From c25dbba5589673c3afd9f895f2b9f495ea53e7fa Mon Sep 17 00:00:00 2001 From: vakarisz Date: Thu, 7 Apr 2022 14:40:20 +0300 Subject: [PATCH 01/18] BB: Add missing tqdm package --- monkey/monkey_island/Pipfile | 1 + monkey/monkey_island/Pipfile.lock | 34 +++++++++++++++++++------------ 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/monkey/monkey_island/Pipfile b/monkey/monkey_island/Pipfile index 06dd0daef..a29ad0384 100644 --- a/monkey/monkey_island/Pipfile +++ b/monkey/monkey_island/Pipfile @@ -38,6 +38,7 @@ pytest-cov = "*" isort = "==5.10.1" coverage = "*" vulture = "==2.3" +tqdm = "*" # Used in BB tests [requires] python_version = "3.7" diff --git a/monkey/monkey_island/Pipfile.lock b/monkey/monkey_island/Pipfile.lock index 196059612..b1cb4660d 100644 --- a/monkey/monkey_island/Pipfile.lock +++ b/monkey/monkey_island/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "260be37685cd94ec3e28773e82834ee6564462ace9b7b1c9242dcf611e33fd25" + "sha256": "48c3a77a6022276d2607c19ae66490310fa8fa99e07e888b416c181e5ec0b534" }, "pipfile-spec": 6, "requires": { @@ -759,11 +759,11 @@ }, "setuptools": { "hashes": [ - "sha256:425ec0e0014c5bcc1104dd1099de6c8f0584854fc9a4f512575f5ed5ee399fb9", - "sha256:6d59c30ce22dd583b42cacf51eebe4c6ea72febaa648aa8b30e5015d23a191fe" + "sha256:7999cbd87f1b6e1f33bf47efa368b224bed5e27b5ef2c4d46580186cbcb1a86a", + "sha256:a65e3802053e99fc64c6b3b29c11132943d5b8c8facbcc461157511546510967" ], "markers": "python_version >= '3.7'", - "version": "==61.3.0" + "version": "==62.0.0" }, "six": { "hashes": [ @@ -791,11 +791,11 @@ }, "werkzeug": { "hashes": [ - "sha256:094ecfc981948f228b30ee09dbfe250e474823b69b9b1292658301b5894bbf08", - "sha256:9b55466a3e99e13b1f0686a66117d39bda85a992166e0a79aedfcf3586328f7a" + "sha256:3c5493ece8268fecdcdc9c0b112211acd006354723b280d643ec732b6d4063d6", + "sha256:f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74" ], "index": "pypi", - "version": "==2.1.0" + "version": "==2.1.1" }, "wirerope": { "hashes": [ @@ -805,11 +805,11 @@ }, "zipp": { "hashes": [ - "sha256:9f50f446828eb9d45b267433fd3e9da8d801f614129124863f9c51ebceafb87d", - "sha256:b47250dd24f92b7dd6a0a8fc5244da14608f3ca90a5efcd37a3b1642fac9a375" + "sha256:56bf8aadb83c24db6c4b577e13de374ccfb67da2078beba1d037c17980bf43ad", + "sha256:c4f6e5bbf48e74f7a38e7cc5b0480ff42b0ae5178957d564d18932525d5cf099" ], "markers": "python_version >= '3.7'", - "version": "==3.7.0" + "version": "==3.8.0" }, "zope.event": { "hashes": [ @@ -1208,6 +1208,14 @@ "markers": "python_version < '3.11'", "version": "==2.0.1" }, + "tqdm": { + "hashes": [ + "sha256:40be55d30e200777a307a7585aee69e4eabb46b4ec6a4b4a5f2d9f11e7d5408d", + "sha256:74a2cdefe14d11442cedf3ba4e21a3b84ff9a2dbdc6cfae2c34addb2a14a5ea6" + ], + "index": "pypi", + "version": "==4.64.0" + }, "typed-ast": { "hashes": [ "sha256:0eb77764ea470f14fcbb89d51bc6bbf5e7623446ac4ed06cbd9ca9495b62e36e", @@ -1272,11 +1280,11 @@ }, "zipp": { "hashes": [ - "sha256:9f50f446828eb9d45b267433fd3e9da8d801f614129124863f9c51ebceafb87d", - "sha256:b47250dd24f92b7dd6a0a8fc5244da14608f3ca90a5efcd37a3b1642fac9a375" + "sha256:56bf8aadb83c24db6c4b577e13de374ccfb67da2078beba1d037c17980bf43ad", + "sha256:c4f6e5bbf48e74f7a38e7cc5b0480ff42b0ae5178957d564d18932525d5cf099" ], "markers": "python_version >= '3.7'", - "version": "==3.7.0" + "version": "==3.8.0" } } } From 48469a59a6bb1022e3bb393fed306e0112b75fcc Mon Sep 17 00:00:00 2001 From: vakarisz Date: Tue, 12 Apr 2022 12:55:21 +0300 Subject: [PATCH 02/18] BB: Move single test templates into a dedicated folder --- .../blackbox/config_templates/{ => single_tests}/hadoop.py | 0 .../config_templates/{ => single_tests}/log4j_logstash.py | 0 .../blackbox/config_templates/{ => single_tests}/log4j_solr.py | 0 .../blackbox/config_templates/{ => single_tests}/log4j_tomcat.py | 0 .../blackbox/config_templates/{ => single_tests}/mssql.py | 0 .../blackbox/config_templates/{ => single_tests}/performance.py | 0 .../blackbox/config_templates/{ => single_tests}/powershell.py | 0 .../{ => single_tests}/powershell_credentials_reuse.py | 0 .../blackbox/config_templates/{ => single_tests}/smb_mimikatz.py | 0 .../blackbox/config_templates/{ => single_tests}/smb_pth.py | 0 .../blackbox/config_templates/{ => single_tests}/ssh.py | 0 .../blackbox/config_templates/{ => single_tests}/tunneling.py | 0 .../blackbox/config_templates/{ => single_tests}/wmi_mimikatz.py | 0 .../blackbox/config_templates/{ => single_tests}/wmi_pth.py | 0 .../blackbox/config_templates/{ => single_tests}/zerologon.py | 0 15 files changed, 0 insertions(+), 0 deletions(-) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/hadoop.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/log4j_logstash.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/log4j_solr.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/log4j_tomcat.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/mssql.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/performance.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/powershell.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/powershell_credentials_reuse.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/smb_mimikatz.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/smb_pth.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/ssh.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/tunneling.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/wmi_mimikatz.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/wmi_pth.py (100%) rename envs/monkey_zoo/blackbox/config_templates/{ => single_tests}/zerologon.py (100%) diff --git a/envs/monkey_zoo/blackbox/config_templates/hadoop.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/hadoop.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/hadoop.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/hadoop.py diff --git a/envs/monkey_zoo/blackbox/config_templates/log4j_logstash.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/log4j_logstash.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/log4j_logstash.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/log4j_logstash.py diff --git a/envs/monkey_zoo/blackbox/config_templates/log4j_solr.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/log4j_solr.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/log4j_solr.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/log4j_solr.py diff --git a/envs/monkey_zoo/blackbox/config_templates/log4j_tomcat.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/log4j_tomcat.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/log4j_tomcat.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/log4j_tomcat.py diff --git a/envs/monkey_zoo/blackbox/config_templates/mssql.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/mssql.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/mssql.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/mssql.py diff --git a/envs/monkey_zoo/blackbox/config_templates/performance.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/performance.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/performance.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/performance.py diff --git a/envs/monkey_zoo/blackbox/config_templates/powershell.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/powershell.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/powershell.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/powershell.py diff --git a/envs/monkey_zoo/blackbox/config_templates/powershell_credentials_reuse.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/powershell_credentials_reuse.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/powershell_credentials_reuse.