p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Core functionality added, not tested yet

This commit is contained in:
VakarisZ 2019-02-04 09:57:57 +02:00
parent 8e78150db4
commit 20d774b7df
6 changed files with 35 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
monkey/infection_monkey/config.py
View File

@ -20,7 +20,6 @@ class Configuration(object):
# now we won't work at <2.7 for sure # now we won't work at <2.7 for sure
network_import = importlib.import_module('infection_monkey.network') network_import = importlib.import_module('infection_monkey.network')
exploit_import = importlib.import_module('infection_monkey.exploit') exploit_import = importlib.import_module('infection_monkey.exploit')
post_breach_import = importlib.import_module('infection_monkey.post_breach')
unknown_items = [] unknown_items = []
for key, value in formatted_data.items(): for key, value in formatted_data.items():
@ -37,9 +36,6 @@ class Configuration(object):
elif key == 'exploiter_classes': elif key == 'exploiter_classes':
class_objects = [getattr(exploit_import, val) for val in value] class_objects = [getattr(exploit_import, val) for val in value]
setattr(self, key, class_objects) setattr(self, key, class_objects)
elif key == 'post_breach_actions':
class_objects = [getattr(post_breach_import, val) for val in value]
setattr(self, key, class_objects)
else: else:
if hasattr(self, key): if hasattr(self, key):
setattr(self, key, value) setattr(self, key, value)
@ -270,7 +266,7 @@ class Configuration(object):
extract_azure_creds = True extract_azure_creds = True
post_breach_actions = [] post_breach_actions = {}
WormConfiguration = Configuration() WormConfiguration = Configuration()

5
monkey/infection_monkey/monkey.py
View File

@ -16,6 +16,7 @@ from infection_monkey.network.network_scanner import NetworkScanner
from infection_monkey.system_info import SystemInfoCollector from infection_monkey.system_info import SystemInfoCollector
from infection_monkey.system_singleton import SystemSingleton from infection_monkey.system_singleton import SystemSingleton
from infection_monkey.windows_upgrader import WindowsUpgrader from infection_monkey.windows_upgrader import WindowsUpgrader
from infection_monkey.post_breach.post_breach import PostBreach
__author__ = 'itamar' __author__ = 'itamar'
@ -112,6 +113,10 @@ class InfectionMonkey(object):
system_info = system_info_collector.get_info() system_info = system_info_collector.get_info()
ControlClient.send_telemetry("system_info_collection", system_info) ControlClient.send_telemetry("system_info_collection", system_info)
pb = PostBreach()
output = pb.execute()
ControlClient.send_telemetry("post_breach", {'output': output})
for action_class in WormConfiguration.post_breach_actions: for action_class in WormConfiguration.post_breach_actions:
action = action_class() action = action_class()
action.act() action.act()

24
monkey/infection_monkey/post_breach/post_breach.py
View File

@ -1,7 +1,7 @@
import logging import logging
import infection_monkey.config import infection_monkey.config
import subprocess import subprocess
from abc import abstractmethod import platform
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -10,25 +10,25 @@ __author__ = 'VakarisZ'
# Class that handles post breach action execution # Class that handles post breach action execution
class PostBreach(object): class PostBreach(object):
def __init__(self, host, pba_list): def __init__(self):
self._config = infection_monkey.config.WormConfiguration self.pba_list = PostBreach.config_to_pba_list(infection_monkey.config.WormConfiguration)
self.pba_list = pba_list
self.host = host
def execute(self): def execute(self):
for pba in self.pba_list: for pba in self.pba_list:
if self.host.is_linux(): if platform.system() == 'Windows':
pba.execute_linux() return pba.execute_win()
else: else:
pba.execute_win() return pba.execute_linux()
@staticmethod @staticmethod
@abstractmethod
def config_to_pba_list(config): def config_to_pba_list(config):
""" """
Should return a list of PBA's generated from config Should return a list of PBA's generated from config
""" """
raise NotImplementedError() pba_list = []
if config.post_breach_actions["linux"] or config.post_breach_actions["windows"]:
pba_list.append(PBA(config.post_breach_actions["linux"], config.post_breach_actions["windows"]))
return pba_list
# Post Breach Action container # Post Breach Action container
@ -38,8 +38,8 @@ class PBA(object):
self.windows_command = windows_command self.windows_command = windows_command
def execute_linux(self): def execute_linux(self):
return subprocess.check_output(self.linux_command, shell=True) return subprocess.check_output(self.linux_command, shell=True) if self.linux_command else False
def execute_win(self): def execute_win(self):
return subprocess.check_output(self.windows_command, shell=True) return subprocess.check_output(self.windows_command, shell=True) if self.windows_command else False

10
monkey/monkey_island/cc/resources/telemetry.py
View File

@ -257,6 +257,13 @@ class Telemetry(flask_restful.Resource):
if len(credential) > 0: if len(credential) > 0:
attempts[i][field] = encryptor.enc(credential.encode('utf-8')) attempts[i][field] = encryptor.enc(credential.encode('utf-8'))
@staticmethod
def process_post_breach_telemetry(telemetry_json):
if telemetry_json['output']:
node = NodeService.get_or_create_node(telemetry_json['ip'], telemetry_json['domain_name'])
pass
TELEM_PROCESS_DICT = \ TELEM_PROCESS_DICT = \
{ {
@ -265,5 +272,6 @@ TELEM_PROCESS_DICT = \
'exploit': Telemetry.process_exploit_telemetry, 'exploit': Telemetry.process_exploit_telemetry,
'scan': Telemetry.process_scan_telemetry, 'scan': Telemetry.process_scan_telemetry,
'system_info_collection': Telemetry.process_system_info_telemetry, 'system_info_collection': Telemetry.process_system_info_telemetry,
'trace': Telemetry.process_trace_telemetry 'trace': Telemetry.process_trace_telemetry,
'post_breach': Telemetry.process_post_breach_telemetry
} }

27
monkey/monkey_island/cc/services/config_schema.py
View File

@ -94,19 +94,6 @@ SCHEMA = {
} }
] ]
}, },
"post_breach_acts": {
"title": "Post breach actions",
"type": "string",
"anyOf": [
{
"type": "string",
"enum": [
"BackdoorUser"
],
"title": "Back door user",
},
],
},
"finger_classes": { "finger_classes": {
"title": "Fingerprint class", "title": "Fingerprint class",
"type": "string", "type": "string",
@ -295,7 +282,13 @@ SCHEMA = {
"type": "boolean", "type": "boolean",
"default": True, "default": True,
"description": "Is the monkey alive" "description": "Is the monkey alive"
}, }
}
},
"behaviour": {
"title": "Behaviour",
"type": "object",
"properties": {
"post_breach_actions": { "post_breach_actions": {
"title": "Post breach actions", "title": "Post breach actions",
"type": "object", "type": "object",
@ -315,12 +308,6 @@ SCHEMA = {
], ],
"description": "List of actions the Monkey will run post breach" "description": "List of actions the Monkey will run post breach"
}, },
}
},
"behaviour": {
"title": "Behaviour",
"type": "object",
"properties": {
"self_delete_in_cleanup": { "self_delete_in_cleanup": {
"title": "Self delete on cleanup", "title": "Self delete on cleanup",
"type": "boolean", "type": "boolean",

2
monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
View File

@ -153,7 +153,7 @@ class ConfigurePageComponent extends AuthComponent {
render() { render() {
let displayedSchema = {}; let displayedSchema = {};
const uiSchema = { const uiSchema = {
general: { behaviour: {
post_breach_actions: { post_breach_actions: {
linux: { linux: {
"ui:widget": "textarea" "ui:widget": "textarea"