From 7a8442b3315dd3bdb29c81a8deb96ec2ea1453bc Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 12:39:20 -0400
Subject: [PATCH 01/16] Agent: Remove disused ExploitType Enum
---
monkey/common/utils/exploit_enum.py | 6 ------
monkey/infection_monkey/exploit/HostExploiter.py | 4 ----
monkey/infection_monkey/exploit/log4shell.py | 2 --
monkey/infection_monkey/exploit/mssqlexec.py | 2 --
monkey/infection_monkey/exploit/powershell.py | 2 --
monkey/infection_monkey/exploit/smbexec.py | 2 --
monkey/infection_monkey/exploit/sshexec.py | 2 --
monkey/infection_monkey/exploit/wmiexec.py | 2 --
monkey/infection_monkey/exploit/zerologon.py | 2 --
9 files changed, 24 deletions(-)
delete mode 100644 monkey/common/utils/exploit_enum.py
diff --git a/monkey/common/utils/exploit_enum.py b/monkey/common/utils/exploit_enum.py
deleted file mode 100644
index daac36e1b..000000000
--- a/monkey/common/utils/exploit_enum.py
+++ /dev/null
@@ -1,6 +0,0 @@
-from enum import Enum
-
-
-class ExploitType(Enum):
- VULNERABILITY = 1
- BRUTE_FORCE = 9
diff --git a/monkey/infection_monkey/exploit/HostExploiter.py b/monkey/infection_monkey/exploit/HostExploiter.py
index e1b6d0c80..c88604cd3 100644
--- a/monkey/infection_monkey/exploit/HostExploiter.py
+++ b/monkey/infection_monkey/exploit/HostExploiter.py
@@ -4,7 +4,6 @@ from datetime import datetime
from typing import Dict
from common.utils.exceptions import FailedExploitationError
-from common.utils.exploit_enum import ExploitType
from infection_monkey.config import WormConfiguration
from infection_monkey.i_puppet import ExploiterResultData
from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
@@ -17,9 +16,6 @@ logger = logging.getLogger(__name__)
class HostExploiter:
_TARGET_OS_TYPE = []
- # Usual values are 'vulnerability' or 'brute_force'
- EXPLOIT_TYPE = ExploitType.VULNERABILITY
-
# Determines if successful exploitation should stop further exploit attempts on that machine.
# Generally, should be True for RCE type exploiters and False if we don't expect the
# exploiter to run the monkey agent.
diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py
index e68b7f5ab..e04185d8a 100644
--- a/monkey/infection_monkey/exploit/log4shell.py
+++ b/monkey/infection_monkey/exploit/log4shell.py
@@ -1,7 +1,6 @@
import logging
import time
-from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.log4shell_utils import (
LINUX_EXPLOIT_TEMPLATE_PATH,
WINDOWS_EXPLOIT_TEMPLATE_PATH,
@@ -25,7 +24,6 @@ logger = logging.getLogger(__name__)
class Log4ShellExploiter(WebRCE):
_TARGET_OS_TYPE = ["linux", "windows"]
- EXPLOIT_TYPE = ExploitType.VULNERABILITY
_EXPLOITED_SERVICE = "Log4j"
SERVER_SHUTDOWN_TIMEOUT = 15
REQUEST_TO_VICTIM_TIMEOUT = (
diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py
index 220268b76..bdef41784 100644
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@@ -6,7 +6,6 @@ import pymssql
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
from common.utils.exceptions import FailedExploitationError
-from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import get_agent_dest_path
from infection_monkey.exploit.tools.http_tools import HTTPTools
@@ -23,7 +22,6 @@ logger = logging.getLogger(__name__)
class MSSQLExploiter(HostExploiter):
_EXPLOITED_SERVICE = "MSSQL"
_TARGET_OS_TYPE = ["windows"]
- EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
LOGIN_TIMEOUT = 15
# Time in seconds to wait between MSSQL queries.
QUERY_BUFFER = 0.5
diff --git a/monkey/infection_monkey/exploit/powershell.py b/monkey/infection_monkey/exploit/powershell.py
index d18a5c982..026ffb17d 100644
--- a/monkey/infection_monkey/exploit/powershell.py
+++ b/monkey/infection_monkey/exploit/powershell.py
@@ -2,7 +2,6 @@ import logging
import os
from typing import List, Optional
-from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.powershell_utils.auth_options import (
AUTH_NEGOTIATE,
@@ -42,7 +41,6 @@ class RemoteAgentExecutionError(Exception):
class PowerShellExploiter(HostExploiter):
_TARGET_OS_TYPE = ["windows"]
- EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
_EXPLOITED_SERVICE = "PowerShell Remoting (WinRM)"
def __init__(self):
diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py
index 35c45c773..b5b6f65c3 100644
--- a/monkey/infection_monkey/exploit/smbexec.py
+++ b/monkey/infection_monkey/exploit/smbexec.py
@@ -3,7 +3,6 @@ from logging import getLogger
from impacket.dcerpc.v5 import scmr, transport
from common.utils.attack_utils import ScanStatus, UsageEnum
-from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
from infection_monkey.exploit.tools.smb_tools import SmbTools
@@ -18,7 +17,6 @@ logger = getLogger(__name__)
class SmbExploiter(HostExploiter):
_TARGET_OS_TYPE = ["windows"]
- EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
_EXPLOITED_SERVICE = "SMB"
KNOWN_PROTOCOLS = {
"139/SMB": (r"ncacn_np:%s[\pipe\svcctl]", 139),
diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py
index 0192ae3ed..6d285e1d5 100644
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@@ -6,7 +6,6 @@ import paramiko
from common.utils.attack_utils import ScanStatus
from common.utils.exceptions import FailedExploitationError
-from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import get_monkey_depth
from infection_monkey.i_puppet import ExploiterResultData
@@ -24,7 +23,6 @@ TRANSFER_UPDATE_RATE = 15
class SSHExploiter(HostExploiter):
_TARGET_OS_TYPE = ["linux", None]
- EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
_EXPLOITED_SERVICE = "SSH"
def __init__(self):
diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py
index 4c6fcc70f..7fc229ebe 100644
--- a/monkey/infection_monkey/exploit/wmiexec.py
+++ b/monkey/infection_monkey/exploit/wmiexec.py
@@ -5,7 +5,6 @@ import traceback
from impacket.dcerpc.v5.rpcrt import DCERPCException
-from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.smb_tools import SmbTools
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
@@ -22,7 +21,6 @@ logger = logging.getLogger(__name__)
class WmiExploiter(HostExploiter):
_TARGET_OS_TYPE = ["windows"]
- EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
_EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)"
@WmiTools.impacket_user
diff --git a/monkey/infection_monkey/exploit/zerologon.py b/monkey/infection_monkey/exploit/zerologon.py
index 153b31bdd..e441055cf 100644
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@@ -15,7 +15,6 @@ import impacket
from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
from impacket.dcerpc.v5.dtypes import NULL
-from common.utils.exploit_enum import ExploitType
from infection_monkey.credential_collectors import LMHash, NTHash, Username
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.wmi_tools import WmiTools
@@ -34,7 +33,6 @@ logger = logging.getLogger(__name__)
class ZerologonExploiter(HostExploiter):
_TARGET_OS_TYPE = ["windows"]
_EXPLOITED_SERVICE = "Netlogon"
- EXPLOIT_TYPE = ExploitType.VULNERABILITY
RUNS_AGENT_ON_SUCCESS = False
MAX_ATTEMPTS = 2000 # For 2000, expected average number of attempts needed: 256.
