p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
966 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

172 Commits

Author SHA1 Message Date
Vakaris ef4eadf64a struts built_potential_url's now use map function to save code 2018-08-23 13:51:11 +03:00
Itay Mizeretz cdc576e77e Make mimikatz inside zip and extract only if config says so 2018-08-22 19:31:26 +03:00
itaymmguardicore fc2929ed2e
Merge pull request #159 from VakarisZ/WebRCE_Framework 
Web rce framework
 2018-08-22 16:46:48 +03:00
Vakaris df4b1268d1 Refactored struts2 to overload get_exploit_config 2018-08-22 16:08:38 +03:00
Vakaris 9ef44ef71f Struts2 refactored to use default_exploit_host function 2018-08-22 16:07:59 +03:00
Vakaris 6cb058eb1d Struts2 refactored for framework fixes 2018-08-22 16:07:39 +03:00
Vakaris bbd4adf2ae Struts2 core functions 2018-08-22 16:07:39 +03:00
Vakaris 3e7d7425e4 made get_exploit_config non-static for readability 2018-08-22 16:01:16 +03:00
Vakaris e1b1236fb3 Comments and CR notes fixed 2018-08-22 13:41:17 +03:00
Vakaris eae3f3440d Refactored exploit_host and added get_exploit_config 2018-08-22 13:33:36 +03:00
Vakaris 911404ef68 Implemented default_exploit_host method that can implement whole framework's workflow according to some flags/params 2018-08-21 12:34:59 +03:00
Vakaris e3d286dbc0 Minor bugfix for error handling in new custom monkey destination paths feature 2018-08-18 13:14:05 +03:00
Vakaris 5565a80418 Web_RCE framework now supports custom monkey uploading paths( we don't always have permissions to uppload to C:\Windows) 2018-08-17 13:53:09 +03:00
Vakaris b8bda692b9 Notes fixed v.2 2018-08-15 16:01:27 +03:00
Vakaris 0d45a44d6b Final, tested framework fixes 2018-08-10 15:07:56 +03:00
Vakaris 5232d84e06 Almost all notes fixed, but nothing tested. 2018-08-09 16:52:15 +03:00
Vakaris d1a29872c4 Fixed half of the notes and added a small tcp_port_to_service method in network/tools 
no message
 2018-08-09 12:13:44 +03:00
maor.rayzin 44ee74aaca * Added a coverage for the force connection closing in the mssql fingerprinter. 
(cherry picked from commit 782ced912d)
 2018-08-08 16:48:51 +03:00
Vakaris 8e684a3fad Bugfix: model.__init__ changed( I forgot to add the file to the branch) and server lock is not a singleton anymore 2018-08-07 17:44:31 +03:00
Vakaris 3f8d63c2d9 Timeout of joining set to 5 seconds. No use of waiting for another thread to stop. We can run our program while the thread stops 2018-08-04 13:01:19 +03:00
Vakaris 40957f865c Struts2 compatability fix 2018-07-19 13:04:52 +03:00
Vakaris 68d949c655 Web RCE framework core files/changes 2018-07-19 12:33:44 +03:00
Daniel Goldberg 3e1edeac61
Merge pull request #156 from VakarisZ/dropper_samefile_fix 
Dropper bug fix
 2018-07-18 20:53:52 +03:00
Vakaris d78e81db06 Changed to a better file comparison function 2018-07-18 20:48:15 +03:00
Vakaris dfecc6d6ac os.path.samefile does not work on windows. My code checks if files handlers are the same instead 2018-07-18 12:44:19 +03:00
Daniel Goldberg d853e02693 Remove FTP server from infra 
New FTP server will come from pyftp
 2018-07-17 13:08:08 +03:00
Daniel Goldberg f98a121c51
Merge branch 'develop' into master 2018-07-09 18:53:43 +03:00
Daniel Goldberg 35b535f97a Removed hard coded debug address and replaced with non routable IP 2018-07-08 12:14:45 +03:00
Vakaris c278b0a29c Small changes 2018-06-26 18:03:31 +03:00
Vakaris 6a37f2b953 removed debugging code 2018-06-25 19:11:58 +03:00
Vakaris 671452243d Fixed some bugs and more notes 2018-06-25 18:26:34 +03:00
Vakaris 81712ddbf0 Merge branch 'struts2RCE' of https://github.com/VakarisZ/monkey into struts2RCE 2018-06-22 14:57:04 +03:00
Vakaris 7ce790affa Some notes fixed 2018-06-22 14:55:52 +03:00
Daniel Goldberg d510476658
Merge branch 'develop' into struts2RCE 2018-06-21 13:23:12 +03:00
Daniel Goldberg f55133e8c1
Merge pull request #142 from guardicore/feature/MSSQL_fingerprint 
Feature/mssql fingerprint
 2018-06-21 11:46:21 +03:00
Vakaris 208411d6fc Cosmetic changes 2018-06-21 00:10:56 +03:00
Vakaris ef6c512ea9 Finished up exploitation and added reporting 2018-06-20 22:35:18 +03:00
Vakaris 2d27972e7e Struts exploitation working, and tested with win-64 and ubuntu 2018-06-20 16:58:20 +03:00
Vakaris 413bdd9254 Not yet functioning and tested, but most functions are done 2018-06-19 18:08:52 +03:00
Vakaris 9a8a6c6e28 Now exploiting both win and linux. Also, added check if monkey is not already present 2018-06-19 18:05:09 +03:00
Itay Mizeretz 20d4b3a642 Fix default config values 2018-06-13 16:05:12 +03:00
maor.rayzin db6f44109b * Responding to the PR comments with the logs and usage changes. 2018-06-12 16:29:27 +03:00
maor.rayzin d312a3a771 * Changed name from MSSQLFingerprint to MSSQLFinger to match convention. 
