Mike Salvatore
65c9be90d3
Docs: Add NTLM hash details to PowerShell exploiter docs
2021-09-02 14:29:07 -04:00
Mike Salvatore
71c4e4d8dc
Agent: Fix incorrect host arch identification in PowerShellClient
2021-09-02 14:06:36 -04:00
Mike Salvatore
1a1a130716
Agent: Format NT/LM hashes for use with pypsrp in PowerShellClient
2021-09-02 13:26:24 -04:00
Mike Salvatore
9cc488d36a
Agent: Remove powershell_utils/utils.py
...
Move single function that was previously in
powershell_utils/utils.py to powershell.py
2021-09-02 13:26:24 -04:00
Mike Salvatore
501fc162b4
Agent: Attempt login with LM and NT hashes in PowerShellExploiter
2021-09-02 13:26:23 -04:00
Mike Salvatore
a2e6b0bfbd
Agent: Add LM and NT hashes to PowerShell Credentials
...
Adds two list parameters to get_credentials() that contain LM and NT
hashes respectively. Adds a "secret_type" field to Credentials so that
the user of the Credentials object can distinguish between using cached
credentials (on windows), passwords, and NT or LM hashes.
2021-09-02 12:29:49 -04:00
Mike Salvatore
3a6f725cc4
Agent: Rename Credentials.password to Credentials.secret
...
The PowerShell Credentials dataclass will hold more than just passwords.
It will also hold NT and LM hashes. "secret" is, therefore, a more
accurate name than "password".
2021-09-02 12:02:30 -04:00
Mike Salvatore
0ecbfdea38
Merge pull request #1446 from guardicore/powershell-exploiter-refactor
...
Powershell exploiter refactor
2021-09-02 11:58:01 -04:00
Mike Salvatore
023d6a2d04
Tests: Add more tests for PowerShellExploiter
2021-09-02 11:54:22 -04:00
Mike Salvatore
936074605f
Agent: Ensure temp file is removed by PowerShellExploiter
2021-09-02 11:53:13 -04:00
VakarisZ
be5d354c06
Merge pull request #1447 from guardicore/add-machine-to-powershell-bb
...
Zoo: Add new machine for powershell exploiter
2021-09-02 18:27:17 +03:00
Ilija Lazoroski
18c21513af
Zoo: Add new machine for powershell exploiter
2021-09-02 17:06:22 +02:00
Mike Salvatore
8144a3334e
Tests: Add HTTP vs HTPS unit tests for PowerShellExploiter
2021-09-02 10:05:08 -04:00
Ilija Lazoroski
cd9d5b4c5e
Agent: Change trap command signal to TERM
2021-09-02 07:55:47 -04:00
Mike Salvatore
a5af16e44e
Agent: Extract PowerShellClient from PowerShellExploiter
2021-09-01 19:59:02 -04:00
Mike Salvatore
c9e54412c0
Agent: Use dummy username and password when testing PowerShell HTTP
...
The exploit_user_list and exploit_password_list are not guaranteed to
have at least one entry. If either list is empty the exploiter will
fail. Use constant strings for the username and password to avoid
potentially crashing the exploiter.
2021-09-01 13:55:18 -04:00
Mike Salvatore
61c6bf2567
Agent: Reduce code duplication in _try_http(s)() methods
2021-09-01 13:52:55 -04:00
Mike Salvatore
d30a8b007a
Agent: Add comment explaining user/password == None in PowerShell
2021-09-01 13:48:13 -04:00
Mike Salvatore
e6399de860
Agent: Move get_credentials() to credentials.py
2021-09-01 13:39:46 -04:00
Mike Salvatore
a060313d09
Agent: Move get_auth_options() to auth_options.py
2021-09-01 13:39:46 -04:00
Mike Salvatore
da3475c645
Agent: Move Powershell auth and encryption selection to AuthOptions
2021-09-01 13:39:40 -04:00
Mike Salvatore
892aa83b39
Agent: Separate AuthOptions from Credentials
2021-09-01 13:03:33 -04:00
Mike Salvatore
b3436d660f
Tests: Move PowerShell get_credentials() tests
...
