From cbd803acae6b01f916dd9be5adfae7ad6575aeea Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 13 Aug 2021 08:38:05 -0400 Subject: [PATCH 01/17] Update release 1.11.0 date in changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 019768075..d9888aa47 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [1.11.0] - 2021-08-XX +## [1.11.0] - 2021-08-13 ### Added - A runtime-configurable option to specify a data directory where runtime configuration and other artifacts can be stored. #994 From 9dbe0016e10b231f7bb2f1f478b66ac526747372 Mon Sep 17 00:00:00 2001 From: ybasford Date: Sun, 28 Aug 2022 13:09:05 +0300 Subject: [PATCH 02/17] Docs: Deleted extra word --- .../usage/scenarios/custom-scenario/network-segmentation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/usage/scenarios/custom-scenario/network-segmentation.md b/docs/content/usage/scenarios/custom-scenario/network-segmentation.md index 87fe24f24..e3c74d02f 100644 --- a/docs/content/usage/scenarios/custom-scenario/network-segmentation.md +++ b/docs/content/usage/scenarios/custom-scenario/network-segmentation.md @@ -28,7 +28,7 @@ You can use the Infection Monkey's cross-segment traffic feature to verify that Execute The Infection Monkey on machines in different subnetworks using the “Manual” run option. Note that if the Infection Monkey can't communicate to the Monkey Island, it will - not be able to send scan results, so make sure all machines can reach the the Monkey Island. + not be able to send scan results, so make sure all machines can reach the Monkey Island. ![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing") From 4ca7fdeae93e657c1aede8472c0b0d22db1b0885 Mon Sep 17 00:00:00 2001 From: ybasford Date: Sun, 28 Aug 2022 14:38:41 +0300 Subject: [PATCH 03/17] Docs: Changed to US spelling --- docs/content/usage/scenarios/custom-scenario/other.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/usage/scenarios/custom-scenario/other.md b/docs/content/usage/scenarios/custom-scenario/other.md index 456b0486c..dc35cf5c8 100644 --- a/docs/content/usage/scenarios/custom-scenario/other.md +++ b/docs/content/usage/scenarios/custom-scenario/other.md @@ -9,7 +9,7 @@ weight: 100 ## Overview This page provides additional information about configuring the Infection Monkey, tips and tricks and creative usage scenarios. -## Custom behaviour +## Custom behavior If you want the Infection Monkey to run a specific script or tool after it breaches a machine, you can configure it in **Configuration -> Monkey -> Post-breach**. Input commands you want to execute in the corresponding fields. From 8794d2a3c156914c5a3ac36fb6278d77284a499e Mon Sep 17 00:00:00 2001 From: ybasford Date: Sun, 28 Aug 2022 15:21:38 +0300 Subject: [PATCH 04/17] Docs: Update aws-run-on-ec2-machine.md Changed wording --- docs/content/usage/integrations/aws-run-on-ec2-machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/content/usage/integrations/aws-run-on-ec2-machine.md b/docs/content/usage/integrations/aws-run-on-ec2-machine.md index 7c000ade1..2e204285d 100644 --- a/docs/content/usage/integrations/aws-run-on-ec2-machine.md +++ b/docs/content/usage/integrations/aws-run-on-ec2-machine.md @@ -28,7 +28,7 @@ In order for the Infection Monkey to successfully view your instances, you'll ne #### Creating a custom IAM role -Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should like something like this: +Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should look something like this: ![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role") @@ -68,12 +68,12 @@ After you click on **Run on AWS machine of your choice** you can choose one of t ## Notes -- The machines which can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in the AWS IAM documentation. +- The machines that can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in the AWS IAM documentation. - You can view the Infection Monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D). ### Appendix A: Specific policy permissions required -The IAM role will need to have, at minimum, the following specific permissions: +The IAM role will need to have, at minimum, the following specific permissions: #### For executing the Monkey on other machines - SSM From 6bcd5816eed2f5976662120a9532a820e06552ef Mon Sep 17 00:00:00 2001 From: ybasford Date: Sun, 28 Aug 2022 19:16:13 +0300 Subject: [PATCH 05/17] Docs: Corrected grammar --- docs/content/development/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/development/_index.md b/docs/content/development/_index.md index 37a5978e7..ab6d6f43f 100644 --- a/docs/content/development/_index.md +++ b/docs/content/development/_index.md @@ -38,6 +38,6 @@ We always want to improve the core Infection Monkey code to make it smaller, fas ### Documentation 📚 -Every project requires excellent documentation. The Infection Monkey is no different. Please feel free to open pull requests with suggestions, improvements or issues and asking us to document various parts of the Monkey. +Every project requires excellent documentation. The Infection Monkey is no different. Please feel free to open pull requests with suggestions, improvements or issues and ask us to document various parts of the Monkey. The Infection Monkey's documentation is stored in the `/docs/content` directory. From 4e5e80022278ae9c1c68d94227b90d276079f0db Mon Sep 17 00:00:00 2001 From: ybasford Date: Sun, 28 Aug 2022 19:23:31 +0300 Subject: [PATCH 06/17] Docs: Corrected typo --- docs/content/development/swimm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/development/swimm.md b/docs/content/development/swimm.md index 9dd1be6c1..dc8d66ee7 100644 --- a/docs/content/development/swimm.md +++ b/docs/content/development/swimm.md @@ -14,11 +14,11 @@ The Infection Monkey has development tutorials that use [`swimm.io`](https://swi First, [sign up for swimm's beta](https://swimm.io/sign-beta). `swimm` is free for open-source projects, but as they're still in beta you'll need to sign up in order to download it. -After you've downloaded and installed `swimm`, open a shell in the Infeciton Monkey repo folder and run: +After you've downloaded and installed `swimm`, open a shell in the Infection Monkey repo folder and run: ```shell script swimm start -``` +``` A local web server with the currently available tutorials should show up, and will look something like this: From 43c8778c7ce9122253720b8885a96865327b5946 Mon Sep 17 00:00:00 2001 From: ybasford Date: Sun, 28 Aug 2022 19:37:24 +0300 Subject: [PATCH 07/17] Docs: Capitalized heading --- docs/content/development/adding-system-info-collectors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/development/adding-system-info-collectors.md b/docs/content/development/adding-system-info-collectors.md index 71cea6000..5f0b89850 100644 --- a/docs/content/development/adding-system-info-collectors.md +++ b/docs/content/development/adding-system-info-collectors.md @@ -74,7 +74,7 @@ You'll need to add your Sytem Info Collector to the `monkey_island/cc/services/c }, ``` -##### properties +##### Properties Also, you can add the System Info Collector to be used by default by adding it to the `default` key under `properties/monkey/system_info/system_info_collectors_classes`: From bc66b6defa6492d011cb1c950dcd53cf72839f2b Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 09:20:18 +0300 Subject: [PATCH 08/17] Docs: Changed punctuation --- docs/content/reference/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/reference/_index.md b/docs/content/reference/_index.md index 356d85312..5fd95eac9 100644 --- a/docs/content/reference/_index.md +++ b/docs/content/reference/_index.md @@ -4,11 +4,11 @@ date = 2020-05-26T20:55:04+03:00 weight = 30 chapter = true pre = ' ' -tags = ["reference"] +tags = ["reference"] +++ # Reference -Find detailed information about the Infection Monkey. +Find detailed information about the Infection Monkey: {{% children %}} From aae513ce00633e148a790c3bd05b083fd741b11e Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 09:25:42 +0300 Subject: [PATCH 09/17] Docs: Added a word --- docs/content/reference/data_directory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/reference/data_directory.md b/docs/content/reference/data_directory.md index 2ab7ca78e..740d52446 100644 --- a/docs/content/reference/data_directory.md +++ b/docs/content/reference/data_directory.md @@ -23,7 +23,7 @@ The location of the data directory is set in the `data_dir` field in the `server_config.json` file. 1. Create a custom `server_config.json` file and set the `data_dir` field. Its - contents will look like: + contents will look like this: ```json { From c98a55bcd48623424132039f59c5497459556e05 Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 09:43:51 +0300 Subject: [PATCH 10/17] Docs: Changed punctuation Used a colon because it precedes a list --- docs/content/reference/exploiters/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/reference/exploiters/_index.md b/docs/content/reference/exploiters/_index.md index 618fea0d0..087673b34 100644 --- a/docs/content/reference/exploiters/_index.md +++ b/docs/content/reference/exploiters/_index.md @@ -9,7 +9,7 @@ tags = ["reference", "exploit"] # Exploiters -The Infection Monkey uses various remote code execution (RCE) exploiters. To our best knowledge, most of these pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and the vulnerabilities they use. +The Infection Monkey uses various remote code execution (RCE) exploiters. To our best knowledge, most of these pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and the vulnerabilities they use: {{% children %}} From 99cd35aae5a82c3b0b370ac6a755447e7910ab5e Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 12:17:33 +0300 Subject: [PATCH 11/17] Docs: Removed redundant word --- docs/content/reference/exploiters/PowerShell.