Shreya Malviya
7d76d94959
Zoo: Remove Elastic machines from terraform scripts and docs
2022-02-24 15:16:19 +05:30
Shreya Malviya
6c7e630465
BB: Remove ElasticGroovyExploiter references
2022-02-24 15:14:32 +05:30
Shreya Malviya
a599edec15
Project: Remove ELASTIC exploiter descriptor enum from Vulture's allowlist
2022-02-24 15:12:00 +05:30
Shreya Malviya
35d39b46c7
UT: Remove ElasticGroovyExploiter references
2022-02-24 15:10:31 +05:30
Shreya Malviya
3ff7daa2d5
UI: Remove ElasticGroovyExploiter reporting
2022-02-24 15:03:57 +05:30
Shreya Malviya
b6438edb82
Agent: Remove ElasticGroovyExploiter
2022-02-24 15:01:16 +05:30
Shreya Malviya
b1fbf64730
Docs: Remove ElasticSearch exploiter documentation
2022-02-24 15:00:52 +05:30
Shreya Malviya
31e6c09673
Project: Replace ElasticSearch with Zerologon in README.md
2022-02-24 14:49:53 +05:30
Mike Salvatore
5cbcb88dd6
Agent: Add ExploiterWrapper
...
Issue #1605
PR #1739
2022-02-23 16:37:23 -05:00
Mike Salvatore
2431e2f20b
Agent: Fix typo in "exploitation_result" key
2022-02-23 12:00:42 -05:00
VakarisZ
48e8420b4d
Merge pull request #1734 from guardicore/1695-parsing-ssh-keys
...
1695 ssh keys processing
2022-02-23 17:39:56 +02:00
vakarisz
e17d95bf18
Island: small improvements code style in credential parsing code
2022-02-23 17:38:15 +02:00
Mike Salvatore
57e6d0208d
Merge pull request #1735 from guardicore/1733-remove-shellshock-exploit
...
Remove shellshock exploit
2022-02-23 10:27:22 -05:00
Mike Salvatore
55c3236d8e
Changelog: Remove ShellShock exploiter
2022-02-23 10:24:23 -05:00
Mike Salvatore
cdd28dda7b
Merge branch '1605-resolve-circular-dependency' into agent-refactor
...
Issue #1605
2022-02-23 09:45:41 -05:00
Mike Salvatore
32d618ac92
Agent: Modify IPuppet interface to take VictimHost instead of object
2022-02-23 09:26:04 -05:00
Mike Salvatore
b17c85cd01
Agent: Extract network_scanning package from network package
...
This resolves some circular dependencies between Tunnel, IPuppet, and
VictimHost.
2022-02-23 09:23:42 -05:00
Mike Salvatore
62f1861193
Agent: Remove disused NetworkScanner
2022-02-23 09:23:36 -05:00
Mike Salvatore
7d0e177e7a
Merge pull request #1727 from guardicore/1605-modify-ssh-exploit
...
Modify SSH exploit
2022-02-23 09:16:11 -05:00
Mike Salvatore
0f0edc3439
Agent: Log error messages at error level in SSHExploiter
2022-02-23 09:08:28 -05:00
vakarisz
9d23c3dd62
UT: fix test data to contain credential type in capitals
2022-02-23 16:00:31 +02:00
vakarisz
04b217cde5
Island: remove code duplication in credentials_parser.py
2022-02-23 15:52:04 +02:00
vakarisz
9396ac7512
Island, UT: fix ssh key processing, add unit tests
2022-02-23 15:49:56 +02:00
vakarisz
ddb227b181
Island: sort telem processing functions alphabetically
2022-02-23 15:49:56 +02:00
vakarisz
a1073bdb34
Island: add monkey guid to credentials object
2022-02-23 15:49:56 +02:00
vakarisz
1fe1293405
UT: export credential testing infrastructure to conftest
2022-02-23 15:49:56 +02:00
vakarisz
8dd033c212
Island: refactor credential parser to use Credentials object
2022-02-23 15:49:54 +02:00
vakarisz
3ff9bbe327
UT: add a test for parsing username with special characters
2022-02-23 15:47:14 +02:00
vakarisz
8dedb7eac5
Island: Revert "Island: remove unfinished ssh key processor"
...
This reverts commit 0cbfc79a92
.
