f98a121c51
Merge branch 'develop' into master
2018-07-09 18:53:43 +03:00
35b535f97a
Removed hard coded debug address and replaced with non routable IP
2018-07-08 12:14:45 +03:00
c278b0a29c
Small changes
2018-06-26 18:03:31 +03:00
6a37f2b953
removed debugging code
2018-06-25 19:11:58 +03:00
671452243d
Fixed some bugs and more notes
2018-06-25 18:26:34 +03:00
81712ddbf0
Merge branch 'struts2RCE' of https://github.com/VakarisZ/monkey into struts2RCE
2018-06-22 14:57:04 +03:00
7ce790affa
Some notes fixed
2018-06-22 14:55:52 +03:00
d510476658
Merge branch 'develop' into struts2RCE
2018-06-21 13:23:12 +03:00
f55133e8c1
Merge pull request #142 from guardicore/feature/MSSQL_fingerprint
...
Feature/mssql fingerprint
2018-06-21 11:46:21 +03:00
208411d6fc
Cosmetic changes
2018-06-21 00:10:56 +03:00
ef6c512ea9
Finished up exploitation and added reporting
2018-06-20 22:35:18 +03:00
2d27972e7e
Struts exploitation working, and tested with win-64 and ubuntu
2018-06-20 16:58:20 +03:00
413bdd9254
Not yet functioning and tested, but most functions are done
2018-06-19 18:08:52 +03:00
9a8a6c6e28
Now exploiting both win and linux. Also, added check if monkey is not already present
2018-06-19 18:05:09 +03:00
20d4b3a642
Fix default config values
2018-06-13 16:05:12 +03:00
db6f44109b
* Responding to the PR comments with the logs and usage changes.
2018-06-12 16:29:27 +03:00
d312a3a771
* Changed name from MSSQLFingerprint to MSSQLFinger to match convention.
...
* Added UI support for the new fingerprint in Monkey Island.
* UI supports includes writing up MSSQL as a service under node's
services list.
2018-06-12 13:26:28 +03:00
fe1f6d67e5
Merge branch 'develop' into feature/MSSQL_fingerprint
2018-06-11 20:19:12 +03:00
1272700fe5
* Added an author mark and updated docs
...
* Changed the module to use the VictimHost object as host
* added True\False return statements.
2018-06-09 20:02:18 +03:00
fadafdbd3a
Updated the config files to default include the mssql fingerfrint class: MSSQLFingerprinter, in the monkey's configuration.
2018-06-09 18:23:54 +03:00
d4c1871f87
Implemented the first draft of the mssql fingerprint class
...
Every line of code is documented and straight forward.
2018-06-09 18:23:08 +03:00
8b22a52006
Added the mssql finger class to the main network init file so it will be usable.
2018-06-09 18:16:39 +03:00
293c204ddd
Created the MSSQL_fingerprinter branch,
...
added the fingerprint class WIP.
2018-06-09 17:51:46 +03:00
ecdd2e8762
Merge branch 'develop' into SSH_key_stealing
2018-06-05 16:59:28 +03:00
0503f90168
Notes fixed
2018-06-04 12:07:10 +03:00
c7ed02b98e
Bugfix, run Shellshock attack as dropper rather than monkey
2018-05-31 15:38:54 +03:00
30a3bbf9a0
Exploitation of machines using ssh keys added. Also, added shh keys exploitation to report
2018-05-29 01:02:49 +03:00
f45cebfd5e
Does not store encrypted or already present ssh keys, shows all users from whom SSH private key were stolen under "stolen credentials" in report
2018-05-25 01:34:24 +03:00
4197ab12a3
SSH keys are now encrypted and added to database
2018-05-24 16:59:22 +03:00
ee835d51b0
Remove Monkey testing code, dead code as it is.
2018-05-23 15:22:27 +03:00
e8b388482b
quick fix
2018-05-22 19:06:12 +03:00
a6d2483f7b
Tested with windows and fixed all notes
2018-05-22 18:54:10 +03:00
0411811fe5
from six import string_types, text_type, xrange ( #128 )
...
* from six import string_types, text_type, xrange
2018-05-22 11:13:18 +03:00
60730db45d
Fixed the example configuration file, it had a json syntax error.
2018-05-17 19:28:04 +03:00
cdb4d459bb
SSH key-stealing implemented
2018-05-16 15:19:59 +03:00
023c7cb093
ftp.py: Undefined name local_ip --> self.local_ip
...
__local_ip__ is an __undefined name__ in this context (could raise NameError at runtime) so this PR recommends the use of __self.local_ip__ instead.
flake8 testing of https://github.com/guardicore/monkey on Python 3.6.3
$ __flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics__
```
./infection_monkey/transport/ftp.py:86:29: F821 undefined name 'local_ip'
self.servsock.bind((local_ip,0))
^
```
2018-05-08 12:23:30 +02:00
2bc87794b7
Merge pull request #130 from cclauss/long-was-removed-in-Python3
...
long was removed in Python 3
2018-05-08 13:06:36 +03:00
1af9ffc0d4
Merge pull request #129 from cclauss/new-style-exceptions
...
New style exceptions, has_key(), and types
2018-05-08 13:05:08 +03:00
0bb0cfbd5d
long was removed in Python 3
2018-05-07 16:48:49 +02:00
bc76ea977b
New style exceptions, has_key(), and types
2018-05-07 16:24:11 +02:00
b6e39280be
Spacing in __str__ method of VictimHost
2018-05-05 16:23:58 +03:00
7503a77ff7
update __repr__ method in VictimHost class
...
- __repr__ method should return the standard constructor string (pep8)
2018-05-03 00:50:02 +05:30
3f0569a29e
EG bugfixes
...
- Use dropper instead of monkey
- Run disconnected shell
- Check for dropper log instead of monkey log
2018-04-17 14:34:26 +03:00
558fa749ca
Bugfix in dropper.py, handle gracefully failure in cleanup
2018-04-17 14:20:21 +03:00
cc4ad05be8
Bugfix in dropper.py, return value in all fail paths
2018-04-17 14:16:46 +03:00
ca65be8946
Additional edge case in parsing Azure configuration files
2018-04-17 11:33:14 +03:00
3fe6d2456b
Bugfix when upgrading the monkey without admin permissions.
...
Can happen during development or future exploit flows
2018-04-17 11:27:35 +03:00
c82fd3400a
Merge pull request #104 from guardicore/bugfix/upgrade-windows-32-to-64
...
Bugfix/upgrade windows 32 to 64
2018-04-17 10:26:30 +03:00
3e859d84fb
Rename check for 64-bit to make explict it's a windows only check
2018-04-12 17:57:21 +03:00
7eb2a5c98b
Remove class C limitation when getting local subnet
2018-04-12 14:57:22 +03:00
Daniel Goldberg
Vakaris
Itay Mizeretz
maor.rayzin
cclauss
Rahul Goswami