Move the tests for the PowerShell exploiter's get_credentials() function
to test_credential_generators.py, since get_credentials() is now
contained in credential_generators.py
2021-09-01 12:06:58 -04:00
Mike Salvatore
19c1d5c1ae
Agent: Rename credential_generation -> credential_generators
2021-09-01 12:05:08 -04:00
Mike Salvatore
473fe36ba7
Merge pull request #1438 from guardicore/powershell_http
...
Adds the capability to exploit powershell remoting via HTTP
2021-09-01 11:59:41 -04:00
VakarisZ
47393b2d55
Fix powershell credential generation tests to use AuthOptions class
2021-09-01 17:33:27 +03:00
VakarisZ
aedc666e8f
Remove IP address from AuthOptions in powershell
2021-09-01 16:35:27 +03:00
VakarisZ
b82f4e157a
Add logging to powershell exploiter in the case where powershell remoting seems to be disabled
2021-09-01 16:35:27 +03:00
VakarisZ
b2e1b28059
Add the capability to exploit powershell remoting over HTTP and improve the code style
2021-09-01 16:35:27 +03:00
Mike Salvatore
b4e861cdd6
Island: Remove disused set_server_config.py
2021-09-01 08:54:54 -04:00
Shreya Malviya
f6561fb1ab
docs: Modify docs based on changes removing no auth option
2021-09-01 18:14:18 +05:30
Shreya Malviya
ffd421bed6
cc: Remove authentication code related to standard environment
2021-09-01 18:14:12 +05:30
Shreya Malviya
8ef07bdca0
CHANGELOG: Update with insecure access removal
2021-09-01 16:52:48 +05:30
Shreya Malviya
30a8fd96a8
cc: Remove CSS for the 'I want... island' button
2021-09-01 16:51:27 +05:30
Shreya Malviya
94878a0196
tests: Remove/modify tests and test data related to standard environment
2021-09-01 16:49:16 +05:30
Shreya Malviya
739a017e91
island: Remove API endpoints for standard environment
2021-09-01 16:19:32 +05:30
Shreya Malviya
e4d75e25bd
island: Remove standard environment
2021-09-01 16:16:32 +05:30
Shreya Malviya
7fe9d752fa
cc: Remove StandardConfig in frontend
2021-09-01 16:06:36 +05:30
Shreya Malviya
6937a6b81a
cc: Remove setNoAuth() fron RegisterPage.js
2021-09-01 16:04:05 +05:30
Shreya Malviya
3e453e8b2c
cc: Remove 'I want anyone to access the island' button
2021-09-01 16:03:12 +05:30
Shreya Malviya
13b1904cf7
Merge pull request #1427 from guardicore/1246/powershell-documentation
...
Documentation for PowerShell exploiter
2021-09-01 15:11:39 +05:30
Mike Salvatore
c83a0b4668
Docs: Reword PowerShell exploiter documentation
2021-08-31 12:21:08 -04:00
Mike Salvatore
b96a0e74d9
Docs: Fix formatting of PowerShell exploit markdown
2021-08-31 11:36:58 -04:00
Shreya Malviya
24b6c751cb
Merge pull request #1436 from guardicore/1410/ut-autowindowsuser
...
Add unit test for deactivate and delete new auto windows user
2021-08-31 20:23:48 +05:30
Mike Salvatore
e133baea09
Test: Skip test_new_user_delete_windows on Linux
2021-08-31 10:41:38 -04:00
Shreya Malviya
2f5e6b516a
tests: Modify unit tests for AutoNewWindowsUser based on previous commit
...
changes
2021-08-31 19:35:06 +05:30
Shreya Malviya
8d14ff6385
agent: Move windows-only imports to the top of the file in
...
utils/windows/users.py
2021-08-31 19:31:04 +05:30
Mike Salvatore
86fd7351ad
Island: Remove unused loggers
2021-08-31 09:57:32 -04:00
Mike Salvatore
96dee616df
Agent: Remove unused loggers
2021-08-31 09:57:19 -04:00
VakarisZ
d2e5828c3b
Replace "LOG" naming convention with "logger" naming convention.
2021-08-31 09:51:34 -04:00