p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Change credential collectors, payloads and pbas in flat config 

Flat config changes are made in order for config object to be serializable
This commit is contained in:
vakarisz 2022-06-17 18:05:26 +03:00 committed by Shreya Malviya
parent b99ad70774
commit d393a0b3c6
3 changed files with 31 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
monkey/monkey_island/cc/services/config.py
View File

@ -357,6 +357,7 @@ class ConfigService:
ConfigService._format_payloads_from_flat_config(config) ConfigService._format_payloads_from_flat_config(config)
ConfigService._format_pbas_from_flat_config(config) ConfigService._format_pbas_from_flat_config(config)
ConfigService._format_propagation_from_flat_config(config) ConfigService._format_propagation_from_flat_config(config)
ConfigService._format_credential_collectors(config)
# Ok, I'll admit this is just sort of jammed in here. But this code is going away very soon. # Ok, I'll admit this is just sort of jammed in here. But this code is going away very soon.
del config["HTTP_PORTS"] del config["HTTP_PORTS"]
@ -376,9 +377,18 @@ class ConfigService:
for field in fields_to_remove: for field in fields_to_remove:
config.pop(field, None) config.pop(field, None)
@staticmethod
def _format_credential_collectors(config: Dict):
collectors = [
{"name": collector, "options": {}} for collector in config["credential_collectors"]
]
config["credential_collectors"] = collectors
@staticmethod @staticmethod
def _format_payloads_from_flat_config(config: Dict): def _format_payloads_from_flat_config(config: Dict):
config.setdefault("payloads", {})["ransomware"] = config["ransomware"] config.setdefault("payloads", []).append(
{"name": "ransomware", "options": config["ransomware"]}
)
config.pop("ransomware", None) config.pop("ransomware", None)
@staticmethod @staticmethod
@ -388,9 +398,9 @@ class ConfigService:
flat_windows_command_field = "custom_PBA_windows_cmd" flat_windows_command_field = "custom_PBA_windows_cmd"
flat_windows_filename_field = "PBA_windows_filename" flat_windows_filename_field = "PBA_windows_filename"
formatted_pbas_config = {} formatted_pbas_config = [
for pba in config.get("post_breach_actions", []): {"name": pba, "options": {}} for pba in config.get("post_breach_actions", [])
formatted_pbas_config[pba] = {} ]
config["custom_pbas"] = { config["custom_pbas"] = {
"linux_command": config.get(flat_linux_command_field, ""), "linux_command": config.get(flat_linux_command_field, ""),

1
monkey/tests/data_for_tests/monkey_configs/flat_config.json
View File

@ -27,6 +27,7 @@
"private_key": "my_private_key" "private_key": "my_private_key"
} }
], ],
"credential_collectors": ["MimikatzCollector", "SSHCollector"],
"exploit_user_list": [ "exploit_user_list": [
"Administrator", "Administrator",
"root", "root",

33
monkey/tests/unit_tests/monkey_island/cc/services/test_config.py
View File

@ -25,34 +25,33 @@ def test_format_config_for_agent__credentials_removed():
def test_format_config_for_agent__ransomware_payload(): def test_format_config_for_agent__ransomware_payload():
expected_ransomware_options = { expected_ransomware_options = {
"ransomware": { "encryption": {
"encryption": { "enabled": True,
"enabled": True, "directories": {
"directories": { "linux_target_dir": "/tmp/ransomware-target",
"linux_target_dir": "/tmp/ransomware-target", "windows_target_dir": "C:\\windows\\temp\\ransomware-target",
"windows_target_dir": "C:\\windows\\temp\\ransomware-target",
},
}, },
"other_behaviors": {"readme": True}, },
} "other_behaviors": {"readme": True},
} }
flat_monkey_config = ConfigService.format_flat_config_for_agent() flat_monkey_config = ConfigService.format_flat_config_for_agent()
assert "payloads" in flat_monkey_config assert "payloads" in flat_monkey_config
assert flat_monkey_config["payloads"] == expected_ransomware_options assert flat_monkey_config["payloads"][0]["name"] == "ransomware"
assert flat_monkey_config["payloads"][0]["options"] == expected_ransomware_options
assert "ransomware" not in flat_monkey_config assert "ransomware" not in flat_monkey_config
def test_format_config_for_agent__pbas(): def test_format_config_for_agent__pbas():
expected_pbas_config = { expected_pbas_config = [
"CommunicateAsBackdoorUser": {}, {"name": "CommunicateAsBackdoorUser", "options": {}},
"ModifyShellStartupFiles": {}, {"name": "ModifyShellStartupFiles", "options": {}},
"ScheduleJobs": {}, {"name": "ScheduleJobs", "options": {}},
"Timestomping": {}, {"name": "Timestomping", "options": {}},
"AccountDiscovery": {}, {"name": "AccountDiscovery", "options": {}},
} ]
flat_monkey_config = ConfigService.format_flat_config_for_agent() flat_monkey_config = ConfigService.format_flat_config_for_agent()
assert "post_breach_actions" in flat_monkey_config assert "post_breach_actions" in flat_monkey_config