monkey/chaos_monkey/config.py

import os
import sys
from network.range import FixedRange, RelativeRange, ClassCRange
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger
from abc import ABCMeta
import uuid
import types

__author__ = 'itamar'

GUID = str(uuid.getnode())

EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')


def _cast_by_example(value, example):
    """
    a method that casts a value to the type of the parameter given as example
    """
    example_type = type(example)
    if example_type is str:
        return str(os.path.expandvars(value))
    elif example_type is tuple and len(example) != 0:
        if value is None or value == tuple(None):
            return tuple()
        return tuple([_cast_by_example(x, example[0]) for x in value])
    elif example_type is list and len(example) != 0:
        if value is None or value == [None]:
            return []
        return [_cast_by_example(x, example[0]) for x in value]
    elif example_type is type(value):
        return value
    elif example_type is bool:
        return value.lower() == 'true'
    elif example_type is int:
        return int(value)
    elif example_type is float:
        return float(value)
    elif example_type is types.ClassType or example_type is ABCMeta:
        return globals()[value]
    else:
        return None


class Configuration(object):

    def from_dict(self, data):
        for key, value in data.items():
            if key.startswith('_'):
                continue
            if key in ["name", "id", "current_server"]:
                continue
            try:
                default_value = getattr(Configuration, key)
            except AttributeError:
                raise

            setattr(self, key, _cast_by_example(value, default_value))

    def as_dict(self):
        result = {}
        for key in dir(Configuration):
            if key.startswith('_'):
                continue
            try:
                value = getattr(self, key)
            except AttributeError:
                continue

            val_type = type(value)

            if val_type is types.FunctionType or val_type is types.MethodType:
                continue

            if val_type is types.ClassType or val_type is ABCMeta:
                value = value.__name__
            elif val_type is tuple or val_type is list:
                if len(value) != 0 and (type(value[0]) is types.ClassType or type(value[0]) is ABCMeta):
                    value = val_type([x.__name__ for x in value])

            result[key] = value

        return result

    ###########################
    # logging config
    ###########################

    use_file_logging = True
    dropper_log_path_windows = os.path.expandvars("%temp%\~df1562.tmp")
    dropper_log_path_linux = '/tmp/user-1562'
    monkey_log_path_windows = os.path.expandvars("%temp%\~df1563.tmp")
    monkey_log_path_linux = '/tmp/user-1563'

    ###########################
    # dropper config
    ###########################

    dropper_try_move_first = sys.argv[0].endswith(".exe")
    dropper_set_date = True
    dropper_date_reference_path = r"\windows\system32\kernel32.dll" if sys.platform == "win32" else '/bin/sh'
    dropper_target_path = r"C:\Windows\monkey.exe"
    dropper_target_path_linux = '/bin/monkey'

    ###########################
    # Kill file
    ###########################
    kill_file_path_windows = os.path.expandvars("%temp%\~df4150.tmp")
    kill_file_path_linux = '/tmp/user-4150'

    ###########################
    # monkey config
    ###########################
    # sets whether or not the monkey is alive. if false will stop scanning and exploiting
    alive = True

    # sets whether or not to self delete the monkey executable when stopped
    self_delete_in_cleanup = False

    # string of the mutex name for single instance
    singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"

    # how long to wait between scan iterations
    timeout_between_iterations = 100

    # how many scan iterations to perform on each run
    max_iterations = 1

    scanner_class = TcpScanner
    finger_classes = [SMBFinger, SSHFinger, PingScanner]
    exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter]

    # how many victims to look for in a single scan iteration
    victims_max_find = 14

    # how many victims to exploit before stopping
    victims_max_exploit = 7

    # depth of propagation
    depth = 2
    current_server = ""

    #Configuration servers to try to connect to, in this order.
    command_servers = [
        "127.0.0.1:5000"
    ]

    # sets whether or not to locally save the running configuration after finishing
    serialize_config = False

    # sets whether or not to retry failed hosts on next scan
    retry_failed_explotation = True

    #addresses of internet servers to ping and check if the monkey has internet acccess.
    internet_services = ["monkey.guardicore.com", "www.google.com"]

    ###########################
    # scanners config
    ###########################

    # Auto detect and scan local subnets
    local_network_scan = True

    range_class = FixedRange
    range_size = 1
    range_fixed = ["", ]

    # TCP Scanner
    tcp_target_ports = [22, 2222, 445, 135, 3389]
    tcp_scan_timeout = 3000  # 3000 Milliseconds
    tcp_scan_interval = 200
    tcp_scan_get_banner = True

    # Ping Scanner
    ping_scan_timeout = 1000

    ###########################
    # exploiters config
    ###########################

    skip_exploit_if_file_exist = True

    ms08_067_exploit_attempts = 5
    ms08_067_remote_user_add = "Monkey_IUSER_SUPPORT"
    ms08_067_remote_user_pass = "Password1!"