* Added UI support for the new fingerprint in Monkey Island.
* UI supports includes writing up MSSQL as a service under node's
  services list.
 2018-06-12 13:26:28 +03:00
maor.rayzin fe1f6d67e5 Merge branch 'develop' into feature/MSSQL_fingerprint 2018-06-11 20:19:12 +03:00
maor.rayzin 1272700fe5 * Added an author mark and updated docs 
* Changed the module to use the VictimHost object as host
* added True\False return statements.
 2018-06-09 20:02:18 +03:00
maor.rayzin fadafdbd3a Updated the config files to default include the mssql fingerfrint class: MSSQLFingerprinter, in the monkey's configuration. 2018-06-09 18:23:54 +03:00
maor.rayzin d4c1871f87 Implemented the first draft of the mssql fingerprint class 
Every line of code is documented and straight forward.
 2018-06-09 18:23:08 +03:00
maor.rayzin 8b22a52006 Added the mssql finger class to the main network init file so it will be usable. 2018-06-09 18:16:39 +03:00
maor.rayzin 293c204ddd Created the MSSQL_fingerprinter branch, 
added the fingerprint class WIP.
 2018-06-09 17:51:46 +03:00
Daniel Goldberg ecdd2e8762
Merge branch 'develop' into SSH_key_stealing 2018-06-05 16:59:28 +03:00
Vakaris 0503f90168 Notes fixed 2018-06-04 12:07:10 +03:00
Daniel Goldberg c7ed02b98e Bugfix, run Shellshock attack as dropper rather than monkey 2018-05-31 15:38:54 +03:00
Vakaris 30a3bbf9a0 Exploitation of machines using ssh keys added. Also, added shh keys exploitation to report 2018-05-29 01:02:49 +03:00
Vakaris f45cebfd5e Does not store encrypted or already present ssh keys, shows all users from whom SSH private key were stolen under "stolen credentials" in report 2018-05-25 01:34:24 +03:00
Vakaris 4197ab12a3 SSH keys are now encrypted and added to database 2018-05-24 16:59:22 +03:00
Daniel Goldberg ee835d51b0 Remove Monkey testing code, dead code as it is. 2018-05-23 15:22:27 +03:00
Vakaris e8b388482b quick fix 2018-05-22 19:06:12 +03:00
Vakaris a6d2483f7b Tested with windows and fixed all notes 2018-05-22 18:54:10 +03:00
cclauss 0411811fe5 from six import string_types, text_type, xrange (#128) 
* from six import string_types, text_type, xrange
 2018-05-22 11:13:18 +03:00
maor.rayzin 60730db45d Fixed the example configuration file, it had a json syntax error. 2018-05-17 19:28:04 +03:00
Vakaris cdb4d459bb SSH key-stealing implemented 2018-05-16 15:19:59 +03:00
cclauss 023c7cb093
ftp.py: Undefined name local_ip --> self.local_ip 
__local_ip__ is an __undefined name__ in this context (could raise NameError at runtime) so this PR recommends the use of __self.local_ip__ instead.  

flake8 testing of https://github.com/guardicore/monkey on Python 3.6.3

$ __flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics__
```
./infection_monkey/transport/ftp.py:86:29: F821 undefined name 'local_ip'
        self.servsock.bind((local_ip,0))
                            ^
```
 2018-05-08 12:23:30 +02:00
Daniel Goldberg 2bc87794b7
Merge pull request #130 from cclauss/long-was-removed-in-Python3 
long was removed in Python 3
 2018-05-08 13:06:36 +03:00
Daniel Goldberg 1af9ffc0d4
Merge pull request #129 from cclauss/new-style-exceptions 
New style exceptions, has_key(), and types
 2018-05-08 13:05:08 +03:00
cclauss 0bb0cfbd5d long was removed in Python 3 2018-05-07 16:48:49 +02:00
cclauss bc76ea977b New style exceptions, has_key(), and types 2018-05-07 16:24:11 +02:00
Daniel Goldberg b6e39280be Spacing in __str__ method of VictimHost 2018-05-05 16:23:58 +03:00
Rahul Goswami 7503a77ff7
update __repr__ method in VictimHost class 
- __repr__ method should return the standard constructor string (pep8)
 2018-05-03 00:50:02 +05:30
Daniel Goldberg 3f0569a29e EG bugfixes 
- Use dropper instead of monkey
 - Run disconnected shell
 - Check for dropper log instead of monkey log
 2018-04-17 14:34:26 +03:00
Daniel Goldberg 558fa749ca Bugfix in dropper.py, handle gracefully failure in cleanup 2018-04-17 14:20:21 +03:00
Daniel Goldberg cc4ad05be8 Bugfix in dropper.py, return value in all fail paths 2018-04-17 14:16:46 +03:00
Daniel Goldberg ca65be8946 Additional edge case in parsing Azure configuration files 2018-04-17 11:33:14 +03:00
Daniel Goldberg 3fe6d2456b Bugfix when upgrading the monkey without admin permissions. 
