Merge branch 'release/1.11.0' into develop

This commit is contained in:
Mike Salvatore 2021-08-13 08:23:04 -04:00
commit 819de3905a
26 changed files with 138 additions and 145 deletions

View File

@ -1,11 +1,12 @@
# Changelog # Changelog
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this
file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/).
## [Unreleased] ## [1.11.0] - 2021-08-XX
### Added ### Added
- PostgreSQL fingerprinter. #892
- A runtime-configurable option to specify a data directory where runtime - A runtime-configurable option to specify a data directory where runtime
configuration and other artifacts can be stored. #994 configuration and other artifacts can be stored. #994
- Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381 - Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
@ -13,53 +14,58 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- A ransomware simulation payload. #1238 - A ransomware simulation payload. #1238
- The capability for a user to specify their own SSL certificate. #1208 - The capability for a user to specify their own SSL certificate. #1208
- API endpoint for ransomware report. #1297 - API endpoint for ransomware report. #1297
- Add ransomware report. #1240 - A ransomware report. #1240
- A script to build a docker image locally. #1140 - A script to build a docker image locally. #1140
### Changed ### Changed
- server_config.json can be selected at runtime. #963 - Select server_config.json at runtime. #963
- Logger configuration can be selected at runtime. #971 - Select Logger configuration at runtime. #971
- `mongo_key.bin` file location can be selected at runtime. #994 - Select `mongo_key.bin` file location at runtime. #994
- Monkey agents are stored in the configurable data_dir when monkey is "run - Store Monkey agents in the configurable data_dir when monkey is "run from the
from the island". #997 island". #997
- Reformated all code using black. #1070 - Reformat all code using black. #1070
- Sorted all imports usind isort. #1081 - Sort all imports using isort. #1081
- Addressed all flake8 issues. #1071 - Address all flake8 issues. #1071
- Use pipenv for python dependency management. #1091 - Use pipenv for python dependency management. #1091
- Moved unit tests to a dedicated `tests/` directory to improve pytest - Move unit tests to a dedicated `tests/` directory to improve pytest collection
collection time. #1102 time. #1102
- Default BB test suite behavior: if `--run-performance-tests` flag is not - Skip BB performance tests by default. Run them if `--run-performance-tests`
specified, performance tests are skipped. flag is specified.
- Zerologon exploiter writes runtime artifacts to a secure temporary directory - Write Zerologon exploiter's runtime artifacts to a secure temporary directory
instead of $HOME. #1143 instead of $HOME. #1143
- Authentication mechanism to use bcrypt on server side. #1139 - Put environment config options in `server_config.json` into a separate
- `server_config.json` puts environment config options in a separate section section named "environment". #1161
named "environment". #1161 - Automatically register if BlackBox tests are run on a fresh installation.
- BlackBox tests can now register if they are ran on a fresh installation. #1180 #1180
- Limit the ports used for scanning in blackbox tests. #1368 - Limit the ports used for scanning in blackbox tests. #1368
- Limit the propagation depth of most blackbox tests. #1400 - Limit the propagation depth of most blackbox tests. #1400
- Blackbox tests wait less time for monkeys to die. #1400 - Wait less time for monkeys to die when running BlackBox tests. #1400
- Improved the structure of unit tests by scoping fixtures only to relevant modules - Improve the structure of unit tests by scoping fixtures only to relevant
instead of having a one huge fixture file, improved and renamed the directory modules instead of having a one huge fixture file. #1178
structure of unit tests and unit test infrastructure. #1178 - Improve and rename the directory structure of unit tests and unit test
- MongoDb now gets launched by the Island via python. #1148 infrastructure. #1178
- Create/check data directory on Island init. #1170 - Launch MongoDB when the Island starts via python. #1148
- The formatting of some log messages to make them more readable. #1283 - Create/check data directory on Island initialization. #1170
- Some unit tests to run faster. #1125 - Format some log messages to make them more readable. #1283
- Improve runtime of some unit tests. #1125
- Run curl OR wget (not both) when attempting to communicate as a new user on
Linux. #1407
### Removed ### Removed
- Relevant dead code as reported by Vulture. #1149 - Relevant dead code as reported by Vulture. #1149
- Island logger config and --logger-config CLI option. #1151 - Island logger config and --logger-config CLI option. #1151
### Fixed ### Fixed
- Attempted to delete a directory when monkey config reset was called. #1054 - Attempt to delete a directory when monkey config reset was called. #1054
- An errant space in the windows commands to run monkey manually. #1153 - An errant space in the windows commands to run monkey manually. #1153
- gevent tracebacks in console output. #859 - Gevent tracebacks in console output. #859
- Crash and failure to run PBAs if max depth reached. #1374 - Crash and failure to run PBAs if max depth reached. #1374
### Security ### Security
- Address minor issues discovered by Dlint. #1075 - Address minor issues discovered by Dlint. #1075
- Generate random passwords when creating a new user (create user PBA, ms08_67 exploit). #1174 - Hash passwords on server-side instead of client side. #1139
- Generate random passwords when creating a new user (create user PBA, ms08_67
exploit). #1174
- Implemented configuration encryption/decryption. #1189, #1204 - Implemented configuration encryption/decryption. #1189, #1204
- Create local custom PBA directory with secure permissions. #1270 - Create local custom PBA directory with secure permissions. #1270
- Create encryption key file for MongoDB with secure permissions. #1232 - Create encryption key file for MongoDB with secure permissions. #1232

