diff --git a/envs/monkey_zoo/blackbox/config_templates/performance.py b/envs/monkey_zoo/blackbox/config_templates/performance.py index e5213b649..b5b3e0655 100644 --- a/envs/monkey_zoo/blackbox/config_templates/performance.py +++ b/envs/monkey_zoo/blackbox/config_templates/performance.py @@ -10,6 +10,7 @@ class Performance(ConfigTemplate): "3Q=(Ge(+&w]*", "`))jU7L(w}", "t67TC5ZDmz", + "Passw0rd!", ], "basic.credentials.exploit_user_list": ["m0nk3y"], "basic.exploiters.exploiter_classes": [ @@ -24,6 +25,7 @@ class Performance(ConfigTemplate): "HadoopExploiter", "VSFTPDExploiter", "MSSQLExploiter", + "PowerShellExploiter", "ZerologonExploiter", ], "basic_network.network_analysis.inaccessible_subnets": [ @@ -58,5 +60,7 @@ class Performance(ConfigTemplate): "10.2.2.23", "10.2.2.24", "10.2.2.25", + "10.2.2.45", + "10.2.3.47", ], } diff --git a/envs/monkey_zoo/blackbox/gcp_test_machine_list.py b/envs/monkey_zoo/blackbox/gcp_test_machine_list.py index 43246ad24..852d2fb25 100644 --- a/envs/monkey_zoo/blackbox/gcp_test_machine_list.py +++ b/envs/monkey_zoo/blackbox/gcp_test_machine_list.py @@ -1,22 +1,28 @@ -GCP_TEST_MACHINE_LIST = [ - "sshkeys-11", - "sshkeys-12", - "elastic-4", - "elastic-5", - "hadoop-2", - "hadoop-3", - "mssql-16", - "mimikatz-14", - "mimikatz-15", - "struts2-23", - "struts2-24", - "tunneling-9", - "tunneling-10", - "tunneling-11", - "tunneling-12", - "weblogic-18", - "weblogic-19", - "shellshock-8", - "zerologon-25", - "drupal-28", -] +GCP_TEST_MACHINE_LIST = { + "europe-west3-a": [ + "sshkeys-11", + "sshkeys-12", + "elastic-4", + "elastic-5", + "hadoop-2", + "hadoop-3", + "mssql-16", + "powershell-45", + "mimikatz-14", + "mimikatz-15", + "struts2-23", + "struts2-24", + "tunneling-9", + "tunneling-10", + "tunneling-11", + "tunneling-12", + "weblogic-18", + "weblogic-19", + "shellshock-8", + "zerologon-25", + "drupal-28", + ], + "europe-west1-b": [ + "powershell-3-47", + ], +} diff --git a/envs/monkey_zoo/blackbox/start_all_gcp_machines.py b/envs/monkey_zoo/blackbox/start_all_gcp_machines.py index f31a072f9..9cab68d97 100755 --- a/envs/monkey_zoo/blackbox/start_all_gcp_machines.py +++ b/envs/monkey_zoo/blackbox/start_all_gcp_machines.py @@ -4,4 +4,4 @@ from gcp_test_machine_list import GCP_TEST_MACHINE_LIST from utils.gcp_machine_handlers import GCPHandler gcp_handler = GCPHandler() -gcp_handler.start_machines(" ".join(GCP_TEST_MACHINE_LIST)) +gcp_handler.start_machines(GCP_TEST_MACHINE_LIST) diff --git a/envs/monkey_zoo/blackbox/stop_all_gcp_machines.py b/envs/monkey_zoo/blackbox/stop_all_gcp_machines.py index 132191e94..7272df30b 100755 --- a/envs/monkey_zoo/blackbox/stop_all_gcp_machines.py +++ b/envs/monkey_zoo/blackbox/stop_all_gcp_machines.py @@ -4,4 +4,4 @@ from gcp_test_machine_list import GCP_TEST_MACHINE_LIST from utils.gcp_machine_handlers import GCPHandler gcp_handler = GCPHandler() -gcp_handler.stop_machines(" ".join(GCP_TEST_MACHINE_LIST)) +gcp_handler.stop_machines(GCP_TEST_MACHINE_LIST) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index 3c3934630..aa6544e6c 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -55,14 +55,14 @@ def GCPHandler(request, no_gcp): if not no_gcp: try: GCPHandler = gcp_machine_handlers.GCPHandler() - GCPHandler.start_machines(" ".join(GCP_TEST_MACHINE_LIST)) + GCPHandler.start_machines(GCP_TEST_MACHINE_LIST) except Exception as e: LOGGER.error("GCP Handler failed to initialize: %s." % e) pytest.exit("Encountered an error while starting GCP machines. Stopping the tests.") wait_machine_bootup() def fin(): - GCPHandler.stop_machines(" ".join(GCP_TEST_MACHINE_LIST)) + GCPHandler.stop_machines(GCP_TEST_MACHINE_LIST) request.addfinalizer(fin) diff --git a/envs/monkey_zoo/blackbox/utils/gcp_machine_handlers.py b/envs/monkey_zoo/blackbox/utils/gcp_machine_handlers.py index c438e92f5..38fc7125c 100644 --- a/envs/monkey_zoo/blackbox/utils/gcp_machine_handlers.py +++ b/envs/monkey_zoo/blackbox/utils/gcp_machine_handlers.py @@ -13,15 +13,12 @@ class GCPHandler(object): # Key path location relative to this file's directory RELATIVE_KEY_PATH = "../../gcp_keys/gcp_key.json" - DEFAULT_ZONE = "europe-west3-a" DEFAULT_PROJECT = "guardicore-22050661" def __init__( self, - zone=DEFAULT_ZONE, project_id=DEFAULT_PROJECT, ): - self.zone = zone abs_key_path = GCPHandler.get_absolute_key_path() subprocess.call(GCPHandler.get_auth_command(abs_key_path), shell=True) # noqa: DUO116 @@ -43,26 +40,31 @@ class GCPHandler(object): ) return absolute_key_path - def start_machines(self, machine_list): + @staticmethod + def start_machines(machine_list): """ Start all the machines in the list. - :param machine_list: A space-separated string with all the machine names. Example: - start_machines(`" ".join(["elastic-3", "mssql-16"])`) + :param machine_list: A dictionary with zone and machines per zone. """ LOGGER.info("Setting up all GCP machines...") try: - subprocess.call( # noqa: DUO116 - (GCPHandler.MACHINE_STARTING_COMMAND % (machine_list, self.zone)), shell=True - ) + for zone in machine_list: + subprocess.call( # noqa: DUO116 + (GCPHandler.MACHINE_STARTING_COMMAND % (" ".join(machine_list[zone]), zone)), + shell=True, + ) LOGGER.info("GCP machines successfully started.") except Exception as e: LOGGER.error("GCP Handler failed to start GCP machines: %s" % e) - def stop_machines(self, machine_list): + @staticmethod + def stop_machines(machine_list): try: - subprocess.call( # noqa: DUO116 - (GCPHandler.MACHINE_STOPPING_COMMAND % (machine_list, self.zone)), shell=True - ) + for zone in machine_list: + subprocess.call( # noqa: DUO116 + (GCPHandler.MACHINE_STOPPING_COMMAND % (" ".join(machine_list[zone]), zone)), + shell=True, + ) LOGGER.info("GCP machines stopped successfully.") except Exception as e: LOGGER.error("GCP Handler failed to stop network machines: %s" % e) diff --git a/envs/monkey_zoo/terraform/images.tf b/envs/monkey_zoo/terraform/images.tf index 866a4f174..3c4783389 100644 --- a/envs/monkey_zoo/terraform/images.tf +++ b/envs/monkey_zoo/terraform/images.tf @@ -57,6 +57,14 @@ data "google_compute_image" "mssql-16" { name = "mssql-16" project = local.monkeyzoo_project } +data "google_compute_image" "powershell-3-47" { + name = "powershell-3-47" + project = local.monkeyzoo_project +} +data "google_compute_image" "powershell-45" { + name = "powershell-45" + project = local.monkeyzoo_project +} data "google_compute_image" "weblogic-18" { name = "weblogic-18" project = local.monkeyzoo_project diff --git a/envs/monkey_zoo/terraform/monkey_zoo.tf b/envs/monkey_zoo/terraform/monkey_zoo.tf index 5eabc160b..a3411c608 100644 --- a/envs/monkey_zoo/terraform/monkey_zoo.tf +++ b/envs/monkey_zoo/terraform/monkey_zoo.tf @@ -26,6 +26,12 @@ resource "google_compute_subnetwork" "monkeyzoo-main" { network = google_compute_network.monkeyzoo.self_link } +resource "google_compute_subnetwork" "monkeyzoo-main-1" { + name = "${local.resource_prefix}monkeyzoo-main-1" + ip_cidr_range = "10.2.3.0/24" + network = google_compute_network.monkeyzoo.self_link +} + resource "google_compute_subnetwork" "tunneling-main" { name = "${local.resource_prefix}tunneling-main" ip_cidr_range = "10.2.1.0/28" @@ -307,6 +313,36 @@ resource "google_compute_instance_from_template" "mssql-16" { } } +resource "google_compute_instance_from_template" "powershell-3-47" { + name = "${local.resource_prefix}powershell-3-47" + source_instance_template = local.default_windows + boot_disk{ + initialize_params { + image = data.google_compute_image.powershell-3-47.self_link + } + auto_delete = true + } + network_interface { + subnetwork="${local.resource_prefix}monkeyzoo-main-1" + network_ip="10.2.3.47" + } +} + +resource "google_compute_instance_from_template" "powershell-45" { + name = "${local.resource_prefix}powershell-45" + source_instance_template = local.default_windows + boot_disk{ + initialize_params { + image = data.google_compute_image.powershell-45.self_link + } + auto_delete = true + } + network_interface { + subnetwork="${local.resource_prefix}monkeyzoo-main" + network_ip="10.2.2.45" + } +} + /* We need to alter monkey's behavior for this to upload 32-bit monkey instead of 64-bit (not yet developed) resource "google_compute_instance_from_template" "upgrader-17" { name = "${local.resource_prefix}upgrader-17"