Can happen during development or future exploit flows
 2018-04-17 11:27:35 +03:00
Daniel Goldberg c82fd3400a
Merge pull request #104 from guardicore/bugfix/upgrade-windows-32-to-64 
Bugfix/upgrade windows 32 to 64
 2018-04-17 10:26:30 +03:00
Daniel Goldberg 3e859d84fb Rename check for 64-bit to make explict it's a windows only check 2018-04-12 17:57:21 +03:00
Daniel Goldberg 7eb2a5c98b Remove class C limitation when getting local subnet 2018-04-12 14:57:22 +03:00
Itay Mizeretz 1407ab3969 Fix last CR comments 2018-04-11 21:09:06 +03:00
Itay Mizeretz 86d802882a Fix race-condition bug on upgrade 2018-04-11 20:59:23 +03:00
Itay Mizeretz be5d17ab42 Merge branch 'develop' into bugfix/upgrade-windows-32-to-64 
# Conflicts:
#	infection_monkey/monkey.py
 2018-04-11 19:21:52 +03:00
Itay Mizeretz 148684d78f Fixed most CR 2018-04-11 19:07:03 +03:00
Itay Mizeretz dcbcc34af0 Merge branch 'develop' into feature/support-subnet-in-config 
# Conflicts:
#	monkey_island/cc/services/report.py
 2018-04-11 11:33:16 +03:00
Itay Mizeretz fcb5b8f85d Fix CR 2018-04-11 11:28:59 +03:00
Daniel Goldberg 2365f4db42 Fix edge case when returning invalid input in EG exploiter 2018-04-02 18:28:44 +03:00
Daniel Goldberg 7f89cc753d Add missing pip dependency 2018-04-02 18:05:52 +03:00
Daniel Goldberg f1bbb255cd Fix edge case in ElasticGroovy 2018-04-02 17:19:45 +03:00
Daniel Goldberg 99b22cfa56 Fail gracefully in case of no open ports on Windows 2018-04-02 16:49:18 +03:00
Daniel Goldberg f37c3aaa2c
Merge pull request #114 from guardicore/master 
Rebase develop onto master
 2018-04-02 16:44:11 +03:00
Daniel Goldberg 2d9481f142
Merge pull request #111 from guardicore/bugfixes 
Bugfixes
 2018-04-02 16:43:09 +03:00
Daniel Goldberg 9d59e9164c
Merge pull request #113 from guardicore/master 
Rebase develop onto master
 2018-04-02 14:39:48 +03:00
Oran Nadler ac8f218586 fix unicode bug 2018-04-02 01:47:15 -07:00
Daniel Goldberg d754d39e75 Fix spurious successful connection attempts in check_tcp_ports 2018-04-01 15:17:13 +03:00
Daniel Goldberg 3aa1b9e5a9 Bugfix in _cast_by_example, see issue #109 2018-03-29 15:39:47 +03:00
Daniel Goldberg 095510e8e2 Add filtering of invalid results, otherwise it'll propagate 2018-03-29 11:01:07 +03:00
Daniel Goldberg 9b44fc8b98 Adds configuration option to turn Azure collection on and off 
Merge mimikatz and Azure into system info collection settings.
 2018-03-29 11:01:06 +03:00
Daniel Goldberg 9d7b345d1d Split up Azure credential working to make it easier for the server to understand. 
Fixed bugs in Azure report server side and fixed a hardcoded constant in get_issues_overview
 2018-03-29 11:01:06 +03:00
Daniel Goldberg 93fee0d2c5 Add Azure password stealing to the report. 2018-03-29 11:01:06 +03:00
Daniel Goldberg 21abdb5cef Add tag to system info if on Azure and harvested creds. 2018-03-29 11:01:05 +03:00
Daniel Goldberg e3bd29ef6f Add credential harvesting by default to both OS colelctors 2018-03-29 11:01:05 +03:00
Daniel Goldberg cb39be6f58 Initial commit of standalone Azure password harvester 2018-03-29 11:01:05 +03:00
Daniel Goldberg 8f5643b0b5
Merge pull request #87 from guardicore/feature/send-raw-log 
Feature/send raw log
 2018-03-06 18:10:22 +02:00