View File

@ -2,6 +2,7 @@
title: "MITRE ATT&CK report" title: "MITRE ATT&CK report"
description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base" description: "Maps the Monkey's actions to the MITRE ATT&CK knowledge base"
date: 2020-06-24T21:17:18+03:00 date: 2020-06-24T21:17:18+03:00
weight: 3
draft: false draft: false
--- ---

View File

@ -0,0 +1,49 @@
---
title: "Ransomware report"
date: 2021-08-05T13:23:10+03:00
weight: 4
draft: false
description: "Provides information about ransomware simulation on your network"
---
{{% notice info %}}
Check out [the Infection Monkey's ransomware simulation documentation]({{< ref
"/usage/scenarios/ransomware-simulation" >}}) and [the documentation for other
available reports]({{< ref "/reports" >}}).
{{% /notice %}}
The Infection Monkey can be configured to [simulate a ransomware
attack](/usage/scenarios/ransomware-simulation) on your network. After running,
it generates a **Ransomware Report** that provides you with insight into how
ransomware might behave within your environment.
The report is split into three sections:
- [Breach](#breach)
- [Lateral Movement](#lateral-movement)
- [Attack](#attack)
## Breach
The breach section shows when and where the ransomware infection began.
![Breach](/images/usage/reports/ransomware_report_1_breach.png "Breach")
## Lateral movement
The lateral movement section provides information about how the simulated
ransomware was able to propagate through your network.
![Lateral
Movement](/images/usage/reports/ransomware_report_2_lateral_movement.png
"Lateral Movement")
## Attack
The attack section shows the details of what the simulated ransomware
successfully encrypted, including a list of specific files.
![Attack](/images/usage/reports/ransomware_report_3_attack.png "Attack")

View File

@ -1,6 +1,7 @@
--- ---
title: "Security report" title: "Security report"
date: 2020-06-24T21:16:10+03:00 date: 2020-06-24T21:16:10+03:00
weight: 1
draft: false draft: false
description: "Provides actionable recommendations and insight into an attacker's view of your network" description: "Provides actionable recommendations and insight into an attacker's view of your network"
--- ---

View File

@ -1,6 +1,7 @@
--- ---
title: "Zero Trust report" title: "Zero Trust report"
date: 2020-06-24T21:16:18+03:00 date: 2020-06-24T21:16:18+03:00
weight: 2
draft: false draft: false
description: "Generates a status report with detailed explanations of Zero Trust security gaps and prescriptive instructions on how to rectify them" description: "Generates a status report with detailed explanations of Zero Trust security gaps and prescriptive instructions on how to rectify them"
--- ---

