From ef134be044b45ccd4602053869eb0be10050c3ad Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 24 Mar 2022 11:10:22 -0400 Subject: [PATCH 1/3] Agent: Remove default servers from WormConfiguration.command_servers In my 16 months working on this project, the default server included in WormConfiguration.command_servers has never had a Monkey Island running on it. This adds a 30 second delay to each hop in the tunneling test as the agent attempts to contact this bogus IP. Removing it speeds up propagation and also avoids unintended consequences if a user has a different service running on 192.0.2.0:5000. --- monkey/infection_monkey/config.py | 2 +- monkey/infection_monkey/monkey.py | 9 ++------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 0abf6b19c..8e9ffce8f 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -85,7 +85,7 @@ class Configuration(object): current_server = "" # Configuration servers to try to connect to, in this order. - command_servers = ["192.0.2.0:5000"] + command_servers = [] keep_tunnel_open_time = 60 diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 0abd47149..1fb2d4165 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -120,13 +120,8 @@ class InfectionMonkey: @staticmethod def _add_default_server_to_config(default_server: str): if default_server: - if default_server not in WormConfiguration.command_servers: - logger.debug("Added default server: %s" % default_server) - WormConfiguration.command_servers.insert(0, default_server) - else: - logger.debug( - "Default server: %s is already in command servers list" % default_server - ) + logger.debug("Added default server: %s" % default_server) + WormConfiguration.command_servers.insert(0, default_server) def _connect_to_island(self): # Sets island's IP and port for monkey to communicate to From 8aad5b16d5bb45dd8b624bc3e2e6abd67ce56fdc Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 24 Mar 2022 12:27:22 -0400 Subject: [PATCH 2/3] Agent: Fix tunnel address parsing in _close_tunnel() The current proxy schema specifies that tunnels start with "http://", not "https://". This lead to a bug in the tunnel address parsing which prevented the tunnel from being quit properly. --- monkey/infection_monkey/monkey.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 1fb2d4165..66d881d93 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -297,9 +297,7 @@ class InfectionMonkey: @staticmethod def _close_tunnel(): - tunnel_address = ( - ControlClient.proxies.get("https", "").replace("https://", "").split(":")[0] - ) + tunnel_address = ControlClient.proxies.get("https", "").replace("http://", "").split(":")[0] if tunnel_address: logger.info("Quitting tunnel %s", tunnel_address) tunnel.quit_tunnel(tunnel_address) From b3b5707a455437c348985ea8c59681a972a719fd Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 24 Mar 2022 12:51:07 -0400 Subject: [PATCH 3/3] Agent: Convert dest_path to str before performing comparison --- monkey/infection_monkey/exploit/smbexec.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py index 109771bd4..2afc74439 100644 --- a/monkey/infection_monkey/exploit/smbexec.py +++ b/monkey/infection_monkey/exploit/smbexec.py @@ -87,13 +87,13 @@ class SMBExploiter(HostExploiter): return self.exploit_result # execute the remote dropper in case the path isn't final - if remote_full_path.lower() != dest_path.lower(): + if remote_full_path.lower() != str(dest_path).lower(): cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % { "dropper_path": remote_full_path } + build_monkey_commandline( self.host, self.current_depth - 1, - dest_path, + str(dest_path), ) else: cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {