forked from p15670423/monkey
Merge pull request #2224 from ybasford/v1.13.0-documentation-updates
Changed punctuation
This commit is contained in:
commit
e9bfbbd08e
|
@ -38,6 +38,6 @@ We always want to improve the core Infection Monkey code to make it smaller, fas
|
||||||
|
|
||||||
### Documentation 📚
|
### Documentation 📚
|
||||||
|
|
||||||
Every project requires excellent documentation. The Infection Monkey is no different. Please feel free to open pull requests with suggestions, improvements or issues and asking us to document various parts of the Monkey.
|
Every project requires excellent documentation. The Infection Monkey is no different. Please feel free to open pull requests with suggestions, improvements or issues and ask us to document various parts of the Monkey.
|
||||||
|
|
||||||
The Infection Monkey's documentation is stored in the `/docs/content` directory.
|
The Infection Monkey's documentation is stored in the `/docs/content` directory.
|
||||||
|
|
|
@ -74,7 +74,7 @@ You'll need to add your Sytem Info Collector to the `monkey_island/cc/services/c
|
||||||
},
|
},
|
||||||
```
|
```
|
||||||
|
|
||||||
##### properties
|
##### Properties
|
||||||
|
|
||||||
Also, you can add the System Info Collector to be used by default by adding it to the `default` key under `properties/monkey/system_info/system_info_collectors_classes`:
|
Also, you can add the System Info Collector to be used by default by adding it to the `default` key under `properties/monkey/system_info/system_info_collectors_classes`:
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ The Infection Monkey has development tutorials that use [`swimm.io`](https://swi
|
||||||
|
|
||||||
First, [sign up for swimm's beta](https://swimm.io/sign-beta). `swimm` is free for open-source projects, but as they're still in beta you'll need to sign up in order to download it.
|
First, [sign up for swimm's beta](https://swimm.io/sign-beta). `swimm` is free for open-source projects, but as they're still in beta you'll need to sign up in order to download it.
|
||||||
|
|
||||||
After you've downloaded and installed `swimm`, open a shell in the Infeciton Monkey repo folder and run:
|
After you've downloaded and installed `swimm`, open a shell in the Infection Monkey repo folder and run:
|
||||||
|
|
||||||
```shell script
|
```shell script
|
||||||
swimm start
|
swimm start
|
||||||
|
|
|
@ -9,6 +9,6 @@ tags = ["reference"]
|
||||||
|
|
||||||
# Reference
|
# Reference
|
||||||
|
|
||||||
Find detailed information about the Infection Monkey.
|
Find detailed information about the Infection Monkey:
|
||||||
|
|
||||||
{{% children %}}
|
{{% children %}}
|
||||||
|
|
|
@ -23,7 +23,7 @@ The location of the data directory is set in the `data_dir` field in the
|
||||||
`server_config.json` file.
|
`server_config.json` file.
|
||||||
|
|
||||||
1. Create a custom `server_config.json` file and set the `data_dir` field. Its
|
1. Create a custom `server_config.json` file and set the `data_dir` field. Its
|
||||||
contents will look like:
|
contents will look like this:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
|
|
|
@ -16,7 +16,7 @@ of Drupal server.
|
||||||
This can lead to arbitrary PHP code execution in some cases.
|
This can lead to arbitrary PHP code execution in some cases.
|
||||||
|
|
||||||
|
|
||||||
### Affected Versions
|
### Affected versions
|
||||||
|
|
||||||
* Drupal 8.5.x (before 8.5.11) and Drupal 8.6.x (before 8.6.10).
|
* Drupal 8.5.x (before 8.5.11) and Drupal 8.6.x (before 8.6.10).
|
||||||
|
|
||||||
|
|
|
@ -7,4 +7,4 @@ tags: ["exploit", "windows"]
|
||||||
|
|
||||||
### Description
|
### Description
|
||||||
|
|
||||||
For this exploit, the Infection Monkey will try to brute force into a MsSQL server and use an insecure configuration to execute commands on the server.
