Merge remote-tracking branch 'upstream/develop' into monkey_hook_method

# Conflicts:
#	monkey/infection_monkey/utils.py

monkey/infection_monkey/config.py

@@ -157,9 +157,8 @@ class Configuration(object):
 
     keep_tunnel_open_time = 60
 
-    # Monkey files directories
+    # Monkey files directory name
-    monkey_dir_linux = '/tmp/monkey_dir'
+    monkey_dir_name = 'monkey_dir'
-    monkey_dir_windows = r'C:\Windows\Temp\monkey_dir'
 
     ###########################
     # scanners config

monkey/infection_monkey/example.conf

@@ -29,9 +29,7 @@
     "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe",
     "dropper_target_path_linux": "/tmp/monkey",
 
-    monkey_dir_linux = '/tmp/monkey_dir',
+    "monkey_dir_name": "monkey_dir",
-    monkey_dir_windows = r'C:\Windows\Temp\monkey_dir',
-
 
     "kill_file_path_linux": "/var/run/monkey.not",
     "kill_file_path_windows": "%windir%\\monkey.not",

monkey/infection_monkey/exploit/mssqlexec.py

@@ -1,15 +1,16 @@
-import os
 import logging
-from time import sleep
+import os
-import pymssql
 import textwrap
+from time import sleep
+
+import pymssql
 
-from infection_monkey.exploit import HostExploiter, tools
 from common.utils.exploit_enum import ExploitType
+from infection_monkey.exploit import HostExploiter, tools
 from infection_monkey.exploit.tools import HTTPTools
-from infection_monkey.config import WormConfiguration
-from infection_monkey.model import DROPPER_ARG
 from infection_monkey.exploit.tools import get_monkey_dest_path
+from infection_monkey.model import DROPPER_ARG
+from infection_monkey.utils import get_monkey_dir_path
 
 LOG = logging.getLogger(__name__)
 
@@ -52,10 +53,10 @@ class MSSQLExploiter(HostExploiter):
         LOG.info("Started http server on %s", http_path)
 
         dst_path = get_monkey_dest_path(http_path)
-        tmp_file_path = os.path.join(WormConfiguration.monkey_dir_windows, MSSQLExploiter.TMP_FILE_NAME)
+        tmp_file_path = os.path.join(get_monkey_dir_path(), MSSQLExploiter.TMP_FILE_NAME)
 
         # Create monkey dir.
-        commands = ["xp_cmdshell \"mkdir %s\"" % WormConfiguration.monkey_dir_windows]
+        commands = ["xp_cmdshell \"mkdir %s\"" % get_monkey_dir_path()]
         MSSQLExploiter.execute_command(cursor, commands)
 
         # Form download command in a file

monkey/infection_monkey/exploit/web_rce.py

@@ -210,6 +210,7 @@ class WebRCE(HostExploiter):
         for url in urls:
             if self.check_if_exploitable(url):
                 self.add_vuln_url(url)
+                self.vulnerable_urls.append(url)
                 if stop_checking:
                     break
         if not self.vulnerable_urls:

monkey/infection_monkey/exploit/win_ms08_067.py

@@ -153,6 +153,7 @@ class SRVSVC_Exploit(object):
 
 class Ms08_067_Exploiter(HostExploiter):
     _TARGET_OS_TYPE = ['windows']
+    _EXPLOITED_SERVICE = 'Microsoft Server Service'
     _windows_versions = {'Windows Server 2003 3790 Service Pack 2': WindowsVersion.Windows2003_SP2,
                          'Windows Server 2003 R2 3790 Service Pack 2': WindowsVersion.Windows2003_SP2}
 

monkey/infection_monkey/utils.py

@@ -1,7 +1,9 @@
 import os
-import sys
 import shutil
 import struct
+import sys
+import tempfile
+
 from infection_monkey.config import WormConfiguration
 
 
@@ -16,10 +18,9 @@ def get_dropper_log_path():
 
 
 def is_64bit_windows_os():
-    '''
+    """
     Checks for 64 bit Windows OS using environment variables.
-    :return:
+    """
-    '''
     return 'PROGRAMFILES(X86)' in os.environ
 
