forked from p34709852/monkey
Merge pull request #664 from guardicore/feature/smb_vulnerable_port_fix
SMB vulnerable port fix
This commit is contained in:
commit
ffda4e858c
|
@ -25,6 +25,9 @@ Configure a PyTest configuration with the additional arguments `-s --island=35.2
|
||||||
`monkey\envs\monkey_zoo\blackbox`.
|
`monkey\envs\monkey_zoo\blackbox`.
|
||||||
|
|
||||||
### Running telemetry performance test
|
### Running telemetry performance test
|
||||||
|
|
||||||
|
**Before running performance test make sure browser is not sending requests to island!**
|
||||||
|
|
||||||
To run telemetry performance test follow these steps:
|
To run telemetry performance test follow these steps:
|
||||||
1. Gather monkey telemetries.
|
1. Gather monkey telemetries.
|
||||||
1. Enable "Export monkey telemetries" in Configuration -> Internal -> Tests if you don't have
|
1. Enable "Export monkey telemetries" in Configuration -> Internal -> Tests if you don't have
|
||||||
|
|
|
@ -18,9 +18,9 @@ class EndpointPerformanceTest(BasicTest):
|
||||||
|
|
||||||
def run(self) -> bool:
|
def run(self) -> bool:
|
||||||
# Collect timings for all pages
|
# Collect timings for all pages
|
||||||
self.island_client.clear_caches()
|
|
||||||
endpoint_timings = {}
|
endpoint_timings = {}
|
||||||
for endpoint in self.test_config.endpoints_to_test:
|
for endpoint in self.test_config.endpoints_to_test:
|
||||||
|
self.island_client.clear_caches()
|
||||||
endpoint_timings[endpoint] = self.island_client.requests.get_request_time(endpoint,
|
endpoint_timings[endpoint] = self.island_client.requests.get_request_time(endpoint,
|
||||||
SupportedRequestMethod.GET)
|
SupportedRequestMethod.GET)
|
||||||
analyzer = PerformanceAnalyzer(self.test_config, endpoint_timings)
|
analyzer = PerformanceAnalyzer(self.test_config, endpoint_timings)
|
||||||
|
|
|
@ -15,7 +15,9 @@ class TelemetryPerformanceTestWorkflow(BasicTest):
|
||||||
def run(self):
|
def run(self):
|
||||||
try:
|
try:
|
||||||
if not self.quick_performance_test:
|
if not self.quick_performance_test:
|
||||||
TelemetryPerformanceTest(island_client=self.island_client).test_telemetry_performance()
|
telem_sending_test = TelemetryPerformanceTest(island_client=self.island_client,
|
||||||
|
quick_performance_test=self.quick_performance_test)
|
||||||
|
telem_sending_test.test_telemetry_performance()
|
||||||
performance_test = EndpointPerformanceTest(self.name, self.performance_config, self.island_client)
|
performance_test = EndpointPerformanceTest(self.name, self.performance_config, self.island_client)
|
||||||
assert performance_test.run()
|
assert performance_test.run()
|
||||||
finally:
|
finally:
|
||||||
|
|
|
@ -6,7 +6,7 @@ from impacket.smbconnection import SMB_DIALECT
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline
|
from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDLINE_DETACHED_WINDOWS
|
from infection_monkey.model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDLINE_DETACHED_WINDOWS, VictimHost
|
||||||
from infection_monkey.network.smbfinger import SMBFinger
|
from infection_monkey.network.smbfinger import SMBFinger
|
||||||
from infection_monkey.network.tools import check_tcp_port
|
from infection_monkey.network.tools import check_tcp_port
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
|
@ -37,13 +37,11 @@ class SmbExploiter(HostExploiter):