View File

@ -29,7 +29,7 @@ The Infection Monkey Docker container works on Linux only. It is not compatible
1. Load the Monkey Island Docker image: 1. Load the Monkey Island Docker image:
```bash ```bash
sudo docker load -i dk.monkeyisland.1.10.0.tar sudo docker load -i dk.monkeyisland.VERSION.tar
``` ```
### 2. Start MongoDB ### 2. Start MongoDB
@ -58,7 +58,7 @@ been signed by a private certificate authority.
sudo docker run \ sudo docker run \
--name monkey-island \ --name monkey-island \
--network=host \ --network=host \
guardicore/monkey-island:1.10.0 guardicore/monkey-island:VERSION
``` ```
### 3b. Start Monkey Island with user-provided certificate ### 3b. Start Monkey Island with user-provided certificate
@ -81,7 +81,7 @@ been signed by a private certificate authority.
--network=host \ --network=host \
--user "$(id -u ${USER}):$(id -g ${USER})" \ --user "$(id -u ${USER}):$(id -g ${USER})" \
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \ --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
guardicore/monkey-island:1.10.0 --setup-only guardicore/monkey-island:VERSION --setup-only
``` ```
1. Move your `.crt` and `.key` files to `./monkey_island_data`. 1. Move your `.crt` and `.key` files to `./monkey_island_data`.
@ -122,7 +122,7 @@ been signed by a private certificate authority.
--network=host \ --network=host \
--user "$(id -u ${USER}):$(id -g ${USER})" \ --user "$(id -u ${USER}):$(id -g ${USER})" \
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \ --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
guardicore/monkey-island:1.10.0 guardicore/monkey-island:VERSION
``` ```
### 4. Accessing Monkey Island ### 4. Accessing Monkey Island
@ -152,7 +152,7 @@ to store data in the `monkey-mongo` container.
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte
``` ```
Starting a new container from the `guardicore/monkey-island:1.10.0` image Starting a new container from the `guardicore/monkey-island:VERSION` image
generates a new secret key for storing sensitive information in MongoDB. If you generates a new secret key for storing sensitive information in MongoDB. If you
have an old database instance running (from a previous instance of Infection have an old database instance running (from a previous instance of Infection
Monkey), the data stored in the `monkey-mongo` container has been encrypted Monkey), the data stored in the `monkey-mongo` container has been encrypted

View File

@ -18,10 +18,10 @@ installed, but the ones that we've tested are:
- Kali 2021.2 - Kali 2021.2
- Parrot 4.11 - Parrot 4.11
- Rocky 8 - Rocky 8
- Suse Leap 15.3 - openSUSE Leap 15.3
- Ubuntu 18.04 - Ubuntu Bionic 18.04
- Ubuntu 20.04 - Ubuntu Focal 20.04
- Ubuntu 21.04 - Ubuntu Hirsute 21.04
## Deployment ## Deployment

View File

@ -1,75 +0,0 @@
---
title: "VMware"
date: 2020-05-26T20:57:14+03:00
draft: false
pre: '<i class="fas fa-laptop-code"></i> '
weight: 3
tags: ["setup", "vmware"]
---
## Deployment
1. Deploy the Infection Monkey OVA by choosing **Deploy OVF Template** and
following the wizard instructions. *Note: make sure ports 5000 and 5001 on
the machine are accessible for inbound TCP traffic.*
1. Turn on the Infection Monkey VM.
1. Log in to the machine with the following credentials:
1. Username: **monkeyuser**
1. Password: **Noon.Earth.Always**
1. For security purposes, it's recommended that you change the machine
passwords by running the following commands: `sudo passwd monkeyuser`, `sudo
passwd root`.
## OVA network modes
You can use the OVA in one of two modes:
1. In a network with the DHCP configured — In this case, the Monkey Island will
automatically query and receive an IP address from the network.
1. With a static IP address — In this case, you should log in to the VM console
with the username `monkeyuser` and the password `Noon.Earth.Always`. After logging
in, edit the Netplan configuration by entering the following command in the
prompt:
```sh
sudo nano /etc/netplan/00-installer-config.yaml
```
Make the following changes:
```diff
# This is the network config written by 'subiquity'
network:
ethernets:
ens160:
- dhcp4: true
+ dhcp4: false
+ addresses: [XXX.XXX.XXX.XXX/24]
+ gateway4: YYY.YYY.YYY.YYY
+ nameservers:
+ addresses: [1.1.1.1]
version: 2
```
Replace `XXX.XXX.XXX.XXX` with the desired IP addess of the VM. Replace
`YYY.YYY.YYY.YYY` with the default gateway.
Save the changes then run the command:
```sh
sudo netplan apply
```
If this configuration does not suit your needs, see
https://netplan.io/examples/ for more information about how to configure
Netplan.
## Upgrading
Currently, there's no "upgrade-in-place" option when a new version is released.
To get an updated version, download the updated OVA file.
If you'd like to keep your existing configuration, you can export it to a file
using the *Export config* button and then import it to the new Monkey Island.
![Export configuration](../../images/setup/export-configuration.png "Export configuration")

