forked from p15670423/monkey
Merge pull request #1828 from guardicore/1604-remove-dead-code
Remove dead code
This commit is contained in:
commit
1f34a72421
|
@ -5,7 +5,6 @@ from datetime import datetime
|
||||||
from typing import Dict
|
from typing import Dict
|
||||||
|
|
||||||
from common.utils.exceptions import FailedExploitationError
|
from common.utils.exceptions import FailedExploitationError
|
||||||
from infection_monkey.config import WormConfiguration
|
|
||||||
from infection_monkey.i_puppet import ExploiterResultData
|
from infection_monkey.i_puppet import ExploiterResultData
|
||||||
from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
|
from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
|
||||||
|
|
||||||
|
@ -21,7 +20,6 @@ class HostExploiter:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self._config = WormConfiguration
|
|
||||||
self.exploit_info = {
|
self.exploit_info = {
|
||||||
"display_name": self._EXPLOITED_SERVICE,
|
"display_name": self._EXPLOITED_SERVICE,
|
||||||
"started": "",
|
"started": "",
|
||||||
|
|
|
@ -39,7 +39,6 @@ class WebRCE(HostExploiter):
|
||||||
super(WebRCE, self).__init__()
|
super(WebRCE, self).__init__()
|
||||||
self.monkey_target_paths = monkey_target_paths
|
self.monkey_target_paths = monkey_target_paths
|
||||||
self.vulnerable_urls = []
|
self.vulnerable_urls = []
|
||||||
self.target_url = None
|
|
||||||
|
|
||||||
def get_exploit_config(self):
|
def get_exploit_config(self):
|
||||||
"""
|
"""
|
||||||
|
@ -89,8 +88,6 @@ class WebRCE(HostExploiter):
|
||||||
if not self.are_vulnerable_urls_sufficient():
|
if not self.are_vulnerable_urls_sufficient():
|
||||||
return False
|
return False
|
||||||
|
|
||||||
self.target_url = self.get_target_url()
|
|
||||||
|
|
||||||
# Upload the right monkey to target
|
# Upload the right monkey to target
|
||||||
data = self.upload_monkey(self.get_target_url(), exploit_config["upload_commands"])
|
data = self.upload_monkey(self.get_target_url(), exploit_config["upload_commands"])
|
||||||
|
|
||||||
|
|
|
@ -1,127 +0,0 @@
|
||||||
import logging
|
|
||||||
|
|
||||||
from infection_monkey.i_master import IMaster
|
|
||||||
from infection_monkey.i_puppet import IPuppet, PortStatus
|
|
||||||
from infection_monkey.model.host import VictimHost
|
|
||||||
from infection_monkey.telemetry.credentials_telem import CredentialsTelem
|
|
||||||
from infection_monkey.telemetry.exploit_telem import ExploitTelem
|
|
||||||
from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
|
|
||||||
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
|
||||||
from infection_monkey.telemetry.scan_telem import ScanTelem
|
|
||||||
|
|
||||||
logger = logging.getLogger()
|
|
||||||
|
|
||||||
|
|
||||||
class MockMaster(IMaster):
|
|
||||||
def __init__(self, puppet: IPuppet, telemetry_messenger: ITelemetryMessenger):
|
|
||||||
self._puppet = puppet
|
|
||||||
self._telemetry_messenger = telemetry_messenger
|
|
||||||
self._hosts = {
|
|
||||||
"10.0.0.1": VictimHost("10.0.0.1"),
|
|
||||||
"10.0.0.2": VictimHost("10.0.0.2"),
|
|
||||||
"10.0.0.3": VictimHost("10.0.0.3"),
|
|
||||||
"10.0.0.4": VictimHost("10.0.0.4"),
|
|
||||||
}
|
|
||||||
|
|
||||||
def start(self) -> None:
|
|
||||||
self._run_sys_info_collectors()
|
|
||||||
self._run_pbas()
|
|
||||||
self._scan_victims()
|
|
||||||
self._fingerprint()
|
|
||||||
self._exploit()
|
|
||||||
self._run_payload()
|
|
||||||
|
|
||||||
def _run_credential_collectors(self):
|
|
||||||
logger.info("Running credential collectors")
|
|
||||||
|
|
||||||
windows_credentials = self._puppet.run_credential_collector("MimikatzCollector")
|
|
||||||
if windows_credentials:
|
|
||||||
self._telemetry_messenger.send_telemetry(CredentialsTelem(windows_credentials))
|
|
||||||
|
|
||||||
ssh_credentials = self._puppet.run_sys_info_collector("SSHCollector")
|
|
||||||
if ssh_credentials:
|
|
||||||
self._telemetry_messenger.send_telemetry(CredentialsTelem(ssh_credentials))
|
|
||||||
|
|
||||||
logger.info("Finished running credential collectors")
|
|
||||||
|
|
||||||
def _run_pbas(self):
|
|
||||||
|
|
||||||
# TODO: Create monkey_dir and revise setup in monkey.py
|
|
||||||
|
|
||||||
logger.info("Running post breach actions")
