From f778ea6406f8fc4db0f68f1e0587f9c6c4a407a5 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 30 Jul 2020 09:35:30 +0300 Subject: [PATCH 01/12] Version number bump --- monkey/common/version.py | 4 ++-- monkey/monkey_island/cc/ui/package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/common/version.py b/monkey/common/version.py index f8bac8916..c4e38239e 100644 --- a/monkey/common/version.py +++ b/monkey/common/version.py @@ -3,8 +3,8 @@ import argparse from pathlib import Path MAJOR = "1" -MINOR = "8" -PATCH = "2" +MINOR = "9" +PATCH = "0" build_file_path = Path(__file__).parent.joinpath("BUILD") with open(build_file_path, "r") as build_file: BUILD = build_file.read() diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index 669adc97a..4cd807385 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -1,6 +1,6 @@ { "private": true, - "version": "1.8.2", + "version": "1.9.0", "name": "infection-monkey", "description": "Infection Monkey C&C UI", "scripts": { From d9ed06d7652750637eb8db22e54e1f02ec885b64 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 30 Jul 2020 12:41:25 +0300 Subject: [PATCH 02/12] BB quickfixes: fixed island client authentication bug ("JWT" -> "bearer" in auth header), improved readme a bit. --- envs/monkey_zoo/blackbox/README.md | 7 ++++--- .../blackbox/island_client/monkey_island_requests.py | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/envs/monkey_zoo/blackbox/README.md b/envs/monkey_zoo/blackbox/README.md index fa4fdc02a..30855b855 100644 --- a/envs/monkey_zoo/blackbox/README.md +++ b/envs/monkey_zoo/blackbox/README.md @@ -2,7 +2,8 @@ ### Prerequisites 1. Download google sdk: https://cloud.google.com/sdk/docs/ 2. Download service account key for MonkeyZoo project (if you deployed MonkeyZoo via terraform scripts then you already have it). -GCP console -> IAM -> service accounts(you can use the same key used to authenticate terraform scripts) +GCP console -> IAM -> service accounts(you can use the same key used to authenticate terraform scripts). +Place the key in `envs/monkey_zoo/gcp_keys/gcp_key.json`. 3. Deploy the relevant branch + complied executables to the Island machine on GCP. ### Running the tests @@ -21,8 +22,8 @@ Example run command: `monkey\envs\monkey_zoo\blackbox>python -m pytest -s --island=35.207.152.72:5000 test_blackbox.py` #### Running in PyCharm -Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72` on the -`monkey\envs\monkey_zoo\blackbox`. +Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72`, and to run from +directory `monkey\envs\monkey_zoo\blackbox`. ### Running telemetry performance test diff --git a/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py b/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py index 743cb4146..7e2418d6f 100644 --- a/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py +++ b/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py @@ -104,4 +104,4 @@ class MonkeyIslandRequests(object): @_Decorators.refresh_jwt_token def get_jwt_header(self): - return {"Authorization": "JWT " + self.token} + return {"Authorization": "Bearer " + self.token} From b996b6e2e88edc6d836339731b030c3b8552c5d5 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 30 Jul 2020 15:48:17 +0300 Subject: [PATCH 03/12] Updated all configs used in BB tests --- .../blackbox/island_configs/ELASTIC.conf | 178 ++++++---------- .../blackbox/island_configs/HADOOP.conf | 166 +++++---------- .../blackbox/island_configs/MSSQL.conf | 157 +++++--------- .../blackbox/island_configs/PERFORMANCE.conf | 191 ++++++------------ .../blackbox/island_configs/SHELLSHOCK.conf | 150 +++++--------- .../blackbox/island_configs/SMB_MIMIKATZ.conf | 155 +++++--------- .../blackbox/island_configs/SMB_PTH.conf | 150 +++++--------- .../blackbox/island_configs/SSH.conf | 162 +++++---------- .../blackbox/island_configs/STRUTS2.conf | 150 ++++---------- .../blackbox/island_configs/TUNNELING.conf | 165 +++++---------- .../blackbox/island_configs/WEBLOGIC.conf | 159 +++++---------- .../blackbox/island_configs/WMI_MIMIKATZ.conf | 158 +++++---------- .../blackbox/island_configs/WMI_PTH.conf | 158 +++++---------- 13 files changed, 656 insertions(+), 1443 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf index 0a81ea700..725dc609d 100644 --- a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf +++ b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf @@ -2,10 +2,13 @@ "basic": { "credentials": { "exploit_password_list": [ - "Password1!", - "1234", + "root", + "123456", "password", - "12345678" + "123456789", + "qwerty", + "111111", + "iloveyou" ], "exploit_user_list": [ "Administrator", @@ -13,83 +16,29 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "ElasticGroovyExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.4", "10.2.2.5" - ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "ElasticGroovyExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" + ] } }, "internal": { "classes": { "finger_classes": [ - "SMBFinger", - "SSHFinger", - "PingScanner", - "HTTPFinger", - "MySQLFinger", - "MSSQLFinger", - "ElasticFinger" ] }, "dropper": { @@ -107,9 +56,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -121,63 +77,53 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + "BackdoorUser", + "CommunicateAsNewUser", + "ModifyShellStartupFiles", + "HiddenFiles", + "TrapCommand", + "ChangeSetuidSetgid", + "ScheduleJobs" + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf index 0b897080b..2a4c72657 100644 --- a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf +++ b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf @@ -2,10 +2,13 @@ "basic": { "credentials": { "exploit_password_list": [ - "Password1!", - "1234", + "root", + "123456", "password", - "12345678" + "123456789", + "qwerty", + "111111", + "iloveyou" ], "exploit_user_list": [ "Administrator", @@ -13,12 +16,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "HadoopExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -26,58 +34,6 @@ "10.2.2.3", "10.2.2.2" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "HadoopExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -103,15 +59,20 @@ }, "exploits": { "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [ - "e1c0dc690821c13b10a41dccfc72e43a" - ], + "exploit_ntlm_hash_list": [], "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -123,63 +84,46 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf b/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf index dc3332ed6..81c56eab3 100644 --- a/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf +++ b/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf @@ -13,70 +13,21 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "MSSQLExploiter" + ] } }, "basic_network": { - "general": { - "blocked_ips": [], - "depth": 2, - "local_network_scan": false, - "subnet_scan_list": [ - "10.2.2.16" - ] - }, "network_analysis": { "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "MSSQLExploiter" - ], - "skip_exploit_if_file_exist": false }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" + "scope": { + "blocked_ips": [], + "depth": 2, + "local_network_scan": true, + "subnet_scan_list": [] } }, "internal": { @@ -106,9 +57,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -120,63 +78,46 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf b/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf index 23d5ce379..38a6fec5b 100644 --- a/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf +++ b/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf @@ -13,12 +13,36 @@ "m0nk3y" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter", + "WmiExploiter", + "SSHExploiter", + "ShellShockExploiter", + "SambaCryExploiter", + "ElasticGroovyExploiter", + "Struts2Exploiter", + "WebLogicExploiter", + "HadoopExploiter", + "VSFTPDExploiter", + "MSSQLExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [ + "10.2.2.0/30", + "10.2.2.8/30", + "10.2.2.24/32", + "10.2.2.23/32", + "10.2.2.21/32", + "10.2.2.19/32", + "10.2.2.18/32", + "10.2.2.17/32" + ] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -44,74 +68,6 @@ "10.2.2.23", "10.2.2.24" ] - }, - "network_analysis": { - "inaccessible_subnets": [ - "10.2.2.0/30", - "10.2.2.8/30", - "10.2.2.24/32", - "10.2.2.23/32", - "10.2.2.21/32", - "10.2.2.19/32", - "10.2.2.18/32", - "10.2.2.17/32" - ] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter", - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter", - "MSSQLExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -143,7 +99,14 @@ "general": { "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -156,74 +119,52 @@ "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, "testing": { - "export_monkey_telems": true + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [ - "CommunicateAsNewUser" + "BackdoorUser", + "CommunicateAsNewUser", + "ModifyShellStartupFiles", + "HiddenFiles", + "TrapCommand", + "ChangeSetuidSetgid", + "ScheduleJobs" ] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 15, - "victims_max_find": 100 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true, - "system_info_collectors_classes": [ + "system_info_collector_classes": [ "EnvironmentCollector", "AwsCollector", "HostnameCollector", - "ProcessListCollector" - ] - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001, - 8088 + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf index 83414774b..ca4ba00ee 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf @@ -13,70 +13,23 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "ShellShockExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.8" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "ShellShockExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -106,9 +59,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -120,63 +80,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf index e2a8a5596..aeb99ebc8 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf @@ -1,4 +1,4 @@ -{ +monkey.conf{ "basic": { "credentials": { "exploit_password_list": [ @@ -11,12 +11,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -24,58 +29,6 @@ "10.2.2.14", "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -105,9 +58,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -119,63 +79,46 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf index d17e283c8..74c4de96c 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf @@ -10,70 +10,23 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -103,9 +56,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -117,63 +77,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SSH.conf b/envs/monkey_zoo/blackbox/island_configs/SSH.conf index ebb1def8b..860a9ab26 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SSH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SSH.conf @@ -12,12 +12,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SSHExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -25,67 +30,6 @@ "10.2.2.11", "10.2.2.12" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter", - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -115,9 +59,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -129,63 +80,46 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf index 4b47a0246..8ad9d3a76 