monkey/chaos_monkey/config.py

import os
import sys
import types
import uuid
from abc import ABCMeta
from itertools import product

from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter, \
    SambaCryExploiter, ElasticGroovyExploiter
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger, HTTPFinger, MySQLFinger, ElasticFinger
from network.range import FixedRange

__author__ = 'itamar'

GUID = str(uuid.getnode())

EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')


def _cast_by_example(value, example):
    """
    a method that casts a value to the type of the parameter given as example
    """
    example_type = type(example)
    if example_type is str:
        return str(os.path.expandvars(value))
    elif example_type is tuple and len(example) != 0:
        if value is None or value == tuple(None):
            return tuple()
        return tuple([_cast_by_example(x, example[0]) for x in value])
    elif example_type is list and len(example) != 0:
        if value is None or value == [None]:
            return []
        return [_cast_by_example(x, example[0]) for x in value]
    elif example_type is type(value):
        return value
    elif example_type is bool:
        return value.lower() == 'true'
    elif example_type is int:
        return int(value)
    elif example_type is float:
        return float(value)
    elif example_type is types.ClassType or example_type is ABCMeta:
        return globals()[value]
    else:
        return None


class Configuration(object):
    def from_dict(self, data):
        """
        Get a dict of config variables, set known variables as attributes on self.
        Return dict of unknown variables encountered.
        """
        unknown_variables = {}
        for key, value in data.items():
            if key.startswith('_'):
                continue
            if key in ["name", "id", "current_server"]:
                continue
            if self._depth_from_commandline and key == "depth":
                continue
            try:
                default_value = getattr(Configuration, key)
            except AttributeError:
                unknown_variables[key] = value
                continue

            setattr(self, key, _cast_by_example(value, default_value))
        return unknown_variables

    def as_dict(self):
        result = {}
        for key in dir(Configuration):
            if key.startswith('_'):
                continue
            try:
                value = getattr(self, key)
            except AttributeError:
                continue

            val_type = type(value)

            if val_type is types.FunctionType or val_type is types.MethodType:
                continue

            if val_type is types.ClassType or val_type is ABCMeta:
                value = value.__name__
            elif val_type is tuple or val_type is list:
                if len(value) != 0 and (type(value[0]) is types.ClassType or type(value[0]) is ABCMeta):
                    value = val_type([x.__name__ for x in value])

            result[key] = value

        return result

    # Used to keep track of our depth if manually specified
    _depth_from_commandline = False

    ###########################
    # logging config
    ###########################

    use_file_logging = True
    dropper_log_path_windows = '%temp%\\~df1562.tmp'
    dropper_log_path_linux = '/tmp/user-1562'
    monkey_log_path_windows = '%temp%\\~df1563.tmp'
    monkey_log_path_linux = '/tmp/user-1563'

    ###########################
    # dropper config
    ###########################

    dropper_try_move_first = True
    dropper_set_date = True
    dropper_date_reference_path_windows = r"%windir%\system32\kernel32.dll"
    dropper_date_reference_path_linux = '/bin/sh'
    dropper_target_path = r"C:\Windows\monkey.exe"
    dropper_target_path_linux = '/tmp/monkey'

    ###########################
    # Kill file
    ###########################
    kill_file_path_windows = '%windir%\\monkey.not'
    kill_file_path_linux = '/var/run/monkey.not'

    ###########################
    # monkey config
    ###########################
    # sets whether or not the monkey is alive. if false will stop scanning and exploiting
    alive = True

    # sets whether or not to self delete the monkey executable when stopped
    self_delete_in_cleanup = False

    # string of the mutex name for single instance
    singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"

    # how long to wait between scan iterations
    timeout_between_iterations = 100

    # how many scan iterations to perform on each run
    max_iterations = 1

    scanner_class = TcpScanner
    finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger, MySQLFinger, ElasticFinger]
    exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter,  # Windows exploits
                         SSHExploiter, ShellShockExploiter, SambaCryExploiter,  # Linux
                         ElasticGroovyExploiter,  # multi
                         ]