|
|
||||||
name = "AccountDiscovery"
|
|
||||||
display_name, command, result = self._puppet.run_pba(name, {})
|
|
||||||
self._telemetry_messenger.send_telemetry(PostBreachTelem(display_name, command, result))
|
|
||||||
|
|
||||||
name = "CommunicateAsBackdoorUser"
|
|
||||||
display_name, command, result = self._puppet.run_pba(name, {})
|
|
||||||
self._telemetry_messenger.send_telemetry(PostBreachTelem(display_name, command, result))
|
|
||||||
logger.info("Finished running post breach actions")
|
|
||||||
|
|
||||||
def _scan_victims(self):
|
|
||||||
logger.info("Scanning network for potential victims")
|
|
||||||
ips = ["10.0.0.1", "10.0.0.2", "10.0.0.3"]
|
|
||||||
ports = [22, 445, 3389, 8008]
|
|
||||||
for ip in ips:
|
|
||||||
h = self._hosts[ip]
|
|
||||||
|
|
||||||
ping_scan_data = self._puppet.ping(ip, 1)
|
|
||||||
h.icmp = ping_scan_data.response_received
|
|
||||||
if ping_scan_data.os is not None:
|
|
||||||
h.os["type"] = ping_scan_data.os
|
|
||||||
|
|
||||||
ports_scan_data = self._puppet.scan_tcp_ports(ip, ports)
|
|
||||||
|
|
||||||
for psd in ports_scan_data.values():
|
|
||||||
logger.debug(f"The port {psd.port} is {psd.status}")
|
|
||||||
if psd.status == PortStatus.OPEN:
|
|
||||||
h.services[psd.service] = {}
|
|
||||||
h.services[psd.service]["display_name"] = "unknown(TCP)"
|
|
||||||
h.services[psd.service]["port"] = psd.port
|
|
||||||
if psd.banner is not None:
|
|
||||||
h.services[psd.service]["banner"] = psd.banner
|
|
||||||
|
|
||||||
self._telemetry_messenger.send_telemetry(ScanTelem(h))
|
|
||||||
logger.info("Finished scanning network for potential victims")
|
|
||||||
|
|
||||||
def _fingerprint(self):
|
|
||||||
logger.info("Running fingerprinters on potential victims")
|
|
||||||
machine_1 = self._hosts["10.0.0.1"]
|
|
||||||
machine_3 = self._hosts["10.0.0.3"]
|
|
||||||
|
|
||||||
self._puppet.fingerprint("SMBFinger", machine_1, None, None, None)
|
|
||||||
self._telemetry_messenger.send_telemetry(ScanTelem(machine_1))
|
|
||||||
|
|
||||||
self._puppet.fingerprint("SMBFinger", machine_3, None, None, None)
|
|
||||||
self._telemetry_messenger.send_telemetry(ScanTelem(machine_3))
|
|
||||||
|
|
||||||
self._puppet.fingerprint("HTTPFinger", machine_3, None, None, None)
|
|
||||||
self._telemetry_messenger.send_telemetry(ScanTelem(machine_3))
|
|
||||||
logger.info("Finished running fingerprinters on potential victims")
|
|
||||||
|
|
||||||
def _exploit(self):
|
|
||||||
logger.info("Exploiting victims")
|
|
||||||
result = self._puppet.exploit_host("PowerShellExploiter", "10.0.0.1", 0, {}, None)
|
|
||||||
logger.info(f"Attempts for exploiting {result.attempts}")
|
|
||||||
self._telemetry_messenger.send_telemetry(
|
|
||||||
ExploitTelem("PowerShellExploiter", self._hosts["10.0.0.1"], result)
|
|
||||||
)
|
|
||||||
|
|
||||||
result = self._puppet.exploit_host("SSHExploiter", "10.0.0.3", 0, {}, None)
|
|
||||||
logger.info(f"Attempts for exploiting {result.attempts}")
|
|
||||||
self._telemetry_messenger.send_telemetry(
|
|
||||||
ExploitTelem("SSHExploiter", self._hosts["10.0.0.3"], result)
|
|
||||||
)
|
|
||||||
logger.info("Finished exploiting victims")
|
|
||||||
|
|
||||||
def _run_payload(self):
|
|
||||||
logger.info("Running payloads")
|
|
||||||
self._puppet.run_payload("RansomwarePayload", {}, None)
|
|
||||||
logger.info("Finished running payloads")
|
|
||||||
|
|
||||||
def terminate(self, block: bool = False) -> None:
|
|
||||||
logger.info("Terminating MockMaster")
|
|
||||||
|
|
||||||
def cleanup(self) -> None:
|
|
||||||
# TODO: Cleanup monkey_dir and send telemetry
|
|
||||||
pass
|
|
|
@ -1,39 +0,0 @@
|
||||||
import logging
|
|
||||||
from multiprocessing.dummy import Pool
|
|
||||||
from typing import Sequence
|
|
||||||
|
|
||||||
from infection_monkey.post_breach.pba import PBA
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
class PostBreach(object):
|
|
||||||
"""
|
|
||||||
This class handles post breach actions execution
|
|
||||||
"""
|
|
||||||
|
|
||||||
def __init__(self):
|
|
||||||
self.pba_list = self.config_to_pba_list()
|
|
||||||
|
|
||||||
def execute_all_configured(self):
|
|
||||||
"""
|
|
||||||
Executes all post breach actions.