|
||||||
if not self.host.os.get('type'):
|
if not self.host.os.get('type'):
|
||||||
is_smb_open, _ = check_tcp_port(self.host.ip_addr, 445)
|
is_smb_open, _ = check_tcp_port(self.host.ip_addr, 445)
|
||||||
if is_smb_open:
|
if is_smb_open:
|
||||||
self.vulnerable_port = 445
|
|
||||||
smb_finger = SMBFinger()
|
smb_finger = SMBFinger()
|
||||||
smb_finger.get_host_fingerprint(self.host)
|
smb_finger.get_host_fingerprint(self.host)
|
||||||
else:
|
else:
|
||||||
is_nb_open, _ = check_tcp_port(self.host.ip_addr, 139)
|
is_nb_open, _ = check_tcp_port(self.host.ip_addr, 139)
|
||||||
if is_nb_open:
|
if is_nb_open:
|
||||||
self.vulnerable_port = 139
|
|
||||||
self.host.os['type'] = 'windows'
|
self.host.os['type'] = 'windows'
|
||||||
return self.host.os.get('type') in self._TARGET_OS_TYPE
|
return self.host.os.get('type') in self._TARGET_OS_TYPE
|
||||||
return False
|
return False
|
||||||
|
@ -102,6 +100,7 @@ class SmbExploiter(HostExploiter):
|
||||||
LOG.debug("Exploiter SmbExec is giving up...")
|
LOG.debug("Exploiter SmbExec is giving up...")
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
self.set_vulnerable_port(self.host)
|
||||||
# execute the remote dropper in case the path isn't final
|
# execute the remote dropper in case the path isn't final
|
||||||
if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
|
if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
|
||||||
cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \
|
cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \
|
||||||
|
@ -164,3 +163,11 @@ class SmbExploiter(HostExploiter):
|
||||||
self.add_vuln_port("%s or %s" % (SmbExploiter.KNOWN_PROTOCOLS['139/SMB'][1],
|
self.add_vuln_port("%s or %s" % (SmbExploiter.KNOWN_PROTOCOLS['139/SMB'][1],
|
||||||
SmbExploiter.KNOWN_PROTOCOLS['445/SMB'][1]))
|
SmbExploiter.KNOWN_PROTOCOLS['445/SMB'][1]))
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
def set_vulnerable_port(self, host: VictimHost):
|
||||||
|
if 'tcp-445' in self.host.services:
|
||||||
|
self.vulnerable_port = "445"
|
||||||
|
elif 'tcp-139' in self.host.services:
|
||||||
|
self.vulnerable_port = "139"
|
||||||
|
else:
|
||||||
|
self.vulnerable_port = None
|
||||||
|
|
|
@ -48,7 +48,9 @@ class EdgeService:
|
||||||
"scans": [],
|
"scans": [],
|
||||||
"exploits": [],
|
"exploits": [],
|
||||||
"tunnel": False,
|
"tunnel": False,
|
||||||
"exploited": False
|
"exploited": False,
|
||||||
|
"src_label": EdgeService.get_label_for_endpoint(from_id),
|
||||||
|
"dst_label": EdgeService.get_label_for_endpoint(to_id)
|
||||||
})
|
})
|
||||||
return mongo.db.edge.find_one({"_id": edge_insert_result.inserted_id})
|
return mongo.db.edge.find_one({"_id": edge_insert_result.inserted_id})
|
||||||
|
|
||||||
|
@ -67,7 +69,9 @@ class EdgeService:
|
||||||
"id": edge_id,
|
"id": edge_id,
|
||||||
"from": edge_from,
|
"from": edge_from,
|
||||||
"to": edge_to,
|
"to": edge_to,
|
||||||
"group": "island"
|
"group": "island",
|
||||||
|
"src_label": EdgeService.get_label_for_endpoint(edge_from),
|
||||||
|
"dst_label": EdgeService.get_label_for_endpoint(edge_to)
|
||||||
}
|
}
|
||||||
edge["_label"] = EdgeService.get_edge_label(edge)
|
edge["_label"] = EdgeService.get_edge_label(edge)
|
||||||
return edge
|
return edge
|
||||||
|
@ -118,7 +122,9 @@ class EdgeService:
|
||||||