    # how many victims to look for in a single scan iteration
    victims_max_find = 14

    # how many victims to exploit before stopping
    victims_max_exploit = 7

    # depth of propagation
    depth = 2
    current_server = ""

    # Configuration servers to try to connect to, in this order.
    command_servers = [
        "41.50.73.31:5000"
    ]

    # sets whether or not to locally save the running configuration after finishing
    serialize_config = False

    # sets whether or not to retry failed hosts on next scan
    retry_failed_explotation = True

    # addresses of internet servers to ping and check if the monkey has internet acccess.
    internet_services = ["monkey.guardicore.com", "www.google.com"]

    ###########################
    # scanners config
    ###########################

    # Auto detect and scan local subnets
    local_network_scan = True

    range_class = FixedRange
    range_size = 1
    range_fixed = ['', ]

    blocked_ips = ['', ]

    # TCP Scanner
    HTTP_PORTS = [80, 8080, 443,
                  8008,  # HTTP alternate
                  ]
    tcp_target_ports = [22,
                        2222,
                        445,
                        135,
                        3389,
                        80,
                        8080,
                        443,
                        8008,
                        3306,
                        9200]
    tcp_target_ports.extend(HTTP_PORTS)
    tcp_scan_timeout = 3000  # 3000 Milliseconds
    tcp_scan_interval = 200
    tcp_scan_get_banner = True

    # Ping Scanner
    ping_scan_timeout = 1000

    ###########################
    # exploiters config
    ###########################

    skip_exploit_if_file_exist = False

    ms08_067_exploit_attempts = 5
    ms08_067_remote_user_add = "Monkey_IUSER_SUPPORT"
    ms08_067_remote_user_pass = "Password1!"

    # rdp exploiter
    rdp_use_vbs_download = True

    # User and password dictionaries for exploits.

    def get_exploit_user_password_pairs(self):
        """
        Returns all combinations of the configurations users and passwords
        :return:
        """
        return product(self.exploit_user_list, self.exploit_password_list)

    def get_exploit_user_password_or_hash_product(self):
        """
        Returns all combinations of the configurations users and passwords or lm/ntlm hashes
        :return:
        """
        cred_list = []
        for cred in product(self.exploit_user_list, self.exploit_password_list, [''], ['']):
            cred_list.append(cred)
        for cred in product(self.exploit_user_list, [''], [''], self.exploit_ntlm_hash_list):
            cred_list.append(cred)
        for cred in product(self.exploit_user_list, [''], self.exploit_lm_hash_list, ['']):
            cred_list.append(cred)
        return cred_list

    exploit_user_list = ['Administrator', 'root', 'user']
    exploit_password_list = ["Password1!", "1234", "password", "12345678"]
    exploit_lm_hash_list = []
    exploit_ntlm_hash_list = []

    # smb/wmi exploiter
    smb_download_timeout = 300  # timeout in seconds
    smb_service_name = "InfectionMonkey"

    # Timeout (in seconds) for sambacry's trigger to yield results.
    sambacry_trigger_timeout = 5
    # Folder paths to guess share lies inside.
    sambacry_folder_paths_to_guess = ['/', '/mnt', '/tmp', '/storage', '/export', '/share', '/shares', '/home']
    # Shares to not check if they're writable.
    sambacry_shares_not_to_check = ["IPC$", "print$"]

    # system info collection
    collect_system_info = True

    ###########################
    # systeminfo config
    ###########################

    mimikatz_dll_name = "mk.dll"


