Dhayalanb/Google_Summer_of_Code 2019 - Dhayalan Balakrishnan - The Honeynet project - Infection Monkey.md

## Google_Summer_of_Code 2019 - Dhayalan Balakrishnan - The Honeynet project - Infection Monkey.md

      
    Raw
  

              Google_Summer_of_Code 2019 - Dhayalan Balakrishnan - The Honeynet project - Infection Monkey.md
            
          
    Dhayalan Balakrishnan

Google Summer of Code 2019

Organisation: The Honeynet Project

Project: Infection Monkey

My fork: https://github.com/Dhayalanb/monkey/tree/FrameWorkPE
Overview

The main obective is to add a privilege escalation framework to the infection monkey project.
4 Exploits and the privilege escalation framework were worked on during the three months period, out of which a pull request is issued for the privilege escalation framework and the first exploit (snapd).

The list of exploits that are to be added to the infection monkey:

snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation
'ptrace_scope' misconfiguration Local Privilege Escalation
Exim 4.87 - 4.91 - Local Privilege Escalation
Windows AlwaysInstallElevated MSI Local Privilege Escalation

Once the PR for the framework and the snapd exploit is merged, rest of the exploits can be merged with individual PR's

Changes from the original proposal

The original proposal consisted of Dirty Cow and runc Docker escape, but

Porting the exploit of Dirty cow from c/assembly to python was not possible since the exploit required race conditions
The windows exploit AlwaysInstallElevated was chosen insted of runc to test the compactibility of the code against different operating systems.

Pull Requests

Before GSoC:

guardicore/monkey#278 Updated ReportPage.js

guardicore/monkey#277 Added a new exploit, VSFTpdExploiter

guardicore/monkey#275 Updated Create_certificate to key of length 2048

During GSoC:

guardicore/monkey#403 Added Privilege escalation capability to the monkey.

Upcoming Requests

https://github.com/Dhayalanb/monkey/blob/PeNotConfigurable/monkey/infection_monkey/pe/actions/exim-CVE-2019-10149.py  (exim-CVE-2019-10149)
https://github.com/Dhayalanb/monkey/blob/PeNotConfigurable/monkey/infection_monkey/pe/actions/ptrace_scope.py  (ptrace_scope)
https://github.com/Dhayalanb/monkey/blob/tmp_pe/monkey/infection_monkey/pe/alwaysinstallElevated.py (AlwaysinstallElevated)
What is left to do


Add the "alwaysinstallelevated" privilege escalation exploit for the windows environment.
Issue PR for ptrace_scope, Exim and installalwayselevated.
Add other exploits like runc container escape
Fix/Refractor code for pull requests.

What I've leant


PEP8 standards, makes it easier and better for other collaborators.
Git workflow - from getting to know the basics of git to merging, rebasing.
Methods to analyze exploits and replicating them.
Porting code from exploit-db to a framework.

What I've struggled with the most


Getting used to the structure of the code and PEP8 standards.
Git workflow, A lot of issue was with merging and rebasing commits during the iniital period.

Final Words

This summer I learned a lot, to begin with being introduced to the great community of Infection monkey, GSoC was a wonderful experience for me. It was my first time being involved in project with a big codebase and collaborators. Coming from a non-development background, I learnt how crucial git for version control and PEP8 standard is for development, and the reseach done while developing each exploit was challenging. Specail thanks to Daniel Goldberg , Vakaris Žilius , Shay Nehmad and various others for helping me and providing feedbacks through out the coding phase and for the code review and guidance. I will try my best to regularly contribute to the infection monkey project.