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/powershell_credentials_reuse.py diff --git a/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/smb_mimikatz.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/smb_mimikatz.py diff --git a/envs/monkey_zoo/blackbox/config_templates/smb_pth.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/smb_pth.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/smb_pth.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/smb_pth.py diff --git a/envs/monkey_zoo/blackbox/config_templates/ssh.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/ssh.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/ssh.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/ssh.py diff --git a/envs/monkey_zoo/blackbox/config_templates/tunneling.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/tunneling.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/tunneling.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/tunneling.py diff --git a/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/wmi_mimikatz.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/wmi_mimikatz.py diff --git a/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/wmi_pth.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/wmi_pth.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/wmi_pth.py diff --git a/envs/monkey_zoo/blackbox/config_templates/zerologon.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/zerologon.py similarity index 100% rename from envs/monkey_zoo/blackbox/config_templates/zerologon.py rename to envs/monkey_zoo/blackbox/config_templates/single_tests/zerologon.py From 9ca061e23c6ec197b10db5c7cf9b6fd79fa0f100 Mon Sep 17 00:00:00 2001 From: vakarisz Date: Tue, 12 Apr 2022 13:53:55 +0300 Subject: [PATCH 03/18] BB: Add config templates for grouped tests --- .../config_templates/grouped/depth_1_a.py | 46 ++++++++++++++++++ .../config_templates/grouped/depth_1_b.py | 22 +++++++++ .../config_templates/grouped/depth_4_a.py | 48 +++++++++++++++++++ .../config_templates/single_tests/__init__.py | 0 .../utils/config_generation_script.py | 34 ++----------- 5 files changed, 120 insertions(+), 30 deletions(-) create mode 100644 envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py create mode 100644 envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py create mode 100644 envs/monkey_zoo/blackbox/config_templates/grouped/depth_4_a.py create mode 100644 envs/monkey_zoo/blackbox/config_templates/single_tests/__init__.py diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py new file mode 100644 index 000000000..92a522dc6 --- /dev/null +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py @@ -0,0 +1,46 @@ +from copy import copy + +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate + + +class Depth1A(ConfigTemplate): + config_values = copy(BaseTemplate.config_values) + # TODO ADD SMB PTH machine + # Tests: + # Hadoop + # Log4shell + # MSSQL + # SMB password stealing and brute force + # SSH password and key brute-force, key stealing + config_values.update( + { + "basic.exploiters.exploiter_classes": [ + "HadoopExploiter", + "Log4ShellExploiter", + "MSSQLExploiter", + "SmbExploiter", + "SSHExploiter", + ], + "basic_network.scope.subnet_scan_list": [ + "10.2.2.2", + "10.2.2.3", + "10.2.3.55", + "10.2.3.56", + "10.2.3.49", + "10.2.3.50", + "10.2.3.51", + "10.2.3.52", + "10.2.2.16", + "10.2.2.14", + "10.2.2.15", + "10.2.2.11", + "10.2.2.12", + ], + "basic.credentials.exploit_password_list": ["Ivrrw5zEzs", "Xk8VDTsC", "^NgDvY59~8"], + "basic.credentials.exploit_user_list": ["m0nk3y"], + "monkey.system_info.system_info_collector_classes": [ + "MimikatzCollector", + ], + } + ) diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py new file mode 100644 index 000000000..548f52349 --- /dev/null +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py @@ -0,0 +1,22 @@ +from copy import copy + +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate + + +class Depth1B(ConfigTemplate): + config_values = copy(BaseTemplate.config_values) + # Tests: + # WMI + credential stealing + # Zerologon + config_values.update( + { + "basic.exploiters.exploiter_classes": ["WmiExploiter", "ZerologonExploiter"], + "basic_network.scope.subnet_scan_list": ["10.2.2.25", "10.2.2.14", "10.2.2.15"], + "basic.credentials.exploit_password_list": ["Ivrrw5zEzs"], + "basic.credentials.exploit_user_list": ["m0nk3y"], + "monkey.system_info.system_info_collector_classes": [ + "MimikatzCollector", + ], + } + ) diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_4_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_4_a.py new file mode 100644 index 000000000..36e06853c --- /dev/null +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_4_a.py @@ -0,0 +1,48 @@ +from copy import copy + +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate + + +class Depth4A(ConfigTemplate): + config_values = copy(BaseTemplate.config_values) + + # Tests: + # Powershell + # Tunneling (SSH brute force) + # WMI mimikatz password stealing + config_values.update( + { + "basic.exploiters.exploiter_classes": [ + "PowerShellExploiter", + "SSHExploiter", + "WmiExploiter", + ], + "basic_network.scope.subnet_scan_list": [ + "10.2.3.45", + "10.2.3.46", + "10.2.3.47", + "10.2.3.48", + "10.2.2.9", + "10.2.1.10", + "10.2.0.12", + "10.2.0.11", + "10.2.2.15", + ], + "basic.credentials.exploit_password_list": [ + "Passw0rd!", + "3Q=(Ge(+&w]*", + "`))jU7L(w}", + "t67TC5ZDmz" "Ivrrw5zEzs", + ], + "basic_network.scope.depth": 3, + "internal.general.keep_tunnel_open_time": 20, + "basic.credentials.exploit_user_list": ["m0nk3y", "m0nk3y-user"], + "internal.network.tcp_scanner.HTTP_PORTS": [], + "internal.exploits.exploit_ntlm_hash_list": [ + "5da0889ea2081aa79f6852294cba4a5e", + "50c9987a6bf1ac59398df9f911122c9b", + ], + "internal.network.tcp_scanner.tcp_target_ports": [5985, 5986, 22, 135], + } + ) diff --git a/envs/monkey_zoo/blackbox/config_templates/single_tests/__init__.py b/envs/monkey_zoo/blackbox/config_templates/single_tests/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/envs/monkey_zoo/blackbox/utils/config_generation_script.py b/envs/monkey_zoo/blackbox/utils/config_generation_script.py index 76abff669..178f92a95 100644 --- a/envs/monkey_zoo/blackbox/utils/config_generation_script.py +++ b/envs/monkey_zoo/blackbox/utils/config_generation_script.py @@ -3,20 +3,9 @@ import pathlib from typing import Type from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -from envs.monkey_zoo.blackbox.config_templates.hadoop import Hadoop -from envs.monkey_zoo.blackbox.config_templates.log4j_logstash import Log4jLogstash -from envs.monkey_zoo.blackbox.config_templates.log4j_solr import Log4jSolr -from envs.monkey_zoo.blackbox.config_templates.log4j_tomcat import Log4jTomcat -from envs.monkey_zoo.blackbox.config_templates.mssql import Mssql -from envs.monkey_zoo.blackbox.config_templates.performance import Performance -from envs.monkey_zoo.blackbox.config_templates.powershell import PowerShell -from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz -from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth -from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh -from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling -from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz -from envs.monkey_zoo.blackbox.config_templates.wmi_pth import WmiPth -from envs.monkey_zoo.blackbox.config_templates.zerologon import Zerologon +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_a import Depth1A +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_b import Depth1B +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_4_a import Depth4A from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient @@ -34,22 +23,7 @@ args = parser.parse_args() island_client = MonkeyIslandClient(args.island_ip) -CONFIG_TEMPLATES = [ - Hadoop, - Mssql, - Performance, - PowerShell, - SmbMimikatz, - SmbPth, - Ssh, - Tunneling, - WmiMimikatz, - WmiPth, - Zerologon, - Log4jLogstash, - Log4jTomcat, - Log4jSolr, -] +CONFIG_TEMPLATES = [Depth1A, Depth1B, Depth4A] def generate_templates(): From ceabb99e7cf86d68e8c572f9e1710c3cac390217 Mon Sep 17 00:00:00 2001 From: vakarisz Date: Tue, 12 Apr 2022 13:59:46 +0300 Subject: [PATCH 04/18] BB: Add time log for monkey killing time --- envs/monkey_zoo/blackbox/tests/exploitation.py | 1 + 1 file changed, 1 insertion(+) diff --git a/envs/monkey_zoo/blackbox/tests/exploitation.py b/envs/monkey_zoo/blackbox/tests/exploitation.py index 15ad409eb..31449e1f1 100644 --- a/envs/monkey_zoo/blackbox/tests/exploitation.py +++ b/envs/monkey_zoo/blackbox/tests/exploitation.py @@ -89,6 +89,7 @@ class ExploitationTest(BasicTest): if time_passed > MAX_TIME_FOR_MONKEYS_TO_DIE: LOGGER.error("Some monkeys didn't die after the test, failing") assert False + LOGGER.info(f"After {time_passed} seconds all monkeys have died") def parse_logs(self): LOGGER.info("Parsing test logs:") From 7a3ec16d16ea3a6587a59fc5d931a0abe449dfa7 Mon Sep 17 00:00:00 2001 From: vakarisz Date: Tue, 12 Apr 2022 14:10:36 +0300 Subject: [PATCH 05/18] BB: Add powershell empty credential login test to depth_1_a test --- envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py index 92a522dc6..13c82bf92 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py @@ -13,6 +13,7 @@ class Depth1A(ConfigTemplate): # MSSQL # SMB password stealing and brute force # SSH password and key brute-force, key stealing + # Powershell credential reuse (powershell login with empty password) config_values.update( { "basic.exploiters.exploiter_classes": [ @@ -21,6 +22,7 @@ class Depth1A(ConfigTemplate): "MSSQLExploiter", "SmbExploiter", "SSHExploiter", + "PowerShellExploiter", ], "basic_network.scope.subnet_scan_list": [ "10.2.2.2", @@ -36,6 +38,7 @@ class Depth1A(ConfigTemplate): "10.2.2.15", "10.2.2.11", "10.2.2.12", + "10.2.3.46", ], "basic.credentials.exploit_password_list": ["Ivrrw5zEzs", "Xk8VDTsC", "^NgDvY59~8"], "basic.credentials.exploit_user_list": ["m0nk3y"], From 91a431517abd9506aea564b4d24ca680dcd3b0fa Mon Sep 17 00:00:00 2001 From: vakarisz Date: Tue, 12 Apr 2022 14:59:19 +0300 Subject: [PATCH 06/18] BB: Use grouped tests Grouping tests will allow us to run more tests at once --- envs/monkey_zoo/blackbox/test_blackbox.py | 140 +-------- .../blackbox/test_blackbox_in_depth.py | 296 ++++++++++++++++++ 2 files changed, 305 insertions(+), 131 deletions(-) create mode 100644 envs/monkey_zoo/blackbox/test_blackbox_in_depth.py diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index 31cbdd379..452a7ef81 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -8,39 +8,14 @@ from typing_extensions import Type from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import CommunicationAnalyzer from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZerologonAnalyzer from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -from envs.monkey_zoo.blackbox.config_templates.hadoop import Hadoop -from envs.monkey_zoo.blackbox.config_templates.log4j_logstash import Log4jLogstash -from envs.monkey_zoo.blackbox.config_templates.log4j_solr import Log4jSolr -from envs.monkey_zoo.blackbox.config_templates.log4j_tomcat import Log4jTomcat -from envs.monkey_zoo.blackbox.config_templates.mssql import Mssql -from envs.monkey_zoo.blackbox.config_templates.performance import Performance -from envs.monkey_zoo.blackbox.config_templates.powershell import PowerShell -from envs.monkey_zoo.blackbox.config_templates.powershell_credentials_reuse import ( - PowerShellCredentialsReuse, -) -from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz -from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth -from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh -from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling -from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz -from envs.monkey_zoo.blackbox.config_templates.wmi_pth import WmiPth -from envs.monkey_zoo.blackbox.config_templates.zerologon import Zerologon +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_a import Depth1A +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_b import Depth1B +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_4_a import Depth4A from envs.monkey_zoo.blackbox.gcp_test_machine_list import GCP_TEST_MACHINE_LIST from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHandler from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest -from envs.monkey_zoo.blackbox.tests.performance.map_generation import MapGenerationTest -from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import ( - MapGenerationFromTelemetryTest, -) -from envs.monkey_zoo.blackbox.tests.performance.report_generation import ReportGenerationTest -from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import ( - ReportGenerationFromTelemetryTest, -) -from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import ( - TelemetryPerformanceTest, -) from envs.monkey_zoo.blackbox.utils.gcp_machine_handlers import ( initialize_gcp_client, start_machines, @@ -153,72 +128,17 @@ class TestMonkeyBlackbox: def get_log_dir_path(): return os.path.abspath(LOG_DIR_PATH) - def test_ssh_exploiter(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, Ssh, "SSH_exploiter_and_keys") + def test_depth_1_a(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Depth1A, "Depth1A test suite") - def test_hadoop_exploiter(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, Hadoop, "Hadoop_exploiter", 6 * 60) - - def test_mssql_exploiter(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, Mssql, "MSSQL_exploiter") - - def test_powershell_exploiter(self, island_client): - TestMonkeyBlackbox.run_exploitation_test( - island_client, PowerShell, "PowerShell_Remoting_exploiter" - ) - - @pytest.mark.skip_powershell_reuse - def test_powershell_exploiter_credentials_reuse(self, island_client): - TestMonkeyBlackbox.run_exploitation_test( - island_client, - PowerShellCredentialsReuse, - "PowerShell_Remoting_exploiter_credentials_reuse", - ) - - def test_smb_and_mimikatz_exploiters(self, island_client): - TestMonkeyBlackbox.run_exploitation_test( - island_client, SmbMimikatz, "SMB_exploiter_mimikatz" - ) - - def test_smb_pth(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, SmbPth, "SMB_PTH") - - def test_log4j_solr_exploiter(self, island_client): - TestMonkeyBlackbox.run_exploitation_test( - island_client, Log4jSolr, "Log4Shell_Solr_exploiter" - ) - - def test_log4j_tomcat_exploiter(self, island_client): - TestMonkeyBlackbox.run_exploitation_test( - island_client, Log4jTomcat, "Log4Shell_tomcat_exploiter" - ) - - def test_log4j_logstash_exploiter(self, island_client): - TestMonkeyBlackbox.run_exploitation_test( - island_client, Log4jLogstash, "Log4Shell_logstash_exploiter" - ) - - def test_tunneling(self, island_client): - TestMonkeyBlackbox.run_exploitation_test( - island_client, Tunneling, "Tunneling_exploiter", 3 * 60 - ) - - def test_wmi_and_mimikatz_exploiters(self, island_client): - TestMonkeyBlackbox.run_exploitation_test( - island_client, WmiMimikatz, "WMI_exploiter,_mimikatz" - ) - - def test_wmi_pth(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, WmiPth, "WMI_PTH") - - def test_zerologon_exploiter(self, island_client): + def test_depth_1_b(self, island_client): test_name = "Zerologon_exploiter" expected_creds = [ "Administrator", "aad3b435b51404eeaad3b435b51404ee", "2864b62ea4496934a5d6e86f50b834a5", ] - raw_config = IslandConfigParser.get_raw_config(Zerologon, island_client) + raw_config = IslandConfigParser.get_raw_config(Depth1B, island_client) zero_logon_analyzer = ZerologonAnalyzer(island_client, expected_creds) communication_analyzer = CommunicationAnalyzer( island_client, IslandConfigParser.get_ips_of_targets(raw_config) @@ -235,47 +155,5 @@ class TestMonkeyBlackbox: log_handler=log_handler, ).run() - @pytest.mark.skip( - reason="Perfomance test that creates env from fake telemetries is faster, use that instead." - ) - def test_report_generation_performance(self, island_client, quick_performance_tests): - """ - This test includes the SSH + Hadoop + MSSQL machines all in one test - for a total of 8 machines including the Monkey Island. - - Is has 2 analyzers - the regular one which checks all the Monkeys - and the Timing one which checks how long the report took to execute - """ - if not quick_performance_tests: - TestMonkeyBlackbox.run_performance_test( - ReportGenerationTest, island_client, Performance, timeout_in_seconds=10 * 60 - ) - else: - LOGGER.error("This test doesn't support 'quick_performance_tests' option.") - assert False - - @pytest.mark.skip( - reason="Perfomance test that creates env from fake telemetries is faster, use that instead." - ) - def test_map_generation_performance(self, island_client, quick_performance_tests): - if not quick_performance_tests: - TestMonkeyBlackbox.run_performance_test( - MapGenerationTest, island_client, "PERFORMANCE.conf", timeout_in_seconds=10 * 60 - ) - else: - LOGGER.error("This test doesn't support 'quick_performance_tests' option.") - assert False - - @pytest.mark.run_performance_tests - def test_report_generation_from_fake_telemetries(self, island_client, quick_performance_tests): - ReportGenerationFromTelemetryTest(island_client, quick_performance_tests).run() - - @pytest.mark.run_performance_tests - def test_map_generation_from_fake_telemetries(self, island_client, quick_performance_tests): - MapGenerationFromTelemetryTest(island_client, quick_performance_tests).run() - - @pytest.mark.run_performance_tests - def test_telem_performance(self, island_client, quick_performance_tests): - TelemetryPerformanceTest( - island_client, quick_performance_tests - ).test_telemetry_performance() + def test_depth_4_a(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Depth4A, "Depth4A test suite") diff --git a/envs/monkey_zoo/blackbox/test_blackbox_in_depth.py b/envs/monkey_zoo/blackbox/test_blackbox_in_depth.py new file mode 100644 index 000000000..42d2e28b7 --- /dev/null +++ b/envs/monkey_zoo/blackbox/test_blackbox_in_depth.py @@ -0,0 +1,296 @@ +import logging +import os +from time import sleep + +import pytest +from typing_extensions import Type + +from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import CommunicationAnalyzer +from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZerologonAnalyzer +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate +from envs.monkey_zoo.blackbox.config_templates.single_tests.drupal import Drupal +from envs.monkey_zoo.blackbox.config_templates.single_tests.hadoop import Hadoop +from envs.monkey_zoo.blackbox.config_templates.single_tests.log4j_logstash import Log4jLogstash +from envs.monkey_zoo.blackbox.config_templates.single_tests.log4j_solr import Log4jSolr +from envs.monkey_zoo.blackbox.config_templates.single_tests.log4j_tomcat import Log4jTomcat +from envs.monkey_zoo.blackbox.config_templates.single_tests.mssql import Mssql +from envs.monkey_zoo.blackbox.config_templates.single_tests.performance import Performance +from envs.monkey_zoo.blackbox.config_templates.single_tests.powershell import PowerShell +from envs.monkey_zoo.blackbox.config_templates.single_tests.powershell_credentials_reuse import ( + PowerShellCredentialsReuse, +) +from envs.monkey_zoo.blackbox.config_templates.single_tests.smb_mimikatz import SmbMimikatz +from envs.monkey_zoo.blackbox.config_templates.single_tests.smb_pth import SmbPth +from envs.monkey_zoo.blackbox.config_templates.single_tests.ssh import Ssh +from envs.monkey_zoo.blackbox.config_templates.single_tests.struts2 import Struts2 +from envs.monkey_zoo.blackbox.config_templates.single_tests.tunneling import Tunneling +from envs.monkey_zoo.blackbox.config_templates.single_tests.weblogic import Weblogic +from envs.monkey_zoo.blackbox.config_templates.single_tests.wmi_mimikatz import WmiMimikatz +from envs.monkey_zoo.blackbox.config_templates.single_tests.wmi_pth import WmiPth +from envs.monkey_zoo.blackbox.config_templates.single_tests.zerologon import Zerologon +from envs.monkey_zoo.blackbox.gcp_test_machine_list import GCP_TEST_MACHINE_LIST +from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser +from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient +from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHandler +from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest +from envs.monkey_zoo.blackbox.tests.performance.map_generation import MapGenerationTest +from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import ( + MapGenerationFromTelemetryTest, +) +from envs.monkey_zoo.blackbox.tests.performance.report_generation import ReportGenerationTest +from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import ( + ReportGenerationFromTelemetryTest, +) +from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import ( + TelemetryPerformanceTest, +) +from envs.monkey_zoo.blackbox.utils.gcp_machine_handlers import ( + initialize_gcp_client, + start_machines, + stop_machines, +) +from monkey_island.cc.services.mode.mode_enum import IslandModeEnum + +DEFAULT_TIMEOUT_SECONDS = 2 * 60 +MACHINE_BOOTUP_WAIT_SECONDS = 30 +LOG_DIR_PATH = "./logs" +logging.basicConfig(level=logging.INFO) +LOGGER = logging.getLogger(__name__) + + +@pytest.fixture(autouse=True, scope="session") +def GCPHandler(request, no_gcp): + if not no_gcp: + try: + initialize_gcp_client() + start_machines(GCP_TEST_MACHINE_LIST) + except Exception as e: + LOGGER.error("GCP Handler failed to initialize: %s." % e) + pytest.exit("Encountered an error while starting GCP machines. Stopping the tests.") + wait_machine_bootup() + + def fin(): + stop_machines(GCP_TEST_MACHINE_LIST) + + request.addfinalizer(fin) + + +@pytest.fixture(autouse=True, scope="session") +def delete_logs(): + LOGGER.info("Deleting monkey logs before new tests.") + TestLogsHandler.delete_log_folder_contents(TestMonkeyBlackbox.get_log_dir_path()) + + +def wait_machine_bootup(): + sleep(MACHINE_BOOTUP_WAIT_SECONDS) + + +@pytest.fixture(scope="class") +def island_client(island, quick_performance_tests): + client_established = False + try: + island_client_object = MonkeyIslandClient(island) + client_established = island_client_object.get_api_status() + except Exception: + logging.exception("Got an exception while trying to establish connection to the Island.") + finally: + if not client_established: + pytest.exit("BB tests couldn't establish communication to the island.") + if not quick_performance_tests: + island_client_object.reset_env() + island_client_object.set_scenario(IslandModeEnum.ADVANCED.value) + yield island_client_object + + +@pytest.mark.usefixtures("island_client") +# noinspection PyUnresolvedReferences +class TestMonkeyBlackbox: + @staticmethod + def run_exploitation_test( + island_client: MonkeyIslandClient, + config_template: Type[ConfigTemplate], + test_name: str, + timeout_in_seconds=DEFAULT_TIMEOUT_SECONDS, + ): + raw_config = IslandConfigParser.get_raw_config(config_template, island_client) + analyzer = CommunicationAnalyzer( + island_client, IslandConfigParser.get_ips_of_targets(raw_config) + ) + log_handler = TestLogsHandler( + test_name, island_client, TestMonkeyBlackbox.get_log_dir_path() + ) + ExploitationTest( + name=test_name, + island_client=island_client, + raw_config=raw_config, + analyzers=[analyzer], + timeout=timeout_in_seconds, + log_handler=log_handler, + ).run() + + @staticmethod + def run_performance_test( + performance_test_class, + island_client, + config_template, + timeout_in_seconds, + break_on_timeout=False, + ): + raw_config = IslandConfigParser.get_raw_config(config_template, island_client) + log_handler = TestLogsHandler( + performance_test_class.TEST_NAME, island_client, TestMonkeyBlackbox.get_log_dir_path() + ) + analyzers = [ + CommunicationAnalyzer(island_client, IslandConfigParser.get_ips_of_targets(raw_config)) + ] + performance_test_class( + island_client=island_client, + raw_config=raw_config, + analyzers=analyzers, + timeout=timeout_in_seconds, + log_handler=log_handler, + break_on_timeout=break_on_timeout, + ).run() + + @staticmethod + def get_log_dir_path(): + return os.path.abspath(LOG_DIR_PATH) + + def test_ssh_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Ssh, "SSH_exploiter_and_keys") + + def test_hadoop_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Hadoop, "Hadoop_exploiter", 6 * 60) + + def test_mssql_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Mssql, "MSSQL_exploiter") + + def test_powershell_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, PowerShell, "PowerShell_Remoting_exploiter" + ) + + @pytest.mark.skip_powershell_reuse + def test_powershell_exploiter_credentials_reuse(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, + PowerShellCredentialsReuse, + "PowerShell_Remoting_exploiter_credentials_reuse", + ) + + def test_smb_and_mimikatz_exploiters(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, SmbMimikatz, "SMB_exploiter_mimikatz" + ) + + def test_smb_pth(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, SmbPth, "SMB_PTH") + + @pytest.mark.skip(reason="Drupal exploiter is deprecated") + def test_drupal_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Drupal, "Drupal_exploiter") + + @pytest.mark.skip(reason="Struts2 exploiter is deprecated") + def test_struts_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Struts2, "Struts2_exploiter") + + @pytest.mark.skip(reason="Weblogic exploiter is deprecated") + def test_weblogic_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Weblogic, "Weblogic_exploiter") + + def test_log4j_solr_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, Log4jSolr, "Log4Shell_Solr_exploiter" + ) + + def test_log4j_tomcat_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, Log4jTomcat, "Log4Shell_tomcat_exploiter" + ) + + def test_log4j_logstash_exploiter(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, Log4jLogstash, "Log4Shell_logstash_exploiter" + ) + + def test_tunneling(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, Tunneling, "Tunneling_exploiter", 3 * 60 + ) + + def test_wmi_and_mimikatz_exploiters(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, WmiMimikatz, "WMI_exploiter,_mimikatz" + ) + + def test_wmi_pth(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, WmiPth, "WMI_PTH") + + def test_zerologon_exploiter(self, island_client): + test_name = "Zerologon_exploiter" + expected_creds = [ + "Administrator", + "aad3b435b51404eeaad3b435b51404ee", + "2864b62ea4496934a5d6e86f50b834a5", + ] + raw_config = IslandConfigParser.get_raw_config(Zerologon, island_client) + zero_logon_analyzer = ZerologonAnalyzer(island_client, expected_creds) + communication_analyzer = CommunicationAnalyzer( + island_client, IslandConfigParser.get_ips_of_targets(raw_config) + ) + log_handler = TestLogsHandler( + test_name, island_client, TestMonkeyBlackbox.get_log_dir_path() + ) + ExploitationTest( + name=test_name, + island_client=island_client, + raw_config=raw_config, + analyzers=[zero_logon_analyzer, communication_analyzer], + timeout=DEFAULT_TIMEOUT_SECONDS, + log_handler=log_handler, + ).run() + + @pytest.mark.skip( + reason="Perfomance test that creates env from fake telemetries is faster, use that instead." + ) + def test_report_generation_performance(self, island_client, quick_performance_tests): + """ + This test includes the SSH + Hadoop + MSSQL machines all in one test + for a total of 8 machines including the Monkey Island. + + Is has 2 analyzers - the regular one which checks all the Monkeys + and the Timing one which checks how long the report took to execute + """ + if not quick_performance_tests: + TestMonkeyBlackbox.run_performance_test( + ReportGenerationTest, island_client, Performance, timeout_in_seconds=10 * 60 + ) + else: + LOGGER.error("This test doesn't support 'quick_performance_tests' option.") + assert False + + @pytest.mark.skip( + reason="Perfomance test that creates env from fake telemetries is faster, use that instead." + ) + def test_map_generation_performance(self, island_client, quick_performance_tests): + if not quick_performance_tests: + TestMonkeyBlackbox.run_performance_test( + MapGenerationTest, island_client, "PERFORMANCE.conf", timeout_in_seconds=10 * 60 + ) + else: + LOGGER.error("This test doesn't support 'quick_performance_tests' option.") + assert False + + @pytest.mark.run_performance_tests + def test_report_generation_from_fake_telemetries(self, island_client, quick_performance_tests): + ReportGenerationFromTelemetryTest(island_client, quick_performance_tests).run() + + @pytest.mark.run_performance_tests + def test_map_generation_from_fake_telemetries(self, island_client, quick_performance_tests): + MapGenerationFromTelemetryTest(island_client, quick_performance_tests).run() + + @pytest.mark.run_performance_tests + def test_telem_performance(self, island_client, quick_performance_tests): + TelemetryPerformanceTest( + island_client, quick_performance_tests + ).test_telemetry_performance() From 549eebd55c0176e30a7dcafc048fdf9a745e832f Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 08:02:34 +0000 Subject: [PATCH 07/18] BB: Rename depth_4_a to depth_3_a --- .../grouped/{depth_4_a.py => depth_3_a.py} | 11 ++++------- envs/monkey_zoo/blackbox/test_blackbox.py | 6 +++--- .../blackbox/utils/config_generation_script.py | 4 ++-- 3 files changed, 9 insertions(+), 12 deletions(-) rename envs/monkey_zoo/blackbox/config_templates/grouped/{depth_4_a.py => depth_3_a.py} (79%) diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_4_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py similarity index 79% rename from envs/monkey_zoo/blackbox/config_templates/grouped/depth_4_a.py rename to envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py index 36e06853c..3f131694a 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_4_a.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py @@ -4,7 +4,7 @@ from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate -class Depth4A(ConfigTemplate): +class Depth3A(ConfigTemplate): config_values = copy(BaseTemplate.config_values) # Tests: @@ -33,16 +33,13 @@ class Depth4A(ConfigTemplate): "Passw0rd!", "3Q=(Ge(+&w]*", "`))jU7L(w}", - "t67TC5ZDmz" "Ivrrw5zEzs", + "t67TC5ZDmz", + "Ivrrw5zEzs", ], "basic_network.scope.depth": 3, "internal.general.keep_tunnel_open_time": 20, "basic.credentials.exploit_user_list": ["m0nk3y", "m0nk3y-user"], "internal.network.tcp_scanner.HTTP_PORTS": [], - "internal.exploits.exploit_ntlm_hash_list": [ - "5da0889ea2081aa79f6852294cba4a5e", - "50c9987a6bf1ac59398df9f911122c9b", - ], - "internal.network.tcp_scanner.tcp_target_ports": [5985, 5986, 22, 135], + "internal.exploits.exploit_ntlm_hash_list": ["d0f0132b308a0c4e5d1029cc06f48692"], } ) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index 452a7ef81..806db4efb 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -10,7 +10,7 @@ from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZerologonAnaly from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_a import Depth1A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_b import Depth1B -from envs.monkey_zoo.blackbox.config_templates.grouped.depth_4_a