The should_monkey_run() check in monkey.py is a performance improvement intended to optimize the monkey's penetration into the network. It comes with a few pitfalls:
- It only works if the first agent was started on the island, which is not necessarily the recommended way to run agents.
- It assumes that if a port is accessible from the island it is exploitable from the island. Tools like DenyHosts are one example of why this assumption may be false. In these cases, this optimization can actually have an adverse effect on how deeply the monkey can penetrate into a network.
- It requires a "scan" capability to be provided by the Island. Architecturally speaking, it's not the C&C server's responsibility to perform network scans.
- It adds extra complexity to the agent (e.g. the
--vulnerable-port argument)
The Agent Refactor effort, which is currently underway, will provide a number of performance improvements that should mitigate the performance penalty of removing the should_monkey_run() check.
Tasks
The
should_monkey_run()check inmonkey.pyis a performance improvement intended to optimize the monkey's penetration into the network. It comes with a few pitfalls:--vulnerable-portargument)The Agent Refactor effort, which is currently underway, will provide a number of performance improvements that should mitigate the performance penalty of removing the
should_monkey_run()check.Tasks
--vulneable-portcli argument on develop. Run BB tests, but don't merge to develop, merge to agent refactoring. Modify any exploiters or utility code that specifies this argument (0d) - @shreyamalviyashould_monkey_run()check in the agent refactoring branch (0d)can_island_see_port()in the agentRemotePortCheckresource and corresponding API endpointstarted_on_islandfield in the WormConfiguration and determine if it's still necessary. If not remove it. (0.25d) - @shreyamalviya