|
For this exploit, the Infection Monkey will try to brute force into an MsSQL server and use an insecure configuration to execute commands on the server.
|
||||||
|
|
|
@ -22,8 +22,7 @@ The PowerShell exploiter can be run from both Linux and Windows attackers. On
|
||||||
Windows attackers, the exploiter has the ability to use the cached username
|
Windows attackers, the exploiter has the ability to use the cached username
|
||||||
and/or password from the current user. On both Linux and Windows attackers, the
|
and/or password from the current user. On both Linux and Windows attackers, the
|
||||||
exploiter uses all combinations of the [user-configured usernames and
|
exploiter uses all combinations of the [user-configured usernames and
|
||||||
passwords]({{< ref "/usage/configuration/basic-credentials" >}}), as well as
|
passwords]({{< ref "/usage/configuration/basic-credentials" >}}), as well as LM or NT hashes that have been collected. Different combinations of
|
||||||
and LM or NT hashes that have been collected. Different combinations of
|
|
||||||
credentials are attempted in the following order:
|
credentials are attempted in the following order:
|
||||||
|
|
||||||
1. **Cached username and password (Windows attacker only)** - The exploiter will
|
1. **Cached username and password (Windows attacker only)** - The exploiter will
|
||||||
|
|
|
@ -21,10 +21,10 @@ is, therefore, **not** enabled by default.
|
||||||
|
|
||||||
During successful exploitation, the Zerologon exploiter:
|
During successful exploitation, the Zerologon exploiter:
|
||||||
|
|
||||||
* will temporarily change the target domain controller's password.
|
* Will temporarily change the target domain controller's password.
|
||||||
* may break the target domain controller's communication with other systems in the network, affecting functionality.
|
* May break the target domain controller's communication with other systems in the network, affecting functionality.
|
||||||
* may change the administrator's password.
|
* May change the administrator's password.
|
||||||
* will *attempt* to revert all changes.
|
* Will *attempt* to revert all changes.
|
||||||
|
|
||||||
While the Zerologon exploiter is usually successful in reverting its changes
|
While the Zerologon exploiter is usually successful in reverting its changes
|
||||||
and restoring the original passwords, it sometimes fails. Restoring passwords
|
and restoring the original passwords, it sometimes fails. Restoring passwords
|
||||||
|
@ -58,17 +58,17 @@ to regain access to the system.
|
||||||
|
|
||||||
#### Use Reset-ComputerMachinePassword
|
#### Use Reset-ComputerMachinePassword
|
||||||
|
|
||||||
If you are able to login as the administrator, you can use the
|
If you are able to log in as the administrator, you can use the
|
||||||
[Reset-ComputerMachinePassword](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/reset-computermachinepassword?view=powershell-5.1)
|
[Reset-ComputerMachinePassword](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/reset-computermachinepassword?view=powershell-5.1)
|
||||||
powershell command to restore the domain controller's password.
|
powershell command to restore the domain controller's password.
|
||||||
|
|
||||||
|
|
||||||
#### Try a zerologon password restoration tool
|
#### Try a Zerologon password restoration tool
|
||||||
If all other approaches fail, you can try the tools and steps found
|
If all other approaches fail, you can try the tools and steps found
|
||||||
[here](https://github.com/risksense/zerologon).
|
[here](https://github.com/risksense/zerologon).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Notes
|
### Note
|
||||||
|
|
||||||
* The Infection Monkey exploiter implementation is based on implementations by [@dirkjanm](https://github.com/dirkjanm/CVE-2020-1472/) and [@risksense](https://github.com/risksense/zerologon).
|
* The Infection Monkey exploiter implementation is based on implementations by [@dirkjanm](https://github.com/dirkjanm/CVE-2020-1472/) and [@risksense](https://github.com/risksense/zerologon).
|
||||||
|
|
|
@ -9,7 +9,7 @@ tags = ["reference", "exploit"]
|
||||||
|
|
||||||
# Exploiters
|
# Exploiters
|
||||||
|
|
||||||
The Infection Monkey uses various remote code execution (RCE) exploiters. To our best knowledge, most of these pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and the vulnerabilities they use.