WormConfiguration = Configuration()
first commit 2015-08-30 15:27:35 +08:00			`import os`
			`import sys`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00			`import types`
			`import uuid`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`from abc import ABCMeta`
Fixed CR 2017-08-21 00:32:18 +08:00			`from itertools import product`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00
			`from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter, \`
Added Elastic attack 2017-09-26 20:43:46 +08:00			`SambaCryExploiter, ElasticGroovyExploiter`
Merge from develop 2017-09-25 23:23:31 +08:00			`from network import TcpScanner, PingScanner, SMBFinger, SSHFinger, HTTPFinger, MySQLFinger, ElasticFinger`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00			`from network.range import FixedRange`
code organization 2015-11-30 16:56:20 +08:00
first commit 2015-08-30 15:27:35 +08:00			`__author__ = 'itamar'`

add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`GUID = str(uuid.getnode())`

Fixed an annoying path in Windows paths... 2016-06-07 23:14:38 +08:00			`EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`def _cast_by_example(value, example):`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`"""`
			`a method that casts a value to the type of the parameter given as example`
			`"""`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`example_type = type(example)`
			`if example_type is str:`
			`return str(os.path.expandvars(value))`
			`elif example_type is tuple and len(example) != 0:`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`if value is None or value == tuple(None):`
			`return tuple()`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`return tuple([_cast_by_example(x, example[0]) for x in value])`
			`elif example_type is list and len(example) != 0:`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`if value is None or value == [None]:`
			`return []`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`return [_cast_by_example(x, example[0]) for x in value]`
			`elif example_type is type(value):`
			`return value`
			`elif example_type is bool:`
			`return value.lower() == 'true'`
			`elif example_type is int:`
			`return int(value)`
			`elif example_type is float:`
			`return float(value)`
			`elif example_type is types.ClassType or example_type is ABCMeta:`
			`return globals()[value]`
			`else:`
			`return None`

configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`class Configuration(object):`
			`def from_dict(self, data):`
Don't crash when receiving unknown configuration variables Instead of crashing if the monkey deserializes an unknown configuration variable, send an error message to the current monkey server and keep on working. Add utnittests. fixes #26 2016-09-28 04:50:47 +08:00			`"""`
			`Get a dict of config variables, set known variables as attributes on self.`
			`Return dict of unknown variables encountered.`
			`"""`
			`unknown_variables = {}`
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`for key, value in data.items():`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`if key.startswith('_'):`
			`continue`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`if key in ["name", "id", "current_server"]:`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`continue`
Changed Monkey SSH file path to /tmp to not require root. Tiny PEP8 changes 2016-08-20 20:28:14 +08:00			`if self._depth_from_commandline and key == "depth":`
depth commandline option is not overwritten when getting config from the island 2016-08-01 21:52:27 +08:00			`continue`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`try:`
			`default_value = getattr(Configuration, key)`
			`except AttributeError:`
Don't crash when receiving unknown configuration variables Instead of crashing if the monkey deserializes an unknown configuration variable, send an error message to the current monkey server and keep on working. Add utnittests. fixes #26 2016-09-28 04:50:47 +08:00			`unknown_variables[key] = value`
			`continue`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`setattr(self, key, _cast_by_example(value, default_value))`
Don't crash when receiving unknown configuration variables Instead of crashing if the monkey deserializes an unknown configuration variable, send an error message to the current monkey server and keep on working. Add utnittests. fixes #26 2016-09-28 04:50:47 +08:00			`return unknown_variables`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
			`def as_dict(self):`
			`result = {}`
			`for key in dir(Configuration):`
			`if key.startswith('_'):`
			`continue`
			`try:`
			`value = getattr(self, key)`
			`except AttributeError:`
			`continue`

			`val_type = type(value)`

			`if val_type is types.FunctionType or val_type is types.MethodType:`
			`continue`

			`if val_type is types.ClassType or val_type is ABCMeta:`
			`value = value.__name__`
			`elif val_type is tuple or val_type is list:`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`if len(value) != 0 and (type(value[0]) is types.ClassType or type(value[0]) is ABCMeta):`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`value = val_type([x.__name__ for x in value])`

