Commit Graph

7364 Commits

Author SHA1 Message Date
Ilija Lazoroski 1223e2acf3 Agent: Use exploiter options in WebRCE 2022-02-24 13:20:20 +05:30
Ilija Lazoroski 67083fe336 Agent: Use ITelemetryMessenger to send telemetries in WebRCE 2022-02-24 13:20:20 +05:30
Shreya Malviya 57eca553a7 Agent: Send ExploiterResultData from Hadoop exploiter 2022-02-24 13:20:20 +05:30
Shreya Malviya 90646a6ff9 Agent: Remove code that set host architecture in Hadoop exploiter 2022-02-24 13:20:20 +05:30
Shreya Malviya 79ccabceb1 Agent: Make some functions private in the Hadoop exploiter 2022-02-24 13:20:20 +05:30
Shreya Malviya ad5ce8e7d2 Agent: Remove `blind_exploit` logic from web_rce.py and weblogic.py 2022-02-24 13:20:20 +05:30
Shreya Malviya 0501bb7037 Agent: Remove architecture setting from web_rce.py 2022-02-24 13:20:20 +05:30
Mike Salvatore 5cbcb88dd6 Agent: Add ExploiterWrapper
Issue #1605
PR #1739
2022-02-23 16:37:23 -05:00
Mike Salvatore 2431e2f20b Agent: Fix typo in "exploitation_result" key 2022-02-23 12:00:42 -05:00
VakarisZ 48e8420b4d
Merge pull request #1734 from guardicore/1695-parsing-ssh-keys
1695 ssh keys processing
2022-02-23 17:39:56 +02:00
vakarisz e17d95bf18 Island: small improvements code style in credential parsing code 2022-02-23 17:38:15 +02:00
Mike Salvatore 57e6d0208d
Merge pull request #1735 from guardicore/1733-remove-shellshock-exploit
Remove shellshock exploit
2022-02-23 10:27:22 -05:00
Mike Salvatore 55c3236d8e Changelog: Remove ShellShock exploiter 2022-02-23 10:24:23 -05:00
Mike Salvatore cdd28dda7b Merge branch '1605-resolve-circular-dependency' into agent-refactor
Issue #1605
2022-02-23 09:45:41 -05:00
Mike Salvatore 32d618ac92 Agent: Modify IPuppet interface to take VictimHost instead of object 2022-02-23 09:26:04 -05:00
Mike Salvatore b17c85cd01 Agent: Extract network_scanning package from network package
This resolves some circular dependencies between Tunnel, IPuppet, and
VictimHost.
2022-02-23 09:23:42 -05:00
Mike Salvatore 62f1861193 Agent: Remove disused NetworkScanner 2022-02-23 09:23:36 -05:00
Mike Salvatore 7d0e177e7a
Merge pull request #1727 from guardicore/1605-modify-ssh-exploit
Modify SSH exploit
2022-02-23 09:16:11 -05:00
Mike Salvatore 0f0edc3439 Agent: Log error messages at error level in SSHExploiter 2022-02-23 09:08:28 -05:00
vakarisz 9d23c3dd62 UT: fix test data to contain credential type in capitals 2022-02-23 16:00:31 +02:00
vakarisz 04b217cde5 Island: remove code duplication in credentials_parser.py 2022-02-23 15:52:04 +02:00
vakarisz 9396ac7512 Island, UT: fix ssh key processing, add unit tests 2022-02-23 15:49:56 +02:00
vakarisz ddb227b181 Island: sort telem processing functions alphabetically 2022-02-23 15:49:56 +02:00
vakarisz a1073bdb34 Island: add monkey guid to credentials object 2022-02-23 15:49:56 +02:00
vakarisz 1fe1293405 UT: export credential testing infrastructure to conftest 2022-02-23 15:49:56 +02:00
vakarisz 8dd033c212 Island: refactor credential parser to use Credentials object 2022-02-23 15:49:54 +02:00
vakarisz 3ff9bbe327 UT: add a test for parsing username with special characters 2022-02-23 15:47:14 +02:00
vakarisz 8dedb7eac5 Island: Revert "Island: remove unfinished ssh key processor"
This reverts commit 0cbfc79a92.
2022-02-23 15:47:14 +02:00
Mike Salvatore 8e953359f8 Common: Use Enum.auto() for CredentialComponentType values 2022-02-23 08:44:41 -05:00
Mike Salvatore 7c9c4cf9fb Island: Compare Enums instead of strings in parse_credentials() 2022-02-23 08:44:02 -05:00
Mike Salvatore dc4273f970 Agent: Use Enum for credential_type instead of string (Enum.value) 2022-02-23 08:15:27 -05:00
Shreya Malviya e993998432 Agent: Make ExploiterResultData a dataclass instead of a named tuple
and modify HostExploiter and the SSH exploiter accordingly
2022-02-23 18:28:32 +05:30
Ilija Lazoroski d8e203dd50 Project: Change readme and remove shellshock from vulture 2022-02-23 13:50:12 +01:00
Ilija Lazoroski ddc77e6d6a Zoo: Remove ShellShock Exploiter 2022-02-23 13:50:12 +01:00
Ilija Lazoroski fe3b263398 Docs: Remove ShellShock documentation 2022-02-23 13:50:12 +01:00
Ilija Lazoroski 291755e5c9 UT: Remove ShellShock from tests config 2022-02-23 13:50:05 +01:00
Ilija Lazoroski 60d16ea4d6 Island: Remove ShellShock Exploiter 2022-02-23 13:48:41 +01:00
Ilija Lazoroski 64b900b94d Agent: Remove ShellShock exploiter 2022-02-23 13:48:41 +01:00
Mike Salvatore 1e12a55240 UT: Use time.per_counter_ns() in test_request_cache()
The time.time() function on windows does not provide adequate resolution
for test_request_cache(). For comparison, the time.get_clock_info()
function shows the resolution of the clock.

