Commit Graph

6018 Commits

Author SHA1 Message Date
Mike Salvatore e70d1c714b Agent: Remove context manager from _authenticate()
Since the PowerShellExploiter's _authenticate() method returns the
client object, it doesn't make sense for it to be constructed in a
context manager.
2021-08-25 13:30:30 -04:00
Mike Salvatore b871398682 Agent: Add useful logging to powershell exploiter 2021-08-25 13:30:30 -04:00
Shreya Malviya 876cdbeffa island: Check if credential in exploit telemetry is `None` before processing it 2021-08-25 19:31:36 +05:30
Mike Salvatore 1da79f78bf Agent: Use format strings in powershell exploiter log statements 2021-08-24 15:32:51 -04:00
unknown f046e9d7a7 Agent: Add pypsrp to PipFile 2021-08-24 15:11:15 -04:00
Mike Salvatore dd56f3d650 Island: Fix minor formatting error 2021-08-24 13:37:40 -04:00
Mike Salvatore c385177dac Agent: Extract _build_monkey_execution_command() into powershell_utils 2021-08-24 13:14:29 -04:00
Mike Salvatore 58f23f4fc0 Agent: Extract powershell client parameters into powershell_utils 2021-08-24 13:13:37 -04:00
Mike Salvatore 4e7a95316e Agent: Extract _get_credentials() into powershell_utils/utils.py 2021-08-24 12:53:37 -04:00
Mike Salvatore aef8f2e37a Agent: Extract method _build_monkey_execution_command 2021-08-24 12:16:52 -04:00
Mike Salvatore 1928f1b9bc Agent: Remove "credentials" local variable 2021-08-24 12:11:59 -04:00
Mike Salvatore a2bdc69388 Agent: Log and report exploitation attempts from PowerShellExploiter 2021-08-24 12:03:42 -04:00
Mike Salvatore 8209fa55df Agent: Set client parameters if password is "" in PowerShellExploiter 2021-08-24 11:53:48 -04:00
Mike Salvatore fb18c1cbd4 Agent: Only use "None" creds in powershell exploiter if host is Windows 2021-08-24 11:43:17 -04:00
Mike Salvatore 79cc82b159 Agent: Remove duplicated try/except if/else from PowerShellExploiter 2021-08-24 10:35:21 -04:00
Mike Salvatore 66527b1bde Agent: Move Windows architecture constants from web_rce.py -> consts.py 2021-08-24 09:37:05 -04:00
Mike Salvatore f1c247ad93 Agent: Refactored PowerShellExploiter authentication function names 2021-08-24 09:29:02 -04:00
Shreya Malviya e339932fde island: Change 'Powershell' to 'PowerShell' in attack schema for T1210 2021-08-24 13:16:59 +05:30
Shreya Malviya b6c3623e74 agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting') 2021-08-24 13:15:47 +05:30
Shreya Malviya 72e0378335 agent: Fix import path in powershell exploiter 2021-08-24 11:52:12 +05:30
Shreya Malviya ee9fde4005 agent: Refactor powershell remoting exploiter 2021-08-24 11:40:41 +05:30
Shreya Malviya 29788776fa agent: Modify exploitation log messages in powershell exploiter 2021-08-24 11:40:41 +05:30
Shreya Malviya 04125e5e14 agent: Add separate function to set log levels for sensitive packages in powershell exploiter 2021-08-24 11:40:40 +05:30
Shreya Malviya dc4a5fbb85 agent: Use variable 'is_32bit' for function argument 2021-08-24 11:40:40 +05:30
Shreya Malviya ba8c44d22c agent: Fix typos in powershell remoting exploiter 2021-08-24 11:40:40 +05:30
Shreya Malviya 5419200d61 agent: Update exploited service name in powershell remoting exploiter 2021-08-24 11:40:40 +05:30
VakarisZ 2b71fb80c7 Fixed missing powershell exploiter report components. 2021-08-24 11:40:39 +05:30
VakarisZ 9966c54fe2 Added powershell remoting exploiter. 2021-08-24 11:40:39 +05:30
VakarisZ 55a817931d Bugfix for monkey binary removal if dropper fails to do so 2021-08-24 11:40:39 +05:30
Mike Salvatore d203b28a38
Merge pull request #1424 from guardicore/post-breach-pyinstaller-hook
Post breach pyinstaller hook
2021-08-23 13:54:55 -04:00
Mike Salvatore 342b5689f1 Update changelog with fixes for #1405 and #1419 2021-08-23 11:44:29 -04:00
Mike Salvatore 7f71901a29 Agent: Use path relative to __file__ to locate powershell scripts 2021-08-23 11:14:23 -04:00
Mike Salvatore 536b061cc7 Agent: Remove unused TEMP_FILE constant from windows timestomping PBA 2021-08-23 11:14:23 -04:00
Mike Salvatore 1ef884ae4e Agent: Add pyinstaller hook for post_breach package 2021-08-23 11:14:20 -04:00
Mike Salvatore db8ea45197 Agent: Remove traceroute binaries
The traceroute binaries are no longer used. They inflate the size of the
agent binaries and add unnecessary dependencies.
2021-08-20 16:27:36 -04:00
Mike Salvatore 1f519ad1ee Agent: Deduplicate ping command list in PingScanner 2021-08-20 11:05:55 -04:00
Mike Salvatore 1d9372690d Agent: Deduplicate timeout calculation in PingScanner 2021-08-20 11:05:55 -04:00
Mike Salvatore 198fbd66f8 Merge branch 'remove-internet-access-check' into develop
PR #1420
2021-08-20 10:40:24 -04:00
Mike Salvatore 434246f21f Merge branch '1175/fix-break-on-german-system-lang' into develop
PR #1403
2021-08-20 10:37:29 -04:00
Mike Salvatore cf73d11d9e Update changelog for issue #1402 2021-08-20 09:30:56 -04:00
Mike Salvatore 1d9ae4c01a Island: Fix typo "trough" -> "through" 2021-08-20 09:23:23 -04:00
Ilija Lazoroski 9f194f3417 Merge branch '1183/hide-input-component' into develop
PR #1417
2021-08-20 13:59:45 +02:00
Mike Salvatore 0fc9631d75 Update changelog with entry for #1183 2021-08-20 07:47:29 -04:00
Mike Salvatore 54e519eeaa Agent: Gracefully handle character decode errors in ping command 2021-08-19 19:20:42 -04:00
Mike Salvatore 5f9e507dc7 Agent: Add debug logging to get_host_fingerprint() 2021-08-19 19:20:42 -04:00
Mike Salvatore ce27829753 Update CHANGELOG.md with fix for #1175 2021-08-19 19:20:38 -04:00
Mike Salvatore 769dd67b66 Agent: Automatically select correct output encoding for ping command 2021-08-19 19:19:34 -04:00
TRGamer-tech f2148db70b Add cp850 encoding to subprocess 2021-08-19 19:19:34 -04:00
Mike Salvatore 85e26beda8 Tests: Remove internet_services from test config 2021-08-19 14:17:01 -04:00
Mike Salvatore 087c8f2cf8 BB: Remove internet_services from BaseTemplate 2021-08-19 14:16:44 -04:00