p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1570 from guardicore/1556-broken-agent-manual-run-win 

1556 broken agent manual run Windows
This commit is contained in:
Mike Salvatore 2021-11-05 11:49:53 -04:00 committed by GitHub
parent 0d0fffcd7a c07f842c75
commit 2c3cbb2ef7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -12,9 +12,11 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
### Removed ### Removed
- The VSFTPD exploiter. #1533 - The VSFTPD exploiter. #1533
- Manual agent run command for CMD. #1570
### Fixed ### Fixed
- A bug in network map page that caused delay of telemetry log loading. #1545 - A bug in network map page that caused delay of telemetry log loading. #1545
- Windows "run as a user" powershell command for manual agent runs. #1570
### Security ### Security

4
monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/RunManually/LocalManualRunOptions.js
View File

@ -2,7 +2,6 @@ import React, {useEffect, useState} from 'react';
import InlineSelection from '../../../ui-components/inline-selection/InlineSelection'; import InlineSelection from '../../../ui-components/inline-selection/InlineSelection';
import DropdownSelect from '../../../ui-components/DropdownSelect'; import DropdownSelect from '../../../ui-components/DropdownSelect';
import {OS_TYPES} from '../utils/OsTypes'; import {OS_TYPES} from '../utils/OsTypes';
import GenerateLocalWindowsCmd from '../commands/local_windows_cmd';
import GenerateLocalWindowsPowershell from '../commands/local_windows_powershell'; import GenerateLocalWindowsPowershell from '../commands/local_windows_powershell';
import GenerateLocalLinuxWget from '../commands/local_linux_wget'; import GenerateLocalLinuxWget from '../commands/local_linux_wget';
import GenerateLocalLinuxCurl from '../commands/local_linux_curl'; import GenerateLocalLinuxCurl from '../commands/local_linux_curl';
@ -50,8 +49,7 @@ const getContents = (props) => {
function generateCommands() { function generateCommands() {
if (osType === OS_TYPES.WINDOWS_64 || osType === OS_TYPES.WINDOWS_32) { if (osType === OS_TYPES.WINDOWS_64 || osType === OS_TYPES.WINDOWS_32) {
return [{type: 'CMD', command: GenerateLocalWindowsCmd(selectedIp, osType, customUsername)}, return [{type: 'Powershell', command: GenerateLocalWindowsPowershell(selectedIp, osType, customUsername)}]
{type: 'Powershell', command: GenerateLocalWindowsPowershell(selectedIp, osType, customUsername)}]
} else { } else {
return [{type: 'CURL', command: GenerateLocalLinuxCurl(selectedIp, osType, customUsername)}, return [{type: 'CURL', command: GenerateLocalLinuxCurl(selectedIp, osType, customUsername)},
{type: 'WGET', command: GenerateLocalLinuxWget(selectedIp, osType, customUsername)}] {type: 'WGET', command: GenerateLocalLinuxWget(selectedIp, osType, customUsername)}]

16
monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_cmd.js
View File

@ -1,16 +0,0 @@
import {OS_TYPES} from '../utils/OsTypes';
export default function generateLocalWindowsCmd(ip, osType, username) {
let bitText = osType === OS_TYPES.WINDOWS_32 ? '32' : '64';
let command = `powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; `
+ `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/`
+ `monkey-windows-${bitText}.exe','.\\monkey.exe'); `
+ `;Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`;
if (username != '') {
command = `runas /user:${username} "cmd /K ${command}"`;
}
return command;
}

19
monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
View File

@ -1,15 +1,20 @@
import {OS_TYPES} from '../utils/OsTypes'; import {OS_TYPES} from '../utils/OsTypes';
export default function generateLocalWindowsPowershell(ip, osType, username) { function getAgentDownloadCommand(ip, osType) {
let bitText = osType === OS_TYPES.WINDOWS_32 ? '32' : '64'; let bitText = osType === OS_TYPES.WINDOWS_32 ? '32' : '64';
let command = `[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; ` return `$execCmd = @"\r\n`
+ `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/` + `[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {\`$true};`
+ `monkey-windows-${bitText}.exe','.\\monkey.exe'); ` + `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/monkey-windows-${bitText}.exe',`
+ `;Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`; + `"""$env:TEMP\\monkey.exe""");Start-Process -FilePath '$env:TEMP\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`
+ `\r\n"@; \r\n`
+ `Start-Process -FilePath powershell.exe -ArgumentList $execCmd`;
}
if (username != '') { export default function generateLocalWindowsPowershell(ip, osType, username) {
command = `Start-Process powershell.exe -ArgumentList "-noexit ${command}" -Credential ${username}`; let command = getAgentDownloadCommand(ip, osType)
if (username !== '') {
command += ` -Credential ${username}`;
} }
return command; return command;