			`result[key] = value`

			`return result`

Documented config variable 2016-08-20 22:56:23 +08:00			`# Used to keep track of our depth if manually specified`
depth commandline option is not overwritten when getting config from the island 2016-08-01 21:52:27 +08:00			`_depth_from_commandline = False`

first commit 2015-08-30 15:27:35 +08:00			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# logging config`
code organization 2015-11-30 16:56:20 +08:00			`###########################`
first commit 2015-08-30 15:27:35 +08:00
			`use_file_logging = True`
Expand config env variables on demand 2017-09-27 16:24:42 +08:00			`dropper_log_path_windows = '%temp%\\~df1562.tmp'`
GC-5506 #resolved added different log files for different platforms. 2016-03-02 23:13:36 +08:00			`dropper_log_path_linux = '/tmp/user-1562'`
Expand config env variables on demand 2017-09-27 16:24:42 +08:00			`monkey_log_path_windows = '%temp%\\~df1563.tmp'`
GC-5506 #resolved added different log files for different platforms. 2016-03-02 23:13:36 +08:00			`monkey_log_path_linux = '/tmp/user-1563'`
first commit 2015-08-30 15:27:35 +08:00
			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# dropper config`
first commit 2015-08-30 15:27:35 +08:00			`###########################`

Fix SambaCry not working for non-root user 2017-10-02 22:11:51 +08:00			`dropper_try_move_first = True`
first commit 2015-08-30 15:27:35 +08:00			`dropper_set_date = True`
Expand config env variables on demand 2017-09-27 16:24:42 +08:00			`dropper_date_reference_path_windows = r"%windir%\system32\kernel32.dll"`
			`dropper_date_reference_path_linux = '/bin/sh'`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`dropper_target_path = r"C:\Windows\monkey.exe"`
Changed Monkey SSH file path to /tmp to not require root. Tiny PEP8 changes 2016-08-20 20:28:14 +08:00			`dropper_target_path_linux = '/tmp/monkey'`
first commit 2015-08-30 15:27:35 +08:00
Removed unused import. Added kill file option. 2016-07-19 04:43:17 +08:00			`###########################`
			`# Kill file`
			`###########################`
Expand config env variables on demand 2017-09-27 16:24:42 +08:00			`kill_file_path_windows = '%windir%\\monkey.not'`
Added local kill switch to flow, right after loading configuration. 2016-07-31 19:33:48 +08:00			`kill_file_path_linux = '/var/run/monkey.not'`
Removed unused import. Added kill file option. 2016-07-19 04:43:17 +08:00
first commit 2015-08-30 15:27:35 +08:00			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# monkey config`
first commit 2015-08-30 15:27:35 +08:00			`###########################`
merge fix 2016-07-15 22:00:55 +08:00			`# sets whether or not the monkey is alive. if false will stop scanning and exploiting`
minor bug fix 2015-09-30 20:05:30 +08:00			`alive = True`

merge fix 2016-07-15 22:00:55 +08:00			`# sets whether or not to self delete the monkey executable when stopped`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`self_delete_in_cleanup = False`
added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00
merge fix 2016-07-15 22:00:55 +08:00			`# string of the mutex name for single instance`
first commit 2015-08-30 15:27:35 +08:00			`singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"`

			`# how long to wait between scan iterations`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`timeout_between_iterations = 100`
first commit 2015-08-30 15:27:35 +08:00
			`# how many scan iterations to perform on each run`
GC-5050: better range calculation 2016-01-13 16:27:49 +08:00			`max_iterations = 1`
first commit 2015-08-30 15:27:35 +08:00
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`scanner_class = TcpScanner`
Merge from develop 2017-09-25 23:23:31 +08:00			`finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger, MySQLFinger, ElasticFinger]`
Reverted bug in config, added 'user' to default bruteforce. 2016-08-30 16:04:44 +08:00			`exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00			`SSHExploiter, ShellShockExploiter, SambaCryExploiter, # Linux`
Added Elastic attack 2017-09-26 20:43:46 +08:00			`ElasticGroovyExploiter, # multi`
Reverted bug in config, added 'user' to default bruteforce. 2016-08-30 16:04:44 +08:00			`]`
first commit 2015-08-30 15:27:35 +08:00
			`# how many victims to look for in a single scan iteration`
			`victims_max_find = 14`