Linux:
    >>> import time
    >>> time.get_clock_info("time")
    namespace(
        adjustable=True,
        implementation='clock_gettime(CLOCK_REALTIME)',
        monotonic=False,
        resolution=1e-09
    )
    >>> time.get_clock_info("perf_counter")
    namespace(
        adjustable=False,
        implementation='clock_gettime(CLOCK_MONOTONIC)',
        monotonic=True,
        resolution=1e-09
    )

Windows:
    >>> time.get_clock_info("time")
    namespace(
        adjustable=True,
        implementation='GetSystemTimeAsFileTime()',
        monotonic=False,
        resolution=0.015625
    )
    >>> time.get_clock_info("perf_counter")
    namespace(
        adjustable=False,
        implementation='QueryPerformanceCounter()',
        monotonic=True,
        resolution=1e-07
    )

As shown above, the "perf_counter" clock on Windows if over 5 orders of
magnitude more precise than the "time" clock. This lack of precision
caused the test to fail on Windows, as the entire test often ran in less
than 0.015625 seconds.
2022-02-23 07:44:56 -05:00
Shreya Malviya 2a8186928d Agent: Remove unused function `send_exploit_telemetry` in `HostExploiter` 2022-02-23 17:42:00 +05:30
Shreya Malviya 58703f9b5b Agent: Remove code that set `exploit_result`'s fields to the default value in SSH exploiter 2022-02-23 17:38:48 +05:30
VakarisZ 3fee7dec90
Merge pull request #1731 from guardicore/1695-parsing-mimikatz
1695 parsing mimikatz
2022-02-23 13:58:47 +02:00
Shreya Malviya 4ecc5283e5 Agent: Rename function for returning ExploiterResultData 2022-02-23 17:11:53 +05:30
Shreya Malviya 6cdb86aa4b Agent: Add TODO comment for VictimHost type hint to HostExploiter.py 2022-02-23 17:10:53 +05:30
Ilija Lazoroski 03178b6011 Island: Fix attack technique T1210 2022-02-23 10:59:28 +01:00
Ilija Lazoroski a0b5ac2330 Agent: Fix monkey exploitation reporting 2022-02-23 10:59:28 +01:00
Ilija Lazoroski 4dfe0cf7db Agent: Remove monkey import from exploit_telem 2022-02-23 10:59:28 +01:00
Ilija Lazoroski 522d0d388d Agent: Modify SSH exploiter to return ExploiterResultData 2022-02-23 10:59:21 +01:00
Ilija Lazoroski 58b1a04bd7 Agent: Modify exploit_host() to accept object instead of string 2022-02-22 19:30:53 +01:00
Ilija Lazoroski f2b2a9c5c3 Agent: Modify SSH exploit
* Remove credential hashes from logs
* Get rid of config and use brute_force utils
* Use telemetry messenger to send attack telemetries
* Zerologon and Powershell needs to be revised based on UT
2022-02-22 19:24:21 +01:00