Commit Graph

6511 Commits

Author SHA1 Message Date
Mike Salvatore c2f3042442 Agent: Move definition of exploit template constants for log4shell
The LINUX_EXPLOIT_TEMPLATE_PATH and WINDOWS_EXPLOIT_TEMPLATE_PATH are
not used in exploit_builder.py, and therefore have no reason to be
defined in this file. They are now defined in the __init__.py
2022-01-12 16:46:31 -05:00
Mike Salvatore 7733ec29ca Agent: Add source code for log4shell Java class templates 2022-01-12 16:41:57 -05:00
Mike Salvatore aa60313787 Agent: Remove commented out code in ExploitClassHTTPServer 2022-01-12 12:33:54 -05:00
Mike Salvatore 3bbf4f9ac6 Agent: Prefix private methods/variables with _ in Log4ShellExploiter 2022-01-12 12:23:44 -05:00
Mike Salvatore 8f53a5ccd0 Agent: Fix min_range in get_free_tcp_port()
get_free_tcp_port() effectively ignored the min_range parameter by using
min(1, min_range). This meant that min_range was always 1 (unless a
negative value was passed). As ports lower than 1024 are privileged on
Linux, this lead to the agent trying to bind to ports that it did not
have permission to. By using max(1, min_range), We insure that min_range
is always at least 1, but will still use the provided parameter (1024 by
default).
2022-01-12 12:20:32 -05:00
Mike Salvatore 16219b714b Agent: Extract Java exploit HTTP server into its own module 2022-01-12 12:11:20 -05:00
Mike Salvatore b72ad39aa6 Agent: Invoke reactor.stop() with reactor.callFromThread() 2022-01-12 10:53:10 -05:00
Shreya Malviya 7fae22e993 Docs: Add Log4Shell exploiter page 2022-01-12 14:29:38 +05:30
Shreya Malviya f8ac13c164 Island: Add info about Log4Shell to config schema 2022-01-12 14:05:17 +05:30
Mike Salvatore c51be159b6 Agent: Use classmethods to improve readability of HTTPHandler 2022-01-11 13:08:32 -05:00
Mike Salvatore b79bf96359 Agent: Don't install signal handlers in LDAPExploitServer
This avoids exceptions that are raised when the LDAPExploitServer is not
started on the main thread.
2022-01-11 12:54:53 -05:00
Ilija Lazoroski ab7a47384c Agent, Island: Add Logstash service to Log4Shell exploit 2022-01-11 18:23:15 +01:00
Mike Salvatore 30c41592fb Agent: Remove dependency on threading from LDAPExploitServer 2022-01-10 08:50:09 -05:00
Mike Salvatore 67ade141a0 Agent: Start log4shell java class server on daemon thread 2022-01-10 08:40:51 -05:00
Mike Salvatore 64827ac589 Agent: Rename IServiceExploiter -> IExploitableService 2022-01-10 08:30:55 -05:00
Mike Salvatore eb10bdaa4e Agent: Add unit tests for log4shell ldap server tree 2022-01-10 08:22:01 -05:00
Ilija Lazoroski dcc68914bd BB: Add log4j machines to monkey zoo 2022-01-10 14:17:48 +01:00
vakarisz 6782f806eb Zoo: add log4j solr machines to terraform scripts and docs 2022-01-07 15:27:50 +02:00
vakarisz 7ba2051bf6 Agent: fix a bug in log4shell
Fix a bug that prevents single agent from exploiting multiple machines, by resetting the state of global HTTPHandler params
2022-01-06 16:58:40 +02:00
vakarisz a38536b59b Agent: refactor log4shell
Refactor extracts server setup and shutdown functionality into separate methods
2022-01-06 16:35:38 +02:00
Ilija Lazoroski 79d92afcd4 Agent: Add Apache Tomcat support for Log4Shell exploit 2022-01-06 13:56:17 +01:00
vakarisz 0006112e79 Agent: fix log4shell to be able to exploit more than 1 service 2022-01-06 13:01:50 +02:00
vakarisz 0cd6b1e616 Agent: remove unused upload_monkey() and rename _trigger_exploit 2022-01-06 13:00:37 +02:00
vakarisz 7bace927f8 Agent: fix log4shell to always close ldap and http servers, even on errors 2022-01-06 12:56:04 +02:00
