p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
7,754 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

7754 Commits

Author SHA1 Message Date
Shreya Malviya 1f2867a70a Project: Add ProcessListCollection to Vulture's allowlist 2022-03-29 14:20:29 +03:00
Shreya Malviya 61ff95b568 Agent: Modify PBAs to return Iterable[PostBreachData] 2022-03-29 14:20:29 +03:00
Shreya Malviya 778f230589 Agent: Modify remaining PBAs to yield PostBreachData 2022-03-29 14:20:29 +03:00
Shreya Malviya ec2b2beca5 Agent: Modify PBAs to yield PostBreachData instead of returning it 
This is done mainly because of the hide files PBA which needs to send
telemetry two times. It also makes more sense to do it this way so that
it's easier to send telemetry multiple times in any PBA.
 2022-03-29 14:20:28 +03:00
Shreya Malviya 28ff112872 Agent: Modify hide files PBA to return PostBreachData 2022-03-29 14:20:25 +03:00
Shreya Malviya 8418a5ce77 Agent: Modify modify shell startup files PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 29d40f8e9d Agent: Modify communicates as backdoor user PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 0b2ac96dee Agent: Modify use signed scripts PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 5a8e8850a5 Agent: Modify schedule jobs PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 24ba5e37da Agent: Modify collect running processes PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya ee24538407 Agent: Modify clear command history PBA to return PostBreachData 2022-03-29 14:18:22 +03:00
Shreya Malviya 2e48d9ead9 Agent: Return PostBreachData in PBA's run() instead of sending PostBreachTelem 2022-03-29 14:18:22 +03:00
vakarisz 936b9ead05 Agent: Change post breach telem to use name from data argument 2022-03-29 10:26:00 +00:00
vakarisz 3c853b6625 Agent: Change PostBreachTelemetry to accept post breach data 2022-03-29 10:26:00 +00:00
vakarisz 299a261387 Agent: Refactor puppet and tools to use CONNECTION_TIMEOUT 2022-03-29 06:28:45 +00:00
Mike Salvatore 1ec5be908d
Merge pull request #1819 from guardicore/1612-interruptible-ransomware 
1612 interruptible ransomware
 2022-03-28 09:15:30 -04:00
vakarisz 0877b0a885 Agent: Load PBA's into puppet 2022-03-28 09:29:31 +00:00
Mike Salvatore f67a455868 Agent: Add comment to Ransomware.encrypt_files() 2022-03-25 13:33:16 -04:00
Mike Salvatore 593095cdcf Agent: Reword a log message in ransomware payload 2022-03-25 13:33:16 -04:00
Mike Salvatore 7047fa0cd0 Agent: Use interruptible_function decorator in ransomware payload 2022-03-25 13:33:16 -04:00
Mike Salvatore 20e3b20cb5 Agent: Add interruptible_function decorator 2022-03-25 13:33:16 -04:00
Mike Salvatore 7c6ba2e276 Agent: Use iterators instead of lists for ransomware file filtering 2022-03-25 13:33:15 -04:00
Mike Salvatore 703dc315bc Agent: Remove disused Plugin abstract class 2022-03-25 08:34:45 -04:00
Mike Salvatore 4316329384 Project: Add strict_slashes to vulture_allowlist 2022-03-25 07:57:54 -04:00
Mike Salvatore f3773ddbaa Agent: Remove disused list_object() function 2022-03-25 07:57:54 -04:00
Mike Salvatore 344530281a Common: Remove disused function get_value_from_dict() 2022-03-25 07:57:54 -04:00
Mike Salvatore bb854d2daf Island: Remove disused GROUPTYPE constant 2022-03-25 07:57:54 -04:00
Mike Salvatore a1d08abe19 Project: Rename EXPLOITED_* to PROPAGATED_* 
These states were renamed in 5e3829aab and 2c8aef6d8
 2022-03-25 07:57:54 -04:00
Mike Salvatore 9c64ee592f Island: Remove disused NodeCreationException 2022-03-25 07:57:54 -04:00
Mike Salvatore 4e489ad62b
Merge pull request #1814 from guardicore/1801-fix-blackbox-tests 
1801 fix blackbox tests
 2022-03-25 07:18:22 -04:00
Shreya Malviya 5bc961d715
Merge pull request #1815 from guardicore/1604-remove-pba-plugin-dependency 
Remove PBA's Plugin dependency + add display_name to PostBreachData
 2022-03-25 14:29:51 +05:30
Shreya Malviya dda922d06f Agent: Add display_name to PostBreachData 2022-03-25 13:09:10 +05:30
Shreya Malviya 196f814860 Agent: Remove PBA's dependency on Plugin 2022-03-25 12:54:03 +05:30
Ilija Lazoroski db03ac3dd9 Agent: Use random binary destination path for Hadoop 2022-03-24 14:59:51 -04:00
Mike Salvatore 8d4edca419
Merge pull request #1813 from guardicore/1801-fix-failure-quitting-tunnel 
1801 fix failure quitting tunnel
 2022-03-24 14:57:24 -04:00
Mike Salvatore 35923c1eb1 BB: Reduce the timeouts for tunneling tests 2022-03-24 13:43:04 -04:00
vakarisz a92a8af96b BB: Remove smb-20 machine 2022-03-24 13:08:30 -04:00
Mike Salvatore b3b5707a45 Agent: Convert dest_path to str before performing comparison 2022-03-24 12:51:07 -04:00
Mike Salvatore 8aad5b16d5 Agent: Fix tunnel address parsing in _close_tunnel() 
The current proxy schema specifies that tunnels start with "http://",
not "https://". This lead to a bug in the tunnel address parsing which
prevented the tunnel from being quit properly.
 2022-03-24 12:27:22 -04:00
Mike Salvatore ef134be044 Agent: Remove default servers from WormConfiguration.command_servers 
In my 16 months working on this project, the default server included in
WormConfiguration.command_servers has never had a Monkey Island running
on it. This adds a 30 second delay to each hop in the tunneling test as
the agent attempts to contact this bogus IP. Removing it speeds up
propagation and also avoids unintended consequences if a user has a
different service running on 192.0.2.0:5000.
 2022-03-24 11:10:22 -04:00
Mike Salvatore 996f2b3c7a Agent: Fix unnecessary waiting in MonkeyTunnel 
The monkey tunnel only needs to wait before closing if propagation was
successful. Previously, it waited before closing if any exploiter was
run.