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/content/reference/exploiters/PowerShell.md b/docs/content/reference/exploiters/PowerShell.md index c80943154..8924fe44e 100644 --- a/docs/content/reference/exploiters/PowerShell.md +++ b/docs/content/reference/exploiters/PowerShell.md @@ -22,8 +22,7 @@ The PowerShell exploiter can be run from both Linux and Windows attackers. On Windows attackers, the exploiter has the ability to use the cached username and/or password from the current user. On both Linux and Windows attackers, the exploiter uses all combinations of the [user-configured usernames and -passwords]({{< ref "/usage/configuration/basic-credentials" >}}), as well as -and LM or NT hashes that have been collected. Different combinations of +passwords]({{< ref "/usage/configuration/basic-credentials" >}}), as well as LM or NT hashes that have been collected. Different combinations of credentials are attempted in the following order: 1. **Cached username and password (Windows attacker only)** - The exploiter will From 5bc2b1ba5a5263dd4f23369155f6757977b1f907 Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 12:22:40 +0300 Subject: [PATCH 12/17] Docs: Turned into singular because there is only one note --- docs/content/reference/exploiters/Zerologon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/reference/exploiters/Zerologon.md b/docs/content/reference/exploiters/Zerologon.md index 90ece682b..499a050bf 100644 --- a/docs/content/reference/exploiters/Zerologon.md +++ b/docs/content/reference/exploiters/Zerologon.md @@ -69,6 +69,6 @@ If all other approaches fail, you can try the tools and steps found -### Notes +### Note * The Infection Monkey exploiter implementation is based on implementations by [@dirkjanm](https://github.com/dirkjanm/CVE-2020-1472/) and [@risksense](https://github.com/risksense/zerologon). From 159eb2b45b083326cedb9899ebd65d4db0617846 Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 12:27:14 +0300 Subject: [PATCH 13/17] Docs: Capital letters and changed a word --- docs/content/reference/exploiters/Zerologon.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/content/reference/exploiters/Zerologon.md b/docs/content/reference/exploiters/Zerologon.md index 499a050bf..78a88fdb5 100644 --- a/docs/content/reference/exploiters/Zerologon.md +++ b/docs/content/reference/exploiters/Zerologon.md @@ -21,10 +21,10 @@ is, therefore, **not** enabled by default. During successful exploitation, the Zerologon exploiter: -* will temporarily change the target domain controller's password. -* may break the target domain controller's communication with other systems in the network, affecting functionality. -* may change the administrator's password. -* will *attempt* to revert all changes. +* Will temporarily change the target domain controller's password. +* May break the target domain controller's communication with other systems in the network, affecting functionality. +* May change the administrator's password. +* Will *attempt* to revert all changes. While the Zerologon exploiter is usually successful in reverting its changes and restoring the original passwords, it sometimes fails. Restoring passwords @@ -58,12 +58,12 @@ to regain access to the system. #### Use Reset-ComputerMachinePassword -If you are able to login as the administrator, you can use the +If you are able to log in as the administrator, you can use the [Reset-ComputerMachinePassword](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/reset-computermachinepassword?view=powershell-5.1) powershell command to restore the domain controller's password. -#### Try a zerologon password restoration tool +#### Try a Zerologon password restoration tool If all other approaches fail, you can try the tools and steps found [here](https://github.com/risksense/zerologon). From 2783db69b93dff7b7b6d6e6ecd1cc388b462d15e Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 12:29:25 +0300 Subject: [PATCH 14/17] Docs: No need for capitalization --- docs/content/reference/exploiters/Drupal.