|
|
||||||
"""
|
|
||||||
with Pool(5) as pool:
|
|
||||||
pool.map(self.run_pba, self.pba_list)
|
|
||||||
logger.info("All PBAs executed. Total {} executed.".format(len(self.pba_list)))
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def config_to_pba_list() -> Sequence[PBA]:
|
|
||||||
"""
|
|
||||||
:return: A list of PBA objects.
|
|
||||||
"""
|
|
||||||
return PBA.get_instances()
|
|
||||||
|
|
||||||
def run_pba(self, pba):
|
|
||||||
try:
|
|
||||||
logger.debug("Executing PBA: '{}'".format(pba.name))
|
|
||||||
pba.run()
|
|
||||||
logger.debug(f"Execution of {pba.name} finished")
|
|
||||||
except Exception as e:
|
|
||||||
logger.error("PBA {} failed. Error info: {}".format(pba.name, e))
|
|
|
@ -149,6 +149,7 @@ Report.meta
|
||||||
LDAPServerFactory.buildProtocol
|
LDAPServerFactory.buildProtocol
|
||||||
get_file_sha256_hash
|
get_file_sha256_hash
|
||||||
strict_slashes # unused attribute (monkey/monkey_island/cc/app.py:96)
|
strict_slashes # unused attribute (monkey/monkey_island/cc/app.py:96)
|
||||||
|
post_breach_actions # unused variable (monkey\infection_monkey\config.py:95)
|
||||||
|
|
||||||
# these are not needed for it to work, but may be useful extra information to understand what's going on
|
# these are not needed for it to work, but may be useful extra information to understand what's going on
|
||||||
WINDOWS_PBA_TYPE # unused variable (monkey/monkey_island/cc/resources/pba_file_upload.py:23)
|
WINDOWS_PBA_TYPE # unused variable (monkey/monkey_island/cc/resources/pba_file_upload.py:23)
|
||||||
|
@ -170,16 +171,3 @@ _.instance_name # unused attribute (monkey/common/cloud/azure/azure_instance.py
|
||||||
_.instance_name # unused attribute (monkey/common/cloud/azure/azure_instance.py:64)
|
_.instance_name # unused attribute (monkey/common/cloud/azure/azure_instance.py:64)
|
||||||
GCPHandler # unused function (envs/monkey_zoo/blackbox/test_blackbox.py:57)
|
GCPHandler # unused function (envs/monkey_zoo/blackbox/test_blackbox.py:57)
|
||||||
architecture # unused variable (monkey/infection_monkey/exploit/caching_agent_repository.py:25)
|
architecture # unused variable (monkey/infection_monkey/exploit/caching_agent_repository.py:25)
|
||||||
|
|
||||||
# TODO: Reevaluate these as the agent refactor progresses
|
|
||||||
run_sys_info_collector
|
|
||||||
ping
|
|
||||||
scan_tcp_port
|
|
||||||
fingerprint
|
|
||||||
interrupt
|
|
||||||
MockPuppet
|
|
||||||
ControlChannel
|
|
||||||
should_agent_stop
|
|
||||||
get_credentials_for_propagation
|
|
||||||
MockMaster
|
|
||||||
register_signal_handlers
|
|
||||||
|
|
Loading…
Reference in New Issue