import Depth4A +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_3_a import Depth3A from envs.monkey_zoo.blackbox.gcp_test_machine_list import GCP_TEST_MACHINE_LIST from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient @@ -155,5 +155,5 @@ class TestMonkeyBlackbox: log_handler=log_handler, ).run() - def test_depth_4_a(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, Depth4A, "Depth4A test suite") + def test_depth_3_a(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Depth3A, "Depth4A test suite") diff --git a/envs/monkey_zoo/blackbox/utils/config_generation_script.py b/envs/monkey_zoo/blackbox/utils/config_generation_script.py index 178f92a95..320ae8c57 100644 --- a/envs/monkey_zoo/blackbox/utils/config_generation_script.py +++ b/envs/monkey_zoo/blackbox/utils/config_generation_script.py @@ -5,7 +5,7 @@ from typing import Type from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_a import Depth1A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_b import Depth1B -from envs.monkey_zoo.blackbox.config_templates.grouped.depth_4_a import Depth4A +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_3_a import Depth3A from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient @@ -23,7 +23,7 @@ args = parser.parse_args() island_client = MonkeyIslandClient(args.island_ip) -CONFIG_TEMPLATES = [Depth1A, Depth1B, Depth4A] +CONFIG_TEMPLATES = [Depth1A, Depth1B, Depth3A] def generate_templates(): From 0b4f98c675f9f26881acfbf8ecba80a8bc920954 Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 08:03:59 +0000 Subject: [PATCH 08/18] BB: Increase default test timeout to 150s Timeout needed an increase because one log4shell machine was slow to communicate back --- envs/monkey_zoo/blackbox/test_blackbox.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index 806db4efb..f0ad1b680 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -23,7 +23,7 @@ from envs.monkey_zoo.blackbox.utils.gcp_machine_handlers import ( ) from monkey_island.cc.services.mode.mode_enum import IslandModeEnum -DEFAULT_TIMEOUT_SECONDS = 2 * 60 +DEFAULT_TIMEOUT_SECONDS = 2 * 60 + 30 MACHINE_BOOTUP_WAIT_SECONDS = 30 LOG_DIR_PATH = "./logs" logging.basicConfig(level=logging.INFO) From 4df72d08eba0b1fe6ecd8b08b1d79dd22b632e2a Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 08:05:23 +0000 Subject: [PATCH 09/18] BB: Reduce the time for agents to die to 2 minutes --- envs/monkey_zoo/blackbox/tests/exploitation.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/tests/exploitation.py b/envs/monkey_zoo/blackbox/tests/exploitation.py index 31449e1f1..f439e11db 100644 --- a/envs/monkey_zoo/blackbox/tests/exploitation.py +++ b/envs/monkey_zoo/blackbox/tests/exploitation.py @@ -5,7 +5,7 @@ from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandCo from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest from envs.monkey_zoo.blackbox.utils.test_timer import TestTimer -MAX_TIME_FOR_MONKEYS_TO_DIE = 5 * 60 +MAX_TIME_FOR_MONKEYS_TO_DIE = 2 * 60 WAIT_TIME_BETWEEN_REQUESTS = 1 TIME_FOR_MONKEY_PROCESS_TO_FINISH = 5 DELAY_BETWEEN_ANALYSIS = 1 From 03e23778dd40f9426b89e32952eaf2c7652f5a97 Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 08:06:37 +0000 Subject: [PATCH 10/18] BB: Add explanation to how 46 powershell machine can be exploited --- envs/monkey_zoo/docs/fullDocs.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/envs/monkey_zoo/docs/fullDocs.md b/envs/monkey_zoo/docs/fullDocs.md index 9d5635255..8499e1bb2 100644 --- a/envs/monkey_zoo/docs/fullDocs.md +++ b/envs/monkey_zoo/docs/fullDocs.md @@ -771,7 +771,9 @@ Accessibale through Island using m0nk3y-user. Notes: User: m0nk3y, Password: Passw0rd!
-Accessiable through cached credentials (Windows Island) +Accessible using the same m0nk3y user from island, in other words powershell exploiter can exploit +this machine without credentials as long as the user running the agent is the same on both +machines From 1d647a0c6b5a5adb6ae475ddd153feb86b1c0a27 Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 12:27:28 +0000 Subject: [PATCH 11/18] BB: Move ssh keys test to a separate test suite --- .../config_templates/grouped/depth_1_a.py | 4 +--- .../config_templates/grouped/depth_2_a.py | 23 +++++++++++++++++++ envs/monkey_zoo/blackbox/test_blackbox.py | 4 ++++ 3 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 envs/monkey_zoo/blackbox/config_templates/grouped/depth_2_a.py diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py index 13c82bf92..bab3c7b14 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py @@ -36,11 +36,9 @@ class Depth1A(ConfigTemplate): "10.2.2.16", "10.2.2.14", "10.2.2.15", - "10.2.2.11", - "10.2.2.12", "10.2.3.46", ], - "basic.credentials.exploit_password_list": ["Ivrrw5zEzs", "Xk8VDTsC", "^NgDvY59~8"], + "basic.credentials.exploit_password_list": ["Ivrrw5zEzs", "Xk8VDTsC"], "basic.credentials.exploit_user_list": ["m0nk3y"], "monkey.system_info.system_info_collector_classes": [ "MimikatzCollector", diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_2_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_2_a.py new file mode 100644 index 000000000..d9f5168e2 --- /dev/null +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_2_a.py @@ -0,0 +1,23 @@ +from copy import copy + +from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate +from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate + + +class Depth2A(ConfigTemplate): + config_values = copy(BaseTemplate.config_values) + # SSH password and key brute-force, key stealing (10.2.2.11, 10.2.2.12) + config_values.update( + { + "basic.exploiters.exploiter_classes": [ + "SSHExploiter", + ], + "basic_network.scope.subnet_scan_list": [ + "10.2.2.11", + "10.2.2.12", + ], + "basic_network.scope.depth": 2, + "basic.credentials.exploit_password_list": ["^NgDvY59~8"], + "basic.credentials.exploit_user_list": ["m0nk3y"], + } + ) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index f0ad1b680..fdc8491cd 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -10,6 +10,7 @@ from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZerologonAnaly from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_a import Depth1A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_b import Depth1B +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_2_a import Depth2A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_3_a import Depth3A from envs.monkey_zoo.blackbox.gcp_test_machine_list import GCP_TEST_MACHINE_LIST from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser @@ -155,5 +156,8 @@ class TestMonkeyBlackbox: log_handler=log_handler, ).run() + def test_depth_2_a(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Depth2A, "Depth2A test suite") + def test_depth_3_a(self, island_client): TestMonkeyBlackbox.run_exploitation_test(island_client, Depth3A, "Depth4A test suite") From 2dee5698f2ab9244b281be695072bf281a61b1ad Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 12:29:18 +0000 Subject: [PATCH 12/18] BB: Remove performance test template from test_blackbox.py --- envs/monkey_zoo/blackbox/test_blackbox.py | 24 ----------------------- 1 file changed, 24 deletions(-) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index fdc8491cd..fec5664b1 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -101,30 +101,6 @@ class TestMonkeyBlackbox: log_handler=log_handler, ).run() - @staticmethod - def run_performance_test( - performance_test_class, - island_client, - config_template, - timeout_in_seconds, - break_on_timeout=False, - ): - raw_config = IslandConfigParser.get_raw_config(config_template, island_client) - log_handler = TestLogsHandler( - performance_test_class.TEST_NAME, island_client, TestMonkeyBlackbox.get_log_dir_path() - ) - analyzers = [ - CommunicationAnalyzer(island_client, IslandConfigParser.get_ips_of_targets(raw_config)) - ] - performance_test_class( - island_client=island_client, - raw_config=raw_config, - analyzers=analyzers, - timeout=timeout_in_seconds, - log_handler=log_handler, - break_on_timeout=break_on_timeout, - ).run() - @staticmethod def get_log_dir_path(): return os.path.abspath(LOG_DIR_PATH) From c498b2261016c8ba829f5ba510848ac6e929bbf2 Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 12:30:05 +0000 Subject: [PATCH 13/18] BB: Improve configuration documentation with IP's --- .../blackbox/config_templates/grouped/depth_1_a.py | 11 +++++------ .../blackbox/config_templates/grouped/depth_1_b.py | 2 +- .../blackbox/config_templates/grouped/depth_3_a.py | 6 +++--- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py index bab3c7b14..1895f2bbe 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py @@ -8,12 +8,11 @@ class Depth1A(ConfigTemplate): config_values = copy(BaseTemplate.config_values) # TODO ADD SMB PTH machine # Tests: - # Hadoop - # Log4shell - # MSSQL - # SMB password stealing and brute force - # SSH password and key brute-force, key stealing - # Powershell credential reuse (powershell login with empty password) + # Hadoop (10.2.2.2, 10.2.2.3) + # Log4shell (10.2.3.55, 10.2.3.56, 10.2.3.49, 10.2.3.50, 10.2.3.51, 10.2.3.52) + # MSSQL (10.2.2.16) + # SMB mimikatz password stealing and brute force (10.2.2.14 and 10.2.2.15) + # Powershell credential reuse (powershell login with empty password) (10.2.3.46) config_values.update( { "basic.exploiters.exploiter_classes": [ diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py index 548f52349..3df42389a 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py @@ -7,7 +7,7 @@ from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemp class Depth1B(ConfigTemplate): config_values = copy(BaseTemplate.config_values) # Tests: - # WMI + credential stealing + # WMI password login and mimikatz credential stealing (10.2.2.14 and 10.2.2.15) # Zerologon config_values.update( { diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py index 3f131694a..1a8ba8b5d 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py @@ -8,9 +8,9 @@ class Depth3A(ConfigTemplate): config_values = copy(BaseTemplate.config_values) # Tests: - # Powershell - # Tunneling (SSH brute force) - # WMI mimikatz password stealing + # Powershell (10.2.3.45, 10.2.3.46, 10.2.3.47, 10.2.3.48) + # Tunneling (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.12, 10.2.0.11) + # WMI pass the hash (10.2.2.15) config_values.update( { "basic.exploiters.exploiter_classes": [ From 76ba33a7501d2c41a2b37b60caf20886f6530f21 Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 12:32:21 +0000 Subject: [PATCH 14/18] BB: Fix a WMI bug in configuration Depth 3 a should test PTH, because mimikatz is already being tested in depth 1 a. --- .../blackbox/config_templates/grouped/depth_3_a.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py index 1a8ba8b5d..ec4f91f26 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py @@ -34,12 +34,13 @@ class Depth3A(ConfigTemplate): "3Q=(Ge(+&w]*", "`))jU7L(w}", "t67TC5ZDmz", - "Ivrrw5zEzs", ], "basic_network.scope.depth": 3, "internal.general.keep_tunnel_open_time": 20, "basic.credentials.exploit_user_list": ["m0nk3y", "m0nk3y-user"], "internal.network.tcp_scanner.HTTP_PORTS": [], - "internal.exploits.exploit_ntlm_hash_list": ["d0f0132b308a0c4e5d1029cc06f48692"], + "internal.exploits.exploit_ntlm_hash_list": ["d0f0132b308a0c4e5d1029cc06f48692", + "5da0889ea2081aa79f6852294cba4a5e", + "50c9987a6bf1ac59398df9f911122c9b"], } ) From b20de39ce08b6256fa4e3110c0dec5b18d495970 Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 13:10:02 +0000 Subject: [PATCH 15/18] BB: Split depth_1_b into separate tests, add SMB_PTH --- .../config_templates/grouped/depth_1_a.py | 1 - .../config_templates/grouped/depth_1_b.py | 22 --------------- envs/monkey_zoo/blackbox/test_blackbox.py | 28 ++++++++++++++----- .../utils/config_generation_script.py | 7 +++-- 4 files changed, 26 insertions(+), 32 deletions(-) delete mode 100644 envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py index 1895f2bbe..842e33a2d 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py @@ -6,7 +6,6 @@ from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemp class Depth1A(ConfigTemplate): config_values = copy(BaseTemplate.config_values) - # TODO ADD SMB PTH machine # Tests: # Hadoop (10.2.2.2, 10.2.2.3) # Log4shell (10.2.3.55, 10.2.3.56, 10.2.3.49, 10.2.3.50, 10.2.3.51, 10.2.3.52) diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py deleted file mode 100644 index 3df42389a..000000000 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_b.py +++ /dev/null @@ -1,22 +0,0 @@ -from copy import copy - -from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate -from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate - - -class Depth1B(ConfigTemplate): - config_values = copy(BaseTemplate.config_values) - # Tests: - # WMI password login and mimikatz credential stealing (10.2.2.14 and 10.2.2.15) - # Zerologon - config_values.update( - { - "basic.exploiters.exploiter_classes": ["WmiExploiter", "ZerologonExploiter"], - "basic_network.scope.subnet_scan_list": ["10.2.2.25", "10.2.2.14", "10.2.2.15"], - "basic.credentials.exploit_password_list": ["Ivrrw5zEzs"], - "basic.credentials.exploit_user_list": ["m0nk3y"], - "monkey.system_info.system_info_collector_classes": [ - "MimikatzCollector", - ], - } - ) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index fec5664b1..fcf723c8e 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -9,9 +9,11 @@ from envs.monkey_zoo.blackbox.analyzers.communication_analyzer import Communicat from envs.monkey_zoo.blackbox.analyzers.zerologon_analyzer import ZerologonAnalyzer from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_a import Depth1A -from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_b import Depth1B from envs.monkey_zoo.blackbox.config_templates.grouped.depth_2_a import Depth2A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_3_a import Depth3A +from envs.monkey_zoo.blackbox.config_templates.single_tests.smb_pth import SmbPth +from envs.monkey_zoo.blackbox.config_templates.single_tests.wmi_mimikatz import WmiMimikatz +from envs.monkey_zoo.blackbox.config_templates.single_tests.zerologon import Zerologon from envs.monkey_zoo.blackbox.gcp_test_machine_list import GCP_TEST_MACHINE_LIST from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient @@ -108,14 +110,21 @@ class TestMonkeyBlackbox: def test_depth_1_a(self, island_client): TestMonkeyBlackbox.run_exploitation_test(island_client, Depth1A, "Depth1A test suite") - def test_depth_1_b(self, island_client): + def test_depth_2_a(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Depth2A, "Depth2A test suite") + + def test_depth_3_a(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, Depth3A, "Depth4A test suite") + + # Not grouped because it's slow + def test_zerologon_exploiter(self, island_client): test_name = "Zerologon_exploiter" expected_creds = [ "Administrator", "aad3b435b51404eeaad3b435b51404ee", "2864b62ea4496934a5d6e86f50b834a5", ] - raw_config = IslandConfigParser.get_raw_config(Depth1B, island_client) + raw_config = IslandConfigParser.get_raw_config(Zerologon, island_client) zero_logon_analyzer = ZerologonAnalyzer(island_client, expected_creds) communication_analyzer = CommunicationAnalyzer( island_client, IslandConfigParser.get_ips_of_targets(raw_config) @@ -132,8 +141,13 @@ class TestMonkeyBlackbox: log_handler=log_handler, ).run() - def test_depth_2_a(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, Depth2A, "Depth2A test suite") + # Not grouped because conflicts with SMB. + # Consider