diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index aba333c5e..5920d1883 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -28,9 +28,6 @@ class Configuration(object): continue if key in LOCAL_CONFIG_VARS: continue - if self._depth_from_commandline and key == "depth": - self.max_depth = value - continue if hasattr(self, key): setattr(self, key, value) else: @@ -70,9 +67,6 @@ class Configuration(object): return result - # Used to keep track of our depth if manually specified - _depth_from_commandline = False - ########################### # logging config ########################### diff --git a/monkey/infection_monkey/exploit/HostExploiter.py b/monkey/infection_monkey/exploit/HostExploiter.py index 0f698c926..e1b6d0c80 100644 --- a/monkey/infection_monkey/exploit/HostExploiter.py +++ b/monkey/infection_monkey/exploit/HostExploiter.py @@ -72,11 +72,13 @@ class HostExploiter: def exploit_host( self, host, + current_depth: int, telemetry_messenger: ITelemetryMessenger, agent_repository: IAgentRepository, options: Dict, ): self.host = host + self.current_depth = current_depth self.telemetry_messenger = telemetry_messenger self.agent_repository = agent_repository self.options = options diff --git a/monkey/infection_monkey/exploit/exploiter_wrapper.py b/monkey/infection_monkey/exploit/exploiter_wrapper.py index c621ecaea..5e855ff22 100644 --- a/monkey/infection_monkey/exploit/exploiter_wrapper.py +++ b/monkey/infection_monkey/exploit/exploiter_wrapper.py @@ -26,10 +26,10 @@ class ExploiterWrapper: self._telemetry_messenger = telemetry_messenger self._agent_repository = agent_repository - def exploit_host(self, host: VictimHost, options: Dict): + def exploit_host(self, host: VictimHost, current_depth: int, options: Dict): exploiter = self._exploit_class() return exploiter.exploit_host( - host, self._telemetry_messenger, self._agent_repository, options + host, current_depth, self._telemetry_messenger, self._agent_repository, options ) def __init__( diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py index 69e5c601b..0618a3dad 100644 --- a/monkey/infection_monkey/exploit/hadoop.py +++ b/monkey/infection_monkey/exploit/hadoop.py @@ -12,7 +12,6 @@ from random import SystemRandom import requests from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT -from infection_monkey.exploit.tools.helpers import get_monkey_depth from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.model import ( @@ -95,7 +94,7 @@ class HadoopExploiter(WebRCE): def _build_command(self, path, http_path): # Build command to execute - monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1) + monkey_cmd = build_monkey_commandline(self.host, self.current_depth - 1) if "linux" in self.host.os["type"]: base_command = HADOOP_LINUX_COMMAND else: diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index 146f4c16a..e68b7f5ab 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -10,7 +10,6 @@ from infection_monkey.exploit.log4shell_utils import ( build_exploit_bytecode, get_log4shell_service_exploiters, ) -from infection_monkey.exploit.tools.helpers import get_monkey_depth from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.i_puppet.i_puppet import ExploiterResultData @@ -114,7 +113,7 @@ class Log4ShellExploiter(WebRCE): def _build_command(self, path, http_path) -> str: # Build command to execute - monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, location=path) + monkey_cmd = build_monkey_commandline(self.host, self.current_depth - 1, location=path) if "linux" in self.host.os["type"]: base_command = LOG4SHELL_LINUX_COMMAND else: diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index 8ef23acc0..bbb590b8b 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -5,7 +5,7 @@ from typing import List, Tuple from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus from infection_monkey.exploit.HostExploiter import HostExploiter -from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey +from infection_monkey.exploit.tools.helpers import get_target_monkey from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.model import ( BITSADMIN_CMDLINE_HTTP, @@ -371,14 +371,14 @@ class WebRCE(HostExploiter): default_path = self.get_default_dropper_path() if default_path is False: return False - monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, default_path) + monkey_cmd = build_monkey_commandline(self.host, self.current_depth - 1, default_path) command = RUN_MONKEY % { "monkey_path": path, "monkey_type": DROPPER_ARG, "parameters": monkey_cmd, } else: - monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1) + monkey_cmd = build_monkey_commandline(self.host, self.current_depth - 1) command = RUN_MONKEY % { "monkey_path": path, "monkey_type": MONKEY_ARG, diff --git a/monkey/infection_monkey/i_puppet/i_puppet.py b/monkey/infection_monkey/i_puppet/i_puppet.py index 5b27de4f6..0db62bae2 100644 --- a/monkey/infection_monkey/i_puppet/i_puppet.py +++ b/monkey/infection_monkey/i_puppet/i_puppet.py @@ -114,12 +114,18 @@ class IPuppet(metaclass=abc.ABCMeta): @abc.abstractmethod def exploit_host( - self, name: str, host: VictimHost, options: Dict, interrupt: threading.Event + self, + name: str, + host: VictimHost, + current_depth: int, + options: Dict, + interrupt: threading.Event, ) -> ExploiterResultData: """ Runs an exploiter against a remote host :param str name: The name of the exploiter to run :param VictimHost host: A VictimHost object representing the target to exploit + :param int current_depth: The current propagation depth :param Dict options: A dictionary containing options that modify the behavior of the exploiter :param threading.Event interrupt: A threading.Event object that signals the exploit to stop diff --git a/monkey/infection_monkey/master/automated_master.py b/monkey/infection_monkey/master/automated_master.py index 370bcfedd..51627d728 100644 --- a/monkey/infection_monkey/master/automated_master.py +++ b/monkey/infection_monkey/master/automated_master.py @@ -1,7 +1,7 @@ import logging import threading import time -from typing import Any, Callable, Dict, Iterable, List, Tuple +from typing import Any, Callable, Dict, Iterable, List, Optional, Tuple from infection_monkey.i_control_channel import IControlChannel, IslandCommunicationError from infection_monkey.i_master import IMaster @@ -30,12 +30,14 @@ logger = logging.getLogger() class AutomatedMaster(IMaster): def __init__( self, + current_depth: Optional[int], puppet: IPuppet, telemetry_messenger: ITelemetryMessenger, victim_host_factory: VictimHostFactory, control_channel: IControlChannel, local_network_interfaces: List[NetworkInterface], ): + self._current_depth = current_depth self._puppet = puppet self._telemetry_messenger = telemetry_messenger self._control_channel = control_channel @@ -162,8 +164,11 @@ class AutomatedMaster(IMaster): # still running. credential_collector_thread.join() - if self._can_propagate(): - self._propagator.propagate(config["propagation"], self._stop) + current_depth = self._current_depth if self._current_depth is not None else config["depth"] + logger.info(f"Current depth is {current_depth}") + + if self._can_propagate() and current_depth > 0: + self._propagator.propagate(config["propagation"], current_depth, self._stop) payload_thread = create_daemon_thread( target=self._run_plugins, diff --git a/monkey/infection_monkey/master/exploiter.py b/monkey/infection_monkey/master/exploiter.py index 151280ea0..b2049eb38 100644 --- a/monkey/infection_monkey/master/exploiter.py +++ b/monkey/infection_monkey/master/exploiter.py @@ -34,6 +34,7 @@ class Exploiter: self, exploiter_config: Dict, hosts_to_exploit: Queue, + current_depth: int, results_callback: Callback, scan_completed: Event, stop: Event, @@ -44,7 +45,14 @@ class Exploiter: f"{', '.join([e['name'] for