View File

@ -20,7 +20,7 @@ After running the installer, the following prompt should appear on the screen:
1. Follow the steps to complete the installation. 1. Follow the steps to complete the installation.
1. Run the Monkey Island by clicking on the desktop shortcut. 1. Run the Monkey Island by clicking on the desktop shortcut.
### Start Monkey Island with user-provided certificcate ### Start Monkey Island with user-provided certificate
By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
enterprise or other security-sensitive environments, it is recommended that the enterprise or other security-sensitive environments, it is recommended that the

View File

@ -37,24 +37,31 @@ $ sha256sum monkey-linux-64
| Filename | Type | Version | SHA256 | | Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------| |------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` | | monkey-windows-64.exe | Windows Agent | 1.11.0 | `12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a` |
| monkey-windows-32.exe | Windows Agent | 1.10.0 | `8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f` | | monkey-windows-32.exe | Windows Agent | 1.11.0 | `e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849` |
| monkey-linux-64 | Linux Agent | 1.10.0 | `932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93` | | monkey-linux-64 | Linux Agent | 1.11.0 | `fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462` |
| monkey-linux-32 | Linux Agent | 1.10.0 | `a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5` | | monkey-linux-32 | Linux Agent | 1.11.0 | `88d6d717f99047ae6f8ff9527b41ff004217c99b1b027f112d062dd9e66d11ab` |
| infection_monkey_deb.tgz | Debian Package | 1.10.0 | `534d85c4abc78e2c86a74d8b88759b091b62077dd9e32f02eeb43d716d359ff6` | | Infection_Monkey-1.11.0-x86_64.AppImage | Linux Package | 1.11.0 | `6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2` |
| infection_monkey_debzt.tgz | Debian Package | 1.10.0 | `bd01d8482f80990e6cc0ed654c07dbd80da71eebe3dd244365e9bc00f86b1c03` | | infection_monkey_docker_20210811_211212.tgz | Docker | 1.11.0 | `40f203387cadd153f97c6a21dfdddacd4d4eeea334a9300d862bfb4ba528e2e6` |
| Monkey Island v1.10.0_3593_windows.exe | Windows Installer | 1.10.0 | `ebd2c5627d21dd8670def02c3a5a995f9e799ba567cf4caacd702654264ddf06` | | Monkey Island v1.11.0_3789.exe | Windows Installer | 1.11.0 | `20633c1993ea5f86b57b3a48d6875e8f72881f856f4713d747f07a559da05ccc` |
| Monkey Island v1.10.0_3593_windowszt.exe | Windows Installer | 1.10.0 | `60aaf3b32e5d06c91fe0d4f1b950529517ac33796f67e9ccfef0e8ce1c5372d8` |
| infection_monkey_docker_docker_20210326_171631.tgz | Docker | 1.10.0 | `e4f9c7c5aafe7e38b33d2927a9c0cf6a3ac27858d3d0e3f2252c2e91809a78db` |
| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
## Older checksums ## Older checksums
| Filename | Type | Version | SHA256 | | Filename | Type | Version | SHA256 |
|------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------| |------------------------------------------------------|-------------------|---------|--------------------------------------------------------------------|
| monkey-windows-64.exe | Windows Agent | 1.10.0 | `3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1` |
| monkey-windows-32.exe | Windows Agent | 1.10.0 | `8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f` |
| monkey-linux-64 | Linux Agent | 1.10.0 | `932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93` |
| monkey-linux-32 | Linux Agent | 1.10.0 | `a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5` |
| infection_monkey_deb.tgz | Debian Package | 1.10.0 | `534d85c4abc78e2c86a74d8b88759b091b62077dd9e32f02eeb43d716d359ff6` |
| infection_monkey_debzt.tgz | Debian Package | 1.10.0 | `bd01d8482f80990e6cc0ed654c07dbd80da71eebe3dd244365e9bc00f86b1c03` |
| Monkey Island v1.10.0_3593_windows.exe | Windows Installer | 1.10.0 | `ebd2c5627d21dd8670def02c3a5a995f9e799ba567cf4caacd702654264ddf06` |
| Monkey Island v1.10.0_3593_windowszt.exe | Windows Installer | 1.10.0 | `60aaf3b32e5d06c91fe0d4f1b950529517ac33796f67e9ccfef0e8ce1c5372d8` |
| infection_monkey_docker_docker_20210326_171631.tgz | Docker | 1.10.0 | `e4f9c7c5aafe7e38b33d2927a9c0cf6a3ac27858d3d0e3f2252c2e91809a78db` |
| infection_monkey_docker_dockerzt_20210326_172035.tgz | Docker | 1.10.0 | `248640e9eaa18e4c27f67237f0594d9533732f372ba4674d5d1bea43ab498cf5` |
| monkey-island-vmware.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
| monkey-island-vmwarezt.ova | OVA | 1.10.0 | `3472ad4ae557ddad7d7db8fbbfcfd33c4f2d95d870b18fa4cab49af6b562009c` |
| monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` | | monkey-windows-64.exe | Windows Agent | 1.9.0 | `24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068` |
| monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` | | monkey-windows-32.exe | Windows Agent | 1.9.0 | `67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8` |
| monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` | | monkey-linux-64 | Linux Agent | 1.9.0 | `aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956` |