ERROR_CODE_ACCESS_DENIED = 0xC0000022
From 9976b8b044106d86ca75425230aae614553b315d Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 12:43:21 -0400
Subject: [PATCH 02/16] Agent: Remove disused RUNS_AGENT_ON_SUCCESS
---
monkey/infection_monkey/exploit/HostExploiter.py | 6 ------
monkey/infection_monkey/exploit/zerologon.py | 1 -
2 files changed, 7 deletions(-)
diff --git a/monkey/infection_monkey/exploit/HostExploiter.py b/monkey/infection_monkey/exploit/HostExploiter.py
index c88604cd3..3bda4b0d7 100644
--- a/monkey/infection_monkey/exploit/HostExploiter.py
+++ b/monkey/infection_monkey/exploit/HostExploiter.py
@@ -16,12 +16,6 @@ logger = logging.getLogger(__name__)
class HostExploiter:
_TARGET_OS_TYPE = []
- # Determines if successful exploitation should stop further exploit attempts on that machine.
- # Generally, should be True for RCE type exploiters and False if we don't expect the
- # exploiter to run the monkey agent.
- # Example: Zerologon steals credentials
- RUNS_AGENT_ON_SUCCESS = True
-
@property
@abstractmethod
def _EXPLOITED_SERVICE(self):
diff --git a/monkey/infection_monkey/exploit/zerologon.py b/monkey/infection_monkey/exploit/zerologon.py
index e441055cf..88722ecec 100644
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@@ -33,7 +33,6 @@ logger = logging.getLogger(__name__)
class ZerologonExploiter(HostExploiter):
_TARGET_OS_TYPE = ["windows"]
_EXPLOITED_SERVICE = "Netlogon"
- RUNS_AGENT_ON_SUCCESS = False
MAX_ATTEMPTS = 2000 # For 2000, expected average number of attempts needed: 256.
ERROR_CODE_ACCESS_DENIED = 0xC0000022
From 1eb8e07c06874ad9154f407b6dd04a76f04fbc92 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 12:48:13 -0400
Subject: [PATCH 03/16] Agent: Remove disused get_target_monkey_by_os()
---
monkey/infection_monkey/exploit/tools/helpers.py | 6 ------
1 file changed, 6 deletions(-)
diff --git a/monkey/infection_monkey/exploit/tools/helpers.py b/monkey/infection_monkey/exploit/tools/helpers.py
index 155800fe6..1ebedc668 100644
--- a/monkey/infection_monkey/exploit/tools/helpers.py
+++ b/monkey/infection_monkey/exploit/tools/helpers.py
@@ -19,12 +19,6 @@ def get_target_monkey(host):
raise NotImplementedError("get_target_monkey() has been retired. Use IAgentRepository instead.")
-def get_target_monkey_by_os(is_windows, is_32bit):
- raise NotImplementedError(
- "get_target_monkey_by_os() has been retired. Use IAgentRepository instead."
