Commit Graph

6043 Commits

Author SHA1 Message Date
Mike Salvatore 09f14687d3 Fixed minor typos in CHANGELOG.md 2021-08-30 09:44:20 -04:00
Mike Salvatore 318e71bcb4
Merge pull request #1433 from guardicore/1410/remove-backdoor-pba
Remove Backdoor user PBA
2021-08-30 09:43:13 -04:00
Mike Salvatore 1bf3013fc2 Update changelog for PR #1433 2021-08-30 09:41:18 -04:00
Ilija Lazoroski 7aa230e9d0 UT: Renamed Communicate as new user 2021-08-30 14:22:23 +02:00
Ilija Lazoroski 10697934d6 Rename Communicate as new user to Communicate as backdoor user 2021-08-30 14:01:40 +02:00
Mike Salvatore 805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
Ilija Lazoroski 7e293ac16d Remove Backdoor user PBA 2021-08-30 13:46:07 +02:00
Mike Salvatore 02bd3efd2d
Merge pull request #1434 from guardicore/pba-use-random-pwd
Use random password for CommunicateAsNewUser PBA
2021-08-30 07:17:56 -04:00
Shreya Malviya deb037c617 tests: Add unit tests for communicate as back door user PBA 2021-08-30 16:21:22 +05:30
Shreya Malviya 0f2f39f0a0 CHANGELOG: Update with entry for random password for CommunicateAsNewUser PBA 2021-08-30 16:21:22 +05:30
Shreya Malviya f727e75697 agent: Use random password for CommunicateAsNewUser PBA 2021-08-30 16:21:22 +05:30
Shreya Malviya 54f80df1f4 bb: Remove extra line from end of file 2021-08-30 15:12:35 +05:30
Mike Salvatore 98fcfde389
Merge pull request #1426 from guardicore/1246/config-template-bb-test
Add PowerShell config and bb test
2021-08-26 09:19:03 -04:00
Shreya Malviya 57109c11a9 cc: Change 'powershell' -> 'PowerShell' in issue overview in security report 2021-08-26 17:06:19 +05:30
Ilija Lazoroski 9a96e6ed39 Zoo: Refactor start and stop gcp machine functions 2021-08-26 10:35:22 +02:00
Mike Salvatore a80cd676b4 Common: Remove unused CredentialsError 2021-08-25 15:37:17 -04:00
Mike Salvatore c875aa349f Tests: Change test order/names in powershell_utils/test_utils.py 2021-08-25 15:33:46 -04:00
Mike Salvatore 8aedc2c391 Agent: Add pyinstaller hooks for pypsrp 2021-08-25 14:44:31 -04:00
Mike Salvatore 176828d458 Agent: Log exception if PowerShellExploiter fails to copy agent 2021-08-25 14:18:43 -04:00
Mike Salvatore 86d7879c31 Agent: Remove leading space from RUN_MONKEY string template 2021-08-25 13:33:03 -04:00
Mike Salvatore e70d1c714b Agent: Remove context manager from _authenticate()
Since the PowerShellExploiter's _authenticate() method returns the
client object, it doesn't make sense for it to be constructed in a
context manager.
2021-08-25 13:30:30 -04:00
Mike Salvatore b871398682 Agent: Add useful logging to powershell exploiter 2021-08-25 13:30:30 -04:00
Shreya Malviya 876cdbeffa island: Check if credential in exploit telemetry is `None` before processing it 2021-08-25 19:31:36 +05:30
Ilija Lazoroski e6ca0fd3b6 Zoo: Parallelize start and stop of gcp machines 2021-08-25 10:07:41 +02:00
Mike Salvatore 1da79f78bf Agent: Use format strings in powershell exploiter log statements 2021-08-24 15:32:51 -04:00
unknown f046e9d7a7 Agent: Add pypsrp to PipFile 2021-08-24 15:11:15 -04:00
Mike Salvatore af57272e36 Island: Update python dependencies (Flask-JWT-Extended 3.24.1 -> 4.*)
Resolves #1048
2021-08-24 14:35:50 -04:00
Mike Salvatore dd56f3d650 Island: Fix minor formatting error 2021-08-24 13:37:40 -04:00
Mike Salvatore c385177dac Agent: Extract _build_monkey_execution_command() into powershell_utils 2021-08-24 13:14:29 -04:00
Mike Salvatore 58f23f4fc0 Agent: Extract powershell client parameters into powershell_utils 2021-08-24 13:13:37 -04:00
Mike Salvatore 4e7a95316e Agent: Extract _get_credentials() into powershell_utils/utils.py 2021-08-24 12:53:37 -04:00
Mike Salvatore aef8f2e37a Agent: Extract method _build_monkey_execution_command 2021-08-24 12:16:52 -04:00
Mike Salvatore 1928f1b9bc Agent: Remove "credentials" local variable 2021-08-24 12:11:59 -04:00
Mike Salvatore a2bdc69388 Agent: Log and report exploitation attempts from PowerShellExploiter 2021-08-24 12:03:42 -04:00
Mike Salvatore 8209fa55df Agent: Set client parameters if password is "" in PowerShellExploiter 2021-08-24 11:53:48 -04:00
Mike Salvatore fb18c1cbd4 Agent: Only use "None" creds in powershell exploiter if host is Windows 2021-08-24 11:43:17 -04:00
Mike Salvatore 79cc82b159 Agent: Remove duplicated try/except if/else from PowerShellExploiter 2021-08-24 10:35:21 -04:00
Mike Salvatore 66527b1bde Agent: Move Windows architecture constants from web_rce.py -> consts.py 2021-08-24 09:37:05 -04:00
Mike Salvatore f1c247ad93 Agent: Refactored PowerShellExploiter authentication function names 2021-08-24 09:29:02 -04:00
Ilija Lazoroski 5cee9443ff Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00
Ilija Lazoroski 9f2a4cb7e4 Zoo: Update terraform scripts. Update gcp test machine list with new zone 2021-08-24 11:56:09 +02:00
Ilija Lazoroski 305b2cf716 Zoo: Add PowerShell config and bb test 2021-08-24 10:32:54 +02:00
Shreya Malviya e339932fde island: Change 'Powershell' to 'PowerShell' in attack schema for T1210 2021-08-24 13:16:59 +05:30
Shreya Malviya b6c3623e74 agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting') 2021-08-24 13:15:47 +05:30
Shreya Malviya 72e0378335 agent: Fix import path in powershell exploiter 2021-08-24 11:52:12 +05:30
Shreya Malviya ee9fde4005 agent: Refactor powershell remoting exploiter 2021-08-24 11:40:41 +05:30
Shreya Malviya 29788776fa agent: Modify exploitation log messages in powershell exploiter 2021-08-24 11:40:41 +05:30
Shreya Malviya 04125e5e14 agent: Add separate function to set log levels for sensitive packages in powershell exploiter 2021-08-24 11:40:40 +05:30
Shreya Malviya dc4a5fbb85 agent: Use variable 'is_32bit' for function argument 2021-08-24 11:40:40 +05:30
Shreya Malviya ba8c44d22c agent: Fix typos in powershell remoting exploiter 2021-08-24 11:40:40 +05:30