p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Island: Remove old configuration schema's definitions

This commit is contained in:
Shreya Malviya 2022-06-28 15:48:19 -07:00 committed by Ilija Lazoroski
parent 568a10e2f9
commit ff17237ea7
4 changed files with 0 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
monkey/monkey_island/cc/services/config_schema/definitions/credential_collector_classes.py
View File

@ -1,25 +0,0 @@
from common.common_consts.credential_collector_names import MIMIKATZ_COLLECTOR, SSH_COLLECTOR
CREDENTIAL_COLLECTORS = {
"title": "Credential Collectors",
"description": "Click on a credential collector to find out what it collects.",
"type": "string",
"anyOf": [
{
"type": "string",
"enum": [MIMIKATZ_COLLECTOR],
"title": "Mimikatz Credentials Collector",
"safe": True,
"info": "Collects credentials from Windows credential manager.",
"attack_techniques": ["T1003", "T1005"],
},
{
"type": "string",
"enum": [SSH_COLLECTOR],
"title": "SSH Credentials Collector",
"safe": True,
"info": "Searches users' home directories and collects SSH keypairs.",
"attack_techniques": ["T1005", "T1145"],
},
],
}

105
monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
View File

@ -1,105 +0,0 @@
from monkey_island.cc.services.utils.typographic_symbols import WARNING_SIGN
EXPLOITER_CLASSES = {
"title": "Exploiters",
"description": "Click on exploiter to get more information about it."
+ WARNING_SIGN
+ " Note that using unsafe exploits may cause crashes of the exploited "
"machine/service.",
"type": "string",
"anyOf": [
{
"type": "string",
"enum": ["SmbExploiter"],
"title": "SMB Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1075", "T1035"],
"info": "Brute forces using credentials provided by user and"
" hashes gathered by mimikatz.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference"
"/exploiters/smbexec/",
},
{
"type": "string",
"enum": ["WmiExploiter"],
"title": "WMI Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1106"],
"info": "Brute forces WMI (Windows Management Instrumentation) "
"using credentials provided by user and hashes gathered by "
"mimikatz.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference"
"/exploiters/wmiexec/",
},
{
"type": "string",
"enum": ["MSSQLExploiter"],
"title": "MSSQL Exploiter",
"safe": True,
"attack_techniques": ["T1110"],
"info": "Tries to brute force into MsSQL server and uses insecure "
"configuration to execute commands on server.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference"
"/exploiters/mssql/",
},
{
"type": "string",
"enum": ["SSHExploiter"],
"title": "SSH Exploiter",
"safe": True,
"attack_techniques": ["T1110", "T1145", "T1106"],
"info": "Brute forces using credentials provided by user and SSH keys "
"gathered from systems.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference"
"/exploiters/sshexec/",
},
{
"type": "string",
"enum": ["HadoopExploiter"],
"title": "Hadoop/Yarn Exploiter",
"safe": True,
"info": "Remote code execution on HADOOP server with YARN and default settings. "
"Logic based on "
"https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/hadoop/",
},
{
"type": "string",
"enum": ["ZerologonExploiter"],
"title": "Zerologon Exploiter",
"safe": False,
"info": "Exploits a privilege escalation vulnerability (CVE-2020-1472) in a Windows "
"server domain controller (DC) by using the Netlogon Remote Protocol (MS-NRPC). "
"This exploiter changes the password of a Windows server DC account, steals "
"credentials, and then attempts to restore the original DC password. The victim DC "
"will be unable to communicate with other DCs until the original "
"password has been restored. If Infection Monkey fails to restore the "
"password automatically, you'll have to do it manually. For more "
"information, see the documentation.",
"link": "https://www.guardicore.com/infectionmonkey"
"/docs/reference/exploiters/zerologon/",
},
{
"type": "string",
"enum": ["PowerShellExploiter"],
"title": "PowerShell Remoting Exploiter",
"info": "Exploits PowerShell remote execution setups. PowerShell Remoting uses Windows "
"Remote Management (WinRM) to allow users to run PowerShell commands on remote "
"computers.",
"safe": True,
"link": "https://www.guardicore.com/infectionmonkey"
"/docs/reference/exploiters/powershell",
},
{
"type": "string",
"enum": ["Log4ShellExploiter"],
"title": "Log4Shell Exploiter",
"safe": True,
"info": "Exploits a software vulnerability (CVE-2021-44228) in Apache Log4j, a Java "
"logging framework. Exploitation is attempted on the following services — "
"Apache Solr, Apache Tomcat, Logstash.",
"link": "https://www.guardicore.com/infectionmonkey/docs/reference"
"/exploiters/log4shell/",
},
],
}