- )
-
-
def get_random_file_suffix() -> str:
character_set = list(string.ascii_letters + string.digits + "_" + "-")
# random.SystemRandom can block indefinitely in Linux
From 5d2303f30048df7d5af6a82847333433f3af5bfb Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 12:49:24 -0400
Subject: [PATCH 04/16] Agent: Remove disused DOWNLOAD_CHUNK
---
monkey/infection_monkey/control.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py
index d11de18fc..9d38b8adf 100644
--- a/monkey/infection_monkey/control.py
+++ b/monkey/infection_monkey/control.py
@@ -21,7 +21,6 @@ from infection_monkey.utils.environment import is_windows_os
requests.packages.urllib3.disable_warnings()
logger = logging.getLogger(__name__)
-DOWNLOAD_CHUNK = 1024
PBA_FILE_DOWNLOAD = "https://%s/api/pba/download/%s"
From 5a708db5ccb9697b42f127863470fd0fc5663c13 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 12:58:24 -0400
Subject: [PATCH 05/16] Agent: Remove disused methods from ControlClient
---
monkey/infection_monkey/control.py | 44 ------------------------------
1 file changed, 44 deletions(-)
diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py
index 9d38b8adf..985c8e984 100644
--- a/monkey/infection_monkey/control.py
+++ b/monkey/infection_monkey/control.py
@@ -132,28 +132,6 @@ class ControlClient(object):
else:
ControlClient.proxies["https"] = f"{proxy_address}:{proxy_port}"
- @staticmethod
- def keepalive():
- if not WormConfiguration.current_server:
- return
- try:
- monkey = {}
- if ControlClient.proxies:
- monkey["tunnel"] = ControlClient.proxies.get("https")
- requests.patch( # noqa: DUO123
- "https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
- data=json.dumps(monkey),
- headers={"content-type": "application/json"},
- verify=False,
- proxies=ControlClient.proxies,
- timeout=MEDIUM_REQUEST_TIMEOUT,
- )
- except Exception as exc:
- logger.warning(
- "Error connecting to control server %s: %s", WormConfiguration.current_server, exc
- )
- return {}
-
@staticmethod
def send_telemetry(telem_category, json_data: str):
if not WormConfiguration.current_server:
@@ -252,28 +230,6 @@ class ControlClient(object):
)
return {}
- @staticmethod
- def check_for_stop():
- ControlClient.load_control_config()
- return not WormConfiguration.alive
-
- @staticmethod
- def spoof_host_os_info(is_windows, is_32bit):
- if is_windows:
- os = "windows"
- if is_32bit:
- arch = "x86"
- else:
- arch = "amd64"
- else:
- os = "linux"
- if is_32bit:
- arch = "i686"
- else:
- arch = "x86_64"
-
- return {"os": {"type": os, "machine": arch}}
-
@staticmethod
def create_control_tunnel():
if not WormConfiguration.current_server:
From cd3f5e7f16e888e960f993cc1b6c3980a4a0fa9e Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:00:55 -0400
Subject: [PATCH 06/16] Project: Add get_file_sha256_hash() to
vulture_allowlist.py
---
vulture_allowlist.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/vulture_allowlist.py b/vulture_allowlist.py
index 54b9caa12..a4a61ccb9 100644
--- a/vulture_allowlist.py
+++ b/vulture_allowlist.py
@@ -146,6 +146,7 @@ Report.glance
Report.meta_info
Report.meta
LDAPServerFactory.buildProtocol
+get_file_sha256_hash
# these are not needed for it to work, but may be useful extra information to understand what's going on
WINDOWS_PBA_TYPE # unused variable (monkey/monkey_island/cc/resources/pba_file_upload.py:23)
From f0fed888cb56d7dcbc4a4aa24a5ecbdc69a79696 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:04:09 -0400
Subject: [PATCH 07/16] Common: Remove disused SYSTEM_INFO telemetry category
---
monkey/common/common_consts/telem_categories.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/monkey/common/common_consts/telem_categories.py b/monkey/common/common_consts/telem_categories.py
index 70faa73f4..669b2379c 100644
--- a/monkey/common/common_consts/telem_categories.py
+++ b/monkey/common/common_consts/telem_categories.py
@@ -7,6 +7,5 @@ class TelemCategoryEnum:
POST_BREACH = "post_breach"