vakarisz 9d5ea0f41f Island: add log4shell issue processing and reporting 2022-01-06 12:26:00 +02:00
vakarisz 0b76b9f949 Agent: fix log4shell to override the correct _exploit_host method 2022-01-06 12:18:58 +02:00
vakarisz 09988b0f80 Agent: report vulnerable port and service in log4shell
Refactor log4shell.py and related service exploiters to adhere to IExploitableService interface and save which service on which port was vulnerable to log4shell
2022-01-05 17:43:28 +02:00
vakarisz 5ac6d12fe9 Agent: fix log4shell exploitation indication 2022-01-05 15:47:45 +02:00
vakarisz c382987430 Project: vulture allow LDAPServerFactory.buildProtocol 2022-01-05 15:18:12 +02:00
vakarisz dd3c5aac6f Agent: small logging improvements in log4shel 2022-01-05 14:21:26 +02:00
vakarisz d2181f6577 Agent, UT: fix ldap builder UT's and some imports in log4shell 2022-01-05 14:16:24 +02:00
Ilija Lazoroski 563438c7f8 Agent, Island: Add Apache Solr support for Log4Shell exploit 2022-01-05 12:37:08 +01:00
vakarisz 8a120110f5 Agent: change ldap and http ports to be chosen dynamically in log4shell 2022-01-05 12:46:40 +02:00
vakarisz 0659fddac6 Agent: add the docker POC exploit to log4shell
Implements the infrastructure needed to add different log4shell exploits and adds the
2022-01-04 17:48:45 +02:00
vakarisz 206abfa5e8 Agent: refactor a couple web_rce methods to static 2022-01-04 17:41:19 +02:00
vakarisz e69639b426 Agent: use separate java classes for windows and linux in log4shell
Linux and windows targets should use different java classes, because one is compiled to be launched in /bin/bash, another in cmd.exe. We can't just inject the whole command, because Runtime.getRuntime().exec() interprets the string in strange ways
2022-01-04 16:09:19 +02:00
vakarisz 1884c6d767 TEMP: base implementation of the log4shell 2021-12-23 16:45:25 +02:00
vakarisz 41b97cb54a TEMP: base implementation of the log4shell 2021-12-22 17:17:02 +02:00
Mike Salvatore fddaa16931 Agent: Improve InvalidExploitTemplateError messages 2021-12-21 15:19:45 -05:00
Mike Salvatore 4d5a2511c6 Agent: Add LDAP server for log4shell exploit 2021-12-21 15:19:44 -05:00
Mike Salvatore 2a795723ab Agent: Add ldaptor to dependencies 2021-12-21 15:12:50 -05:00
Mike Salvatore 68978907e2 Agent: Add build_exploit_bytecode for log4shell exploiter 2021-12-20 15:12:11 -05:00
Mike Salvatore 230ca3faf8 Docs: Add v1.12.0 checksums 2021-10-27 10:21:28 -04:00
Mike Salvatore d5e12725a9 Changelog: Release v1.12.0 2021-10-27 10:14:36 -04:00
Mike Salvatore bc5ca5b613 Docs: Add --tty and --interactive to docker commands
These options allow the monkey-island docker container to be killed with
<CTRL-C>
2021-10-27 07:58:39 -04:00
Shreya Malviya a55f86ceea Docs: Update Zerologon documentation to mention that brute force exploiters use its stolen creds 2021-10-26 19:58:11 +05:30
Shreya Malviya ea31d27bf1 Island: Update Zerologon's description in the configuration 2021-10-26 19:58:11 +05:30
VakarisZ 1ad74a4bff BB: fix zerologon test to check propagation via SMB as well
ZeroLogon doesn't propagate to the machine it only steals the credentials. It's best to make sure that propagation is also possible by running SMB exploiter
2021-10-26 10:21:36 -04:00
Shreya Malviya 820d47c9cc Agent: Change logic for generating random password 2021-10-26 19:39:34 +05:30
Mike Salvatore b8ed464909
Merge pull request #1550 from guardicore/config_import_fix
Config import fix
2021-10-26 09:57:48 -04:00