Commit Graph

6286 Commits

Author SHA1 Message Date
Shreya Malviya 38011f20b5 island: Remove unnecessary type conversion in log statement 2021-09-14 16:05:19 +05:30
Shreya Malviya 686f65e4f4 tests: Move monkeypatch statements to fixtures in test_version_update.py 2021-09-14 16:04:06 +05:30
Shreya Malviya 90c6392e16 island, tests: Handle exceptions when getting deployment type from file and add related tests 2021-09-14 15:47:50 +05:30
Shreya Malviya 9fd6ea9598 island, tests: Modify function to get deployment type with file path as input and modify related tests 2021-09-14 14:02:24 +05:30
Ilija Lazoroski c1fc56d4ce Island: Change monkey code to use deployment.json
Add UTs for get_deployment. Fix Enviroment UTs.
2021-09-13 18:47:28 +02:00
VakarisZ 4759fe1581
Merge pull request #1458 from guardicore/1450/av_explanation_missing_binary
UI: Add AV explanation if binaries are missing
2021-09-13 09:24:34 +03:00
Mike Salvatore 8d2b704bd9 Docs: Fix broken link in FAQ 2021-09-11 13:15:55 -04:00
VakarisZ 45429f6b29
Merge pull request #1457 from guardicore/1126/ut_for_pba_file_upload
UT: Add unit tests for pba_upload
2021-09-10 17:03:54 +03:00
Ilija Lazoroski 92b829ede2 UI: Add AV explanation if binaries are missing 2021-09-10 15:39:28 +02:00
Ilija Lazoroski c348a01b16 UT: Improve readability on pba_file_upload 2021-09-10 14:48:39 +02:00
Shreya Malviya 78ab3f176c tests: Remove deployment field from unit tests' server configs 2021-09-10 17:41:43 +05:30
Ilija Lazoroski 2fd38061b2 UT: Add unit tests for pba_upload 2021-09-10 14:10:31 +02:00
Shreya Malviya 2b4beb2200 island: Don't set deployment type from server config in env config 2021-09-10 17:36:57 +05:30
Shreya Malviya a62328dcf6 island: Get deployment type from file in env config 2021-09-10 17:31:33 +05:30
Shreya Malviya 2af3878e81 common: Pick up version details from deployment.json in common/version.py 2021-09-10 16:36:26 +05:30
Shreya Malviya 2b9b755177 island: Extract deployment type and version number into deployment.json 2021-09-10 16:29:31 +05:30
Shreya Malviya c46c02507f build_scripts: Extract deployment field from server configs to separate files for appimage and docker 2021-09-10 15:21:34 +05:30
VakarisZ dec2fc43c2
Merge pull request #1449 from guardicore/powershell-exploiter-ntlm-hashes
Use LM and NT hashes in powershell exploiter
2021-09-09 11:56:02 +03:00
Ilija Lazoroski 1ba10d7059 UT: Fix powershell copy_file tests 2021-09-09 10:35:24 +02:00
VakarisZ cc1c049ee9 Refactor test_login_attemps_correctly_reported in test_powershell.py to address the changes in the flow of powershell and powershell client 2021-09-09 11:34:38 +03:00
VakarisZ e44e8f503e Refactor powershell client to not perform actions on init and clean up powershell exploiter a bit 2021-09-07 12:18:34 +03:00
Shreya Malviya eefd7a69e8
Merge pull request #1453 from guardicore/bugfix-expanded-report-reset
Don't collapse PBA table in security report on data change
2021-09-07 13:09:00 +05:30
Shreya Malviya f917258979 CHANGELOG: Add entry for bugfix (table collapse on reset) 2021-09-06 18:33:23 +05:30
Shreya Malviya 114758978b cc: Set `collapseOnDataChange` to false in PBA table in security report 2021-09-06 18:31:35 +05:30
Ilija Lazoroski d27194c568 Zoo: Fix powershell bb config for ntlm hash 2021-09-06 13:50:24 +02:00
Shreya Malviya 6740812f4b
Merge pull request #1439 from guardicore/remove-standard-environment
Remove standard environment (insecure access feature)
2021-09-06 13:18:27 +05:30
VakarisZ 57908b94eb
Merge pull request #1452 from guardicore/1418/bb-to-use-credentials
