-
Notifications
You must be signed in to change notification settings - Fork 788
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Release Infection Monkey v2.2.0
- Loading branch information
Showing
406 changed files
with
15,544 additions
and
5,161 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
--- | ||
title: "SNMP" | ||
date: 2023-05-15T12:53:22+00:00 | ||
draft: false | ||
tags: ["exploit", "linux"] | ||
--- | ||
|
||
The SNMP exploiter exploits [CVE-2020-15862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15862). | ||
|
||
|
||
### Description | ||
|
||
If a community is configured with read-write access, the machine is vulnerable to an attack using NET-SNMP-EXTEND-MIB to run arbitrary commands on the victim. | ||
|
||
In versions 1 and 2c of the SNMP protocol the only means of authentication is the community string. In these versions of SNMP, community strings are sent as plaintext in all requests. Version 3 adds user-based authentication and encryption to the SNMP protocol. | ||
|
||
This exploiter uses version 2c of the SNMP protocol. It brute-forces machines by using usernames and passwords provided by the user (see [configuration]({{< ref "/usage/configuration" >}}) for instructions) as SNMP community strings. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
title: "Malware Masquerade" | ||
date: 2023-05-08T13:57:22-04:00 | ||
draft: false | ||
weight: 4 | ||
pre: "<i class='fas fa-mask'></i> " | ||
tags: ["usage"] | ||
--- | ||
|
||
## Description | ||
**Masquerade** - to assume the appearance of something one is not | ||
[[1](https://www.merriam-webster.com/dictionary/masquerade)] | ||
|
||
A common way of detecting and identifying an executable as malware is to write | ||
a detection rule (such as for a tool like YARA) that checks for the existence | ||
of strings or unique byte sequences within a file. The Malware Masquerade | ||
feature allows users to specify strings or arbitrary data (bytes) that will be | ||
injected into the Agent binaries. This enables Infection Monkey Agents to | ||
masquerade as specific types of malware. This is particularly useful for anyone | ||
who writes their own detection rules and needs a way to test them, or anyone | ||
looking to improve the fidelity of malware simulations. | ||
|
||
## Using Malware Masquerade | ||
|
||
![Malware Masquerade Configuration](/images/island/configuration_page/malware_masquerade_configuration.png "Malware masquerade configuration") | ||
|
||
### Configuring Strings | ||
|
||
The UI allows you to specify any number of strings to include within the Linux | ||
or Windows Agent binaries. It's as simple as adding these strings to either | ||
list in the "Masquerade" tab of the "Configuration" screen and clicking | ||
"Submit". You can verify the success of this operation by downloading the | ||
binary and using the Linux `strings` command. | ||
[[2](https://linux.die.net/man/1/strings)] | ||
|
||
|
||
```bash | ||
curl https://<SERVER_IP>:5000/api/agent-binaries/linux -k -o monkey-linux-64 && strings monkey-linux-64 | grep <MY_STRING> | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
title: "Polymorphism" | ||
date: 2023-05-16T15:19:06+05:30 | ||
draft: false | ||
weight: 5 | ||
pre: "<i class='fas fa-file-signature'></i> " | ||
tags: ["usage", "polymorphism"] | ||
--- | ||
|
||
|
||
## Description | ||
Polymorphic malware, or metamorphic malware, is a kind of malware that repeatedly | ||
modifies its appearance or signature. As a result, no two copies of the malware share | ||
the same hash. This helps the malware evade detection. | ||
|
||
Infection Monkey is not truly metamorphic, but it has the ability to emulate this | ||
property by adding random bytes to each Agent before propagation. | ||
|
||
## Using Polymorphism | ||
|
||
![Polymorphism Configuration](/images/island/configuration_page/polymorphism_configuration.png "Polymorphism configuration") |
Binary file added
BIN
+352 KB
docs/static/images/island/configuration_page/malware_masquerade_configuration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+95.8 KB
docs/static/images/island/configuration_page/polymorphism_configuration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
envs/monkey_zoo/blackbox/analyzers/stolen_credentials_analyzer.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
from typing import Set | ||
|
||
from common.credentials import Credentials | ||
from envs.monkey_zoo.blackbox.analyzers.analyzer import Analyzer | ||
from envs.monkey_zoo.blackbox.analyzers.analyzer_log import AnalyzerLog | ||
from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIslandClient | ||
|
||
|
||
class StolenCredentialsAnalyzer(Analyzer): | ||
def __init__( | ||
self, island_client: MonkeyIslandClient, expected_stolen_credentials: Set[Credentials] | ||
): | ||
self.island_client = island_client | ||
self.expected_stolen_credentials = set(expected_stolen_credentials) | ||
|
||
self.log = AnalyzerLog(self.__class__.__name__) | ||
|
||
def analyze_test_results(self) -> bool: | ||
self.log.clear() | ||
|
||
stolen_credentials = set(self.island_client.get_stolen_credentials()) | ||
|
||
if self.expected_stolen_credentials == stolen_credentials: | ||
self.log.add_entry("All expected credentials were stolen") | ||
return True | ||
|
||
if len(stolen_credentials) != len(self.expected_stolen_credentials): | ||
self.log.add_entry( | ||
f"Expected {len(self.expected_stolen_credentials)} credentials to be stolen but " | ||
f"{len(stolen_credentials)} were stolen" | ||
) | ||
elif self.expected_stolen_credentials != stolen_credentials: | ||
self.log.add_entry( | ||
"The contents of the stolen credentials did not match the expected credentials" | ||
) | ||
|
||
return False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.