Skip to content

Enabling Monkey Island Password Protection

Shay Nehmad edited this page Jul 28, 2019 · 3 revisions

Monkey Island authentication

By default, the Monkey Island doesn't require any form of authentication.

If you enable it, accessing the Monkey Island UI will redirect you to a login screen where you'll have to enter your username and password.

To enable it, follow the following instructions.

Setting up authentication

1. Modify the server_config.json file

Modify the file {monkey_files_dir}/monkey/monkey_island/cc/server_config.json (monkey files dir, normally, is /var) to be of the following format:

{
  "server_config": "password",
  "user": "<YOUR USER>",
  "hash": "<LOWER CASE HASH>"
}
  • Replace <YOUR USER> with a username of your choice. e.g. monkey
  • Replace <LOWER CASE HASH> with a lower case SHA3-512 hash of your password. e.g. 0123456789abcedf0123456789abcedf0123456789abcedf0123456789abcedf0123456789abcedf0123456789abcedf0123456789abcedf0123456789abcedf

2. Restart Monkey Island

Restart the Monkey Island process.

Computing SHA3-512

There are various libraries and services which allow to compute the SHA3-512. We'll list 2 tested services for convenience:

1. Using this free online tool

You can use this free online tool to calculate SHA3-512

2. Using PyCrypto / PyCryptodome

The PyCrypto/PyCryptodome library for python allows SHA3-512 computation.

The following snippet calculates the SHA3-512 of the secret variable:

from Crypto.Hash import SHA3_512
h = SHA3_512.new()
h.update(secret)
print(h.hexdigest())
You can’t perform that action at this time.