"id": edge["_id"],
|
"id": edge["_id"],
|
||||||
"from": edge["from"],
|
"from": edge["from"],
|
||||||
"to": edge["to"],
|
"to": edge["to"],
|
||||||
"group": EdgeService.get_edge_group(edge)
|
"group": EdgeService.get_edge_group(edge),
|
||||||
|
"src_label": edge["src_label"],
|
||||||
|
"dst_label": edge["dst_label"]
|
||||||
}
|
}
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -141,24 +147,27 @@ class EdgeService:
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_edge_label(edge):
|
def get_edge_label(edge):
|
||||||
|
return "%s %s %s" % (edge['src_label'], RIGHT_ARROW, edge['dst_label'])
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_label_for_endpoint(endpoint_id):
|
||||||
node_service = monkey_island.cc.services.node.NodeService
|
node_service = monkey_island.cc.services.node.NodeService
|
||||||
from_id = edge["from"]
|
if endpoint_id == ObjectId("000000000000000000000000"):
|
||||||
to_id = edge["to"]
|
return 'MonkeyIsland'
|
||||||
|
if Monkey.is_monkey(endpoint_id):
|
||||||
try:
|
return Monkey.get_label_by_id(endpoint_id)
|
||||||
from_label = Monkey.get_label_by_id(from_id)
|
|
||||||
except MonkeyNotFoundError:
|
|
||||||
from_label = node_service.get_node_by_id(from_id)['domain_name']
|
|
||||||
|
|
||||||
if to_id == ObjectId("000000000000000000000000"):
|
|
||||||
to_label = 'MonkeyIsland'
|
|
||||||
else:
|
else:
|
||||||
if Monkey.is_monkey(to_id):
|
return node_service.get_node_label(node_service.get_node_by_id(endpoint_id))
|
||||||
to_label = Monkey.get_label_by_id(to_id)
|
|
||||||
else:
|
|
||||||
to_label = node_service.get_node_label(node_service.get_node_by_id(to_id))
|
|
||||||
|
|
||||||
return "%s %s %s" % (from_label, RIGHT_ARROW, to_label)
|
@staticmethod
|
||||||
|
def update_label_by_endpoint(edge, endpoint_id):
|
||||||
|
label = EdgeService.get_label_for_endpoint(endpoint_id)
|
||||||
|
if endpoint_id == edge["to"]:
|
||||||
|
mongo_field = {"dst_label": label}
|
||||||
|
else:
|
||||||
|
mongo_field = {"src_label": label}
|
||||||
|
mongo.db.edge.update({"_id": edge["_id"]},
|
||||||
|
{"$set": mongo_field})
|
||||||
|
|
||||||
|
|
||||||
RIGHT_ARROW = "\u2192"
|
RIGHT_ARROW = "\u2192"
|
||||||
|
|
|
@ -2,6 +2,7 @@ import copy
|
||||||
|
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
|
from monkey_island.cc.services.edge import EdgeService
|
||||||
from monkey_island.cc.services.telemetry.processing.utils import get_edge_by_scan_or_exploit_telemetry
|
from monkey_island.cc.services.telemetry.processing.utils import get_edge_by_scan_or_exploit_telemetry
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import test_open_data_endpoints
|
from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import test_open_data_endpoints
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import test_segmentation_violation
|
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import test_segmentation_violation
|
||||||
|
@ -42,3 +43,4 @@ def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):
|
||||||
mongo.db.node.update({"_id": node["_id"]},
|
mongo.db.node.update({"_id": node["_id"]},
|
||||||
{"$set": {"os.version": scan_os["version"]}},
|
{"$set": {"os.version": scan_os["version"]}},
|
||||||
upsert=False)
|
upsert=False)
|
||||||
|
EdgeService.update_label_by_endpoint(edge, node["_id"])
|
||||||
|
|
Loading…
Reference in New Issue