p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #260 from guardicore/feature/add-island-password-auth 

Add option for password authentication with island
This commit is contained in:
itaymmguardicore 2019-02-07 13:44:15 +02:00 committed by GitHub
parent e415880f85 49cf693197
commit 6c17767130
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 3142 additions and 3081 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/infection_monkey/requirements_linux.txt
View File

@ -1,6 +1,6 @@
enum34 enum34
impacket impacket
PyCrypto pycryptodome
pyasn1 pyasn1
cffi cffi
twisted twisted

2
monkey/infection_monkey/requirements_windows.txt
View File

@ -1,6 +1,6 @@
enum34 enum34
impacket impacket
PyCrypto pycryptodome
pyasn1 pyasn1
cffi cffi
twisted twisted

12
monkey/monkey_island/cc/environment/__init__.py
View File

@ -1,6 +1,7 @@
import abc import abc
from datetime import timedelta from datetime import timedelta
import os import os
from Crypto.Hash import SHA3_512
__author__ = 'itay.mizeretz' __author__ = 'itay.mizeretz'
@ -13,6 +14,12 @@ class Environment(object):
_DEBUG_SERVER = False _DEBUG_SERVER = False
_AUTH_EXPIRATION_TIME = timedelta(hours=1) _AUTH_EXPIRATION_TIME = timedelta(hours=1)
def __init__(self):
self.config = None
def set_config(self, config):
self.config = config
def get_island_port(self): def get_island_port(self):
return self._ISLAND_PORT return self._ISLAND_PORT
@ -25,6 +32,11 @@ class Environment(object):
def get_auth_expiration_time(self): def get_auth_expiration_time(self):
return self._AUTH_EXPIRATION_TIME return self._AUTH_EXPIRATION_TIME
def hash_secret(self, secret):
h = SHA3_512.new()
h.update(secret)
return h.hexdigest()
@abc.abstractmethod @abc.abstractmethod
def is_auth_enabled(self): def is_auth_enabled(self):
return return

4
monkey/monkey_island/cc/environment/aws.py
View File

@ -1,7 +1,7 @@
import cc.auth import cc.auth
from cc.environment import Environment from cc.environment import Environment
from common.cloud.aws import AWS from common.cloud.aws import AWS
from Crypto.Hash import SHA3_512
__author__ = 'itay.mizeretz' __author__ = 'itay.mizeretz'
@ -23,5 +23,5 @@ class AwsEnvironment(Environment):
def get_auth_users(self): def get_auth_users(self):
return [ return [
cc.auth.User(1, 'monkey', self._instance_id) cc.auth.User(1, 'monkey', self.hash_secret(self._instance_id))
] ]

18
monkey/monkey_island/cc/environment/environment.py
View File

@ -1,16 +1,22 @@
import json import json
import logging import logging
import standard
import aws from cc.environment import standard
from cc.environment import aws
from cc.environment import password
__author__ = 'itay.mizeretz'
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
AWS = 'aws' AWS = 'aws'
STANDARD = 'standard' STANDARD = 'standard'
PASSWORD = 'password'
ENV_DICT = { ENV_DICT = {
'standard': standard.StandardEnvironment, STANDARD: standard.StandardEnvironment,
'aws': aws.AwsEnvironment AWS: aws.AwsEnvironment,
PASSWORD: password.PasswordEnvironment,
} }
@ -25,8 +31,10 @@ def load_env_from_file():
return config_json['server_config'] return config_json['server_config']
try: try:
__env_type = load_env_from_file() config_json = load_server_configuration_from_file()
__env_type = config_json['server_config']
env = ENV_DICT[__env_type]() env = ENV_DICT[__env_type]()
env.set_config(config_json)
logger.info('Monkey\'s env is: {0}'.format(env.__class__.__name__)) logger.info('Monkey\'s env is: {0}'.format(env.__class__.__name__))
except Exception: except Exception:
logger.error('Failed initializing environment', exc_info=True) logger.error('Failed initializing environment', exc_info=True)