 
@@ -53,7 +54,4 @@ def remove_monkey_dir():
 
 
 def get_monkey_dir_path():
-    if is_windows_os():
+    return os.path.join(tempfile.gettempdir(), WormConfiguration.monkey_dir_name)
-        return WormConfiguration.monkey_dir_windows
-    else:
-        return WormConfiguration.monkey_dir_linux

monkey/monkey_island/cc/database.py

@@ -25,3 +25,14 @@ def is_db_server_up(mongo_url):
         return True
     except ServerSelectionTimeoutError:
         return False
+
+
+def get_db_version(mongo_url):
+    """
+    Return the mongo db version
+    :param mongo_url: Which mongo to check.
+    :return: version as a tuple (e.g. `(u'4', u'0', u'8')`)
+    """
+    client = MongoClient(mongo_url, serverSelectionTimeoutMS=100)
+    server_version = tuple(client.server_info()['version'].split('.'))
+    return server_version

monkey/monkey_island/cc/main.py

@@ -6,6 +6,8 @@ import sys
 import time
 import logging
 
+MINIMUM_MONGO_DB_VERSION_REQUIRED = "3.6.0"
+
 BASE_PATH = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
 if BASE_PATH not in sys.path:
@@ -22,7 +24,7 @@ from monkey_island.cc.app import init_app
 from monkey_island.cc.exporter_init import populate_exporter_list
 from monkey_island.cc.utils import local_ip_addresses
 from monkey_island.cc.environment.environment import env
-from monkey_island.cc.database import is_db_server_up
+from monkey_island.cc.database import is_db_server_up, get_db_version
 
 
 def main():
@@ -31,10 +33,8 @@ def main():
     from tornado.ioloop import IOLoop
 
     mongo_url = os.environ.get('MONGO_URL', env.get_mongo_url())
-
+    wait_for_mongo_db_server(mongo_url)
-    while not is_db_server_up(mongo_url):
+    assert_mongo_db_version(mongo_url)
-        logger.info('Waiting for MongoDB server')
-        time.sleep(1)
 
     populate_exporter_list()
     app = init_app(mongo_url)
@@ -55,5 +55,27 @@ def main():
         IOLoop.instance().start()
 
 
+def wait_for_mongo_db_server(mongo_url):
+    while not is_db_server_up(mongo_url):
+        logger.info('Waiting for MongoDB server on {0}'.format(mongo_url))
+        time.sleep(1)
+
+
+def assert_mongo_db_version(mongo_url):
+    """
+    Checks if the mongodb version is new enough for running the app.
+    If the DB is too old, quits.
+    :param mongo_url: URL to the mongo the Island will use
+    """
+    required_version = tuple(MINIMUM_MONGO_DB_VERSION_REQUIRED.split("."))
+    server_version = get_db_version(mongo_url)
+    if server_version < required_version:
+        logger.error(
+            'Mongo DB version too old. {0} is required, but got {1}'.format(str(required_version), str(server_version)))
+        sys.exit(-1)
+    else:
+        logger.info('Mongo DB version OK. Got {0}'.format(str(server_version)))
+
+
 if __name__ == '__main__':
     main()

monkey/monkey_island/cc/models/monkey.py

@@ -55,6 +55,14 @@ class Monkey(Document):
                 monkey_is_dead = True
         return monkey_is_dead
 
+    def get_os(self):
+        os = "unknown"
+        if self.description.lower().find("linux") != -1:
+            os = "linux"
+        elif self.description.lower().find("windows") != -1:
+            os = "windows"
+        return os
+
 
 class MonkeyNotFoundError(Exception):
     pass

monkey/monkey_island/cc/models/test_monkey.py

@@ -1,13 +1,13 @@
 import uuid
 from time import sleep
-from unittest import TestCase
 
 from monkey import Monkey
 from monkey_island.cc.models.monkey import MonkeyNotFoundError
+from monkey_island.cc.testing.IslandTestCase import IslandTestCase
 from monkey_ttl import MonkeyTtl
 
 
-class TestMonkey(TestCase):
+class TestMonkey(IslandTestCase):
     """
     Make sure to set server environment to `testing` in server.json! Otherwise this will mess up your mongo instance and
     won't work.
@@ -15,7 +15,11 @@ class TestMonkey(TestCase):
     Also, the working directory needs to be the working directory from which you usually run the island so the
     server.json file is found and loaded.
     """
+
     def test_is_dead(self):
+        self.fail_if_not_testing_env()
+        self.clean_monkey_db()
+
         # Arrange
         alive_monkey_ttl = MonkeyTtl.create_ttl_expire_in(30)
         alive_monkey_ttl.save()
@@ -43,6 +47,9 @@ class TestMonkey(TestCase):
         self.assertFalse(alive_monkey.is_dead())
 