SCAN = "scan"
STATE = "state"
- SYSTEM_INFO = "system_info"
TRACE = "trace"
TUNNEL = "tunnel"
From 048817d60a9104ed600d8bbb1f28c6945e5e1482 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:05:38 -0400
Subject: [PATCH 08/16] Agent: Remove disused VictimHostGenerator
---
.../model/victim_host_generator.py | 45 -------------------
.../model/test_victim_host_generator.py | 41 -----------------
2 files changed, 86 deletions(-)
delete mode 100644 monkey/infection_monkey/model/victim_host_generator.py
delete mode 100644 monkey/tests/unit_tests/infection_monkey/model/test_victim_host_generator.py
diff --git a/monkey/infection_monkey/model/victim_host_generator.py b/monkey/infection_monkey/model/victim_host_generator.py
deleted file mode 100644
index 444c4a5ee..000000000
--- a/monkey/infection_monkey/model/victim_host_generator.py
+++ /dev/null
@@ -1,45 +0,0 @@
-from infection_monkey.model.host import VictimHost
-
-
-class VictimHostGenerator(object):
- def __init__(self, network_ranges, blocked_ips, same_machine_ips):
- self.blocked_ips = blocked_ips
- self.ranges = network_ranges
- self.local_addresses = same_machine_ips
-
- def generate_victims(self, chunk_size):
- """
- Generates VictimHosts in chunks from all the instances network ranges
- :param chunk_size: Maximum size of each chunk
- """
- chunk = []
- for net_range in self.ranges:
- for victim in self.generate_victims_from_range(net_range):
- chunk.append(victim)
- if len(chunk) == chunk_size:
- yield chunk
- chunk = []
- if chunk: # finished with number of victims < chunk_size
- yield chunk
-
- def generate_victims_from_range(self, net_range):
- """
- Generates VictimHosts from a given netrange
- :param net_range: Network range object
- :return: Generator of VictimHost objects
- """
- for address in net_range:
- if not self.is_ip_scannable(address): # check if the IP should be skipped
- continue
- if hasattr(net_range, "domain_name"):
- victim = VictimHost(address, net_range.domain_name)
- else:
- victim = VictimHost(address)
- yield victim
-
- def is_ip_scannable(self, ip_address):
- if ip_address in self.local_addresses:
- return False
- if ip_address in self.blocked_ips:
- return False
- return True
diff --git a/monkey/tests/unit_tests/infection_monkey/model/test_victim_host_generator.py b/monkey/tests/unit_tests/infection_monkey/model/test_victim_host_generator.py
deleted file mode 100644
index 0133102eb..000000000
--- a/monkey/tests/unit_tests/infection_monkey/model/test_victim_host_generator.py
+++ /dev/null
@@ -1,41 +0,0 @@
-from unittest import TestCase
-
-from common.network.network_range import CidrRange, SingleIpRange
-from infection_monkey.model.victim_host_generator import VictimHostGenerator
-
-
-class TestVictimHostGenerator(TestCase):
- def setUp(self):
- self.cidr_range = CidrRange("10.0.0.0/28", False) # this gives us 15 hosts
- self.local_host_range = SingleIpRange("localhost")
- self.random_single_ip_range = SingleIpRange("41.50.13.37")
-
- def test_chunking(self):
- chunk_size = 3
- # current test setup is 15+1+1-1 hosts
- test_ranges = [self.cidr_range, self.local_host_range, self.random_single_ip_range]
- generator = VictimHostGenerator(test_ranges, "10.0.0.1", [])
- victims = generator.generate_victims(chunk_size)
- for i in range(5): # quickly check the equally sided chunks
- self.assertEqual(len(next(victims)), chunk_size)
- victim_chunk_last = next(victims)
- self.assertEqual(len(victim_chunk_last), 1)
-
- def test_remove_blocked_ip(self):
- generator = VictimHostGenerator(self.cidr_range, ["10.0.0.1"], [])
-
- victims = list(generator.generate_victims_from_range(self.cidr_range))
- self.assertEqual(len(victims), 14) # 15 minus the 1 we blocked
-
- def test_remove_local_ips(self):
- generator = VictimHostGenerator([], [], [])
- generator.local_addresses = ["127.0.0.1"]
- victims = list(generator.generate_victims_from_range(self.local_host_range))
- self.assertEqual(len(victims), 0) # block the local IP