2022-02-23 15:47:14 +02:00
Mike Salvatore
8e953359f8
Common: Use Enum.auto() for CredentialComponentType values
2022-02-23 08:44:41 -05:00
Mike Salvatore
7c9c4cf9fb
Island: Compare Enums instead of strings in parse_credentials()
2022-02-23 08:44:02 -05:00
Mike Salvatore
dc4273f970
Agent: Use Enum for credential_type instead of string (Enum.value)
2022-02-23 08:15:27 -05:00
Shreya Malviya
e993998432
Agent: Make ExploiterResultData a dataclass instead of a named tuple
...
and modify HostExploiter and the SSH exploiter accordingly
2022-02-23 18:28:32 +05:30
Ilija Lazoroski
d8e203dd50
Project: Change readme and remove shellshock from vulture
2022-02-23 13:50:12 +01:00
Ilija Lazoroski
ddc77e6d6a
Zoo: Remove ShellShock Exploiter
2022-02-23 13:50:12 +01:00
Ilija Lazoroski
fe3b263398
Docs: Remove ShellShock documentation
2022-02-23 13:50:12 +01:00
Ilija Lazoroski
291755e5c9
UT: Remove ShellShock from tests config
2022-02-23 13:50:05 +01:00
Ilija Lazoroski
60d16ea4d6
Island: Remove ShellShock Exploiter
2022-02-23 13:48:41 +01:00
Ilija Lazoroski
64b900b94d
Agent: Remove ShellShock exploiter
2022-02-23 13:48:41 +01:00
Mike Salvatore
1e12a55240
UT: Use time.per_counter_ns() in test_request_cache()
...
The time.time() function on windows does not provide adequate resolution
for test_request_cache(). For comparison, the time.get_clock_info()
function shows the resolution of the clock.
Linux:
>>> import time
>>> time.get_clock_info("time")
namespace(
adjustable=True,
implementation='clock_gettime(CLOCK_REALTIME)',
monotonic=False,
resolution=1e-09
)
>>> time.get_clock_info("perf_counter")
namespace(
adjustable=False,
implementation='clock_gettime(CLOCK_MONOTONIC)',
monotonic=True,
resolution=1e-09
)
Windows:
>>> time.get_clock_info("time")
namespace(
adjustable=True,
implementation='GetSystemTimeAsFileTime()',
monotonic=False,
resolution=0.015625
)
>>> time.get_clock_info("perf_counter")
namespace(
adjustable=False,
implementation='QueryPerformanceCounter()',
monotonic=True,
resolution=1e-07
)
As shown above, the "perf_counter" clock on Windows if over 5 orders of
magnitude more precise than the "time" clock. This lack of precision
caused the test to fail on Windows, as the entire test often ran in less
than 0.015625 seconds.
2022-02-23 07:44:56 -05:00
Shreya Malviya
2a8186928d
Agent: Remove unused function `send_exploit_telemetry` in `HostExploiter`
2022-02-23 17:42:00 +05:30
Shreya Malviya
58703f9b5b
Agent: Remove code that set `exploit_result`'s fields to the default value in SSH exploiter
2022-02-23 17:38:48 +05:30
VakarisZ
3fee7dec90
Merge pull request #1731 from guardicore/1695-parsing-mimikatz
...
1695 parsing mimikatz
2022-02-23 13:58:47 +02:00
Shreya Malviya
4ecc5283e5
Agent: Rename function for returning ExploiterResultData
2022-02-23 17:11:53 +05:30
Shreya Malviya
6cdb86aa4b
Agent: Add TODO comment for VictimHost type hint to HostExploiter.py
2022-02-23 17:10:53 +05:30
Ilija Lazoroski
03178b6011
Island: Fix attack technique T1210
2022-02-23 10:59:28 +01:00
Ilija Lazoroski
a0b5ac2330
Agent: Fix monkey exploitation reporting
2022-02-23 10:59:28 +01:00
Ilija Lazoroski
4dfe0cf7db
Agent: Remove monkey import from exploit_telem
2022-02-23 10:59:28 +01:00
Ilija Lazoroski
522d0d388d
Agent: Modify SSH exploiter to return ExploiterResultData
2022-02-23 10:59:21 +01:00
Ilija Lazoroski
58b1a04bd7
Agent: Modify exploit_host() to accept object instead of string
2022-02-22 19:30:53 +01:00