View File

@ -74,10 +74,10 @@
</a> </a>
</div> </div>
<div class="col-lg-3 col-sm-6 mb-3"> <div class="col-lg-3 col-sm-6 mb-3">
<a href="usage/use-cases" class="px-4 py-5 bg-white shadow text-center d-block"> <a href="usage/scenarios" class="px-4 py-5 bg-white shadow text-center d-block">
<i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i> <i class="fas fa-map-marked-alt d-block mb-4" style="font-size: x-large;"></i>
<h4 class="mb-3 mt-0">Use Cases</h4> <h4 class="mb-3 mt-0">Scenarios</h4>
<p class="mb-0">Learn about use cases of the Infection Monkey.</p> <p class="mb-0">Learn about scenarios of the Infection Monkey.</p>
</a> </a>
</div> </div>
<div class="col-lg-3 col-sm-6 mb-3"> <div class="col-lg-3 col-sm-6 mb-3">

Binary file not shown.

After

Width:  |  Height:  |  Size: 135 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 138 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 257 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 310 KiB

After

Width:  |  Height:  |  Size: 278 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 296 KiB

After

Width:  |  Height:  |  Size: 283 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 136 KiB

After

Width:  |  Height:  |  Size: 140 KiB

View File

@ -1 +1 @@
dev release

View File

@ -4,7 +4,7 @@ import argparse
from pathlib import Path from pathlib import Path
MAJOR = "1" MAJOR = "1"
MINOR = "10" MINOR = "11"
PATCH = "0" PATCH = "0"
build_file_path = Path(__file__).parent.joinpath("BUILD") build_file_path = Path(__file__).parent.joinpath("BUILD")
with open(build_file_path, "r") as build_file: with open(build_file_path, "r") as build_file:

