diff --git a/envs/monkey_zoo/blackbox/README.md b/envs/monkey_zoo/blackbox/README.md index fa4fdc02a..30855b855 100644 --- a/envs/monkey_zoo/blackbox/README.md +++ b/envs/monkey_zoo/blackbox/README.md @@ -2,7 +2,8 @@ ### Prerequisites 1. Download google sdk: https://cloud.google.com/sdk/docs/ 2. Download service account key for MonkeyZoo project (if you deployed MonkeyZoo via terraform scripts then you already have it). -GCP console -> IAM -> service accounts(you can use the same key used to authenticate terraform scripts) +GCP console -> IAM -> service accounts(you can use the same key used to authenticate terraform scripts). +Place the key in `envs/monkey_zoo/gcp_keys/gcp_key.json`. 3. Deploy the relevant branch + complied executables to the Island machine on GCP. ### Running the tests @@ -21,8 +22,8 @@ Example run command: `monkey\envs\monkey_zoo\blackbox>python -m pytest -s --island=35.207.152.72:5000 test_blackbox.py` #### Running in PyCharm -Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72` on the -`monkey\envs\monkey_zoo\blackbox`. +Configure a PyTest configuration with the additional arguments `-s --island=35.207.152.72`, and to run from +directory `monkey\envs\monkey_zoo\blackbox`. ### Running telemetry performance test diff --git a/envs/monkey_zoo/blackbox/island_client/island_config_parser.py b/envs/monkey_zoo/blackbox/island_client/island_config_parser.py index 948b58310..ee9a8b7ad 100644 --- a/envs/monkey_zoo/blackbox/island_client/island_config_parser.py +++ b/envs/monkey_zoo/blackbox/island_client/island_config_parser.py @@ -9,7 +9,7 @@ class IslandConfigParser(object): self.config_json = json.loads(self.config_raw) def get_ips_of_targets(self): - return self.config_json['basic_network']['general']['subnet_scan_list'] + return self.config_json['basic_network']['scope']['subnet_scan_list'] @staticmethod def get_conf_file_path(conf_file_name): diff --git a/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py b/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py index 743cb4146..7e2418d6f 100644 --- a/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py +++ b/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py @@ -104,4 +104,4 @@ class MonkeyIslandRequests(object): @_Decorators.refresh_jwt_token def get_jwt_header(self): - return {"Authorization": "JWT " + self.token} + return {"Authorization": "Bearer " + self.token} diff --git a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf index 0a81ea700..d8790f744 100644 --- a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf +++ b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf @@ -2,10 +2,13 @@ "basic": { "credentials": { "exploit_password_list": [ - "Password1!", - "1234", + "root", + "123456", "password", - "12345678" + "123456789", + "qwerty", + "111111", + "iloveyou" ], "exploit_user_list": [ "Administrator", @@ -13,71 +16,24 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "ElasticGroovyExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.4", "10.2.2.5" - ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "ElasticGroovyExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" + ] } }, "internal": { @@ -104,12 +60,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -121,63 +109,76 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf index 0b897080b..a65de1bf7 100644 --- a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf +++ b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf @@ -2,10 +2,13 @@ "basic": { "credentials": { "exploit_password_list": [ - "Password1!", - "1234", + "root", + "123456", "password", - "12345678" + "123456789", + "qwerty", + "111111", + "iloveyou" ], "exploit_user_list": [ "Administrator", @@ -13,12 +16,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "HadoopExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -26,58 +34,6 @@ "10.2.2.3", "10.2.2.2" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "HadoopExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -103,15 +59,45 @@ }, "exploits": { "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [ - "e1c0dc690821c13b10a41dccfc72e43a" - ], - "exploit_ssh_keys": [] + "exploit_ntlm_hash_list": [], + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -123,63 +109,77 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf b/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf index dc3332ed6..a88c57ac7 100644 --- a/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf +++ b/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf @@ -13,70 +13,21 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "MSSQLExploiter" + ] } }, "basic_network": { - "general": { - "blocked_ips": [], - "depth": 2, - "local_network_scan": false, - "subnet_scan_list": [ - "10.2.2.16" - ] - }, "network_analysis": { "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "MSSQLExploiter" - ], - "skip_exploit_if_file_exist": false }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" + "scope": { + "blocked_ips": [], + "depth": 2, + "local_network_scan": true, + "subnet_scan_list": [] } }, "internal": { @@ -103,12 +54,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -120,63 +103,77 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf b/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf index 23d5ce379..c57b06430 100644 --- a/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf +++ b/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf @@ -13,12 +13,36 @@ "m0nk3y" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter", + "WmiExploiter", + "SSHExploiter", + "ShellShockExploiter", + "SambaCryExploiter", + "ElasticGroovyExploiter", + "Struts2Exploiter", + "WebLogicExploiter", + "HadoopExploiter", + "VSFTPDExploiter", + "MSSQLExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [ + "10.2.2.0/30", + "10.2.2.8/30", + "10.2.2.24/32", + "10.2.2.23/32", + "10.2.2.21/32", + "10.2.2.19/32", + "10.2.2.18/32", + "10.2.2.17/32" + ] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -44,74 +68,6 @@ "10.2.2.23", "10.2.2.24" ] - }, - "network_analysis": { - "inaccessible_subnets": [ - "10.2.2.0/30", - "10.2.2.8/30", - "10.2.2.24/32", - "10.2.2.23/32", - "10.2.2.21/32", - "10.2.2.19/32", - "10.2.2.18/32", - "10.2.2.17/32" - ] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter", - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter", - "MSSQLExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -138,12 +94,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -156,74 +144,83 @@ "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, "testing": { - "export_monkey_telems": true + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [ - "CommunicateAsNewUser" + "BackdoorUser", + "CommunicateAsNewUser", + "ModifyShellStartupFiles", + "HiddenFiles", + "TrapCommand", + "ChangeSetuidSetgid", + "ScheduleJobs" ] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 15, - "victims_max_find": 100 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true, - "system_info_collectors_classes": [ + "system_info_collector_classes": [ "EnvironmentCollector", "AwsCollector", "HostnameCollector", - "ProcessListCollector" - ] - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001, - 8088 + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf index 83414774b..82cba0b70 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf @@ -13,70 +13,23 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "ShellShockExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.8" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "ShellShockExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -103,12 +56,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -120,63 +105,76 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf index e2a8a5596..c14fdfd99 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf @@ -11,12 +11,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -24,58 +29,6 @@ "10.2.2.14", "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -102,12 +55,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -119,63 +104,76 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf index d17e283c8..42a5245a6 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf @@ -10,70 +10,23 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -99,13 +52,46 @@ }, "exploits": { "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [ "f7e457346f7743daece17258667c936d" ], - "exploit_ssh_keys": [] + "exploit_ntlm_hash_list": [ "5da0889ea2081aa79f6852294cba4a5e", + "50c9987a6bf1ac59398df9f911122c9b" ], + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -117,63 +103,76 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SSH.conf b/envs/monkey_zoo/blackbox/island_configs/SSH.conf index ebb1def8b..b3ba08d77 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SSH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SSH.conf @@ -12,12 +12,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SSHExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -25,67 +30,6 @@ "10.2.2.11", "10.2.2.12" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter", - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -112,12 +56,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -129,63 +105,77 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 2, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf index 4b47a0246..92207e0a8 100644 --- a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf +++ b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf @@ -14,12 +14,17 @@ "vakaris_zilius" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "Struts2Exploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -27,55 +32,6 @@ "10.2.2.23", "10.2.2.24" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "Struts2Exploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -102,12 +58,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -119,72 +107,76 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [ - "CommunicateAsNewUser" - ] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 15, - "victims_max_find": 100 + "post_breach_actions": [] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true, - "system_info_collectors_classes": [ + "system_info_collector_classes": [ "EnvironmentCollector", "AwsCollector", "HostnameCollector", - "ProcessListCollector" - ] - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001, - 8088 + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf index 80d85a7b7..fff01c1ff 100644 --- a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf +++ b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf @@ -6,25 +6,28 @@ "3Q=(Ge(+&w]*", "`))jU7L(w}", "t67TC5ZDmz", - "12345678", - "another_one", - "and_another_one", - "one_more" + "12345678" ], "exploit_user_list": [ "Administrator", - "rand", - "rand2", "m0nk3y", "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter", + "WmiExploiter", + "SSHExploiter", + "MSSQLExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 3, "local_network_scan": false, @@ -34,67 +37,6 @@ "10.2.0.11", "10.2.0.12" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter", - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -121,12 +63,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -138,63 +112,76 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf b/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf index b86b2b566..dba3e9639 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf @@ -2,10 +2,13 @@ "basic": { "credentials": { "exploit_password_list": [ - "Password1!", - "1234", + "root", + "123456", "password", - "12345678" + "123456789", + "qwerty", + "111111", + "iloveyou" ], "exploit_user_list": [ "Administrator", @@ -13,12 +16,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "WebLogicExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -26,58 +34,6 @@ "10.2.2.18", "10.2.2.19" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "WebLogicExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -104,12 +60,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -121,63 +109,76 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf index 7b5fb3784..15cb346a5 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf @@ -11,12 +11,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "WmiExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -24,66 +29,6 @@ "10.2.2.14", "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -110,12 +55,44 @@ "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], - "exploit_ssh_keys": [] + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -127,63 +104,76 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf index 1ac0a6c3d..f0bece5e8 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf @@ -10,78 +10,23 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "WmiExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -107,13 +52,46 @@ }, "exploits": { "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [ "f7e457346f7743daece17258667c936d" ], - "exploit_ssh_keys": [] + "exploit_ntlm_hash_list": [ "5da0889ea2081aa79f6852294cba4a5e", + "50c9987a6bf1ac59398df9f911122c9b"], + "exploit_ssh_keys": [], + "general": { + "skip_exploit_if_file_exist": false + }, + "ms08_067": { + "ms08_067_exploit_attempts": 5, + "user_to_add": "Monkey_IUSER_SUPPORT", + "remote_user_pass": "Password1!" + }, + "sambacry": { + "sambacry_trigger_timeout": 5, + "sambacry_folder_paths_to_guess": [ + "/", + "/mnt", + "/tmp", + "/storage", + "/export", + "/share", + "/shares", + "/home" + ], + "sambacry_shares_not_to_check": [ + "IPC$", + "print$" + ] + } }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -125,63 +103,76 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": { + "tcp_scanner": { + "HTTP_PORTS": [ + 80, + 8080, + 443, + 8008, + 7001 + ], + "tcp_target_ports": [ + 22, + 2222, + 445, + 135, + 3389, + 80, + 8080, + 443, + 8008, + 3306, + 9200, + 7001, + 8088 + ], + "tcp_scan_interval": 0, + "tcp_scan_timeout": 3000, + "tcp_scan_get_banner": true + }, + "ping_scanner": { + "ping_scan_timeout": 1000 + } + }, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/monkey/common/version.py b/monkey/common/version.py index f8bac8916..c4e38239e 100644 --- a/monkey/common/version.py +++ b/monkey/common/version.py @@ -3,8 +3,8 @@ import argparse from pathlib import Path MAJOR = "1" -MINOR = "8" -PATCH = "2" +MINOR = "9" +PATCH = "0" build_file_path = Path(__file__).parent.joinpath("BUILD") with open(build_file_path, "r") as build_file: BUILD = build_file.read() diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index ac1ee1417..8d6210739 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -246,6 +246,16 @@ class ConfigService: for property3, subschema3 in list(subschema2["properties"].items()): if "default" in subschema3: sub_dict[property3] = subschema3["default"] + elif "properties" in subschema3: + layer_3_dict = {} + for property4, subschema4 in list(subschema3["properties"].items()): + if "properties" in subschema4: + raise ValueError("monkey/monkey_island/cc/services/config.py " + "can't handle 5 level config. " + "Either change back the config or refactor.") + if "default" in subschema4: + layer_3_dict[property4] = subschema4["default"] + sub_dict[property3] = layer_3_dict main_dict[property2] = sub_dict instance.setdefault(property1, main_dict) diff --git a/monkey/monkey_island/cc/ui/package.json b/monkey/monkey_island/cc/ui/package.json index 8addda598..67a772589 100644 --- a/monkey/monkey_island/cc/ui/package.json +++ b/monkey/monkey_island/cc/ui/package.json @@ -1,6 +1,6 @@ { "private": true, - "version": "1.8.2", + "version": "1.9.0", "name": "infection-monkey", "description": "Infection Monkey C&C UI", "scripts": { diff --git a/monkey/monkey_island/cc/ui/src/services/AuthService.js b/monkey/monkey_island/cc/ui/src/services/AuthService.js index e1db4186c..54bdccc3c 100644 --- a/monkey/monkey_island/cc/ui/src/services/AuthService.js +++ b/monkey/monkey_island/cc/ui/src/services/AuthService.js @@ -21,7 +21,7 @@ export default class AuthService { jwtHeader = () => { if (this._loggedIn()) { - return 'JWT ' + this._getToken(); + return 'Bearer ' + this._getToken(); } };