			`# how many victims to exploit before stopping`
			`victims_max_exploit = 7`

GC-4599: added depth parameter 2015-12-08 01:08:15 +08:00			`# depth of propagation`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`depth = 2`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`current_server = ""`

Changed Monkey SSH file path to /tmp to not require root. Tiny PEP8 changes 2016-08-20 20:28:14 +08:00			`# Configuration servers to try to connect to, in this order.`
code organization #3 2015-12-02 17:18:27 +08:00			`command_servers = [`
Change default server to non-sense IP to force override. Must never be localhost. 2016-07-31 19:33:13 +08:00			`"41.50.73.31:5000"`
code organization #3 2015-12-02 17:18:27 +08:00			`]`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
config bugfix - missing field 2016-07-23 13:59:26 +08:00			`# sets whether or not to locally save the running configuration after finishing`
			`serialize_config = False`

merge fix 2016-07-15 22:00:55 +08:00			`# sets whether or not to retry failed hosts on next scan`
added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00			`retry_failed_explotation = True`
first commit 2015-08-30 15:27:35 +08:00
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00			`# addresses of internet servers to ping and check if the monkey has internet acccess.`
Changed DNS path to monkey.guardicore.com 2016-07-10 16:47:07 +08:00			`internet_services = ["monkey.guardicore.com", "www.google.com"]`
Added internet access check Shown in the monkey properties in the island 2016-06-28 16:13:24 +08:00
first commit 2015-08-30 15:27:35 +08:00			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# scanners config`
first commit 2015-08-30 15:27:35 +08:00			`###########################`

Added auto-scan subnets option Monkey is now able to auto scan the local host subnets, removing the need to preconfigure it to scan the network subnets (option is on by default) 2016-07-15 21:54:46 +08:00			`# Auto detect and scan local subnets`
Reverted bug in config, added 'user' to default bruteforce. 2016-08-30 16:04:44 +08:00			`local_network_scan = True`
Added auto-scan subnets option Monkey is now able to auto scan the local host subnets, removing the need to preconfigure it to scan the network subnets (option is on by default) 2016-07-15 21:54:46 +08:00
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`range_class = FixedRange`
			`range_size = 1`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00			`range_fixed = ['', ]`
first commit 2015-08-30 15:27:35 +08:00
Issue #35 - Added option for blocked IPs. 2016-09-21 16:35:41 +08:00			`blocked_ips = ['', ]`

first commit 2015-08-30 15:27:35 +08:00			`# TCP Scanner`
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00			`HTTP_PORTS = [80, 8080, 443,`
			`8008, # HTTP alternate`
			`]`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00			`tcp_target_ports = [22,`
Fixed CR notes https://github.com/guardicore/monkey/pull/48#pullrequestreview-64914540 2017-09-25 23:02:21 +08:00			`2222,`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00			`445,`
			`135,`
			`3389,`
			`80,`
			`8080,`
			`443,`
			`8008,`
Merge from develop 2017-09-25 23:23:31 +08:00			`3306,`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00			`9200]`
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00			`tcp_target_ports.extend(HTTP_PORTS)`
code organization #3 2015-12-02 17:18:27 +08:00			`tcp_scan_timeout = 3000 # 3000 Milliseconds`
first commit 2015-08-30 15:27:35 +08:00			`tcp_scan_interval = 200`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`tcp_scan_get_banner = True`
first commit 2015-08-30 15:27:35 +08:00
			`# Ping Scanner`
			`ping_scan_timeout = 1000`

			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# exploiters config`
first commit 2015-08-30 15:27:35 +08:00			`###########################`