15
monkey/monkey_island/cc/environment/password.py Normal file
View File

@ -0,0 +1,15 @@
from cc.environment import Environment
import cc.auth
__author__ = 'itay.mizeretz'
class PasswordEnvironment(Environment):
def is_auth_enabled(self):
return True
def get_auth_users(self):
return [
cc.auth.User(1, self.config['user'], self.config['hash'])
]

6136
monkey/monkey_island/cc/ui/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

3
monkey/monkey_island/cc/ui/package.json
View File

@ -90,6 +90,7 @@
"react-router-dom": "^4.3.1", "react-router-dom": "^4.3.1",
"react-table": "^6.8.6", "react-table": "^6.8.6",
"react-toggle": "^4.0.1", "react-toggle": "^4.0.1",
"redux": "^4.0.0" "redux": "^4.0.0",
"sha3": "^2.0.0"
} }
} }

9
monkey/monkey_island/cc/ui/src/server_config/PasswordConfig.js Normal file
View File

@ -0,0 +1,9 @@
import BaseConfig from './BaseConfig';
class PasswordConfig extends BaseConfig{
isAuthEnabled() {
return true;
}
}
export default PasswordConfig;

4
monkey/monkey_island/cc/ui/src/server_config/ServerConfig.js
View File

@ -1,12 +1,14 @@
import StandardConfig from './StandardConfig'; import StandardConfig from './StandardConfig';
import AwsConfig from './AwsConfig'; import AwsConfig from './AwsConfig';
import PasswordConfig from "./PasswordConfig";
const SERVER_CONFIG_JSON = require('../../../server_config.json'); const SERVER_CONFIG_JSON = require('../../../server_config.json');
const CONFIG_DICT = const CONFIG_DICT =
{ {
'standard': StandardConfig, 'standard': StandardConfig,
'aws': AwsConfig 'aws': AwsConfig,
'password': PasswordConfig
}; };
export const SERVER_CONFIG = new CONFIG_DICT[SERVER_CONFIG_JSON['server_config']](); export const SERVER_CONFIG = new CONFIG_DICT[SERVER_CONFIG_JSON['server_config']]();

14
monkey/monkey_island/cc/ui/src/services/AuthService.js
View File

@ -1,3 +1,4 @@
import { SHA3 } from 'sha3';
import decode from 'jwt-decode'; import decode from 'jwt-decode';
import {SERVER_CONFIG} from '../server_config/ServerConfig'; import {SERVER_CONFIG} from '../server_config/ServerConfig';
@ -6,7 +7,7 @@ export default class AuthService {
login = (username, password) => { login = (username, password) => {
if (this.AUTH_ENABLED) { if (this.AUTH_ENABLED) {
return this._login(username, password); return this._login(username, this.hashSha3(password));
} else { } else {
return {result: true}; return {result: true};
} }
@ -20,6 +21,12 @@ export default class AuthService {
} }
}; };
hashSha3(text) {
let hash = new SHA3(512);
hash.update(text);
return this._toHexStr(hash.digest());
}
_login = (username, password) => { _login = (username, password) => {
return this._authFetch('/api/auth', { return this._authFetch('/api/auth', {
method: 'POST', method: 'POST',
@ -103,4 +110,9 @@ export default class AuthService {
return localStorage.getItem('jwt') return localStorage.getItem('jwt')
} }
_toHexStr(byteArr) {
return byteArr.reduce((acc, x) => (acc + ('0' + x.toString(0x10)).slice(-2)), '');
}
} }

2
monkey/monkey_island/deb-package/monkey_island_pip_requirements.txt
View File

@ -13,7 +13,7 @@ jsonschema
netifaces netifaces
ipaddress ipaddress
enum34 enum34
PyCrypto pycryptodome
boto3 boto3
awscli awscli
virtualenv virtualenv

2
monkey/monkey_island/requirements.txt
View File

@ -13,6 +13,6 @@ jsonschema
netifaces netifaces
ipaddress ipaddress
enum34 enum34
PyCrypto pycryptodome
boto3 boto3
awscli awscli