p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Change config value name 

Add logs
This commit is contained in:
Itay Mizeretz 2018-02-28 19:01:42 +02:00
parent 260607b685
commit abd738acbc
5 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
infection_monkey/config.py
View File

@ -116,10 +116,14 @@ class Configuration(object):
dropper_date_reference_path_windows = r"%windir%\system32\kernel32.dll" dropper_date_reference_path_windows = r"%windir%\system32\kernel32.dll"
dropper_date_reference_path_linux = '/bin/sh' dropper_date_reference_path_linux = '/bin/sh'
dropper_target_path = r"C:\Windows\monkey.exe" dropper_target_path = r"C:\Windows\monkey.exe"
# TODO: move and rename
dropper_upgrade_win_64_temp_path = r"C:\Windows\monkey64.exe"
dropper_target_path_linux = '/tmp/monkey' dropper_target_path_linux = '/tmp/monkey'
###########################
# Windows upgrader config
###########################
windows_upgrader_temp_path = r"C:\Windows\monkey64.exe"
########################### ###########################
# Kill file # Kill file
########################### ###########################

2
infection_monkey/example.conf
View File

@ -23,7 +23,7 @@
"dropper_log_path_linux": "/tmp/user-1562", "dropper_log_path_linux": "/tmp/user-1562",
"dropper_set_date": true, "dropper_set_date": true,
"dropper_target_path": "C:\\Windows\\monkey.exe", "dropper_target_path": "C:\\Windows\\monkey.exe",
"dropper_upgrade_win_64_temp_path": "C:\\Windows\\monkey64.exe", "windows_upgrader_temp_path": "C:\\Windows\\monkey64.exe",
"dropper_target_path_linux": "/tmp/monkey", "dropper_target_path_linux": "/tmp/monkey",

1
infection_monkey/monkey.py
View File

@ -75,6 +75,7 @@ class InfectionMonkey(object):
ControlClient.find_server(default_tunnel=self._default_tunnel) ControlClient.find_server(default_tunnel=self._default_tunnel)
if WindowsUpgrader.should_upgrade(): if WindowsUpgrader.should_upgrade():
LOG.info("32bit monkey running on 64bit Windows. Upgrading.")
WindowsUpgrader.upgrade(self._opts) WindowsUpgrader.upgrade(self._opts)
return return

17
infection_monkey/windows_upgrader.py
View File

@ -1,8 +1,11 @@
import logging
import os import os
import struct import struct
import subprocess import subprocess
import sys import sys
import time
import monkeyfs import monkeyfs
from config import WormConfiguration from config import WormConfiguration
from control import ControlClient from control import ControlClient
@ -11,6 +14,8 @@ from model import DROPPER_CMDLINE_WINDOWS
__author__ = 'itay.mizeretz' __author__ = 'itay.mizeretz'
LOG = logging.getLogger(__name__)
if "win32" == sys.platform: if "win32" == sys.platform:
from win32process import DETACHED_PROCESS from win32process import DETACHED_PROCESS
else: else:
@ -40,7 +45,7 @@ class WindowsUpgrader(object):
monkey_64_path = ControlClient.download_monkey_exe_by_os(True, False) monkey_64_path = ControlClient.download_monkey_exe_by_os(True, False)
with monkeyfs.open(monkey_64_path, "rb") as downloaded_monkey_file: with monkeyfs.open(monkey_64_path, "rb") as downloaded_monkey_file:
monkey_bin = downloaded_monkey_file.read() monkey_bin = downloaded_monkey_file.read()
with open(WormConfiguration.dropper_upgrade_win_64_temp_path, 'wb') as written_monkey_file: with open(WormConfiguration.windows_upgrader_temp_path, 'wb') as written_monkey_file:
written_monkey_file.write(monkey_bin) written_monkey_file.write(monkey_bin)
depth = int(opts.depth) if opts.depth is not None else None depth = int(opts.depth) if opts.depth is not None else None
@ -48,9 +53,15 @@ class WindowsUpgrader(object):
opts.parent, opts.tunnel, opts.server, depth, WormConfiguration.dropper_target_path) opts.parent, opts.tunnel, opts.server, depth, WormConfiguration.dropper_target_path)
monkey_cmdline = DROPPER_CMDLINE_WINDOWS % { monkey_cmdline = DROPPER_CMDLINE_WINDOWS % {
'dropper_path': WormConfiguration.dropper_upgrade_win_64_temp_path} + monkey_options 'dropper_path': WormConfiguration.windows_upgrader_temp_path} + monkey_options
print monkey_cmdline
monkey_process = subprocess.Popen(monkey_cmdline, shell=True, monkey_process = subprocess.Popen(monkey_cmdline, shell=True,
stdin=None, stdout=None, stderr=None, stdin=None, stdout=None, stderr=None,
close_fds=True, creationflags=DETACHED_PROCESS) close_fds=True, creationflags=DETACHED_PROCESS)
LOG.info("Executed 64bit monkey process (PID=%d) with command line: %s",
monkey_process.pid, monkey_cmdline)
time.sleep(3)
if monkey_process.poll() is not None:
LOG.warn("Seems like monkey died too soon")

16
monkey_island/cc/services/config.py
View File

@ -350,7 +350,14 @@ SCHEMA = {
"type": "integer", "type": "integer",
"default": 60, "default": 60,
"description": "Time to keep tunnel open before going down after last exploit (in seconds)" "description": "Time to keep tunnel open before going down after last exploit (in seconds)"
} },
"windows_upgrader_temp_path": {
"title": "Temporary upgrade path for 64bit monkey on Windows",
"type": "string",
"default": "C:\\Windows\\monkey64.exe",
"description": "Determines where should the dropper place the 64 bit monkey while"
" upgrading on a Windows machine"
},
} }
}, },
"classes": { "classes": {
@ -446,13 +453,6 @@ SCHEMA = {
"default": "C:\\Windows\\monkey.exe", "default": "C:\\Windows\\monkey.exe",
"description": "Determines where should the dropper place the monkey on a Windows machine" "description": "Determines where should the dropper place the monkey on a Windows machine"
}, },
"dropper_upgrade_win_64_temp_path": {
"title": "Temporary upgrade path for 64bit monkey on Windows",
"type": "string",
"default": "C:\\Windows\\monkey64.exe",
"description": "Determines where should the dropper place the 64 bit monkey while"
" upgrading on a Windows machine"
},
"dropper_try_move_first": { "dropper_try_move_first": {
"title": "Try to move first", "title": "Try to move first",
"type": "boolean", "type": "boolean",