grouping when more depth 1 exploiters collide with group depth_1_a + def test_wmi_and_mimikatz_exploiters(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, WmiMimikatz, "WMI_exploiter,_mimikatz" + ) - def test_depth_3_a(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, Depth3A, "Depth4A test suite") + # Not grouped because it's depth 1 but conflicts with SMB exploiter in group depth_1_a + def test_smb_pth(self, island_client): + TestMonkeyBlackbox.run_exploitation_test(island_client, SmbPth, "SMB_PTH") diff --git a/envs/monkey_zoo/blackbox/utils/config_generation_script.py b/envs/monkey_zoo/blackbox/utils/config_generation_script.py index 320ae8c57..2d799b275 100644 --- a/envs/monkey_zoo/blackbox/utils/config_generation_script.py +++ b/envs/monkey_zoo/blackbox/utils/config_generation_script.py @@ -4,8 +4,11 @@ from typing import Type from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_a import Depth1A -from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_b import Depth1B +from envs.monkey_zoo.blackbox.config_templates.grouped.depth_2_a import Depth2A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_3_a import Depth3A +from envs.monkey_zoo.blackbox.config_templates.single_tests.smb_pth import SmbPth +from envs.monkey_zoo.blackbox.config_templates.single_tests.wmi_mimikatz import WmiMimikatz +from envs.monkey_zoo.blackbox.config_templates.single_tests.zerologon import Zerologon from envs.monkey_zoo.blackbox.island_client.island_config_parser import IslandConfigParser from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient @@ -23,7 +26,7 @@ args = parser.parse_args() island_client = MonkeyIslandClient(args.island_ip) -CONFIG_TEMPLATES = [Depth1A, Depth1B, Depth3A] +CONFIG_TEMPLATES = [Depth1A, Depth2A, Depth3A, Zerologon, SmbPth, WmiMimikatz] def generate_templates(): From 43d38d90e048d8e4f03577152a47bb3d75492b16 Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Wed, 13 Apr 2022 14:21:23 +0000 Subject: [PATCH 16/18] BB: Extract powershell cred re-use into a separate test Credential re-use only applies to windows island, that's why it's separate --- .../blackbox/config_templates/grouped/depth_1_a.py | 3 --- envs/monkey_zoo/blackbox/test_blackbox.py | 12 ++++++++++++ .../blackbox/utils/config_generation_script.py | 14 ++++++++++++-- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py index 842e33a2d..b09123566 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_1_a.py @@ -11,7 +11,6 @@ class Depth1A(ConfigTemplate): # Log4shell (10.2.3.55, 10.2.3.56, 10.2.3.49, 10.2.3.50, 10.2.3.51, 10.2.3.52) # MSSQL (10.2.2.16) # SMB mimikatz password stealing and brute force (10.2.2.14 and 10.2.2.15) - # Powershell credential reuse (powershell login with empty password) (10.2.3.46) config_values.update( { "basic.exploiters.exploiter_classes": [ @@ -20,7 +19,6 @@ class Depth1A(ConfigTemplate): "MSSQLExploiter", "SmbExploiter", "SSHExploiter", - "PowerShellExploiter", ], "basic_network.scope.subnet_scan_list": [ "10.2.2.2", @@ -34,7 +32,6 @@ class Depth1A(ConfigTemplate): "10.2.2.16", "10.2.2.14", "10.2.2.15", - "10.2.3.46", ], "basic.credentials.exploit_password_list": ["Ivrrw5zEzs", "Xk8VDTsC"], "basic.credentials.exploit_user_list": ["m0nk3y"], diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index fcf723c8e..c90c15597 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -11,6 +11,9 @@ from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemp from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_a import Depth1A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_2_a import Depth2A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_3_a import Depth3A +from envs.monkey_zoo.blackbox.config_templates.single_tests.powershell_credentials_reuse import ( + PowerShellCredentialsReuse, +) from envs.monkey_zoo.blackbox.config_templates.single_tests.smb_pth import SmbPth from envs.monkey_zoo.blackbox.config_templates.single_tests.wmi_mimikatz import WmiMimikatz from envs.monkey_zoo.blackbox.config_templates.single_tests.zerologon import Zerologon @@ -116,6 +119,15 @@ class TestMonkeyBlackbox: def test_depth_3_a(self, island_client): TestMonkeyBlackbox.run_exploitation_test(island_client, Depth3A, "Depth4A test suite") + # Not grouped because can only be ran on windows + @pytest.mark.skip_powershell_reuse + def test_powershell_exploiter_credentials_reuse(self, island_client): + TestMonkeyBlackbox.run_exploitation_test( + island_client, + PowerShellCredentialsReuse, + "PowerShell_Remoting_exploiter_credentials_reuse", + ) + # Not grouped because it's slow def test_zerologon_exploiter(self, island_client): test_name = "Zerologon_exploiter" diff --git a/envs/monkey_zoo/blackbox/utils/config_generation_script.py b/envs/monkey_zoo/blackbox/utils/config_generation_script.py index 2d799b275..3a5f06c50 100644 --- a/envs/monkey_zoo/blackbox/utils/config_generation_script.py +++ b/envs/monkey_zoo/blackbox/utils/config_generation_script.py @@ -6,6 +6,9 @@ from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemp from envs.monkey_zoo.blackbox.config_templates.grouped.depth_1_a import Depth1A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_2_a import Depth2A from envs.monkey_zoo.blackbox.config_templates.grouped.depth_3_a import Depth3A +from envs.monkey_zoo.blackbox.config_templates.single_tests.powershell_credentials_reuse import ( + PowerShellCredentialsReuse, +) from envs.monkey_zoo.blackbox.config_templates.single_tests.smb_pth import SmbPth from envs.monkey_zoo.blackbox.config_templates.single_tests.wmi_mimikatz import WmiMimikatz from envs.monkey_zoo.blackbox.config_templates.single_tests.zerologon import Zerologon @@ -25,8 +28,15 @@ parser.add_argument( args = parser.parse_args() island_client = MonkeyIslandClient(args.island_ip) - -CONFIG_TEMPLATES = [Depth1A, Depth2A, Depth3A, Zerologon, SmbPth, WmiMimikatz] +CONFIG_TEMPLATES = [ + Depth1A, + Depth2A, + Depth3A, + Zerologon, + SmbPth, + WmiMimikatz, + PowerShellCredentialsReuse, +] def generate_templates(): From 03433a8d751345754e3896fffbd0a44ddf9e39df Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 13 Apr 2022 11:48:32 -0400 Subject: [PATCH 17/18] BB: Format depth_3_a.py with Black --- .../blackbox/config_templates/grouped/depth_3_a.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py index ec4f91f26..6d5261d95 100644 --- a/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py +++ b/envs/monkey_zoo/blackbox/config_templates/grouped/depth_3_a.py @@ -39,8 +39,10 @@ class Depth3A(ConfigTemplate): "internal.general.keep_tunnel_open_time": 20, "basic.credentials.exploit_user_list": ["m0nk3y", "m0nk3y-user"], "internal.network.tcp_scanner.HTTP_PORTS": [], - "internal.exploits.exploit_ntlm_hash_list": ["d0f0132b308a0c4e5d1029cc06f48692", - "5da0889ea2081aa79f6852294cba4a5e", - "50c9987a6bf1ac59398df9f911122c9b"], + "internal.exploits.exploit_ntlm_hash_list": [ + "d0f0132b308a0c4e5d1029cc06f48692", + "5da0889ea2081aa79f6852294cba4a5e", + "50c9987a6bf1ac59398df9f911122c9b", + ], } ) From 3ebab643bc55fec4c23b9f093166f791cf043ae0 Mon Sep 17 00:00:00 2001 From: vakarisz Date: Thu, 14 Apr 2022 15:06:58 +0300 Subject: [PATCH 18/18] BB: Small typo fix --- envs/monkey_zoo/blackbox/test_blackbox.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index c90c15597..0a234e991 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -117,7 +117,7 @@ class TestMonkeyBlackbox: TestMonkeyBlackbox.run_exploitation_test(island_client, Depth2A, "Depth2A test suite") def test_depth_3_a(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, Depth3A, "Depth4A test suite") + TestMonkeyBlackbox.run_exploitation_test(island_client, Depth3A, "Depth3A test suite") # Not grouped because can only be ran on windows @pytest.mark.skip_powershell_reuse