48
monkey/monkey_island/cc/services/config_schema/definitions/finger_classes.py
View File

@ -1,48 +0,0 @@
FINGER_CLASSES = {
"title": "Fingerprinters",
"description": "Fingerprint modules collect info about external services "
"Infection Monkey scans.",
"type": "string",
"anyOf": [
{
"type": "string",
"enum": ["SMBFinger"],
"title": "SMB Fingerprinter",
"safe": True,
"info": "Figures out if SMB is running and what's the version of it.",
"attack_techniques": ["T1210"],
},
{
"type": "string",
"enum": ["SSHFinger"],
"title": "SSH Fingerprinter",
"safe": True,
"info": "Figures out if SSH is running.",
"attack_techniques": ["T1210"],
},
{
"type": "string",
"enum": ["HTTPFinger"],
"title": "HTTP Fingerprinter",
"safe": True,
"info": "Checks if host has HTTP/HTTPS ports open.",
},
{
"type": "string",
"enum": ["MSSQLFinger"],
"title": "MSSQL Fingerprinter",
"safe": True,
"info": "Checks if Microsoft SQL service is running and tries to gather "
"information about it.",
"attack_techniques": ["T1210"],
},
{
"type": "string",
"enum": ["ElasticFinger"],
"title": "Elastic Fingerprinter",
"safe": True,
"info": "Checks if ElasticSearch is running and attempts to find it's " "version.",
"attack_techniques": ["T1210"],
},
],
}

105
monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py
View File

@ -1,105 +0,0 @@
POST_BREACH_ACTIONS = {
"title": "Post-Breach Actions",
"description": "Runs scripts/commands on infected machines. These actions safely simulate what "
"an adversary might do after breaching a new machine. Used in ATT&CK and Zero trust reports.",
"type": "string",
"anyOf": [
{
"type": "string",
"enum": ["CommunicateAsBackdoorUser"],
"title": "Communicate as Backdoor User",
"safe": True,
"info": "Attempts to create a new user, create HTTPS requests as that "
"user and delete the user "
"afterwards.",
"attack_techniques": ["T1136"],
},
{
"type": "string",
"enum": ["ModifyShellStartupFiles"],
"title": "Modify Shell Startup Files",
"safe": True,
"info": "Attempts to modify shell startup files, like ~/.profile, "
"~/.bashrc, ~/.bash_profile "
"in linux, and profile.ps1 in windows. Reverts modifications done"
" afterwards.",
"attack_techniques": ["T1156", "T1504"],
},
{
"type": "string",
"enum": ["HiddenFiles"],
"title": "Hidden Files and Directories",
"safe": True,
"info": "Attempts to create a hidden file and remove it afterward.",
"attack_techniques": ["T1158"],
},
{
"type": "string",
"enum": ["TrapCommand"],
"title": "Trap Command",
"safe": True,
"info": "On Linux systems, attempts to trap a terminate signal in order "
"to execute a command upon receiving that signal. Removes the trap afterwards.",
"attack_techniques": ["T1154"],
},
{
"type": "string",
"enum": ["ChangeSetuidSetgid"],
"title": "Setuid and Setgid",
"safe": True,
"info": "On Linux systems, attempts to set the setuid and setgid bits of "
"a new file. "
"Removes the file afterwards.",
"attack_techniques": ["T1166"],
},
{
"type": "string",
"enum": ["ScheduleJobs"],
"title": "Job Scheduling",
"safe": True,
"info": "Attempts to create a scheduled job on the system and remove it.",
"attack_techniques": ["T1168", "T1053"],
},
{
"type": "string",
"enum": ["Timestomping"],
"title": "Timestomping",
"safe": True,
"info": "Creates a temporary file and attempts to modify its time "
"attributes. Removes the file afterwards.",
"attack_techniques": ["T1099"],
},
{
"type": "string",
"enum": ["SignedScriptProxyExecution"],
"title": "Signed Script Proxy Execution",
"safe": False,
"info": "On Windows systems, attempts to execute an arbitrary file "
"with the help of a pre-existing signed script.",
"attack_techniques": ["T1216"],
},
{
"type": "string",
"enum": ["AccountDiscovery"],
"title": "Account Discovery",
"safe": True,
"info": "Attempts to get a listing of user accounts on the system.",
"attack_techniques": ["T1087"],
},
{
"type": "string",
"enum": ["ClearCommandHistory"],
"title": "Clear Command History",
"safe": False,
"info": "Attempts to clear the command history.",
"attack_techniques": ["T1146"],
},
{
"type": "string",
"enum": ["ProcessListCollection"],
"title": "Process List Collector",
"safe": True,
"info": "Collects a list of running processes on the machine.",
},
],
}