e in exploiters_to_run])}" ) - exploit_args = (exploiters_to_run, hosts_to_exploit, results_callback, scan_completed, stop) + exploit_args = ( + exploiters_to_run, + hosts_to_exploit, + current_depth, + results_callback, + scan_completed, + stop, + ) run_worker_threads( target=self._exploit_hosts_on_queue, args=exploit_args, num_workers=self._num_workers ) @@ -69,6 +77,7 @@ class Exploiter: self, exploiters_to_run: List[Dict], hosts_to_exploit: Queue, + current_depth: int, results_callback: Callback, scan_completed: Event, stop: Event, @@ -78,7 +87,9 @@ class Exploiter: while not stop.is_set(): try: victim_host = hosts_to_exploit.get(timeout=QUEUE_TIMEOUT) - self._run_all_exploiters(exploiters_to_run, victim_host, results_callback, stop) + self._run_all_exploiters( + exploiters_to_run, victim_host, current_depth, results_callback, stop + ) except queue.Empty: if _all_hosts_have_been_processed(scan_completed, hosts_to_exploit): break @@ -93,6 +104,7 @@ class Exploiter: self, exploiters_to_run: List[Dict], victim_host: VictimHost, + current_depth: int, results_callback: Callback, stop: Event, ): @@ -100,7 +112,7 @@ class Exploiter: for exploiter in interruptable_iter(exploiters_to_run, stop): exploiter_name = exploiter["name"] exploiter_results = self._run_exploiter( - exploiter_name, exploiter["options"], victim_host, stop + exploiter_name, exploiter["options"], victim_host, current_depth, stop ) results_callback(exploiter_name, victim_host, exploiter_results) @@ -108,7 +120,12 @@ class Exploiter: break def _run_exploiter( - self, exploiter_name: str, options: Dict, victim_host: VictimHost, stop: Event + self, + exploiter_name: str, + options: Dict, + victim_host: VictimHost, + current_depth: int, + stop: Event, ) -> ExploiterResultData: logger.debug(f"Attempting to use {exploiter_name} on {victim_host.ip_addr}") @@ -116,7 +133,9 @@ class Exploiter: options = {"credentials": credentials, **options} try: - return self._puppet.exploit_host(exploiter_name, victim_host, options, stop) + return self._puppet.exploit_host( + exploiter_name, victim_host, current_depth, options, stop + ) except Exception as ex: msg = ( f"An unexpected error occurred while exploiting {victim_host.ip_addr} with " diff --git a/monkey/infection_monkey/master/mock_master.py b/monkey/infection_monkey/master/mock_master.py index e7e8e6237..8542ade12 100644 --- a/monkey/infection_monkey/master/mock_master.py +++ b/monkey/infection_monkey/master/mock_master.py @@ -101,13 +101,13 @@ class MockMaster(IMaster): def _exploit(self): logger.info("Exploiting victims") - result = self._puppet.exploit_host("PowerShellExploiter", "10.0.0.1", {}, None) + result = self._puppet.exploit_host("PowerShellExploiter", "10.0.0.1", 0, {}, None) logger.info(f"Attempts for exploiting {result.attempts}") self._telemetry_messenger.send_telemetry( ExploitTelem("PowerShellExploiter", self._hosts["10.0.0.1"], result) ) - result = self._puppet.exploit_host("SSHExploiter", "10.0.0.3", {}, None) + result = self._puppet.exploit_host("SSHExploiter", "10.0.0.3", 0, {}, None) logger.info(f"Attempts for exploiting {result.attempts}") self._telemetry_messenger.send_telemetry( ExploitTelem("SSHExploiter", self._hosts["10.0.0.3"], result) diff --git a/monkey/infection_monkey/master/propagator.py b/monkey/infection_monkey/master/propagator.py index 45fc0955b..4ed86cd32 100644 --- a/monkey/infection_monkey/master/propagator.py +++ b/monkey/infection_monkey/master/propagator.py @@ -39,7 +39,7 @@ class Propagator: self._local_network_interfaces = local_network_interfaces self._hosts_to_exploit = None - def propagate(self, propagation_config: Dict, stop: Event): + def propagate(self, propagation_config: Dict, current_depth: int, stop: Event): logger.info("Attempting to propagate") network_scan_completed = Event() @@ -50,7 +50,7 @@ class Propagator: ) exploit_thread = create_daemon_thread( target=self._exploit_hosts, - args=(propagation_config, network_scan_completed, stop), + args=(propagation_config, current_depth, network_scan_completed, stop), ) scan_thread.start() @@ -134,6 +134,7 @@ class Propagator: def _exploit_hosts( self, propagation_config: Dict, + current_depth: int, network_scan_completed: Event, stop: Event, ): @@ -143,6 +144,7 @@ class Propagator: self._exploiter.exploit_hosts( exploiter_config, self._hosts_to_exploit, + current_depth, self._process_exploit_attempts, network_scan_completed, stop, diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 155289a31..db32c9703 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -68,6 +68,7 @@ class InfectionMonkey: # TODO used in propogation phase self._monkey_inbound_tunnel = None self.telemetry_messenger = LegacyTelemetryMessengerAdapter() + self._current_depth = self._opts.depth @staticmethod def _get_arguments(args): @@ -93,7 +94,6 @@ class InfectionMonkey: logger.info("Monkey is starting...") - self._set_propagation_depth(self._opts) self._add_default_server_to_config(self._opts.server) self._connect_to_island() @@ -111,14 +111,6 @@ class InfectionMonkey: self._setup() self._master.start() - @staticmethod - def _set_propagation_depth(options): - if options.depth is not None: - WormConfiguration._depth_from_commandline = True - WormConfiguration.depth = options.depth - logger.debug("Setting propagation depth from command line") - logger.debug(f"Set propagation depth to {WormConfiguration.depth}") - @staticmethod def _add_default_server_to_config(default_server: str): if default_server: @@ -179,6 +171,7 @@ class InfectionMonkey: ) self._master = AutomatedMaster( + self._current_depth, puppet, telemetry_messenger, victim_host_factory, diff --git a/monkey/infection_monkey/puppet/mock_puppet.py b/monkey/infection_monkey/puppet/mock_puppet.py index d43d48983..bd00c3acb 100644 --- a/monkey/infection_monkey/puppet/mock_puppet.py +++ b/monkey/infection_monkey/puppet/mock_puppet.py @@ -137,7 +137,12 @@ class MockPuppet(IPuppet): # TODO: host should be VictimHost, at the moment it can't because of circular dependency def exploit_host( - self, name: str, host: VictimHost, options: Dict, interrupt: threading.Event + self, + name: str, + host: VictimHost, + current_depth: int, + options: Dict, + interrupt: threading.Event, ) -> ExploiterResultData: logger.debug(f"exploit_hosts({name}, {host}, {options})") attempts = [ diff --git a/monkey/infection_monkey/puppet/puppet.py b/monkey/infection_monkey/puppet/puppet.py index e10695993..95e72533f 100644 --- a/monkey/infection_monkey/puppet/puppet.py +++ b/monkey/infection_monkey/puppet/puppet.py @@ -58,10 +58,15 @@ class Puppet(IPuppet): return fingerprinter.get_host_fingerprint(host, ping_scan_data, port_scan_data, options) def exploit_host( - self, name: str, host: VictimHost, options: Dict, interrupt: threading.Event + self, + name: str, + host: VictimHost, + current_depth: int, + options: Dict, + interrupt: threading.Event, ) -> ExploiterResultData: exploiter = self._plugin_registry.get_plugin(name, PluginType.EXPLOITER) - return exploiter.exploit_host(host, options) + return exploiter.exploit_host(host, current_depth, options) def run_payload(self, name: str, options: Dict, interrupt: threading.Event): payload = self._plugin_registry.get_plugin(name, PluginType.PAYLOAD) diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_automated_master.py b/monkey/tests/unit_tests/infection_monkey/master/test_automated_master.py index c7023e525..4bb7b4294 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_automated_master.