Commit Graph

7725 Commits

Author SHA1 Message Date
Ilija Lazoroski 71328ea2b1 Agent, Island: User friendly log name
* Configurable log directories
* Random component to the log file
* 'infection-monkey-<monkey-arg>-<random-str>-<timestamp>.log'
2022-03-09 16:49:32 +01:00
Shreya Malviya a3eb0bc6f2 Island: Remove unused `set_node_group()` in NodeService 2022-03-09 10:21:52 -05:00
Shreya Malviya 5e3829aab3 Island: Add field `propagated` to node and rename image files 2022-03-09 10:21:52 -05:00
Shreya Malviya d6fe9c2ef2 Agent: Remove `add_extracted_creds_to_exploiter_options()` from Zerologon exploiter 2022-03-09 10:21:52 -05:00
Mike Salvatore 8bc6086e1a Agent: Correctly set propagation/exploitation status in Zerologon 2022-03-09 10:21:52 -05:00
Mike Salvatore 0d5fcf7fbf Agent: Fix name of self.telemetry_messenger in ZerologonExploiter 2022-03-09 10:21:52 -05:00
Mike Salvatore 118c2abaee Agent: Load ZerologonExploiter into the puppet 2022-03-09 10:21:51 -05:00
vakarisz c322446aee Agent: use exploit_results in zerologon 2022-03-09 10:20:45 -05:00
vakarisz 325e58cea2 Agent: explicitly specify some timeouts in zerologon exploiter 2022-03-09 10:20:45 -05:00
Shreya Malviya 5ec05d5617 UT: Fix Zerologon UTs 2022-03-09 10:20:45 -05:00
Shreya Malviya a927879334 Agent: Remove `host` from Zerologon exploiter's constructor 2022-03-09 10:20:45 -05:00
Shreya Malviya 040227286a Agent: Send extracted creds as CredentialTelemetry from Zerologon exploiter 2022-03-09 10:20:45 -05:00
Shreya Malviya aee3566a0c Agent: Remove WormConfiguration references in Zerologon exploiter 2022-03-09 10:20:45 -05:00
Shreya Malviya 08cbf75b5f Agent: Remove credential hashes in logging in Zerologon exploiter 2022-03-09 10:20:45 -05:00
Mike Salvatore cbaa3256dd
Merge pull request #1766 from guardicore/1742-wmi-exploiter
1742 add wmi exploiter to puppet
2022-03-09 10:17:54 -05:00
Mike Salvatore 03145a1392 Changelog: Add changelog entry for human-readable thread names 2022-03-09 10:04:45 -05:00
Mike Salvatore 0a6ced443c Agent: Reduce smb_download_timeout to 30 seconds 2022-03-09 10:00:20 -05:00
vakarisz 7e6f1df3f5 Agent: Make thread name mandatory for creating daemon threads 2022-03-09 16:55:22 +02:00
vakarisz 83c25c6469 Agent: Refactor generate_brute_force_combinations 2022-03-09 16:51:15 +02:00
vakaris_zilius 130c62a5c2 Agent: add a wrapper for wmi_tools users
Add a dedicated wrapper to make sure that wmi_tools users don't run into race conditions
2022-03-09 16:38:52 +02:00
Mike Salvatore e5acdf4cb7 Agent: Fix formatting in utils/brute_force.py with Black 2022-03-09 16:38:52 +02:00
Mike Salvatore 66d9549507 Agent: Add human-readable thread names to AutomatedMaster 2022-03-09 16:38:52 +02:00
Mike Salvatore 847c7fbf9b Agent: Add human-readable thread name to aws_environment_check 2022-03-09 16:38:52 +02:00
Mike Salvatore 87dbe20c23 Agent: Add human-readable thread name to MonkeyTunnel 2022-03-09 16:38:52 +02:00
Mike Salvatore f9a7672767 Agent: Add optional name to create_daemon_thread and run_worker_threads 2022-03-09 16:38:52 +02:00
Mike Salvatore b34c287238 Agent: Log thread name instead of thread ID 2022-03-09 16:38:52 +02:00