-
- def test_generate_domain_victim(self):
- # domain name victim
- generator = VictimHostGenerator([], [], []) # dummy object
- victims = list(generator.generate_victims_from_range(self.local_host_range))
- self.assertEqual(len(victims), 1)
- self.assertEqual(victims[0].domain_name, "localhost")
From 7facf302a401032210f737b368a5359f7ee6bd20 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:13:07 -0400
Subject: [PATCH 09/16] Agent: Rename unused '_' parameter to architecture in
get_agent_binary
---
monkey/common/utils/exceptions.py | 4 ----
monkey/infection_monkey/exploit/caching_agent_repository.py | 2 +-
2 files changed, 1 insertion(+), 5 deletions(-)
diff --git a/monkey/common/utils/exceptions.py b/monkey/common/utils/exceptions.py
index 2a0e369e9..945e35415 100644
--- a/monkey/common/utils/exceptions.py
+++ b/monkey/common/utils/exceptions.py
@@ -18,10 +18,6 @@ class IncorrectCredentialsError(Exception):
""" Raise to indicate that authentication failed """
-class InvalidAWSKeys(Exception):
- """ Raise to indicate that AWS API keys are invalid"""
-
-
class NoInternetError(Exception):
""" Raise to indicate problems caused when no internet connection is present"""
diff --git a/monkey/infection_monkey/exploit/caching_agent_repository.py b/monkey/infection_monkey/exploit/caching_agent_repository.py
index 8a55b3f63..9d24746ad 100644
--- a/monkey/infection_monkey/exploit/caching_agent_repository.py
+++ b/monkey/infection_monkey/exploit/caching_agent_repository.py
@@ -22,7 +22,7 @@ class CachingAgentRepository(IAgentRepository):
self._proxies = proxies
self._lock = threading.Lock()
- def get_agent_binary(self, os: str, _: str = None) -> io.BytesIO:
+ def get_agent_binary(self, os: str, architecture: str = None) -> io.BytesIO:
# If multiple calls to get_agent_binary() are made simultaneously before the result of
# _download_binary_from_island() is cached, then multiple requests will be sent to the
# island. Add a mutex in front of the call to _download_agent_binary_from_island() so
From 77e0cae44129896b78612cad21fbeb1c9ac5dcf0 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:14:19 -0400
Subject: [PATCH 10/16] Agent: Remove disused methods in WebRCE
---
monkey/infection_monkey/exploit/web_rce.py | 46 ----------------------
1 file changed, 46 deletions(-)
diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py
index bbb590b8b..1c0bbdb88 100644
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@@ -5,7 +5,6 @@ from typing import List, Tuple
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import get_target_monkey
from infection_monkey.exploit.tools.http_tools import HTTPTools
from infection_monkey.model import (
BITSADMIN_CMDLINE_HTTP,
@@ -407,51 +406,6 @@ class WebRCE(HostExploiter):
self.add_executed_cmd(command)
return resp
- def get_monkey_upload_path(self, url_to_monkey):
- """
- Gets destination path from one of WEB_RCE predetermined paths(self.monkey_target_paths).
- :param url_to_monkey: Hosted monkey's url. egz :
- http://localserver:9999/monkey/windows-64.exe
- :return: Corresponding monkey path from self.monkey_target_paths
- """
- if not url_to_monkey or ("linux" not in url_to_monkey and "windows" not in url_to_monkey):
- logger.error(
- "Can't get destination path because source path %s is invalid.", url_to_monkey
- )
- return False
- try:
- if "linux" in url_to_monkey:
- return self.monkey_target_paths["linux"]
- elif "windows" in url_to_monkey:
- return self.monkey_target_paths["win64"]
- else:
- logger.error(
- "Could not figure out what type of monkey server was trying to upload, "
- "thus destination path can not be chosen."
- )
- return False
- except KeyError:
- logger.error(
- 'Unknown key was found. Please use "linux" and "win64" keys to '
- "initialize custom dict of monkey's destination paths"
- )
- return False
-
- def get_monkey_paths(self):
- """
- Gets local (used by server) and destination (where to download) paths.