PR: #1811
 2022-03-24 11:05:05 -04:00
Mike Salvatore 2471eb6762
Merge pull request #1810 from guardicore/1782-log4shell 
1782 log4shell
 2022-03-24 10:50:46 -04:00
vakaris_zilius 25c7696300 Agent: Change typehints of agent destination path to PurePath 2022-03-24 14:47:07 +00:00
vakaris_zilius 49d3433ade Agent: Change to more specific typehint in helpers.py 2022-03-24 14:36:20 +00:00
Shreya Malviya cb51394439 BB: Add relevant TCP ports to PowerShell config template 2022-03-24 18:43:52 +05:30
Mike Salvatore 707c79ab21 Agent: Reduce proxy timeouts from 30 to 10 seconds 
Stopping the agent is delayed by these timeouts. Reducing them allows
the agent to stop more rapidly on average.

Fixes #1372
 2022-03-24 08:37:03 -04:00
vakaris_zilius 087027b20c Agent: Change WMI exploiter to use random agent name 2022-03-24 07:25:46 -04:00
vakaris_zilius 1436be6428 Agent: Fix propagation success toggle in log4shell 
Propagation will only be marked successful if the agent got downloaded, not if the java class got downloaded
 2022-03-24 10:39:41 +00:00
vakaris_zilius 90b4038c14 Agent: Use random agent name in log4shell exploiter 2022-03-24 10:37:57 +00:00
vakaris_zilius dc2a63475b Agent: Fix incorrect monkey destination path bug 
This bug happened because Path will always cast path to current OS path and if target OS is different the path won't work. By explicitly casting the path to target OS type we get a path for target OS
 2022-03-24 10:31:41 +00:00