From 4c9d0f27861badd4c774f8e09a31c6c5d2f4ae81 Mon Sep 17 00:00:00 2001 From: ophirharpazg Date: Sun, 30 Aug 2020 18:04:40 +0300 Subject: [PATCH] Add Drupal to the newly formed configuration --- .../cc/services/config_schema/basic.py | 76 ++++++++++ .../definitions/exploiter_classes.py | 139 ++++++++++++++++++ 2 files changed, 215 insertions(+) create mode 100644 monkey/monkey_island/cc/services/config_schema/basic.py create mode 100644 monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py diff --git a/monkey/monkey_island/cc/services/config_schema/basic.py b/monkey/monkey_island/cc/services/config_schema/basic.py new file mode 100644 index 000000000..0fa0b80d4 --- /dev/null +++ b/monkey/monkey_island/cc/services/config_schema/basic.py @@ -0,0 +1,76 @@ +BASIC = { + "title": "Exploits", + "type": "object", + "primary": True, + "properties": { + "exploiters": { + "title": "Exploiters", + "type": "object", + "description": "Choose which exploiters the Monkey will attempt.", + "properties": { + "exploiter_classes": { + "title": "Exploiters", + "type": "array", + "uniqueItems": True, + "items": { + "$ref": "#/definitions/exploiter_classes" + }, + "default": [ + "SmbExploiter", + "WmiExploiter", + "SSHExploiter", + "ShellShockExploiter", + "SambaCryExploiter", + "ElasticGroovyExploiter", + "Struts2Exploiter", + "WebLogicExploiter", + "HadoopExploiter", + "VSFTPDExploiter", + "MSSQLExploiter", + "DrupalExploiter" + ] + } + } + }, + "credentials": { + "title": "Credentials", + "type": "object", + "properties": { + "exploit_user_list": { + "title": "Exploit user list", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + "Administrator", + "root", + "user" + ], + "description": "List of user names that will be used by exploiters that need credentials, like " + "SSH brute-forcing." + }, + "exploit_password_list": { + "title": "Exploit password list", + "type": "array", + "uniqueItems": True, + "items": { + "type": "string" + }, + "default": [ + "root", + "123456", + "password", + "123456789", + "qwerty", + "111111", + "iloveyou" + ], + "description": "List of passwords that will be used by exploiters that need credentials, like " + "SSH brute-forcing." + } + } + } + } +} diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py new file mode 100644 index 000000000..130171877 --- /dev/null +++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py @@ -0,0 +1,139 @@ +from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN + +EXPLOITER_CLASSES = { + "title": "Exploit class", + "description": "Click on exploiter to get more information about it." + WARNING_SIGN + + " Note that using unsafe exploits may cause crashes of the exploited machine/service.", + "type": "string", + "anyOf": [ + { + "type": "string", + "enum": [ + "SmbExploiter" + ], + "title": "SMB Exploiter", + "attack_techniques": ["T1110", "T1075", "T1035"], + "info": "Brute forces using credentials provided by user and" + " hashes gathered by mimikatz.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/smbexec/" + }, + { + "type": "string", + "enum": [ + "WmiExploiter" + ], + "title": "WMI Exploiter", + "attack_techniques": ["T1110", "T1106"], + "info": "Brute forces WMI (Windows Management Instrumentation) " + "using credentials provided by user and hashes gathered by mimikatz.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/wmiexec/" + }, + { + "type": "string", + "enum": [ + "MSSQLExploiter" + ], + "title": "MSSQL Exploiter", + "attack_techniques": ["T1110"], + "info": "Tries to brute force into MsSQL server and uses insecure " + "configuration to execute commands on server.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/mssql/" + }, + { + "type": "string", + "enum": [ + "Ms08_067_Exploiter" + ], + "title": "MS08-067 Exploiter (UNSAFE)", + "info": "Unsafe exploiter, that might cause system crash due to the use of buffer overflow. " + "Uses MS08-067 vulnerability.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/ms08-067/" + }, + { + "type": "string", + "enum": [ + "SSHExploiter" + ], + "title": "SSH Exploiter", + "attack_techniques": ["T1110", "T1145", "T1106"], + "info": "Brute forces using credentials provided by user and SSH keys gathered from systems.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sshexec/" + }, + { + "type": "string", + "enum": [ + "ShellShockExploiter" + ], + "title": "ShellShock Exploiter", + "info": "CVE-2014-6271, based on logic from " + "https://github.com/nccgroup/shocker/blob/master/shocker.py .", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/shellshock/" + }, + { + "type": "string", + "enum": [ + "SambaCryExploiter" + ], + "title": "SambaCry Exploiter", + "info": "Bruteforces and searches for anonymous shares. Uses Impacket.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/sambacry/" + }, + { + "type": "string", + "enum": [ + "ElasticGroovyExploiter" + ], + "title": "ElasticGroovy Exploiter", + "info": "CVE-2015-1427. Logic is based on Metasploit module.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/elasticgroovy/" + }, + { + "type": "string", + "enum": [ + "Struts2Exploiter" + ], + "title": "Struts2 Exploiter", + "info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on " + "https://www.exploit-db.com/exploits/41570 .", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/" + }, + { + "type": "string", + "enum": [ + "WebLogicExploiter" + ], + "title": "WebLogic Exploiter", + "info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/weblogic/" + }, + { + "type": "string", + "enum": [ + "HadoopExploiter" + ], + "title": "Hadoop/Yarn Exploiter", + "info": "Remote code execution on HADOOP server with YARN and default settings. " + "Logic based on https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/hadoop/" + }, + { + "type": "string", + "enum": [ + "VSFTPDExploiter" + ], + "title": "VSFTPD Exploiter", + "info": "Exploits a malicious backdoor that was added to the VSFTPD download archive. " + "Logic based on Metasploit module.", + "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/vsftpd/" + }, + { + "type": "string", + "enum": [ + "DrupalExploiter" + ], + "title": "Drupal Exploiter", + "info": "Exploits a remote command execution vulnerability", + "link": "" + } + ] +}