    # psexec exploiter
    psexec_user = "Administrator"
    psexec_passwords = ["Password1!", "1234", "password", "12345678"]

    # ssh exploiter
    ssh_user = "root"
    ssh_passwords = ["Password1!", "1234", "password", "12345678"]

    # rdp exploiter
    rdp_use_vbs_download = True

    # system info collection
    collect_system_info = True

WormConfiguration = Configuration()
first commit 2015-08-30 15:27:35 +08:00			`import os`
			`import sys`
config edit 2015-12-02 19:49:26 +08:00			`from network.range import FixedRange, RelativeRange, ClassCRange`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter`
			`from network import TcpScanner, PingScanner, SMBFinger, SSHFinger`
			`from abc import ABCMeta`
			`import uuid`
			`import types`
code organization 2015-11-30 16:56:20 +08:00
first commit 2015-08-30 15:27:35 +08:00			`__author__ = 'itamar'`

add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`GUID = str(uuid.getnode())`

Fixed an annoying path in Windows paths... 2016-06-07 23:14:38 +08:00			`EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`def _cast_by_example(value, example):`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`"""`
			`a method that casts a value to the type of the parameter given as example`
			`"""`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`example_type = type(example)`
			`if example_type is str:`
			`return str(os.path.expandvars(value))`
			`elif example_type is tuple and len(example) != 0:`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`if value is None or value == tuple(None):`
			`return tuple()`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`return tuple([_cast_by_example(x, example[0]) for x in value])`
			`elif example_type is list and len(example) != 0:`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`if value is None or value == [None]:`
			`return []`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`return [_cast_by_example(x, example[0]) for x in value]`
			`elif example_type is type(value):`
			`return value`
			`elif example_type is bool:`
			`return value.lower() == 'true'`
			`elif example_type is int:`
			`return int(value)`
			`elif example_type is float:`
			`return float(value)`
			`elif example_type is types.ClassType or example_type is ABCMeta:`
			`return globals()[value]`
			`else:`
			`return None`

configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`class Configuration(object):`

			`def from_dict(self, data):`
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`for key, value in data.items():`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`if key.startswith('_'):`
			`continue`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`if key in ["name", "id", "current_server"]:`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`continue`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`try:`
			`default_value = getattr(Configuration, key)`
			`except AttributeError:`
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`raise`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`setattr(self, key, _cast_by_example(value, default_value))`

			`def as_dict(self):`
			`result = {}`
			`for key in dir(Configuration):`
			`if key.startswith('_'):`
			`continue`
			`try:`
			`value = getattr(self, key)`
			`except AttributeError:`
			`continue`

			`val_type = type(value)`

			`if val_type is types.FunctionType or val_type is types.MethodType:`
			`continue`

			`if val_type is types.ClassType or val_type is ABCMeta:`
			`value = value.__name__`
			`elif val_type is tuple or val_type is list:`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`if len(value) != 0 and (type(value[0]) is types.ClassType or type(value[0]) is ABCMeta):`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`value = val_type([x.__name__ for x in value])`

			`result[key] = value`

			`return result`

first commit 2015-08-30 15:27:35 +08:00			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# logging config`
code organization 2015-11-30 16:56:20 +08:00			`###########################`
first commit 2015-08-30 15:27:35 +08:00
			`use_file_logging = True`
GC-5506 #resolved added different log files for different platforms. 2016-03-02 23:13:36 +08:00			`dropper_log_path_windows = os.path.expandvars("%temp%\~df1562.tmp")`
			`dropper_log_path_linux = '/tmp/user-1562'`
			`monkey_log_path_windows = os.path.expandvars("%temp%\~df1563.tmp")`
			`monkey_log_path_linux = '/tmp/user-1563'`
first commit 2015-08-30 15:27:35 +08:00
			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# dropper config`
first commit 2015-08-30 15:27:35 +08:00			`###########################`

			`dropper_try_move_first = sys.argv[0].endswith(".exe")`
			`dropper_set_date = True`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`dropper_date_reference_path = r"\windows\system32\kernel32.dll" if sys.platform == "win32" else '/bin/sh'`
			`dropper_target_path = r"C:\Windows\monkey.exe"`
			`dropper_target_path_linux = '/bin/monkey'`
first commit 2015-08-30 15:27:35 +08:00
Removed unused import. Added kill file option. 2016-07-19 04:43:17 +08:00			`###########################`
			`# Kill file`
			`###########################`
			`kill_file_path_windows = os.path.expandvars("%temp%\~df4150.tmp")`
			`kill_file_path_linux = '/tmp/user-4150'`

first commit 2015-08-30 15:27:35 +08:00			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# monkey config`
first commit 2015-08-30 15:27:35 +08:00			`###########################`
merge fix 2016-07-15 22:00:55 +08:00			`# sets whether or not the monkey is alive. if false will stop scanning and exploiting`
minor bug fix 2015-09-30 20:05:30 +08:00			`alive = True`

merge fix 2016-07-15 22:00:55 +08:00			`# sets whether or not to self delete the monkey executable when stopped`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`self_delete_in_cleanup = False`
added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00
merge fix 2016-07-15 22:00:55 +08:00			`# string of the mutex name for single instance`
first commit 2015-08-30 15:27:35 +08:00			`singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"`

