From c03c70ba28c7c71052023a18b72f3e1b615b75ee Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 5 Jun 2020 14:40:58 +0300 Subject: [PATCH] Removed infrastructure related to mimikatz binary: deployment scripts and docs updated --- deployment_scripts/config.ps1 | 4 ---- deployment_scripts/deploy_windows.ps1 | 14 -------------- monkey/infection_monkey/monkey.spec | 9 --------- monkey/infection_monkey/readme.md | 21 +-------------------- 4 files changed, 1 insertion(+), 47 deletions(-) diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1 index b18b7c63c..e835ad633 100644 --- a/deployment_scripts/config.ps1 +++ b/deployment_scripts/config.ps1 @@ -29,8 +29,6 @@ $TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32" $MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island" $MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey" $SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin" -$MK32_DLL = "mk32.zip" -$MK64_DLL = "mk64.zip" $TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip" @@ -44,6 +42,4 @@ $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2012plu $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip" $CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi" -$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip" -$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip" $UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip" diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1 index 6872f5c3a..3a57e9dcb 100644 --- a/deployment_scripts/deploy_windows.ps1 +++ b/deployment_scripts/deploy_windows.ps1 @@ -226,20 +226,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName, Remove-Item $TEMP_UPX_ZIP } - # Download mimikatz binaries - $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL - if (!(Test-Path -Path $mk32_path)) - { - "Downloading mimikatz 32 binary" - $webClient.DownloadFile($MK32_DLL_URL, $mk32_path) - } - $mk64_path = Join-Path -Path $binDir -ChildPath $MK64_DLL - if (!(Test-Path -Path $mk64_path)) - { - "Downloading mimikatz 64 binary" - $webClient.DownloadFile($MK64_DLL_URL, $mk64_path) - } - # Download sambacry binaries $samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR $samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index e5873c9c5..51bd4bb83 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -8,9 +8,6 @@ __author__ = 'itay.mizeretz' block_cipher = None -# Name of zip file in monkey. That's the name of the file in the _MEI folder -MIMIKATZ_ZIP_NAME = 'tmpzipfile123456.zip' - def main(): a = Analysis(['main.py'], @@ -66,7 +63,6 @@ def process_datas(orig_datas): datas = orig_datas if is_windows(): datas = [i for i in datas if i[0].find('Include') < 0] - datas += [(MIMIKATZ_ZIP_NAME, get_mimikatz_zip_path(), 'BINARY')] return datas @@ -118,9 +114,4 @@ def get_exe_icon(): return 'monkey.ico' if is_windows() else None -def get_mimikatz_zip_path(): - mk_filename = 'mk32.zip' if is_32_bit() else 'mk64.zip' - return os.path.join(get_bin_folder(), mk_filename) - - main() # We don't check if __main__ because this isn't the main script. diff --git a/monkey/infection_monkey/readme.md b/monkey/infection_monkey/readme.md index da865c35f..fa192c33e 100644 --- a/monkey/infection_monkey/readme.md +++ b/monkey/infection_monkey/readme.md @@ -7,7 +7,6 @@ The monkey is composed of three separate parts. - The Infection Monkey itself - PyInstaller compressed python archives - Sambacry binaries - Two linux binaries, 32/64 bit. -- Mimikatz binaries - Two windows binaries, 32/64 bit. - Traceroute binaries - Two linux binaries, 32/64bit. ## Windows @@ -28,7 +27,7 @@ The monkey is composed of three separate parts. `pip install -r requirements.txt` 4. Download and extract UPX binary to monkey\infection_monkey\bin\upx.exe: -5. Build/Download Sambacry and Mimikatz binaries +5. Build/Download Sambacry - Build/Download according to sections at the end of this readme. - Place the binaries under monkey\infection_monkey\bin 6. To build the final exe: @@ -83,24 +82,6 @@ Sambacry requires two standalone binaries to execute remotely. - 32bit: - 64bit: -### Mimikatz - -Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile binaries from source (requires Visual Studio 2013 and up) or download them from our repository. - -1. Build Mimikatz yourself - - Building mimikatz requires Visual Studio 2013 and up - - Clone our version of mimikatz from - - Build using Visual Studio. - - Put each version in a zip file - 1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll - 2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'. - 3. The zip file should be named mk32.zip/mk64.zip accordingly. - 4. Zipping with 7zip has been tested. Other zipping software may not work. - -2. Download our pre-built mimikatz binaries - - Download both 32 and 64 bit zipped DLLs from - - Place them under [code location]\infection_monkey\bin - ### Traceroute Traceroute requires two standalone binaries to execute remotely.