- :return: dict of source and destination paths
- """
- src_path = get_target_monkey(self.host)
- if not src_path:
- logger.info("Can't find suitable monkey executable for host %r", self.host)
- return False
- # Determine which destination path to use
- dest_path = self.get_monkey_upload_path(src_path)
- if not dest_path:
- return False
- return {"src_path": src_path, "dest_path": dest_path}
-
def get_default_dropper_path(self):
"""
Gets default dropper path for the host.
From 7a71a994208fb322503b75a1fa7e37324e1beb66 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:20:49 -0400
Subject: [PATCH 11/16] Agent:Remove disused TIMEOUT constant in
network/info.py
---
monkey/infection_monkey/network/info.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py
index 9544675d4..f546116cb 100644
--- a/monkey/infection_monkey/network/info.py
+++ b/monkey/infection_monkey/network/info.py
@@ -13,7 +13,6 @@ from common.network.network_range import CidrRange
from infection_monkey.utils.environment import is_windows_os
# Timeout for monkey connections
-TIMEOUT = 15
LOOPBACK_NAME = b"lo"
SIOCGIFADDR = 0x8915 # get PA address
SIOCGIFNETMASK = 0x891B # get network PA mask
From 916f4a6a46db5d50cb42bc01a6134ec45db811e5 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:21:57 -0400
Subject: [PATCH 12/16] Agent: Remove disused get_exploit_user_ssh_key_pairs()
---
monkey/infection_monkey/config.py | 6 ------
1 file changed, 6 deletions(-)
diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py
index 8feb3f3f7..f9fec0c16 100644
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@@ -136,12 +136,6 @@ class Configuration(object):
"""
return product(self.exploit_user_list, self.exploit_password_list)
- def get_exploit_user_ssh_key_pairs(self):
- """
- :return: All combinations of the configurations users and ssh pairs
- """
- return product(self.exploit_user_list, self.exploit_ssh_keys)
-
@staticmethod
def hash_sensitive_data(sensitive_data):
"""
From 4cf448ebe193eaf0eacd04b9d1924a0082280b6e Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:25:59 -0400
Subject: [PATCH 13/16] Agent: Remove disused struct_unpack_tracker*()
---
monkey/infection_monkey/network/tools.py | 26 ------------------------
1 file changed, 26 deletions(-)
diff --git a/monkey/infection_monkey/network/tools.py b/monkey/infection_monkey/network/tools.py
index 1a1981616..7a863ea7d 100644
--- a/monkey/infection_monkey/network/tools.py
+++ b/monkey/infection_monkey/network/tools.py
@@ -12,32 +12,6 @@ BANNER_READ = 1024
logger = logging.getLogger(__name__)
-def struct_unpack_tracker(data, index, fmt):
- """
- Unpacks a struct from the specified index according to specified format.
- Returns the data and the next index
- :param data: Buffer
- :param index: Position index
- :param fmt: Struct format
- :return: (Data, new index)
- """
- unpacked = struct.unpack_from(fmt, data, index)
- return unpacked, struct.calcsize(fmt)
-
-
-def struct_unpack_tracker_string(data, index):
- """
- Unpacks a null terminated string from the specified index
- Returns the data and the next index
- :param data: Buffer
- :param index: Position index
- :return: (Data, new index)
- """
- ascii_len = data[index:].find(b"\0")
- fmt = "%ds" % ascii_len
- return struct_unpack_tracker(data, index, fmt)
-
-
def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
"""
Checks if a given TCP port is open
From aac8638df2c5feeb2120fe4f2497ee30fa4b8ea1 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:27:21 -0400
Subject: [PATCH 14/16] Agent: Remove disused get_interfaces_ranges()
---
monkey/infection_monkey/network/info.py | 17 -----------------
1 file changed, 17 deletions(-)
diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py
index f546116cb..162fb423b 100644
--- a/monkey/infection_monkey/network/info.py
+++ b/monkey/infection_monkey/network/info.py
@@ -9,7 +9,6 @@ from typing import List
import netifaces
import psutil
-from common.network.network_range import CidrRange
from infection_monkey.utils.environment import is_windows_os
# Timeout for monkey connections
@@ -136,19 +135,3 @@ def get_free_tcp_port(min_range=1024, max_range=65535):
return port
return None
-
-
-def get_interfaces_ranges():
- """
- Returns a list of IPs accessible in the host in each network interface, in the subnet.
- Limits to a single class C if the network is larger
- :return: List of IPs, marked as strings.
- """
- res = []
- ifs = get_host_subnets()
- for net_interface in ifs:
- address_str = net_interface["addr"]
- netmask_str = net_interface["netmask"]
- # limit subnet scans to class C only
- res.append(CidrRange(cidr_range="%s/%s" % (address_str, netmask_str)))
- return res
From 98fb4132ecddde99528f6b61be0fcb6a6da4e980 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:41:17 -0400
Subject: [PATCH 15/16] Agent: Remove disused config values from
WormConfiguration
---
monkey/infection_monkey/config.py | 41 -------------------------------
1 file changed, 41 deletions(-)
diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py
index f9fec0c16..9c239fd93 100644
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@@ -83,9 +83,6 @@ class Configuration(object):
# sets whether or not the monkey is alive. if false will stop scanning and exploiting
alive = True
- finger_classes = []
- exploiter_classes = []
-
# depth of propagation
depth = 2
max_depth = None
@@ -96,39 +93,6 @@ class Configuration(object):
keep_tunnel_open_time = 60
- ###########################
- # scanners config
- ###########################
-
- # Auto detect and scan local subnets
- local_network_scan = True
-
- subnet_scan_list = []
- inaccessible_subnets = []
-
- blocked_ips = []
-
- # TCP Scanner
- HTTP_PORTS = [
- 80,
- 8080,
- 443,
- 8008, # HTTP alternate
- 7001, # Oracle Weblogic default server port
- ]
- tcp_target_ports = [22, 2222, 445, 135, 3389, 80, 8080, 443, 8008, 3306, 9200]
- tcp_target_ports.extend(HTTP_PORTS)
- tcp_scan_timeout = 3000 # 3000 Milliseconds
-
- # Ping Scanner
- ping_scan_timeout = 1000
-
- ###########################
- # ransomware config
- ###########################
-
- ransomware = ""
-
def get_exploit_user_password_pairs(self):
"""
Returns all combinations of the configurations users and passwords
@@ -153,11 +117,6 @@ class Configuration(object):
exploit_password_list = ["Password1!", "1234", "password", "12345678"]
exploit_lm_hash_list = []
exploit_ntlm_hash_list = []
- exploit_ssh_keys = []
-
- aws_access_key_id = ""
- aws_secret_access_key = ""
- aws_session_token = ""
# smb/wmi exploiter
smb_download_timeout = 30 # timeout in seconds
From bfd9084ce189d90ed1253ca94293ddcd8754e1b9 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 15 Mar 2022 13:42:44 -0400
Subject: [PATCH 16/16] Project: Add architecture parameter to
vulture_allowlist
---
vulture_allowlist.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/vulture_allowlist.py b/vulture_allowlist.py
index a4a61ccb9..de610a774 100644
--- a/vulture_allowlist.py
+++ b/vulture_allowlist.py
@@ -167,6 +167,7 @@ _.environment # unused attribute (monkey/monkey_island/cc/services/telemetry/pr
_.instance_name # unused attribute (monkey/common/cloud/azure/azure_instance.py:35)
_.instance_name # unused attribute (monkey/common/cloud/azure/azure_instance.py:64)
GCPHandler # unused function (envs/monkey_zoo/blackbox/test_blackbox.py:57)
+architecture # unused variable (monkey/infection_monkey/exploit/caching_agent_repository.py:25)
# TODO: Reevaluate these as the agent refactor progresses
run_sys_info_collector