			`# how long to wait between scan iterations`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`timeout_between_iterations = 100`
first commit 2015-08-30 15:27:35 +08:00
			`# how many scan iterations to perform on each run`
GC-5050: better range calculation 2016-01-13 16:27:49 +08:00			`max_iterations = 1`
first commit 2015-08-30 15:27:35 +08:00
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`scanner_class = TcpScanner`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`finger_classes = [SMBFinger, SSHFinger, PingScanner]`
			`exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter]`
first commit 2015-08-30 15:27:35 +08:00
			`# how many victims to look for in a single scan iteration`
			`victims_max_find = 14`

			`# how many victims to exploit before stopping`
			`victims_max_exploit = 7`

GC-4599: added depth parameter 2015-12-08 01:08:15 +08:00			`# depth of propagation`
GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`depth = 2`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`current_server = ""`

Updated config documentation 2016-07-10 16:20:22 +08:00			`#Configuration servers to try to connect to, in this order.`
code organization #3 2015-12-02 17:18:27 +08:00			`command_servers = [`
logging missing configuration 2015-12-03 22:21:16 +08:00			`"127.0.0.1:5000"`
code organization #3 2015-12-02 17:18:27 +08:00			`]`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
config bugfix - missing field 2016-07-23 13:59:26 +08:00			`# sets whether or not to locally save the running configuration after finishing`
			`serialize_config = False`

merge fix 2016-07-15 22:00:55 +08:00			`# sets whether or not to retry failed hosts on next scan`
added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00			`retry_failed_explotation = True`
first commit 2015-08-30 15:27:35 +08:00
Updated config documentation 2016-07-10 16:20:22 +08:00			`#addresses of internet servers to ping and check if the monkey has internet acccess.`
Changed DNS path to monkey.guardicore.com 2016-07-10 16:47:07 +08:00			`internet_services = ["monkey.guardicore.com", "www.google.com"]`
Added internet access check Shown in the monkey properties in the island 2016-06-28 16:13:24 +08:00
first commit 2015-08-30 15:27:35 +08:00			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# scanners config`
first commit 2015-08-30 15:27:35 +08:00			`###########################`

Added auto-scan subnets option Monkey is now able to auto scan the local host subnets, removing the need to preconfigure it to scan the network subnets (option is on by default) 2016-07-15 21:54:46 +08:00			`# Auto detect and scan local subnets`
			`local_network_scan = True`

GC-5050: better configuration handling 2016-01-14 17:58:15 +08:00			`range_class = FixedRange`
			`range_size = 1`
serval bug fixes 1. all monkeys got the 1st config; 2. incompatible config types 3. UI fixes at the island 2016-07-06 16:44:33 +08:00			`range_fixed = ["", ]`
first commit 2015-08-30 15:27:35 +08:00
			`# TCP Scanner`
added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00			`tcp_target_ports = [22, 2222, 445, 135, 3389]`
code organization #3 2015-12-02 17:18:27 +08:00			`tcp_scan_timeout = 3000 # 3000 Milliseconds`
first commit 2015-08-30 15:27:35 +08:00			`tcp_scan_interval = 200`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`tcp_scan_get_banner = True`
first commit 2015-08-30 15:27:35 +08:00
			`# Ping Scanner`
			`ping_scan_timeout = 1000`

			`###########################`
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# exploiters config`
first commit 2015-08-30 15:27:35 +08:00			`###########################`

			`skip_exploit_if_file_exist = True`

			`ms08_067_exploit_attempts = 5`
Changed MS08-67 user to monkey indicative to help track infections 2016-06-14 22:06:17 +08:00			`ms08_067_remote_user_add = "Monkey_IUSER_SUPPORT"`
first commit 2015-08-30 15:27:35 +08:00			`ms08_067_remote_user_pass = "Password1!"`

			`# psexec exploiter`
			`psexec_user = "Administrator"`
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`psexec_passwords = ["Password1!", "1234", "password", "12345678"]`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# ssh exploiter`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`ssh_user = "root"`
config edit 2015-12-02 19:49:26 +08:00			`ssh_passwords = ["Password1!", "1234", "password", "12345678"]`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# rdp exploiter`
minor bug fix 2015-09-30 20:05:30 +08:00			`rdp_use_vbs_download = True`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
GC-3598: added info collection infrastructure 2015-11-30 21:29:30 +08:00			`# system info collection`
			`collect_system_info = True`

configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`WormConfiguration = Configuration()`