From c8618e91cdbf66c376d455ec72261ad0e2812659 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 17 Jan 2020 12:02:18 +0200 Subject: [PATCH] Added bootloader endpoint, fixed c code to be able to be included into pyinstaller --- .../old_machine_bootloader.c | 80 ------------- .../old_machine_bootloader.c | 107 ++++++++++++++++++ .../old_machine_bootloader.h | 9 ++ monkey/monkey_island/cc/app.py | 2 + .../monkey_island/cc/resources/bootloader.py | 39 +++++++ 5 files changed, 157 insertions(+), 80 deletions(-) delete mode 100644 monkey/infection_monkey/external_tools/archeologist_bootloader/old_machine_bootloader.c create mode 100644 monkey/infection_monkey/external_tools/old_machine_bootloader/old_machine_bootloader.c create mode 100644 monkey/infection_monkey/external_tools/old_machine_bootloader/old_machine_bootloader.h create mode 100644 monkey/monkey_island/cc/resources/bootloader.py diff --git a/monkey/infection_monkey/external_tools/archeologist_bootloader/old_machine_bootloader.c b/monkey/infection_monkey/external_tools/archeologist_bootloader/old_machine_bootloader.c deleted file mode 100644 index 8f7a6ee98..000000000 --- a/monkey/infection_monkey/external_tools/archeologist_bootloader/old_machine_bootloader.c +++ /dev/null @@ -1,80 +0,0 @@ -#include /* printf, sprintf */ -#include /* exit */ -#include /* read, write, close */ -#include /* memcpy, memset */ -#include /* socket, connect */ -#include /* struct sockaddr_in, struct sockaddr */ -#include /* struct hostent, gethostbyname */ - -void error(const char *msg) { perror(msg); exit(0); } - -int main(int argc,char *argv[]) -{ - /* first what are we going to send and where are we going to send it? */ - int portno = 5000; - char *host = "api.somesite.com"; - char *message_fmt = "POST /apikey=%s&command=%s HTTP/1.0\r\n\r\n"; - - struct hostent *server; - struct sockaddr_in serv_addr; - int sockfd, bytes, sent, received, total; - char message[1024],response[4096]; - - /* fill in the parameters */ - sprintf(message,message_fmt,argv[1],argv[2]); - printf("Request:\n%s\n",message); - - /* create the socket */ - sockfd = socket(AF_INET, SOCK_STREAM, 0); - if (sockfd < 0) error("ERROR opening socket"); - - /* lookup the ip address */ - server = gethostbyname(host); - if (server == NULL) error("ERROR, no such host"); - - /* fill in the structure */ - memset(&serv_addr,0,sizeof(serv_addr)); - serv_addr.sin_family = AF_INET; - serv_addr.sin_port = htons(portno); - memcpy(&serv_addr.sin_addr.s_addr,server->h_addr,server->h_length); - - /* connect the socket */ - if (connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0) - error("ERROR connecting"); - - /* send the request */ - total = strlen(message); - sent = 0; - do { - bytes = write(sockfd,message+sent,total-sent); - if (bytes < 0) - error("ERROR writing message to socket"); - if (bytes == 0) - break; - sent+=bytes; - } while (sent < total); - - /* receive the response */ - memset(response,0,sizeof(response)); - total = sizeof(response)-1; - received = 0; - do { - bytes = read(sockfd,response+received,total-received); - if (bytes < 0) - error("ERROR reading response from socket"); - if (bytes == 0) - break; - received+=bytes; - } while (received < total); - - if (received == total) - error("ERROR storing complete response from socket"); - - /* close the socket */ - close(sockfd); - - /* process response */ - printf("Response:\n%s\n",response); - - return 0; -} diff --git a/monkey/infection_monkey/external_tools/old_machine_bootloader/old_machine_bootloader.c b/monkey/infection_monkey/external_tools/old_machine_bootloader/old_machine_bootloader.c new file mode 100644 index 000000000..e181b97ab --- /dev/null +++ b/monkey/infection_monkey/external_tools/old_machine_bootloader/old_machine_bootloader.c @@ -0,0 +1,107 @@ +#include +#include +#include +#include + +#pragma comment( lib, "wininet" ) +#pragma comment (lib, "Wininet.lib") + +int ping_island(int argc, char * argv[]) +{ + DWORD dwVersion = 0; + DWORD dwMajorVersion = 0; + DWORD dwMinorVersion = 0; + DWORD dwBuild = 0; + + dwVersion = GetVersion(); + + // Get the Windows version. + + dwMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion))); + dwMinorVersion = (DWORD)(HIBYTE(LOWORD(dwVersion))); + + // Get the build number. + + if (dwVersion < 0x80000000) + dwBuild = (DWORD)(HIWORD(dwVersion)); + + char versionStr[20]; + snprintf(versionStr, + 20, + "W%d.