     def test_get_single_monkey_by_id(self):
+        self.fail_if_not_testing_env()
+        self.clean_monkey_db()
+
         # Arrange
         a_monkey = Monkey(guid=str(uuid.uuid4()))
         a_monkey.save()
@@ -52,3 +59,21 @@ class TestMonkey(TestCase):
         self.assertIsNotNone(Monkey.get_single_monkey_by_id(a_monkey.id))
         # Raise on non-existent monkey
         self.assertRaises(MonkeyNotFoundError, Monkey.get_single_monkey_by_id, "abcdefabcdefabcdefabcdef")
+
+    def test_get_os(self):
+        self.fail_if_not_testing_env()
+        self.clean_monkey_db()
+
+        linux_monkey = Monkey(guid=str(uuid.uuid4()),
+                              description="Linux shay-Virtual-Machine 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64")
+        windows_monkey = Monkey(guid=str(uuid.uuid4()),
+                                description="Windows bla bla bla")
+        unknown_monkey = Monkey(guid=str(uuid.uuid4()),
+                                description="bla bla bla")
+        linux_monkey.save()
+        windows_monkey.save()
+        unknown_monkey.save()
+
+        self.assertEquals(1, len(filter(lambda m: m.get_os() == "windows", Monkey.objects())))
+        self.assertEquals(1, len(filter(lambda m: m.get_os() == "linux", Monkey.objects())))
+        self.assertEquals(1, len(filter(lambda m: m.get_os() == "unknown", Monkey.objects())))

monkey/monkey_island/cc/resources/attack/attack_report.py

@@ -1,7 +1,7 @@
 import flask_restful
 from flask import jsonify
-from cc.auth import jwt_required
+from monkey_island.cc.auth import jwt_required
-from cc.services.attack.attack_report import AttackReportService
+from monkey_island.cc.services.attack.attack_report import AttackReportService
 
 __author__ = "VakarisZ"
 

monkey/monkey_island/cc/resources/root.py

@@ -8,7 +8,7 @@ from monkey_island.cc.auth import jwt_required
 from monkey_island.cc.database import mongo
 from monkey_island.cc.services.node import NodeService
 from monkey_island.cc.services.report import ReportService
-from cc.services.attack.attack_report import AttackReportService
+from monkey_island.cc.services.attack.attack_report import AttackReportService
 from monkey_island.cc.utils import local_ip_addresses
 from monkey_island.cc.services.database import Database
 

monkey/monkey_island/cc/services/config_schema.py

@@ -499,17 +499,11 @@ SCHEMA = {
                             "default": 60,
                             "description": "Time to keep tunnel open before going down after last exploit (in seconds)"
                         },
-                        "monkey_dir_windows": {
+                        "monkey_dir_name": {
-                            "title": "Monkey's windows directory",
+                            "title": "Monkey's directory name",
                             "type": "string",
-                            "default": r"C:\Windows\temp\monkey_dir",
+                            "default": r"monkey_dir",
-                            "description": "Directory containing all monkey files on windows"
+                            "description": "Directory name for the directory which will contain all of the monkey files"
-                        },
-                        "monkey_dir_linux": {
-                            "title": "Monkey's linux directory",
-                            "type": "string",
-                            "default": "/tmp/monkey_dir",
-                            "description": "Directory containing all monkey files on linux"
                         },
                     }
                 },

monkey/monkey_island/cc/services/pth_report.py

@@ -1,6 +1,7 @@
 from itertools import product
 
 from monkey_island.cc.database import mongo
+from monkey_island.cc.models import Monkey
 from bson import ObjectId
 
 from monkey_island.cc.services.groups_and_users_consts import USERTYPE
@@ -216,15 +217,15 @@ class PTHReportService(object):
 
     @staticmethod
     def generate_map_nodes():
-        monkeys = mongo.db.monkey.find({}, {'_id': 1, 'hostname': 1, 'critical_services': 1, 'ip_addresses': 1})
+        monkeys = filter(lambda m: m.get_os() == "windows", Monkey.objects())
 
         return [
             {
-                'id': monkey['_id'],
+                'id': monkey.guid,
-                'label': '{0} : {1}'.format(monkey['hostname'], monkey['ip_addresses'][0]),
+                'label': '{0} : {1}'.format(monkey.hostname, monkey.ip_addresses[0]),
-                'group': 'critical' if monkey.get('critical_services', []) else 'normal',
+                'group': 'critical' if monkey.critical_services is not None else 'normal',
-                'services': monkey.get('critical_services', []),
+                'services': monkey.critical_services,
-                'hostname': monkey['hostname']
+                'hostname': monkey.hostname
             } for monkey in monkeys
         ]
 