100644 --- a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf +++ b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf @@ -14,12 +14,17 @@ "vakaris_zilius" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "Struts2Exploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -27,55 +32,6 @@ "10.2.2.23", "10.2.2.24" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "Struts2Exploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -107,7 +63,14 @@ "general": { "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -119,72 +82,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [ - "CommunicateAsNewUser" - ] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 15, - "victims_max_find": 100 + "post_breach_actions": [] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true, - "system_info_collectors_classes": [ + "system_info_collector_classes": [ "EnvironmentCollector", "AwsCollector", "HostnameCollector", - "ProcessListCollector" - ] - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001, - 8088 + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf index 80d85a7b7..af2f95e1e 100644 --- a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf +++ b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf @@ -7,24 +7,27 @@ "`))jU7L(w}", "t67TC5ZDmz", "12345678", - "another_one", - "and_another_one", - "one_more" ], "exploit_user_list": [ "Administrator", - "rand", - "rand2", "m0nk3y", "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter", + "WmiExploiter", + "SSHExploiter", + "MSSQLExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 3, "local_network_scan": false, @@ -34,67 +37,6 @@ "10.2.0.11", "10.2.0.12" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter", - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -126,7 +68,14 @@ "general": { "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -138,63 +87,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf b/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf index b86b2b566..7162a8612 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf @@ -2,10 +2,13 @@ "basic": { "credentials": { "exploit_password_list": [ - "Password1!", - "1234", + "root", + "123456", "password", - "12345678" + "123456789", + "qwerty", + "111111", + "iloveyou" ], "exploit_user_list": [ "Administrator", @@ -13,12 +16,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "WebLogicExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -26,58 +34,6 @@ "10.2.2.18", "10.2.2.19" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "WebLogicExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -107,9 +63,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -121,63 +84,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf index 7b5fb3784..8bb3e51b6 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf @@ -11,12 +11,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "WmiExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -24,66 +29,6 @@ "10.2.2.14", "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -113,9 +58,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -127,63 +79,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf index 1ac0a6c3d..12a02ad91 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf @@ -10,78 +10,23 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "WmiExploiter", + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -111,9 +56,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -125,63 +77,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } From f71e6630bcbe8ee252b59a3ba7cf23472a977546 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 30 Jul 2020 15:56:49 +0300 Subject: [PATCH 04/12] Bugfixed SSH configuration and island_config_parser.py --- envs/monkey_zoo/blackbox/island_client/island_config_parser.py | 2 +- envs/monkey_zoo/blackbox/island_configs/SSH.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_client/island_config_parser.py b/envs/monkey_zoo/blackbox/island_client/island_config_parser.py index 948b58310..ee9a8b7ad 100644 --- a/envs/monkey_zoo/blackbox/island_client/island_config_parser.py +++ b/envs/monkey_zoo/blackbox/island_client/island_config_parser.py @@ -9,7 +9,7 @@ class IslandConfigParser(object): self.config_json = json.loads(self.config_raw) def get_ips_of_targets(self): - return self.config_json['basic_network']['general']['subnet_scan_list'] + return self.config_json['basic_network']['scope']['subnet_scan_list'] @staticmethod def get_conf_file_path(conf_file_name): diff --git a/envs/monkey_zoo/blackbox/island_configs/SSH.conf b/envs/monkey_zoo/blackbox/island_configs/SSH.conf index 860a9ab26..a81e5a4b1 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SSH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SSH.conf @@ -100,7 +100,7 @@ }, "monkey": { "persistent_scanning": { - "max_iterations": 1, + "max_iterations": 2, "retry_failed_explotation": true, "timeout_between_iterations": 100 }, From 444ce91f2b8881ab38dc26387d58cf93dc2c73ba Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 30 Jul 2020 17:19:47 +0300 Subject: [PATCH 05/12] Fixed more BB island config problems --- envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf | 5 ++--- envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf | 2 +- envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf index aeb99ebc8..b5ef8b2cd 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf @@ -1,4 +1,4 @@ -monkey.conf{ +{ "basic": { "credentials": { "exploit_password_list": [ @@ -108,8 +108,7 @@ monkey.conf{ "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "post_breach_actions": [ - ] + "post_breach_actions": [] }, "system_info": { "system_info_collector_classes": [ diff --git a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf index af2f95e1e..cd00dcb09 100644 --- a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf +++ b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf @@ -6,7 +6,7 @@ "3Q=(Ge(+&w]*", "`))jU7L(w}", "t67TC5ZDmz", - "12345678", + "12345678" ], "exploit_user_list": [ "Administrator", diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf index 12a02ad91..8a65f812c 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf @@ -12,7 +12,7 @@ }, "exploiters": { "exploiter_classes": [ - "WmiExploiter", + "WmiExploiter" ] } }, From c513c2628aa3f764b41abed765ceadb1e81aa34f Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 30 Jul 2020 17:26:19 +0300 Subject: [PATCH 06/12] Fixed jwtHeader method to return "Bearer X" type header instead of "JWT X" --- monkey/monkey_island/cc/ui/src/services/AuthService.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/services/AuthService.js b/monkey/monkey_island/cc/ui/src/services/AuthService.js index e1db4186c..54bdccc3c 100644 --- a/monkey/monkey_island/cc/ui/src/services/AuthService.js +++ b/monkey/monkey_island/cc/ui/src/services/AuthService.js @@ -21,7 +21,7 @@ export default class AuthService { jwtHeader = () => { if (this._loggedIn()) { - return 'JWT ' + this._getToken(); + return 'Bearer ' + this._getToken(); } }; From c59be3690949c0afb2a2cb1fa395bc91deb6e46f Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 31 Jul 2020 11:54:12 +0300 Subject: [PATCH 07/12] Fixed elastic test config for BB tests --- .../blackbox/island_configs/ELASTIC.conf | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf index 725dc609d..723aa5f43 100644 --- a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf +++ b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf @@ -39,6 +39,13 @@ "internal": { "classes": { "finger_classes": [ + "SMBFinger", + "SSHFinger", + "PingScanner", + "HTTPFinger", + "MySQLFinger", + "MSSQLFinger", + "ElasticFinger" ] }, "dropper": { @@ -106,15 +113,7 @@ "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "post_breach_actions": [ - "BackdoorUser", - "CommunicateAsNewUser", - "ModifyShellStartupFiles", - "HiddenFiles", - "TrapCommand", - "ChangeSetuidSetgid", - "ScheduleJobs" - ] + "post_breach_actions": [] }, "system_info": { "system_info_collector_classes": [ From f6e362b1c831a1550d2565983aa07200c5eba525 Mon Sep 17 00:00:00 2001 From: Shreya Date: Fri, 31 Jul 2020 22:11:39 +0530 Subject: [PATCH 08/12] Set flask config 'JSON_SORT_KEYS' to false --- monkey/monkey_island/cc/app.py | 1 + 1 file changed, 1 insertion(+) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 6647d4b10..2047adf11 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -143,6 +143,7 @@ def init_api_resources(api): def init_app(mongo_url): app = Flask(__name__) + app.config['JSON_SORT_KEYS'] = False api = flask_restful.Api(app) api.representations = {'application/json': output_json} From 51c2655e2b55d47f2d628bad28e71a0c60cfe2a5 Mon Sep 17 00:00:00 2001 From: Shreya Date: Fri, 31 Jul 2020 23:21:57 +0530 Subject: [PATCH 09/12] Shift the config variable change to the allocated function --- monkey/monkey_island/cc/app.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 2047adf11..c5b4d128f 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -78,6 +78,10 @@ def init_app_config(app, mongo_url): # deciding to reset credentials and then still logging in with the old JWT. app.config['JWT_SECRET_KEY'] = str(uuid.uuid4()) + # By default, Flask sorts keys of JSON objects alphabetically, which messes with the ATT&CK matrix in the + # configuration. See https://flask.palletsprojects.com/en/1.1.x/config/#JSON_SORT_KEYS. + app.config['JSON_SORT_KEYS'] = False + def init_app_services(app): init_jwt(app) @@ -143,7 +147,6 @@ def init_api_resources(api): def init_app(mongo_url): app = Flask(__name__) - app.config['JSON_SORT_KEYS'] = False api = flask_restful.Api(app) api.representations = {'application/json': output_json} From d74c3d15ca7a82d0e5a4695b6d3a4c0968dab955 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 3 Aug 2020 11:45:31 +0300 Subject: [PATCH 10/12] Fixed island's config.py default value setting method to handle 3 layers of nested objects --- monkey/monkey_island/cc/services/config.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index ac1ee1417..8d6210739 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -246,6 +246,16 @@ class ConfigService: for property3, subschema3 in list(subschema2["properties"].items()): if "default" in subschema3: sub_dict[property3] = subschema3["default"] + elif "properties" in subschema3: + layer_3_dict = {} + for property4, subschema4 in list(subschema3["properties"].items()): + if "properties" in subschema4: + raise ValueError("monkey/monkey_island/cc/services/config.py " + "can't handle 5 level config. " + "Either change back the config or refactor.") + if "default" in subschema4: + layer_3_dict[property4] = subschema4["default"] + sub_dict[property3] = layer_3_dict main_dict[property2] = sub_dict instance.setdefault(property1, main_dict) From 31b2800ece42d9a2133fe09af7c4de4fb4cf24b0 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 3 Aug 2020 12:23:17 +0300 Subject: [PATCH 11/12] Fixed BB test configs - fixed internal/network and internal/exploits --- .../blackbox/island_configs/ELASTIC.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/HADOOP.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/MSSQL.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/PERFORMANCE.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/SHELLSHOCK.