%d (%d)\n", + dwMajorVersion, + dwMinorVersion, + dwBuild); + + + wchar_t _server[] = L"158.129.18.132"; + wchar_t _page[] = L"/api/bootloader"; + HINTERNET hInternet, hConnect, hRequest; + DWORD bytes_read; + int finished = 0; + hInternet = InternetOpen("Mozilla/5.0", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0); + if (hInternet == NULL) { + printf("InternetOpen error : <%lu>\n", GetLastError()); + return 1; + } + + hConnect = InternetConnect(hInternet, _server, 5000, "", "", INTERNET_SERVICE_HTTP, 0, 0); + if (hConnect == NULL) { + printf("hConnect error : <%lu>\n", GetLastError()); + return 1; + } + hRequest = HttpOpenRequest(hConnect, L"POST", _page, NULL, NULL, NULL, INTERNET_FLAG_SECURE, 0); + if (hRequest == NULL) { + printf("hRequest error : <%lu>\n", GetLastError()); + return 1; + } + + + DWORD dwFlags; + DWORD dwBuffLen = sizeof(dwFlags); + + if (InternetQueryOption (hRequest, INTERNET_OPTION_SECURITY_FLAGS, &dwFlags, &dwBuffLen)) + { + dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA; + dwFlags |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID; + InternetSetOption (hRequest, INTERNET_OPTION_SECURITY_FLAGS, &dwFlags, sizeof (dwFlags)); + } + + BOOL isSend = HttpSendRequest(hRequest, NULL, 0, versionStr, 20); + if (!isSend){ + printf("HttpSendRequest error : (%lu)\n", GetLastError()); + return 1; + } + DWORD dwFileSize; + dwFileSize = BUFSIZ; + + char buffer[BUFSIZ+1]; + + while (1) { + DWORD dwBytesRead; + BOOL bRead; + + bRead = InternetReadFile( + hRequest, + buffer, + dwFileSize + 1, + &dwBytesRead); + + if (dwBytesRead == 0) break; + + if (!bRead) { + printf("InternetReadFile error : <%lu>\n", GetLastError()); + } + else { + buffer[dwBytesRead] = 0; + printf("Retrieved %lu data bytes: %s\n", dwBytesRead, buffer); + } + } + + // close request + InternetCloseHandle(hRequest); + InternetCloseHandle(hInternet); + InternetCloseHandle(hConnect); + + return 0; +} diff --git a/monkey/infection_monkey/external_tools/old_machine_bootloader/old_machine_bootloader.h b/monkey/infection_monkey/external_tools/old_machine_bootloader/old_machine_bootloader.h new file mode 100644 index 000000000..8ccad4917 --- /dev/null +++ b/monkey/infection_monkey/external_tools/old_machine_bootloader/old_machine_bootloader.h @@ -0,0 +1,9 @@ +#include +#include +#include +#include + +#pragma comment( lib, "wininet" ) +#pragma comment (lib, "Wininet.lib") + +int ping_island(int argc, char * argv[]); diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index be2430dda..4698d6007 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -29,6 +29,7 @@ from monkey_island.cc.resources.version_update import VersionUpdate from monkey_island.cc.resources.pba_file_upload import FileUpload from monkey_island.cc.resources.attack.attack_config import AttackConfiguration from monkey_island.cc.resources.attack.attack_report import AttackReport +from monkey_island.cc.resources.bootloader import Bootloader from monkey_island.cc.services.database import Database from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService from monkey_island.cc.services.representations import output_json @@ -86,6 +87,7 @@ def init_app_url_rules(app): def init_api_resources(api): api.add_resource(Root, '/api') api.add_resource(Monkey, '/api/monkey', '/api/monkey/', '/api/monkey/') + api.add_resource(Bootloader, '/api/bootloader') api.add_resource(LocalRun, '/api/local-monkey', '/api/local-monkey/') api.add_resource(ClientRun, '/api/client-monkey', '/api/client-monkey/') api.add_resource(Telemetry, '/api/telemetry', '/api/telemetry/', '/api/telemetry/') diff --git a/monkey/monkey_island/cc/resources/bootloader.py b/monkey/monkey_island/cc/resources/bootloader.py new file mode 100644 index 000000000..78b6f8015 --- /dev/null +++ b/monkey/monkey_island/cc/resources/bootloader.py @@ -0,0 +1,39 @@ +import json +from datetime import datetime +import dateutil.parser +import flask_restful +from flask import request + +from monkey_island.cc.consts import DEFAULT_MONKEY_TTL_EXPIRY_DURATION_IN_SECONDS +from monkey_island.cc.database import mongo +from monkey_island.cc.models.monkey_ttl import create_monkey_ttl_document +from monkey_island.cc.services.config import ConfigService +from monkey_island.cc.services.node import NodeService + +WINDOWS_VERSIONS = { + "5.0" : "Windows 2000", + "5.1" : "Windows XP", + "5.2" : "Windows XP/server 2003", + "6.0" : "Windows Vista/server 2008", + "6.1" : "Windows 7/server 2008R2", + "6.2" : "Windows 8/server 2012", + "6.3" : "Windows 8.1/server 2012R2", + "10.0" : "Windows 10/server 2016-2019" +} + + +class Bootloader(flask_restful.Resource): + + # Used by monkey. can't secure. + def post(self, **kw): + os_version = request.data.decode().split(" ") + if (os_version[0] == "W"): + os_type = "windows" + os_version = os_version[1:] + + + return {"id": "Abc"} + + def get(self, guid=None, **kw): + NodeService.update_dead_monkeys() + return {}