vakaris_zilius 3dc8ef606c Agent: add lock to wmi tools
impacket libraries used for WMI are not designed for multithreading
2022-03-09 16:38:52 +02:00
vakaris_zilius 16535e06c7 Agent: fix a bug in WMI exploiter related to depth 2022-03-09 16:38:52 +02:00
vakaris_zilius 4ce731c769 Agent: generate brute force credentials from exploiter options
All brute force exploiters will have the same structure of options, so instead of calling the generate_username_password_or_ntlm_hash_combinations() and manually unpacking the required arguments from options, we simplify the call and remove duplication
2022-03-09 16:38:52 +02:00
vakarisz 4e7e4a9eee Agent: replace get_monkey_depth with self.current_depth 2022-03-09 16:38:52 +02:00
vakarisz dc1a2ab1c1 Agent: move brute-force input generation from wmiexec to brute_force 2022-03-09 16:38:52 +02:00
Mike Salvatore 77f58b942b Agent: Remove monkeyfs references in smb_tools.py 2022-03-09 16:38:52 +02:00
Mike Salvatore f57977dd53 Agent: Add missing return to WmiExploiter 2022-03-09 16:38:52 +02:00
Mike Salvatore 98f8a5b48a Agent: Fix malformed WMI query in WMIExploiter 2022-03-09 16:38:52 +02:00
Mike Salvatore e76b46c8ca Island: Add smb_download_timeout to SMB and WMI exploiter options 2022-03-09 16:38:52 +02:00
Mike Salvatore 6862ef39ee Agent: Load WMIExploiter into puppet 2022-03-09 16:38:52 +02:00
vakarisz aa5220b04a Agent: modify wmiexec.py to return ExploitResultData 2022-03-09 16:38:52 +02:00
vakarisz c932a19b47 Agent: decouple wmiexec.py from WormConfig object 2022-03-09 16:38:52 +02:00
vakarisz d7e222c8a8 Agent: improve logging in wmiexec.py 2022-03-09 16:38:52 +02:00
vakarisz af9736a8ea Agent: added a todo to assess smb connection timeout 2022-03-09 16:38:52 +02:00
vakarisz afc43ae806 Agent: fix a bug in wmi_tools
Fix a bug in wmi connection cleanup where incorrect keys were being used on a dictionary
2022-03-09 16:38:51 +02:00
Mike Salvatore 4832bc12d9
Merge pull request #1764 from guardicore/scan-depth
Scan depth
2022-03-07 12:37:20 -05:00
Mike Salvatore 1de449351e
Merge pull request #1765 from guardicore/1755-fix-hadoop-cmd
Agent: Prevent overwriting hadoop linux agent
2022-03-07 12:37:02 -05:00
Mike Salvatore c886daba8a Agent: Increase detail of HADOOP_LINUX_COMMAND comment 2022-03-07 12:35:52 -05:00
Mike Salvatore aef3de1e8e Agent: Remove special depth processing from WormConfiguration 2022-03-07 10:30:19 -05:00
Mike Salvatore 524b97078d Agent: Pass current depth to AutomatedMaster 2022-03-07 10:30:17 -05:00
Mike Salvatore 7cae4d6dec Agent: Pass depth to exploiters 2022-03-07 10:25:53 -05:00
Mike Salvatore 41287d458b Agent: Don't propagate if depth == 0 2022-03-07 10:25:53 -05:00
Mike Salvatore fd2143a4df Agent: Re-raise exceptions in HostExploiter
The AutomatedMaster can't process the exceptions if the HostExploiter
swallows them. The HostExploiter can log and re-raise the exceptions so
they can be processed by the AutomatedMaster.
2022-03-07 10:24:22 -05:00
Ilija Lazoroski c802f21756 Agent: Prevent overwriting hadoop linux agent
Because hadoop is re-requesting agents, we don't get the
agent if it already there, if it has size 0 and if it exists
we remove it.
2022-03-07 15:40:15 +01:00