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/SMB_MIMIKATZ.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/SMB_PTH.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/SSH.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/STRUTS2.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/TUNNELING.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/WEBLOGIC.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/WMI_MIMIKATZ.conf | 60 ++++++++++++++++++- .../blackbox/island_configs/WMI_PTH.conf | 60 ++++++++++++++++++- 13 files changed, 754 insertions(+), 26 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf index 723aa5f43..d8790f744 100644 --- a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf +++ b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf @@ -60,7 +60,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -97,7 +122,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf index 2a4c72657..a65de1bf7 100644 --- a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf +++ b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf @@ -60,7 +60,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -97,7 +122,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf b/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf index 81c56eab3..a88c57ac7 100644 --- a/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf +++ b/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf @@ -54,7 +54,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -91,7 +116,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf b/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf index 38a6fec5b..c57b06430 100644 --- a/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf +++ b/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf @@ -94,7 +94,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -131,7 +156,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf index ca4ba00ee..82cba0b70 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf @@ -56,7 +56,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -93,7 +118,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf index b5ef8b2cd..c14fdfd99 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf @@ -55,7 +55,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -92,7 +117,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf index 74c4de96c..a3b1273ba 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf @@ -53,7 +53,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [ "f7e457346f7743daece17258667c936d" ], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -90,7 +115,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/SSH.conf b/envs/monkey_zoo/blackbox/island_configs/SSH.conf index a81e5a4b1..b3ba08d77 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SSH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SSH.conf @@ -56,7 +56,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -93,7 +118,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf index 8ad9d3a76..92207e0a8 100644 --- a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf +++ b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf @@ -58,7 +58,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -95,7 +120,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf index cd00dcb09..fff01c1ff 100644 --- a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf +++ b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf @@ -63,7 +63,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -100,7 +125,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf b/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf index 7162a8612..dba3e9639 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf @@ -60,7 +60,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -97,7 +122,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf index 8bb3e51b6..15cb346a5 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf @@ -55,7 +55,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -92,7 +117,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf index 8a65f812c..3326b2b76 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf @@ -53,7 +53,32 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [ "f7e457346f7743daece17258667c936d" ], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, @@ -90,7 +115,38 @@ "victims_max_exploit": 100, "victims_max_find": 100 }, - "network": {}, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { "export_monkey_telems": false } From 31b875aacc15f2b39d6f437695ad7199d234b1e5 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 3 Aug 2020 15:22:19 +0300 Subject: [PATCH 12/12] Fixed PTH credentials BB island configs --- envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf | 3 ++- envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf index a3b1273ba..42a5245a6 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf @@ -52,7 +52,8 @@ }, "exploits": { "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [ "f7e457346f7743daece17258667c936d" ], + "exploit_ntlm_hash_list": [ "5da0889ea2081aa79f6852294cba4a5e", + "50c9987a6bf1ac59398df9f911122c9b" ], "exploit_ssh_keys": [], "general": { "skip_exploit_if_file_exist": false diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf index 3326b2b76..f0bece5e8 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf @@ -52,7 +52,8 @@ }, "exploits": { "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [ "f7e457346f7743daece17258667c936d" ], + "exploit_ntlm_hash_list": [ "5da0889ea2081aa79f6852294cba4a5e", + "50c9987a6bf1ac59398df9f911122c9b"], "exploit_ssh_keys": [], "general": { "skip_exploit_if_file_exist": false