p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed CR

This commit is contained in:
Itay Mizeretz 2017-08-20 19:32:18 +03:00
parent 6530dd063e
commit 26df64fb87
7 changed files with 22 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -188,4 +188,4 @@ Dependency | License | Notes
winbind | GPL-3 winbind | GPL-3
pyinstaller | GPL pyinstaller | GPL
Celery | BSD Celery | BSD
mimikatz | CC BY 4.0 | We use an altered version of mimikatz. Original: https://github.com/gentilkiwi/mimikatz mimikatz | CC BY 4.0 | We use an altered version of mimikatz: https://github.com/guardicore/mimikatz

11
chaos_monkey/config.py
View File

@ -4,6 +4,7 @@ from network.range import FixedRange, RelativeRange, ClassCRange
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger, HTTPFinger from network import TcpScanner, PingScanner, SMBFinger, SSHFinger, HTTPFinger
from abc import ABCMeta from abc import ABCMeta
from itertools import product
import uuid import uuid
import types import types
@ -13,7 +14,6 @@ GUID = str(uuid.getnode())
EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin') EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
def _cast_by_example(value, example): def _cast_by_example(value, example):
""" """
a method that casts a value to the type of the parameter given as example a method that casts a value to the type of the parameter given as example
@ -208,8 +208,13 @@ class Configuration(object):
rdp_use_vbs_download = True rdp_use_vbs_download = True
# User and password dictionaries for exploits. # User and password dictionaries for exploits.
exploit_user_list = []
exploit_password_list = [] @property
def exploit_user_password_pairs(self):
return product(self.exploit_user_list, self.exploit_password_list)
exploit_user_list = ['Administrator', 'root', 'user']
exploit_password_list = ["Password1!", "1234", "password", "12345678"]
# smb/wmi exploiter # smb/wmi exploiter
smb_download_timeout = 300 # timeout in seconds smb_download_timeout = 300 # timeout in seconds

7
chaos_monkey/exploit/smbexec.py
View File

@ -64,12 +64,7 @@ class SmbExploiter(HostExploiter):
LOG.info("Can't find suitable monkey executable for host %r", host) LOG.info("Can't find suitable monkey executable for host %r", host)
return False return False
config_users = self._config.exploit_user_list user_password_pairs = self._config.exploit_user_password_pairs
config_passwords = self._config.exploit_password_list
user_password_pairs = []
for user in config_users:
for password in config_passwords:
user_password_pairs.append((user, password))
exploited = False exploited = False
for user, password in user_password_pairs: for user, password in user_password_pairs:

6
chaos_monkey/exploit/sshexec.py
View File

@ -44,12 +44,10 @@ class SSHExploiter(HostExploiter):
LOG.info("SSH port is closed on %r, skipping", host) LOG.info("SSH port is closed on %r, skipping", host)
return False return False
passwords = list(self._config.exploit_password_list[:]) user_password_pairs = self._config.exploit_user_password_pairs
users = list(self._config.exploit_user_list)
user_pass = product(users,passwords)
exploited = False exploited = False
for user, curpass in user_pass: for user, curpass in user_password_pairs:
try: try:
ssh.connect(host.ip_addr, ssh.connect(host.ip_addr,
username=user, username=user,

1
chaos_monkey/exploit/win_ms08_067.py
View File

@ -233,7 +233,6 @@ class Ms08_067_Exploiter(HostExploiter):
src_path, src_path,
self._config.dropper_target_path) self._config.dropper_target_path)
# TODO: why are we doing this? Isn't that smbexec's job?
if not remote_full_path: if not remote_full_path:
# try other passwords for administrator # try other passwords for administrator
for password in self._config.exploit_password_list: for password in self._config.exploit_password_list:

7
chaos_monkey/exploit/wmiexec.py
View File

@ -29,12 +29,7 @@ class WmiExploiter(HostExploiter):
LOG.info("Can't find suitable monkey executable for host %r", host) LOG.info("Can't find suitable monkey executable for host %r", host)
return False return False
config_users = self._config.exploit_user_list user_password_pairs = self._config.exploit_user_password_pairs
config_passwords = self._config.exploit_password_list
user_password_pairs = []
for user in config_users:
for password in config_passwords:
user_password_pairs.append((user, password))
for user, password in user_password_pairs: for user, password in user_password_pairs:
LOG.debug("Attempting to connect %r using WMI with password '%s'", LOG.debug("Attempting to connect %r using WMI with password '%s'",

12
chaos_monkey/system_info/mimikatz_collector.py
View File

@ -69,10 +69,14 @@ class MimikatzCollector:
""" """
Logon data structure returned from mimikatz. Logon data structure returned from mimikatz.
""" """
WINDOWS_MAX_USERNAME_PASS_LENGTH = 257
LM_NTLM_HASH_LENGTH = 16
_fields_ = \ _fields_ = \
[ [
("username", ctypes.c_wchar * 257), ("username", ctypes.c_wchar * WINDOWS_MAX_USERNAME_PASS_LENGTH),
("password", ctypes.c_wchar * 257), ("password", ctypes.c_wchar * WINDOWS_MAX_USERNAME_PASS_LENGTH),
("lm_hash", ctypes.c_byte * 16), ("lm_hash", ctypes.c_byte * LM_NTLM_HASH_LENGTH),
("ntlm_hash", ctypes.c_byte * 16) ("ntlm_hash", ctypes.c_byte * LM_NTLM_HASH_LENGTH)
] ]