From 58d55f589da069e332ba176d55471eeae9d09e29 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 7 Dec 2021 07:45:59 -0500 Subject: [PATCH 1/5] Island: Remove camel case from propagation credentials endpoint --- monkey/monkey_island/cc/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 376d0221b..5c97db9db 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -170,7 +170,7 @@ def init_api_resources(api): "/api/fileUpload/?load=", "/api/fileUpload/?restore=", ) - api.add_resource(PropagationCredentials, "/api/propagationCredentials") + api.add_resource(PropagationCredentials, "/api/propagation-credentials") api.add_resource(RemoteRun, "/api/remote-monkey", "/api/remote-monkey/") api.add_resource(VersionUpdate, "/api/version-update", "/api/version-update/") api.add_resource(RemotePortCheck, "/api/monkey_control/check_remote_port/") From 703ba4f1c48f8c05c98f647cb879394db570d51b Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 7 Dec 2021 07:46:37 -0500 Subject: [PATCH 2/5] Agent: Remove camel case from propagation credentials endpoint --- monkey/infection_monkey/master/control_channel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/master/control_channel.py b/monkey/infection_monkey/master/control_channel.py index 12bf3a52f..24cd2ae55 100644 --- a/monkey/infection_monkey/master/control_channel.py +++ b/monkey/infection_monkey/master/control_channel.py @@ -56,7 +56,7 @@ class ControlChannel(IControlChannel): def get_credentials_for_propagation(self) -> dict: try: response = requests.get( # noqa: DUO123 - f"{self._control_channel_server}/api/propagationCredentials", + f"{self._control_channel_server}/api/propagation-credentials", verify=False, proxies=ControlClient.proxies, timeout=SHORT_REQUEST_TIMEOUT, From 8ecf328b4c82556beb5db52738da3b93c3fdeb56 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 7 Dec 2021 11:27:19 -0500 Subject: [PATCH 3/5] Island: Reimplement PropagationCredentials resource --- monkey/monkey_island/cc/app.py | 2 +- .../cc/resources/propagation_credentials.py | 11 ++++++++-- monkey/monkey_island/cc/services/config.py | 20 ++++++------------- .../monkey_configs/flat_config.json | 18 ++++++++--------- .../monkey_island/cc/services/test_config.py | 13 ++++++++++++ 5 files changed, 38 insertions(+), 26 deletions(-) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index 5c97db9db..e19ab6dcd 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -170,7 +170,7 @@ def init_api_resources(api): "/api/fileUpload/?load=", "/api/fileUpload/?restore=", ) - api.add_resource(PropagationCredentials, "/api/propagation-credentials") + api.add_resource(PropagationCredentials, "/api/propagation-credentials/") api.add_resource(RemoteRun, "/api/remote-monkey", "/api/remote-monkey/") api.add_resource(VersionUpdate, "/api/version-update", "/api/version-update/") api.add_resource(RemotePortCheck, "/api/monkey_control/check_remote_port/") diff --git a/monkey/monkey_island/cc/resources/propagation_credentials.py b/monkey/monkey_island/cc/resources/propagation_credentials.py index 74e99b10d..f85ffea0d 100644 --- a/monkey/monkey_island/cc/resources/propagation_credentials.py +++ b/monkey/monkey_island/cc/resources/propagation_credentials.py @@ -1,9 +1,16 @@ import flask_restful +from monkey_island.cc.database import mongo from monkey_island.cc.services.config import ConfigService class PropagationCredentials(flask_restful.Resource): - def get(self): + def get(self, guid: str): + monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid}) + ConfigService.decrypt_flat_config(monkey_json) - return {"propagation_credentials": ConfigService.get_config_propagation_credentials()} + propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config( + monkey_json["config"] + ) + + return {"propagation_credentials": propagation_credentials} diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 97bbd4c82..a6a2f9514 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -410,21 +410,13 @@ class ConfigService: ConfigService.set_config_value(STARTED_ON_ISLAND_PATH, value) @staticmethod - def get_config_propagation_credentials(): + def get_config_propagation_credentials_from_flat_config(config): return { - "exploit_user_list": ConfigService.get_config_value( - USER_LIST_PATH, should_decrypt=False - ), - "exploit_password_list": ConfigService.get_config_value( - PASSWORD_LIST_PATH, should_decrypt=False - ), - "exploit_lm_hash_list": ConfigService.get_config_value( - LM_HASH_LIST_PATH, should_decrypt=False - ), - "exploit_ntlm_hash_list": ConfigService.get_config_value( - NTLM_HASH_LIST_PATH, should_decrypt=False - ), - "exploit_ssh_keys": ConfigService.get_config_value(SSH_KEYS_PATH, should_decrypt=False), + "exploit_user_list": config["exploit_user_list"], + "exploit_password_list": config["exploit_password_list"], + "exploit_lm_hash_list": config["exploit_lm_hash_list"], + "exploit_ntlm_hash_list": config["exploit_ntlm_hash_list"], + "exploit_ssh_keys": config["exploit_ssh_keys"], } @staticmethod diff --git a/monkey/tests/data_for_tests/monkey_configs/flat_config.json b/monkey/tests/data_for_tests/monkey_configs/flat_config.json index b82ab6309..972f9e947 100644 --- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json @@ -29,18 +29,18 @@ "dropper_target_path_linux": "/tmp/monkey", "dropper_target_path_win_32": "C:\\Windows\\temp\\monkey32.exe", "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", - "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [], + "exploit_lm_hash_list": ["lm_hash_1", "lm_hash_2"], + "exploit_ntlm_hash_list": ["nt_hash_1", "nt_hash_2", "nt_hash_3"], "exploit_password_list": [ - "root", - "123456", - "password", - "123456789", - "qwerty", - "111111", - "iloveyou" + "test", + "iloveyou", + "12345" ], "exploit_ssh_keys": [ + { + "public_key": "my_public_key", + "private_key": "my_private_key" + } ], "exploit_user_list": [ "Administrator", diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py b/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py index be6bded05..1aece8180 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py +++ b/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py @@ -80,3 +80,16 @@ def test_format_config_for_agent__pbas(flat_monkey_config): assert "PBA_linux_filename" not in flat_monkey_config assert "custom_PBA_windows_cmd" not in flat_monkey_config assert "PBA_windows_filename" not in flat_monkey_config + + +def test_get_config_propagation_credentials_from_flat_config(flat_monkey_config): + expected_creds = { + "exploit_lm_hash_list": ["lm_hash_1", "lm_hash_2"], + "exploit_ntlm_hash_list": ["nt_hash_1", "nt_hash_2", "nt_hash_3"], + "exploit_password_list": ["test", "iloveyou", "12345"], + "exploit_ssh_keys": [{"private_key": "my_private_key", "public_key": "my_public_key"}], + "exploit_user_list": ["Administrator", "root", "user", "ubuntu"], + } + + creds = ConfigService.get_config_propagation_credentials_from_flat_config(flat_monkey_config) + assert creds == expected_creds From 0783e236aac4a635ac0894154d256b7ee2401b1b Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 7 Dec 2021 11:29:52 -0500 Subject: [PATCH 4/5] Agent: Add agent GUID to /api/propagation-credentials call --- monkey/infection_monkey/master/control_channel.py | 4 +++- .../cc/resources/propagation_credentials.py | 2 +- monkey/monkey_island/cc/services/config.py | 10 +++++----- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/monkey/infection_monkey/master/control_channel.py b/monkey/infection_monkey/master/control_channel.py index 24cd2ae55..3509cedc2 100644 --- a/monkey/infection_monkey/master/control_channel.py +++ b/monkey/infection_monkey/master/control_channel.py @@ -56,7 +56,7 @@ class ControlChannel(IControlChannel): def get_credentials_for_propagation(self) -> dict: try: response = requests.get( # noqa: DUO123 - f"{self._control_channel_server}/api/propagation-credentials", + f"{self._control_channel_server}/api/propagation-credentials/{self._agent_id}", verify=False, proxies=ControlClient.proxies, timeout=SHORT_REQUEST_TIMEOUT, @@ -67,3 +67,5 @@ class ControlChannel(IControlChannel): except Exception as e: # TODO: Evaluate how this exception is handled; don't just log and ignore it. logger.error(f"An error occurred while trying to connect to server. {e}") + + return {} diff --git a/monkey/monkey_island/cc/resources/propagation_credentials.py b/monkey/monkey_island/cc/resources/propagation_credentials.py index f85ffea0d..532501658 100644 --- a/monkey/monkey_island/cc/resources/propagation_credentials.py +++ b/monkey/monkey_island/cc/resources/propagation_credentials.py @@ -7,7 +7,7 @@ from monkey_island.cc.services.config import ConfigService class PropagationCredentials(flask_restful.Resource): def get(self, guid: str): monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid}) - ConfigService.decrypt_flat_config(monkey_json) + ConfigService.decrypt_flat_config(monkey_json["config"]) propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config( monkey_json["config"] diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index a6a2f9514..af9c0a155 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -412,11 +412,11 @@ class ConfigService: @staticmethod def get_config_propagation_credentials_from_flat_config(config): return { - "exploit_user_list": config["exploit_user_list"], - "exploit_password_list": config["exploit_password_list"], - "exploit_lm_hash_list": config["exploit_lm_hash_list"], - "exploit_ntlm_hash_list": config["exploit_ntlm_hash_list"], - "exploit_ssh_keys": config["exploit_ssh_keys"], + "exploit_user_list": config.get("exploit_user_list", []), + "exploit_password_list": config.get("exploit_password_list", []), + "exploit_lm_hash_list": config.get("exploit_lm_hash_list", []), + "exploit_ntlm_hash_list": config.get("exploit_ntlm_hash_list", []), + "exploit_ssh_keys": config.get("exploit_ssh_keys", []), } @staticmethod From 91a8376df68c68112a2dd2880a41ed8368191860 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 7 Dec 2021 11:59:40 -0500 Subject: [PATCH 5/5] Changelog: Add propagation-credentials endpoint entry --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f5a59bb8..3dac1d3b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] ### Added - credentials.json file for storing Monkey Island user login information. #1206 +- "GET /api/propagation-credentials/" endpoint for agents to + retrieve updated credentials from the Island. #1538 ### Changed - "Communicate as Backdoor User" PBA's HTTP requests to request headers only and