From b996b6e2e88edc6d836339731b030c3b8552c5d5 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 30 Jul 2020 15:48:17 +0300 Subject: [PATCH] Updated all configs used in BB tests --- .../blackbox/island_configs/ELASTIC.conf | 178 ++++++---------- .../blackbox/island_configs/HADOOP.conf | 166 +++++---------- .../blackbox/island_configs/MSSQL.conf | 157 +++++--------- .../blackbox/island_configs/PERFORMANCE.conf | 191 ++++++------------ .../blackbox/island_configs/SHELLSHOCK.conf | 150 +++++--------- .../blackbox/island_configs/SMB_MIMIKATZ.conf | 155 +++++--------- .../blackbox/island_configs/SMB_PTH.conf | 150 +++++--------- .../blackbox/island_configs/SSH.conf | 162 +++++---------- .../blackbox/island_configs/STRUTS2.conf | 150 ++++---------- .../blackbox/island_configs/TUNNELING.conf | 165 +++++---------- .../blackbox/island_configs/WEBLOGIC.conf | 159 +++++---------- .../blackbox/island_configs/WMI_MIMIKATZ.conf | 158 +++++---------- .../blackbox/island_configs/WMI_PTH.conf | 158 +++++---------- 13 files changed, 656 insertions(+), 1443 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf index 0a81ea700..725dc609d 100644 --- a/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf +++ b/envs/monkey_zoo/blackbox/island_configs/ELASTIC.conf @@ -2,10 +2,13 @@ "basic": { "credentials": { "exploit_password_list": [ - "Password1!", - "1234", + "root", + "123456", "password", - "12345678" + "123456789", + "qwerty", + "111111", + "iloveyou" ], "exploit_user_list": [ "Administrator", @@ -13,83 +16,29 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "ElasticGroovyExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.4", "10.2.2.5" - ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "ElasticGroovyExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" + ] } }, "internal": { "classes": { "finger_classes": [ - "SMBFinger", - "SSHFinger", - "PingScanner", - "HTTPFinger", - "MySQLFinger", - "MSSQLFinger", - "ElasticFinger" ] }, "dropper": { @@ -107,9 +56,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -121,63 +77,53 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + "BackdoorUser", + "CommunicateAsNewUser", + "ModifyShellStartupFiles", + "HiddenFiles", + "TrapCommand", + "ChangeSetuidSetgid", + "ScheduleJobs" + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf index 0b897080b..2a4c72657 100644 --- a/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf +++ b/envs/monkey_zoo/blackbox/island_configs/HADOOP.conf @@ -2,10 +2,13 @@ "basic": { "credentials": { "exploit_password_list": [ - "Password1!", - "1234", + "root", + "123456", "password", - "12345678" + "123456789", + "qwerty", + "111111", + "iloveyou" ], "exploit_user_list": [ "Administrator", @@ -13,12 +16,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "HadoopExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -26,58 +34,6 @@ "10.2.2.3", "10.2.2.2" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "HadoopExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -103,15 +59,20 @@ }, "exploits": { "exploit_lm_hash_list": [], - "exploit_ntlm_hash_list": [ - "e1c0dc690821c13b10a41dccfc72e43a" - ], + "exploit_ntlm_hash_list": [], "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -123,63 +84,46 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf b/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf index dc3332ed6..81c56eab3 100644 --- a/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf +++ b/envs/monkey_zoo/blackbox/island_configs/MSSQL.conf @@ -13,70 +13,21 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "MSSQLExploiter" + ] } }, "basic_network": { - "general": { - "blocked_ips": [], - "depth": 2, - "local_network_scan": false, - "subnet_scan_list": [ - "10.2.2.16" - ] - }, "network_analysis": { "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "MSSQLExploiter" - ], - "skip_exploit_if_file_exist": false }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" + "scope": { + "blocked_ips": [], + "depth": 2, + "local_network_scan": true, + "subnet_scan_list": [] } }, "internal": { @@ -106,9 +57,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -120,63 +78,46 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf b/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf index 23d5ce379..38a6fec5b 100644 --- a/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf +++ b/envs/monkey_zoo/blackbox/island_configs/PERFORMANCE.conf @@ -13,12 +13,36 @@ "m0nk3y" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter", + "WmiExploiter", + "SSHExploiter", + "ShellShockExploiter", + "SambaCryExploiter", + "ElasticGroovyExploiter", + "Struts2Exploiter", + "WebLogicExploiter", + "HadoopExploiter", + "VSFTPDExploiter", + "MSSQLExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [ + "10.2.2.0/30", + "10.2.2.8/30", + "10.2.2.24/32", + "10.2.2.23/32", + "10.2.2.21/32", + "10.2.2.19/32", + "10.2.2.18/32", + "10.2.2.17/32" + ] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -44,74 +68,6 @@ "10.2.2.23", "10.2.2.24" ] - }, - "network_analysis": { - "inaccessible_subnets": [ - "10.2.2.0/30", - "10.2.2.8/30", - "10.2.2.24/32", - "10.2.2.23/32", - "10.2.2.21/32", - "10.2.2.19/32", - "10.2.2.18/32", - "10.2.2.17/32" - ] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter", - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter", - "MSSQLExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -143,7 +99,14 @@ "general": { "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -156,74 +119,52 @@ "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, "testing": { - "export_monkey_telems": true + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [ - "CommunicateAsNewUser" + "BackdoorUser", + "CommunicateAsNewUser", + "ModifyShellStartupFiles", + "HiddenFiles", + "TrapCommand", + "ChangeSetuidSetgid", + "ScheduleJobs" ] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 15, - "victims_max_find": 100 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true, - "system_info_collectors_classes": [ + "system_info_collector_classes": [ "EnvironmentCollector", "AwsCollector", "HostnameCollector", - "ProcessListCollector" - ] - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001, - 8088 + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf index 83414774b..ca4ba00ee 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SHELLSHOCK.conf @@ -13,70 +13,23 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "ShellShockExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.8" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "ShellShockExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -106,9 +59,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -120,63 +80,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf index e2a8a5596..aeb99ebc8 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_MIMIKATZ.conf @@ -1,4 +1,4 @@ -{ +monkey.conf{ "basic": { "credentials": { "exploit_password_list": [ @@ -11,12 +11,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -24,58 +29,6 @@ "10.2.2.14", "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -105,9 +58,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -119,63 +79,46 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf index d17e283c8..74c4de96c 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SMB_PTH.conf @@ -10,70 +10,23 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -103,9 +56,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -117,63 +77,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/SSH.conf b/envs/monkey_zoo/blackbox/island_configs/SSH.conf index ebb1def8b..860a9ab26 100644 --- a/envs/monkey_zoo/blackbox/island_configs/SSH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/SSH.conf @@ -12,12 +12,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SSHExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -25,67 +30,6 @@ "10.2.2.11", "10.2.2.12" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter", - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -115,9 +59,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -129,63 +80,46 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 + "post_breach_actions": [ + ] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf index 4b47a0246..8ad9d3a76 100644 --- a/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf +++ b/envs/monkey_zoo/blackbox/island_configs/STRUTS2.conf @@ -14,12 +14,17 @@ "vakaris_zilius" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "Struts2Exploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -27,55 +32,6 @@ "10.2.2.23", "10.2.2.24" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "Struts2Exploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -107,7 +63,14 @@ "general": { "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -119,72 +82,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, - "post_breach_actions": [ - "CommunicateAsNewUser" - ] - }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 15, - "victims_max_find": 100 + "post_breach_actions": [] }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true, - "system_info_collectors_classes": [ + "system_info_collector_classes": [ "EnvironmentCollector", "AwsCollector", "HostnameCollector", - "ProcessListCollector" - ] - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001, - 8088 + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf index 80d85a7b7..af2f95e1e 100644 --- a/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf +++ b/envs/monkey_zoo/blackbox/island_configs/TUNNELING.conf @@ -7,24 +7,27 @@ "`))jU7L(w}", "t67TC5ZDmz", "12345678", - "another_one", - "and_another_one", - "one_more" ], "exploit_user_list": [ "Administrator", - "rand", - "rand2", "m0nk3y", "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "SmbExploiter", + "WmiExploiter", + "SSHExploiter", + "MSSQLExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 3, "local_network_scan": false, @@ -34,67 +37,6 @@ "10.2.0.11", "10.2.0.12" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "SmbExploiter", - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -126,7 +68,14 @@ "general": { "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -138,63 +87,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf b/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf index b86b2b566..7162a8612 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WEBLOGIC.conf @@ -2,10 +2,13 @@ "basic": { "credentials": { "exploit_password_list": [ - "Password1!", - "1234", + "root", + "123456", "password", - "12345678" + "123456789", + "qwerty", + "111111", + "iloveyou" ], "exploit_user_list": [ "Administrator", @@ -13,12 +16,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "WebLogicExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -26,58 +34,6 @@ "10.2.2.18", "10.2.2.19" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "WebLogicExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -107,9 +63,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -121,63 +84,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf index 7b5fb3784..8bb3e51b6 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_MIMIKATZ.conf @@ -11,12 +11,17 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "WmiExploiter" + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, @@ -24,66 +29,6 @@ "10.2.2.14", "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -113,9 +58,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -127,63 +79,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } } diff --git a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf index 1ac0a6c3d..12a02ad91 100644 --- a/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf +++ b/envs/monkey_zoo/blackbox/island_configs/WMI_PTH.conf @@ -10,78 +10,23 @@ "user" ] }, - "general": { - "should_exploit": true + "exploiters": { + "exploiter_classes": [ + "WmiExploiter", + ] } }, "basic_network": { - "general": { + "network_analysis": { + "inaccessible_subnets": [] + }, + "scope": { "blocked_ips": [], "depth": 2, "local_network_scan": false, "subnet_scan_list": [ "10.2.2.15" ] - }, - "network_analysis": { - "inaccessible_subnets": [] - } - }, - "cnc": { - "servers": { - "command_servers": [ - "10.2.2.251:5000" - ], - "current_server": "10.2.2.251:5000", - "internet_services": [ - "monkey.guardicore.com", - "www.google.com" - ] - } - }, - "exploits": { - "general": { - "exploiter_classes": [ - "WmiExploiter", - "SSHExploiter", - "ShellShockExploiter", - "SambaCryExploiter", - "ElasticGroovyExploiter", - "Struts2Exploiter", - "WebLogicExploiter", - "HadoopExploiter", - "VSFTPDExploiter" - ], - "skip_exploit_if_file_exist": false - }, - "ms08_067": { - "ms08_067_exploit_attempts": 5, - "remote_user_pass": "Password1!", - "user_to_add": "Monkey_IUSER_SUPPORT" - }, - "rdp_grinder": { - "rdp_use_vbs_download": true - }, - "sambacry": { - "sambacry_folder_paths_to_guess": [ - "/", - "/mnt", - "/tmp", - "/storage", - "/export", - "/share", - "/shares", - "/home" - ], - "sambacry_shares_not_to_check": [ - "IPC$", - "print$" - ], - "sambacry_trigger_timeout": 5 - }, - "smb_service": { - "smb_download_timeout": 300, - "smb_service_name": "InfectionMonkey" } }, "internal": { @@ -111,9 +56,16 @@ "exploit_ssh_keys": [] }, "general": { - "keep_tunnel_open_time": 1, + "keep_tunnel_open_time": 60, "monkey_dir_name": "monkey_dir", - "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}" + "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", + "started_on_island": false + }, + "island_server": { + "command_servers": [ + "10.2.2.251:5000" + ], + "current_server": "10.2.2.251:5000" }, "kill_file": { "kill_file_path_linux": "/var/run/monkey.not", @@ -125,63 +77,45 @@ "monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_windows": "%temp%\\~df1563.tmp", "send_log_to_server": true + }, + "monkey": { + "alive": true, + "internet_services": [ + "monkey.guardicore.com", + "www.google.com" + ], + "self_delete_in_cleanup": true, + "serialize_config": false, + "use_file_logging": true, + "victims_max_exploit": 100, + "victims_max_find": 100 + }, + "network": {}, + "testing": { + "export_monkey_telems": false } }, "monkey": { - "behaviour": { + "persistent_scanning": { + "max_iterations": 1, + "retry_failed_explotation": true, + "timeout_between_iterations": 100 + }, + "post_breach": { "PBA_linux_filename": "", "PBA_windows_filename": "", "custom_PBA_linux_cmd": "", "custom_PBA_windows_cmd": "", - "self_delete_in_cleanup": true, - "serialize_config": false, - "use_file_logging": true - }, - "general": { - "alive": true, "post_breach_actions": [] }, - "life_cycle": { - "max_iterations": 1, - "retry_failed_explotation": true, - "timeout_between_iterations": 100, - "victims_max_exploit": 7, - "victims_max_find": 30 - }, "system_info": { - "collect_system_info": true, - "extract_azure_creds": true, - "should_use_mimikatz": true - } - }, - "network": { - "ping_scanner": { - "ping_scan_timeout": 1000 - }, - "tcp_scanner": { - "HTTP_PORTS": [ - 80, - 8080, - 443, - 8008, - 7001 - ], - "tcp_scan_get_banner": true, - "tcp_scan_interval": 0, - "tcp_scan_timeout": 3000, - "tcp_target_ports": [ - 22, - 2222, - 445, - 135, - 3389, - 80, - 8080, - 443, - 8008, - 3306, - 9200, - 7001 + "system_info_collector_classes": [ + "EnvironmentCollector", + "AwsCollector", + "HostnameCollector", + "ProcessListCollector", + "MimikatzCollector", + "AzureCollector" ] } }