monkey/monkey_island/cc/services/test_PTHReportService.py

@@ -0,0 +1,69 @@
+import uuid
+
+from monkey_island.cc.models import Monkey
+from monkey_island.cc.services.pth_report import PTHReportService
+from monkey_island.cc.testing.IslandTestCase import IslandTestCase
+
+
+class TestPTHReportServiceGenerateMapNodes(IslandTestCase):
+    def test_generate_map_nodes(self):
+        self.fail_if_not_testing_env()
+        self.clean_monkey_db()
+
+        self.assertEqual(PTHReportService.generate_map_nodes(), [])
+
+        windows_monkey_with_services = Monkey(
+            guid=str(uuid.uuid4()),
+            hostname="A_Windows_PC_1",
+            critical_services=["aCriticalService", "Domain Controller"],
+            ip_addresses=["1.1.1.1", "2.2.2.2"],
+            description="windows 10"
+        )
+        windows_monkey_with_services.save()
+
+        windows_monkey_with_no_services = Monkey(
+            guid=str(uuid.uuid4()),
+            hostname="A_Windows_PC_2",
+            critical_services=[],
+            ip_addresses=["3.3.3.3"],
+            description="windows 10"
+        )
+        windows_monkey_with_no_services.save()
+
+        linux_monkey = Monkey(
+            guid=str(uuid.uuid4()),
+            hostname="A_Linux_PC",
+            ip_addresses=["4.4.4.4"],
+            description="linux ubuntu"
+        )
+        linux_monkey.save()
+
+        map_nodes = PTHReportService.generate_map_nodes()
+
+        self.assertEquals(2, len(map_nodes))
+
+    def test_generate_map_nodes_parsing(self):
+        self.fail_if_not_testing_env()
+        self.clean_monkey_db()
+
+        monkey_id = str(uuid.uuid4())
+        hostname = "A_Windows_PC_1"
+        windows_monkey_with_services = Monkey(
+            guid=monkey_id,
+            hostname=hostname,
+            critical_services=["aCriticalService", "Domain Controller"],
+            ip_addresses=["1.1.1.1"],
+            description="windows 10"
+        )
+        windows_monkey_with_services.save()
+
+        map_nodes = PTHReportService.generate_map_nodes()
+
+        self.assertEquals(map_nodes[0]["id"], monkey_id)
+        self.assertEquals(map_nodes[0]["label"], "A_Windows_PC_1 : 1.1.1.1")
+        self.assertEquals(map_nodes[0]["group"], "critical")
+        self.assertEquals(len(map_nodes[0]["services"]), 2)
+        self.assertEquals(map_nodes[0]["hostname"], hostname)
+
+
+

monkey/monkey_island/cc/testing/IslandTestCase.py

@@ -0,0 +1,12 @@
+import unittest
+from monkey_island.cc.environment.environment import env
+from monkey_island.cc.models import Monkey
+
+
+class IslandTestCase(unittest.TestCase):
+    def fail_if_not_testing_env(self):
+        self.failIf(not env.testing, "Change server_config.json to testing environment.")
+
+    @staticmethod
+    def clean_monkey_db():
+        Monkey.objects().delete()

monkey/monkey_island/cc/ui/package.json

@@ -6,6 +6,7 @@
     "clean": "rimraf dist/*",
     "copy": "copyfiles -f ./src/index.html ./src/favicon.ico ./dist",
     "dist": "webpack --mode production",
+    "dev": "webpack --mode development",
     "lint": "eslint ./src",
     "posttest": "npm run lint",
     "release:major": "npm version major && npm publish && git push --follow-tags",
@@ -100,6 +101,7 @@
     "sass-loader": "^7.1.0",
     "sha3": "^2.0.0",
     "react-spinners": "^0.5.4",
-    "@emotion/core": "^10.0.10"
+    "@emotion/core": "^10.0.10",
+    "react-desktop-notification": "^1.0.9"
   }
 }

monkey/monkey_island/cc/ui/src/components/Main.js

@@ -14,6 +14,8 @@ import ReportPage from 'components/pages/ReportPage';
 import LicensePage from 'components/pages/LicensePage';
 import AuthComponent from 'components/AuthComponent';
 import LoginPageComponent from 'components/pages/LoginPage';
+import Notifier from "react-desktop-notification"
+
 
 import 'normalize.css/normalize.css';
 import 'react-data-components/css/table-twbs.css';
@@ -25,6 +27,7 @@ import VersionComponent from "./side-menu/VersionComponent";
 let logoImage = require('../images/monkey-icon.svg');
 let infectionMonkeyImage = require('../images/infection-monkey.svg');
 let guardicoreLogoImage = require('../images/guardicore-logo.png');
+let notificationIcon = require('../images/notification-logo-512x512.png');
 
 class AppComponent extends AuthComponent {
   updateStatus = () => {
@@ -50,6 +53,7 @@ class AppComponent extends AuthComponent {
               }
               if (isChanged) {
                 this.setState({completedSteps: res['completed_steps']});
+                this.showInfectionDoneNotification();
               }
             });
         }
@@ -194,6 +198,20 @@ class AppComponent extends AuthComponent {
       </Router>
     );
   }
+
+  showInfectionDoneNotification() {
+    if (this.state.completedSteps.infection_done) {
+      let hostname = window.location.hostname;
+      let url = `https://${hostname}:5000/report`;
+      console.log("Trying to show notification. URL: " + url + " | icon: " + notificationIcon);
+
+      Notifier.start(
+        "Monkey Island",
+        "Infection is done! Click here to go to the report page.",
+        url,
+        notificationIcon);
+    }
+  }
 }
 
 AppComponent.defaultProps = {};