Removed infrastructure related to mimikatz binary: deployment scripts and docs updated
This commit is contained in:
parent
0be709958c
commit
c03c70ba28
|
@ -29,8 +29,6 @@ $TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32"
|
||||||
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
|
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
|
||||||
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
|
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
|
||||||
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
|
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
|
||||||
$MK32_DLL = "mk32.zip"
|
|
||||||
$MK64_DLL = "mk64.zip"
|
|
||||||
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
$TEMP_PYTHON_INSTALLER = ".\python.exe"
|
||||||
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
|
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
|
||||||
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
|
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
|
||||||
|
@ -44,6 +42,4 @@ $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2012plu
|
||||||
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
|
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
|
||||||
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
|
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
|
||||||
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
|
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
|
||||||
$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip"
|
|
||||||
$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip"
|
|
||||||
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
|
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
|
||||||
|
|
|
@ -226,20 +226,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
|
||||||
Remove-Item $TEMP_UPX_ZIP
|
Remove-Item $TEMP_UPX_ZIP
|
||||||
}
|
}
|
||||||
|
|
||||||
# Download mimikatz binaries
|
|
||||||
$mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL
|
|
||||||
if (!(Test-Path -Path $mk32_path))
|
|
||||||
{
|
|
||||||
"Downloading mimikatz 32 binary"
|
|
||||||
$webClient.DownloadFile($MK32_DLL_URL, $mk32_path)
|
|
||||||
}
|
|
||||||
$mk64_path = Join-Path -Path $binDir -ChildPath $MK64_DLL
|
|
||||||
if (!(Test-Path -Path $mk64_path))
|
|
||||||
{
|
|
||||||
"Downloading mimikatz 64 binary"
|
|
||||||
$webClient.DownloadFile($MK64_DLL_URL, $mk64_path)
|
|
||||||
}
|
|
||||||
|
|
||||||
# Download sambacry binaries
|
# Download sambacry binaries
|
||||||
$samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR
|
$samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR
|
||||||
$samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME
|
$samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME
|
||||||
|
|
|
@ -8,9 +8,6 @@ __author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
block_cipher = None
|
block_cipher = None
|
||||||
|
|
||||||
# Name of zip file in monkey. That's the name of the file in the _MEI folder
|
|
||||||
MIMIKATZ_ZIP_NAME = 'tmpzipfile123456.zip'
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
a = Analysis(['main.py'],
|
a = Analysis(['main.py'],
|
||||||
|
@ -66,7 +63,6 @@ def process_datas(orig_datas):
|
||||||
datas = orig_datas
|
datas = orig_datas
|
||||||
if is_windows():
|
if is_windows():
|
||||||
datas = [i for i in datas if i[0].find('Include') < 0]
|
datas = [i for i in datas if i[0].find('Include') < 0]
|
||||||
datas += [(MIMIKATZ_ZIP_NAME, get_mimikatz_zip_path(), 'BINARY')]
|
|
||||||
return datas
|
return datas
|
||||||
|
|
||||||
|
|
||||||
|
@ -118,9 +114,4 @@ def get_exe_icon():
|
||||||
return 'monkey.ico' if is_windows() else None
|
return 'monkey.ico' if is_windows() else None
|
||||||
|
|
||||||
|
|
||||||
def get_mimikatz_zip_path():
|
|
||||||
mk_filename = 'mk32.zip' if is_32_bit() else 'mk64.zip'
|
|
||||||
return os.path.join(get_bin_folder(), mk_filename)
|
|
||||||
|
|
||||||
|
|
||||||
main() # We don't check if __main__ because this isn't the main script.
|
main() # We don't check if __main__ because this isn't the main script.
|
||||||
|
|
|
@ -7,7 +7,6 @@ The monkey is composed of three separate parts.
|
||||||
|
|
||||||
- The Infection Monkey itself - PyInstaller compressed python archives
|
- The Infection Monkey itself - PyInstaller compressed python archives
|
||||||
- Sambacry binaries - Two linux binaries, 32/64 bit.
|
- Sambacry binaries - Two linux binaries, 32/64 bit.
|
||||||
- Mimikatz binaries - Two windows binaries, 32/64 bit.
|
|
||||||
- Traceroute binaries - Two linux binaries, 32/64bit.
|
- Traceroute binaries - Two linux binaries, 32/64bit.
|
||||||
|
|
||||||
## Windows
|
## Windows
|
||||||
|
@ -28,7 +27,7 @@ The monkey is composed of three separate parts.
|
||||||
`pip install -r requirements.txt`
|
`pip install -r requirements.txt`
|
||||||
4. Download and extract UPX binary to monkey\infection_monkey\bin\upx.exe:
|
4. Download and extract UPX binary to monkey\infection_monkey\bin\upx.exe:
|
||||||
<https://github.com/upx/upx/releases/download/v3.94/upx394w.zip>
|
<https://github.com/upx/upx/releases/download/v3.94/upx394w.zip>
|
||||||
5. Build/Download Sambacry and Mimikatz binaries
|
5. Build/Download Sambacry
|
||||||
- Build/Download according to sections at the end of this readme.
|
- Build/Download according to sections at the end of this readme.
|
||||||
- Place the binaries under monkey\infection_monkey\bin
|
- Place the binaries under monkey\infection_monkey\bin
|
||||||
6. To build the final exe:
|
6. To build the final exe:
|
||||||
|
@ -83,24 +82,6 @@ Sambacry requires two standalone binaries to execute remotely.
|
||||||
- 32bit: <https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so>
|
- 32bit: <https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so>
|
||||||
- 64bit: <https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so>
|
- 64bit: <https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so>
|
||||||
|
|
||||||
### Mimikatz
|
|
||||||
|
|
||||||
Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile binaries from source (requires Visual Studio 2013 and up) or download them from our repository.
|
|
||||||
|
|
||||||
1. Build Mimikatz yourself
|
|
||||||
- Building mimikatz requires Visual Studio 2013 and up
|
|
||||||
- Clone our version of mimikatz from <https://github.com/guardicore/mimikatz/tree/1.1.0>
|
|
||||||
- Build using Visual Studio.
|
|
||||||
- Put each version in a zip file
|
|
||||||
1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll
|
|
||||||
2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'.
|
|
||||||
3. The zip file should be named mk32.zip/mk64.zip accordingly.
|
|
||||||
4. Zipping with 7zip has been tested. Other zipping software may not work.
|
|
||||||
|
|
||||||
2. Download our pre-built mimikatz binaries
|
|
||||||
- Download both 32 and 64 bit zipped DLLs from <https://github.com/guardicore/mimikatz/releases/tag/1.1.0>
|
|
||||||
- Place them under [code location]\infection_monkey\bin
|
|
||||||
|
|
||||||
### Traceroute
|
### Traceroute
|
||||||
|
|
||||||
Traceroute requires two standalone binaries to execute remotely.
|
Traceroute requires two standalone binaries to execute remotely.
|
||||||
|
|
Loading…
Reference in New Issue