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/content/reference/exploiters/Drupal.md b/docs/content/reference/exploiters/Drupal.md index 5763b0ca8..ef41c1be0 100644 --- a/docs/content/reference/exploiters/Drupal.md +++ b/docs/content/reference/exploiters/Drupal.md @@ -5,31 +5,31 @@ draft: false tags: ["exploit", "linux", "windows"] --- -The Drupal exploiter exploits [CVE-2019-6340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340) +The Drupal exploiter exploits [CVE-2019-6340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340) on a vulnerable Drupal server. ### Description Some field types do not properly sanitize data from non-form sources in certain versions -of Drupal server. +of Drupal server. This can lead to arbitrary PHP code execution in some cases. -### Affected Versions +### Affected versions * Drupal 8.5.x (before 8.5.11) and Drupal 8.6.x (before 8.6.10). One of the following conditions must hold: -* The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH +* The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests; OR -* The site has another web services module enabled, like JSON:API in +* The site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. ### Notes -* The Infection Monkey exploiter implementation is based on an open-source -[Python implementation](https://gist.github.com/leonjza/d0ab053be9b06fa020b66f00358e3d88/f9f6a5bb6605745e292bee3a4079f261d891738a) +* The Infection Monkey exploiter implementation is based on an open-source +[Python implementation](https://gist.github.com/leonjza/d0ab053be9b06fa020b66f00358e3d88/f9f6a5bb6605745e292bee3a4079f261d891738a) of the exploit by @leonjza. -* For the full attack to work, more than one vulnerable URL is required. +* For the full attack to work, more than one vulnerable URL is required. From d9eb867a2d33cd5fefa49331e0ed52efb85b6803 Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 12:42:47 +0300 Subject: [PATCH 15/17] Docs: Corrected grammatical error --- docs/content/reference/exploiters/MsSQL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/reference/exploiters/MsSQL.md b/docs/content/reference/exploiters/MsSQL.md index 58926addd..6e9cd4a6b 100644 --- a/docs/content/reference/exploiters/MsSQL.md +++ b/docs/content/reference/exploiters/MsSQL.md @@ -7,4 +7,4 @@ tags: ["exploit", "windows"] ### Description -For this exploit, the Infection Monkey will try to brute force into a MsSQL server and use an insecure configuration to execute commands on the server. +For this exploit, the Infection Monkey will try to brute force into an MsSQL server and use an insecure configuration to execute commands on the server. From 4d723b07fa296618904c704d43816a5e72c4abca Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 12:47:48 +0300 Subject: [PATCH 16/17] Docs: Corrected the number of reports --- docs/content/reports/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/reports/_index.md b/docs/content/reports/_index.md index 50af928b9..eae9b7de6 100644 --- a/docs/content/reports/_index.md +++ b/docs/content/reports/_index.md @@ -8,6 +8,6 @@ pre = " " # Infection Monkey's Reports -The Infection Monkey offers three reports: +The Infection Monkey offers four reports: {{% children description=true style="p"%}} From 7dd4fe820d0b5b755be94043a58dfa99581bc40f Mon Sep 17 00:00:00 2001 From: ybasford Date: Mon, 29 Aug 2022 14:54:35 +0300 Subject: [PATCH 17/17] Docs: Fixed spelling --- docs/content/reports/mitre.md | 2 +- docs/content/reports/zero-trust.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/reports/mitre.md b/docs/content/reports/mitre.md index ac03f1284..28ec7fa4e 100644 --- a/docs/content/reports/mitre.md +++ b/docs/content/reports/mitre.md @@ -18,7 +18,7 @@ Watch the overview video: ## How to use the report -The MITRE ATT&CK report is centred around the ATT&CK matrix: +The MITRE ATT&CK report is centered around the ATT&CK matrix: ![MITRE Report](/images/usage/reports/mitre-report-0.png "MITRE Report") diff --git a/docs/content/reports/zero-trust.md b/docs/content/reports/zero-trust.md index 921025b5b..a1ad77f71 100644 --- a/docs/content/reports/zero-trust.md +++ b/docs/content/reports/zero-trust.md @@ -27,7 +27,7 @@ This diagram provides you with a quick glance at how your organization scores on ![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary") -## Test Results +## Test results This section shows how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust pillar, so you can quickly navigate to the category you want to prioritize.