Merge pull request #1643 from guardicore/1538-propagation-credentials-endpoint

Implement propagation credentials endpoint

CHANGELOG.md

@@ -8,6 +8,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [Unreleased]
 ### Added
 - credentials.json file for storing Monkey Island user login information. #1206
+- "GET /api/propagation-credentials/<string:guid>" endpoint for agents to
+  retrieve updated credentials from the Island. #1538
 
 ### Changed
 - "Communicate as Backdoor User" PBA's HTTP requests to request headers only and

monkey/infection_monkey/master/control_channel.py

@@ -56,7 +56,7 @@ class ControlChannel(IControlChannel):
     def get_credentials_for_propagation(self) -> dict:
         try:
             response = requests.get(  # noqa: DUO123
-                f"{self._control_channel_server}/api/propagationCredentials",
+                f"{self._control_channel_server}/api/propagation-credentials/{self._agent_id}",
                 verify=False,
                 proxies=ControlClient.proxies,
                 timeout=SHORT_REQUEST_TIMEOUT,
@@ -67,3 +67,5 @@ class ControlChannel(IControlChannel):
         except Exception as e:
             # TODO: Evaluate how this exception is handled; don't just log and ignore it.
             logger.error(f"An error occurred while trying to connect to server. {e}")
+
+        return {}

monkey/monkey_island/cc/app.py

@@ -169,7 +169,7 @@ def init_api_resources(api):
         "/api/fileUpload/<string:file_type>?load=<string:filename>",
         "/api/fileUpload/<string:file_type>?restore=<string:filename>",
     )
-    api.add_resource(PropagationCredentials, "/api/propagationCredentials")
+    api.add_resource(PropagationCredentials, "/api/propagation-credentials/<string:guid>")
     api.add_resource(RemoteRun, "/api/remote-monkey", "/api/remote-monkey/")
     api.add_resource(VersionUpdate, "/api/version-update", "/api/version-update/")
     api.add_resource(StartedOnIsland, "/api/monkey_control/started_on_island")

monkey/monkey_island/cc/resources/propagation_credentials.py

@@ -1,9 +1,16 @@
 import flask_restful
 
+from monkey_island.cc.database import mongo
 from monkey_island.cc.services.config import ConfigService
 
 
 class PropagationCredentials(flask_restful.Resource):
-    def get(self):
+    def get(self, guid: str):
+        monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
+        ConfigService.decrypt_flat_config(monkey_json["config"])
 
-        return {"propagation_credentials": ConfigService.get_config_propagation_credentials()}
+        propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config(
+            monkey_json["config"]
+        )
+
+        return {"propagation_credentials": propagation_credentials}

monkey/monkey_island/cc/services/config.py

@@ -410,21 +410,13 @@ class ConfigService:
         ConfigService.set_config_value(STARTED_ON_ISLAND_PATH, value)
 
     @staticmethod
-    def get_config_propagation_credentials():
+    def get_config_propagation_credentials_from_flat_config(config):
         return {
-            "exploit_user_list": ConfigService.get_config_value(
-                USER_LIST_PATH, should_decrypt=False
-            ),
-            "exploit_password_list": ConfigService.get_config_value(
-                PASSWORD_LIST_PATH, should_decrypt=False
-            ),
-            "exploit_lm_hash_list": ConfigService.get_config_value(
-                LM_HASH_LIST_PATH, should_decrypt=False
-            ),
-            "exploit_ntlm_hash_list": ConfigService.get_config_value(
-                NTLM_HASH_LIST_PATH, should_decrypt=False
-            ),
-            "exploit_ssh_keys": ConfigService.get_config_value(SSH_KEYS_PATH, should_decrypt=False),
+            "exploit_user_list": config.get("exploit_user_list", []),
+            "exploit_password_list": config.get("exploit_password_list", []),
+            "exploit_lm_hash_list": config.get("exploit_lm_hash_list", []),
+            "exploit_ntlm_hash_list": config.get("exploit_ntlm_hash_list", []),
+            "exploit_ssh_keys": config.get("exploit_ssh_keys", []),
         }
 
     @staticmethod

monkey/tests/data_for_tests/monkey_configs/flat_config.json

@@ -29,18 +29,18 @@
     "dropper_target_path_linux": "/tmp/monkey",
     "dropper_target_path_win_32": "C:\\Windows\\temp\\monkey32.exe",
     "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe",
-    "exploit_lm_hash_list": [],
-    "exploit_ntlm_hash_list": [],
+    "exploit_lm_hash_list": ["lm_hash_1", "lm_hash_2"],
+    "exploit_ntlm_hash_list": ["nt_hash_1", "nt_hash_2", "nt_hash_3"],
     "exploit_password_list": [
-        "root",
-        "123456",
-        "password",
-        "123456789",
-        "qwerty",
-        "111111",
-        "iloveyou"
+        "test",
+        "iloveyou",
+        "12345"
     ],
     "exploit_ssh_keys": [
+        {
+            "public_key": "my_public_key",
+            "private_key": "my_private_key"
+        }
     ],
     "exploit_user_list": [
         "Administrator",

monkey/tests/unit_tests/monkey_island/cc/services/test_config.py

@@ -80,3 +80,16 @@ def test_format_config_for_agent__pbas(flat_monkey_config):
     assert "PBA_linux_filename" not in flat_monkey_config
     assert "custom_PBA_windows_cmd" not in flat_monkey_config
     assert "PBA_windows_filename" not in flat_monkey_config
+
+
+def test_get_config_propagation_credentials_from_flat_config(flat_monkey_config):
+    expected_creds = {
+        "exploit_lm_hash_list": ["lm_hash_1", "lm_hash_2"],
+        "exploit_ntlm_hash_list": ["nt_hash_1", "nt_hash_2", "nt_hash_3"],
+        "exploit_password_list": ["test", "iloveyou", "12345"],
+        "exploit_ssh_keys": [{"private_key": "my_private_key", "public_key": "my_public_key"}],
+        "exploit_user_list": ["Administrator", "root", "user", "ubuntu"],
+    }
+
+    creds = ConfigService.get_config_propagation_credentials_from_flat_config(flat_monkey_config)
+    assert creds == expected_creds