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_automated_master.py @@ -14,7 +14,7 @@ INTERVAL = 0.001 def test_terminate_without_start(): - m = AutomatedMaster(None, None, None, MagicMock(), []) + m = AutomatedMaster(None, None, None, None, MagicMock(), []) # Test that call to terminate does not raise exception m.terminate() @@ -34,7 +34,7 @@ def test_stop_if_cant_get_config_from_island(monkeypatch): monkeypatch.setattr( "infection_monkey.master.automated_master.CHECK_FOR_TERMINATE_INTERVAL_SEC", INTERVAL ) - m = AutomatedMaster(None, None, None, cc, []) + m = AutomatedMaster(None, None, None, None, cc, []) m.start() assert cc.get_config.call_count == CHECK_FOR_CONFIG_COUNT @@ -73,7 +73,7 @@ def test_stop_if_cant_get_stop_signal_from_island(monkeypatch, sleep_and_return_ "infection_monkey.master.automated_master.CHECK_FOR_TERMINATE_INTERVAL_SEC", INTERVAL ) - m = AutomatedMaster(None, None, None, cc, []) + m = AutomatedMaster(None, None, None, None, cc, []) m.start() assert cc.should_agent_stop.call_count == CHECK_FOR_STOP_AGENT_COUNT diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_exploiter.py b/monkey/tests/unit_tests/infection_monkey/master/test_exploiter.py index c32ad5acb..014b3b912 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_exploiter.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_exploiter.py @@ -74,7 +74,7 @@ def run_exploiters(exploiter_config, hosts_to_exploit, callback, scan_completed, scan_completed.set() e = Exploiter(puppet, num_workers, get_credentials_for_propagation) - e.exploit_hosts(exploiter_config, hosts_to_exploit, callback, scan_completed, stop) + e.exploit_hosts(exploiter_config, hosts_to_exploit, 1, callback, scan_completed, stop) return inner @@ -102,7 +102,7 @@ def test_credentials_passed_to_exploiter(run_exploiters): run_exploiters(mock_puppet, 1) for call_args in mock_puppet.exploit_host.call_args_list: - assert call_args[0][2].get("credentials") == CREDENTIALS_FOR_PROPAGATION + assert call_args[0][3].get("credentials") == CREDENTIALS_FOR_PROPAGATION def test_stop_after_callback(exploiter_config, callback, scan_completed, stop, hosts_to_exploit): @@ -121,7 +121,7 @@ def test_stop_after_callback(exploiter_config, callback, scan_completed, stop, h # Intentionally NOT setting scan_completed.set(); _callback() will set stop e = Exploiter(MockPuppet(), callback_barrier_count + 2, get_credentials_for_propagation) - e.exploit_hosts(exploiter_config, hosts_to_exploit, stoppable_callback, scan_completed, stop) + e.exploit_hosts(exploiter_config, hosts_to_exploit, 1, stoppable_callback, scan_completed, stop) assert stoppable_callback.call_count == 2 diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py index 06be41c71..49cdd103a 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py @@ -124,7 +124,13 @@ def mock_ip_scanner(): class StubExploiter: def exploit_hosts( - self, hosts_to_exploit, exploiter_config, results_callback, scan_completed, stop + self, + exploiters_to_run, + hosts_to_exploit, + current_depth, + results_callback, + scan_completed, + stop, ): pass @@ -144,6 +150,7 @@ def test_scan_result_processing(telemetry_messenger_spy, mock_ip_scanner, mock_v "network_scan": {}, # This is empty since MockIPscanner ignores it "exploiters": {}, # This is empty since StubExploiter ignores it }, + 1, Event(), ) @@ -174,7 +181,13 @@ def test_scan_result_processing(telemetry_messenger_spy, mock_ip_scanner, mock_v class MockExploiter: def exploit_hosts( - self, exploiter_config, hosts_to_exploit, results_callback, scan_completed, stop + self, + exploiters_to_run, + hosts_to_exploit, + current_depth, + results_callback, + scan_completed, + stop, ): scan_completed.wait() hte = [] @@ -240,6 +253,7 @@ def test_exploiter_result_processing( "network_scan": {}, # This is empty since MockIPscanner ignores it "exploiters": {}, # This is empty since MockExploiter ignores it }, + 1, Event(), ) @@ -284,6 +298,7 @@ def test_scan_target_generation(telemetry_messenger_spy, mock_ip_scanner, mock_v "network_scan": {}, # This is empty since MockIPscanner ignores it "exploiters": {}, # This is empty since MockExploiter ignores it }, + 1, Event(), ) expected_ip_scan_list = [