|
The Infection Monkey uses various remote code execution (RCE) exploiters. To our best knowledge, most of these pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and the vulnerabilities they use:
|
||||||
|
|
||||||
{{% children %}}
|
{{% children %}}
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,6 @@ pre = "<i class='fas fa-scroll'></i> "
|
||||||
|
|
||||||
# Infection Monkey's Reports
|
# Infection Monkey's Reports
|
||||||
|
|
||||||
The Infection Monkey offers three reports:
|
The Infection Monkey offers four reports:
|
||||||
|
|
||||||
{{% children description=true style="p"%}}
|
{{% children description=true style="p"%}}
|
||||||
|
|
|
@ -18,7 +18,7 @@ Watch the overview video:
|
||||||
|
|
||||||
## How to use the report
|
## How to use the report
|
||||||
|
|
||||||
The MITRE ATT&CK report is centred around the ATT&CK matrix:
|
The MITRE ATT&CK report is centered around the ATT&CK matrix:
|
||||||
|
|
||||||
![MITRE Report](/images/usage/reports/mitre-report-0.png "MITRE Report")
|
![MITRE Report](/images/usage/reports/mitre-report-0.png "MITRE Report")
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,7 @@ This diagram provides you with a quick glance at how your organization scores on
|
||||||
|
|
||||||
![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary")
|
![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary")
|
||||||
|
|
||||||
## Test Results
|
## Test results
|
||||||
|
|
||||||
This section shows how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust pillar, so you can quickly navigate to the category you want to prioritize.
|
This section shows how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust pillar, so you can quickly navigate to the category you want to prioritize.
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ In order for the Infection Monkey to successfully view your instances, you'll ne
|
||||||
|
|
||||||
#### Creating a custom IAM role
|
#### Creating a custom IAM role
|
||||||
|
|
||||||
Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should like something like this:
|
Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should look something like this:
|
||||||
|
|
||||||
![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
|
![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
|
||||||
|
|
||||||
|
@ -68,7 +68,7 @@ After you click on **Run on AWS machine of your choice** you can choose one of t
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
|
|
||||||
- The machines which can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in the AWS IAM documentation.
|
- The machines that can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in the AWS IAM documentation.
|
||||||
- You can view the Infection Monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
|
- You can view the Infection Monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
|
||||||
|
|
||||||
### Appendix A: Specific policy permissions required
|
### Appendix A: Specific policy permissions required
|
||||||
|
|
|
@ -28,7 +28,7 @@ You can use the Infection Monkey's cross-segment traffic feature to verify that
|
||||||
Execute The Infection Monkey on machines in different subnetworks using the “Manual” run option.
|
Execute The Infection Monkey on machines in different subnetworks using the “Manual” run option.
|
||||||
|
|
||||||
Note that if the Infection Monkey can't communicate to the Monkey Island, it will
|
Note that if the Infection Monkey can't communicate to the Monkey Island, it will
|
||||||
not be able to send scan results, so make sure all machines can reach the the Monkey Island.
|
not be able to send scan results, so make sure all machines can reach the Monkey Island.
|
||||||
|
|
||||||
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
|
![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ weight: 100
|
||||||
## Overview
|
## Overview
|
||||||
This page provides additional information about configuring the Infection Monkey, tips and tricks and creative usage scenarios.
|
This page provides additional information about configuring the Infection Monkey, tips and tricks and creative usage scenarios.
|
||||||
|
|
||||||
## Custom behaviour
|
## Custom behavior
|
||||||
|
|
||||||
If you want the Infection Monkey to run a specific script or tool after it breaches a machine, you can configure it in
|
If you want the Infection Monkey to run a specific script or tool after it breaches a machine, you can configure it in
|
||||||
**Configuration -> Monkey -> Post-breach**. Input commands you want to execute in the corresponding fields.
|
**Configuration -> Monkey -> Post-breach**. Input commands you want to execute in the corresponding fields.
|
||||||
|
|
Loading…
Reference in New Issue