or building from source, the Infection Monkey is basically 4 executable files for different platforms and a default configuration file. Monkey configuration is stored in two places: 1. By default, the monkey uses a local configuration file (usually, config.bin). This configuration file must include the address of the Monkey's C&C server. 2. After successfully connecting to the C&C server, the monkey downloads a new configuration from the server and discards the local configuration. It is possible to change the default configuration from the C&C server's UI. +In both cases the command server hostname should be modified to point at your local instance of the Monkey Island (note this doesn't require connectivity right off the bat). In addition, to improve the Monkey's chances of spreading, you can pre-seed it with credentials and usernames commonly used. + Both configuration options use a JSON format for specifying options; see "Options" below for details. ### Running the C&C Server @@ -52,16 +51,13 @@ Running the C&C Server is as simple as installing our infected monkey debian pac ### Unleashing the Monkey -Download the latest Monkey binary from <> (alternatively, build it by yourself by following the instructions below). -The download includes executables for various operating systems, and a default configuration file (config.bin). -You can edit the configuration file according the the options detailed below; the default configuration assumes . - -Once downloaded, run the monkey using ```./monkey-linux-64 m0nk3y -c config.bin``` +Once configured, run the monkey using ```./monkey-linux-64 m0nk3y -c config.bin``` (Windows is identical). This can be done at multiple points in the network at once. Command line options include: * `-c`, `--config`: set configuration file. JSON file with configuration values, will override compiled configuration. * `-p`, `--parent`: set monkey’s parent uuid, allows better recognition of exploited monkeys in c&c * `-t`, `--tunnel`: ip:port, set default tunnel for monkey when connecting to c&c. +* '-d', '--depth' : sets the monkeys current operation depth. Monkey Modus Operandi From 5db315cfee3040c33f818967d9003e7df5a5fe8c Mon Sep 17 00:00:00 2001 From: Daniel Goldberg Date: Wed, 20 Jul 2016 17:34:18 +0300 Subject: [PATCH 5/5] Fixed markdown --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f5e6cf83a..74f5e2e2b 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ Command line options include: * `-c`, `--config`: set configuration file. JSON file with configuration values, will override compiled configuration. * `-p`, `--parent`: set monkey’s parent uuid, allows better recognition of exploited monkeys in c&c * `-t`, `--tunnel`: ip:port, set default tunnel for monkey when connecting to c&c. -* '-d', '--depth' : sets the monkeys current operation depth. +* `-d`, `--depth` : sets the monkeys current operation depth. Monkey Modus Operandi