Zoo: Change island to use credentials
2021-09-06 10:28:39 +03:00
Ilija Lazoroski 1e5d49024d Zoo: Change island to use credentials 2021-09-06 09:17:15 +02:00
VakarisZ 17bc9e3f75
Merge pull request #1451 from guardicore/logo_overlap_bugfix
Fix the Guardicore logo overlap
2021-09-03 15:33:08 +03:00
VakarisZ f2739f426c Add a CHANGELOG.md entry about the fixed Guardicore logo overlapping 2021-09-03 15:30:50 +03:00
VakarisZ 4dbd7b41f5 Fix the Guardicore logo which is overlaping the landing page buttons on smaller screens 2021-09-03 15:27:04 +03:00
Mike Salvatore 65c9be90d3 Docs: Add NTLM hash details to PowerShell exploiter docs 2021-09-02 14:29:07 -04:00
Mike Salvatore 71c4e4d8dc Agent: Fix incorrect host arch identification in PowerShellClient 2021-09-02 14:06:36 -04:00
Mike Salvatore 1a1a130716 Agent: Format NT/LM hashes for use with pypsrp in PowerShellClient 2021-09-02 13:26:24 -04:00
Mike Salvatore 9cc488d36a Agent: Remove powershell_utils/utils.py
Move single function that was previously in
powershell_utils/utils.py to powershell.py
2021-09-02 13:26:24 -04:00
Mike Salvatore 501fc162b4 Agent: Attempt login with LM and NT hashes in PowerShellExploiter 2021-09-02 13:26:23 -04:00
Mike Salvatore a2e6b0bfbd Agent: Add LM and NT hashes to PowerShell Credentials
Adds two list parameters to get_credentials() that contain LM and NT
hashes respectively. Adds a "secret_type" field to Credentials so that
the user of the Credentials object can distinguish between using cached
credentials (on windows), passwords, and NT or LM hashes.
2021-09-02 12:29:49 -04:00
Mike Salvatore 3a6f725cc4 Agent: Rename Credentials.password to Credentials.secret
The PowerShell Credentials dataclass will hold more than just passwords.
It will also hold NT and LM hashes. "secret" is, therefore, a more
accurate name than "password".
2021-09-02 12:02:30 -04:00
Mike Salvatore 0ecbfdea38
Merge pull request #1446 from guardicore/powershell-exploiter-refactor
Powershell exploiter refactor
2021-09-02 11:58:01 -04:00
Mike Salvatore 023d6a2d04 Tests: Add more tests for PowerShellExploiter 2021-09-02 11:54:22 -04:00
Mike Salvatore 936074605f Agent: Ensure temp file is removed by PowerShellExploiter 2021-09-02 11:53:13 -04:00
VakarisZ be5d354c06
Merge pull request #1447 from guardicore/add-machine-to-powershell-bb
Zoo: Add new machine for powershell exploiter
2021-09-02 18:27:17 +03:00
Ilija Lazoroski 18c21513af Zoo: Add new machine for powershell exploiter 2021-09-02 17:06:22 +02:00
Mike Salvatore 8144a3334e Tests: Add HTTP vs HTPS unit tests for PowerShellExploiter 2021-09-02 10:05:08 -04:00
Ilija Lazoroski cd9d5b4c5e Agent: Change trap command signal to TERM 2021-09-02 07:55:47 -04:00
Mike Salvatore a5af16e44e Agent: Extract PowerShellClient from PowerShellExploiter 2021-09-01 19:59:02 -04:00
Mike Salvatore c9e54412c0 Agent: Use dummy username and password when testing PowerShell HTTP
The exploit_user_list and exploit_password_list are not guaranteed to
have at least one entry. If either list is empty the exploiter will
fail. Use constant strings for the username and password to avoid
potentially crashing the exploiter.
2021-09-01 13:55:18 -04:00
Mike Salvatore 61c6bf2567 Agent: Reduce code duplication in _try_http(s)() methods 2021-09-01 13:52:55 -04:00
Mike Salvatore d30a8b007a Agent: Add comment explaining user/password == None in PowerShell 2021-09-01 13:48:13 -04:00
Mike Salvatore e6399de860 Agent: Move get_credentials() to credentials.py 2021-09-01 13:39:46 -04:00