Change skip exploit if monkey exist to false 2017-09-28 19:44:18 +08:00			`skip_exploit_if_file_exist = False`
first commit 2015-08-30 15:27:35 +08:00
			`ms08_067_exploit_attempts = 5`
Changed MS08-67 user to monkey indicative to help track infections 2016-06-14 22:06:17 +08:00			`ms08_067_remote_user_add = "Monkey_IUSER_SUPPORT"`
first commit 2015-08-30 15:27:35 +08:00			`ms08_067_remote_user_pass = "Password1!"`

GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# rdp exploiter`
minor bug fix 2015-09-30 20:05:30 +08:00			`rdp_use_vbs_download = True`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
Add mimikatz collector Combine all users and passwords in config 2017-08-16 20:14:26 +08:00			`# User and password dictionaries for exploits.`
Fixed CR 2017-08-21 00:32:18 +08:00
Fix config property bug 2017-08-21 16:51:47 +08:00			`def get_exploit_user_password_pairs(self):`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00			`"""`
			`Returns all combinations of the configurations users and passwords`
			`:return:`
			`"""`
Fixed CR 2017-08-21 00:32:18 +08:00			`return product(self.exploit_user_list, self.exploit_password_list)`

Implement pass the hash for SMB 2017-09-26 23:11:13 +08:00			`def get_exploit_user_password_or_hash_product(self):`
			`"""`
			`Returns all combinations of the configurations users and passwords or lm/ntlm hashes`
			`:return:`
			`"""`
			`cred_list = []`
			`for cred in product(self.exploit_user_list, self.exploit_password_list, [''], ['']):`
			`cred_list.append(cred)`
			`for cred in product(self.exploit_user_list, [''], [''], self.exploit_ntlm_hash_list):`
			`cred_list.append(cred)`
			`for cred in product(self.exploit_user_list, [''], self.exploit_lm_hash_list, ['']):`
			`cred_list.append(cred)`
			`return cred_list`

Fixed CR 2017-08-21 00:32:18 +08:00			`exploit_user_list = ['Administrator', 'root', 'user']`
			`exploit_password_list = ["Password1!", "1234", "password", "12345678"]`
Implement pass the hash for SMB 2017-09-26 23:11:13 +08:00			`exploit_lm_hash_list = []`
			`exploit_ntlm_hash_list = []`
Add mimikatz collector Combine all users and passwords in config 2017-08-16 20:14:26 +08:00
PEP8 in diff files Add concept of non default timeout for copying SMB files. This is by default 5 minutes. Changed behavior of SMB exploiter if file already exists, we don't assume exploitation is useless and try again. Worse case is we run the monkey after it finished running. Changed behavior if managed to connect to machine to IPC$ over some dialect. If Success, we don't try again. 2016-09-05 22:45:27 +08:00			`# smb/wmi exploiter`
Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00			`smb_download_timeout = 300 # timeout in seconds`
Removed legacy ChaosMonkey from SMB execution. 2016-09-08 00:10:30 +08:00			`smb_service_name = "InfectionMonkey"`

Documented sambacry, moved everything to configuration, minor fixes 2017-09-01 01:03:32 +08:00			`# Timeout (in seconds) for sambacry's trigger to yield results.`
			`sambacry_trigger_timeout = 5`
			`# Folder paths to guess share lies inside.`
minor fix 2017-09-04 21:36:15 +08:00			`sambacry_folder_paths_to_guess = ['/', '/mnt', '/tmp', '/storage', '/export', '/share', '/shares', '/home']`
Documented sambacry, moved everything to configuration, minor fixes 2017-09-01 01:03:32 +08:00			`# Shares to not check if they're writable.`
			`sambacry_shares_not_to_check = ["IPC$", "print$"]`

GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# system info collection`
			`collect_system_info = True`

Add mimikatz collector Combine all users and passwords in config 2017-08-16 20:14:26 +08:00			`###########################`
			`# systeminfo config`
			`###########################`

			`mimikatz_dll_name = "mk.dll"`

Add elasticsearch fingerprinting. 2017-09-25 20:13:36 +08:00
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`WormConfiguration = Configuration()`