View File

@ -1,5 +1,6 @@
import logging import logging
import random import random
import shutil
import string import string
import subprocess import subprocess
@ -64,11 +65,13 @@ class CommunicateAsNewUser(PBA):
'Invoke-WebRequest {url} -UseBasicParsing"' 'Invoke-WebRequest {url} -UseBasicParsing"'
) )
else: else:
# true || false -> 0. false || true -> 0. false || false -> 1. So:
# if curl works, we're good. # if curl works, we're good.
# If curl doesn't exist or fails and wget work, we're good. # If curl doesn't exist or fails and wget work, we're good.
# And if both don't exist: we'll call it a win. # And if both don't exist: we'll call it a win.
format_string = "curl {url} || wget -O/dev/null -q {url}" if shutil.which("curl") is not None:
format_string = "curl {url}"
else:
format_string = "wget -O/dev/null -q {url}"
return format_string.format(url=url) return format_string.format(url=url)
def send_result_telemetry(self, exit_status, commandline, username): def send_result_telemetry(self, exit_status, commandline, username):

View File

@ -2,7 +2,7 @@ import os
from infection_monkey.control import ControlClient from infection_monkey.control import ControlClient
TEMP_COMSPEC = os.path.join(os.getcwd(), "random_executable.exe") TEMP_COMSPEC = os.path.join(os.getcwd(), "T1216_random_executable.exe")
def get_windows_commands_to_proxy_execution_using_signed_script(): def get_windows_commands_to_proxy_execution_using_signed_script():

View File

@ -16,5 +16,5 @@ class T1216PBAFileDownload(flask_restful.Resource):
executable_file_name = "T1216_random_executable.exe" executable_file_name = "T1216_random_executable.exe"
return send_from_directory( return send_from_directory(
directory=os.path.join(MONKEY_ISLAND_ABS_PATH, "cc", "resources", "pba"), directory=os.path.join(MONKEY_ISLAND_ABS_PATH, "cc", "resources", "pba"),
filename=executable_file_name, path=executable_file_name,
) )

View File

@ -18,7 +18,7 @@ def setup_data_dir(island_args: IslandCmdArgs) -> Tuple[IslandConfigOptions, str
def _setup_config_by_cmd_arg(server_config_path) -> Tuple[IslandConfigOptions, str]: def _setup_config_by_cmd_arg(server_config_path) -> Tuple[IslandConfigOptions, str]:
server_config_path = expand_path(server_config_path) server_config_path = expand_path(server_config_path)
config = server_config_handler.load_server_config_from_file(server_config_path) config = server_config_handler.load_server_config_from_file(server_config_path)
create_secure_directory(config.data_dir) create_secure_directory(str(config.data_dir))
return config, server_config_path return config, server_config_path
@ -26,7 +26,7 @@ def _setup_default_config() -> Tuple[IslandConfigOptions, str]:
default_config = server_config_handler.load_server_config_from_file(DEFAULT_SERVER_CONFIG_PATH) default_config = server_config_handler.load_server_config_from_file(DEFAULT_SERVER_CONFIG_PATH)
default_data_dir = default_config.data_dir default_data_dir = default_config.data_dir
create_secure_directory(default_data_dir) create_secure_directory(str(default_data_dir))
server_config_path = server_config_handler.create_default_server_config_file(default_data_dir) server_config_path = server_config_handler.create_default_server_config_file(default_data_dir)
config = server_config_handler.load_server_config_from_file(server_config_path) config = server_config_handler.load_server_config_from_file(server_config_path)

View File

@ -1,6 +1,6 @@
{ {
"name": "infection-monkey", "name": "infection-monkey",
"version": "1.10.0", "version": "1.11.0",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {

View File

@ -1,6 +1,6 @@
{ {
"private": true, "private": true,
"version": "1.10.0", "version": "1.11.0",
"name": "infection-monkey", "name": "infection-monkey",
"description": "Infection Monkey C&C UI", "description": "Infection Monkey C&C UI",
"scripts": { "scripts": {

View File

@ -10,7 +10,7 @@ const LATERAL_MOVEMENT_DESCRIPTION = 'After the initial breach, the attacker wil
<br /> \ <br /> \
<br /> \ <br /> \
<a \ <a \
href="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/" \ href="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/?utm_medium=monkey-request&utm_source=web-report&utm_campaign=monkey-security-report" \
target="_blank" \ target="_blank" \
> \ > \
See some real-world examples on Guardicore\'s blog. \ See some real-world examples on Guardicore\'s blog. \