Commit Graph

67 Commits

Author SHA1 Message Date
Itay Mizeretz 22ff980923 Merge remote-tracking branch 'origin/develop' into bugfix/various-fixes 2017-10-01 11:36:12 +03:00
Daniel Goldberg b910baf1d0 Stupid, stupid casting bug. 2017-10-01 11:35:17 +03:00
Itay Mizeretz 9af6590e75 Fix CR 2017-09-28 19:03:31 +03:00
Itay Mizeretz 7365f7d6a7 Fix in sambacry
Sambacry tries to exploit when can't recognize version
2017-09-28 16:13:47 +03:00
Itay Mizeretz 174c74cbcb Temporarily disable shellshock reporting its vulnerable pages 2017-09-28 14:43:08 +03:00
Daniel Goldberg 5586619f19 PEP8 fun 2017-09-28 14:22:35 +03:00
Daniel Goldberg a27c802b11 If already touching this file, modify it for PEP8 + better exception syntax. 2017-09-28 14:17:41 +03:00
Itay Mizeretz 48ce135194 Merge remote-tracking branch 'origin/develop' into feature/pass-the-hash
# Conflicts:
#	monkey_island/cc/services/config.py
2017-09-27 18:42:25 +03:00
Itay Mizeretz d628a27595 Add pass-the-hash for wmi 2017-09-27 18:30:44 +03:00
Itay Mizeretz 7e3f420fe0 Add pass-the-hash for sambacry 2017-09-27 17:23:23 +03:00
itaymmguardicore 9242fe3232 Merge pull request #51 from guardicore/feature/elasticgroovy
Feature/elasticgroovy
2017-09-27 15:41:40 +03:00
Daniel Goldberg 6b7f67933d Finish fixing CR notes. 2017-09-27 14:38:44 +03:00
Itay Mizeretz fe77fc833c fix ntlm_hash telem 2017-09-27 14:28:53 +03:00
Daniel Goldberg 142401e706 change the user/password combo to existing function in another place. 2017-09-27 13:40:50 +03:00
Daniel Goldberg 5e8288e211 Fixed CR notes in
https://github.com/guardicore/monkey/pull/51#pullrequestreview-65212211
2017-09-26 18:16:20 +03:00
Itay Mizeretz 89b442be58 Implement pass the hash for SMB 2017-09-26 18:11:13 +03:00
Daniel Goldberg 6708e623fc Added Elastic attack 2017-09-26 15:43:46 +03:00
Itay Mizeretz b420f74a55 Fix dropper bug on wmiexec and win_ms08_067 2017-09-04 16:51:22 +03:00
Itay Mizeretz 40b03793c9 Fix user_password_pairs indentation bug in 2017-09-04 16:44:40 +03:00
Itay Mizeretz 3014763e99 minor fixes 2017-09-04 15:41:36 +03:00
Itay Mizeretz cc889f9124 Fix CR 2017-09-04 14:52:24 +03:00
Itay Mizeretz c8d7a2c4d3 SambaCry now works for both 32,64bit 2017-09-03 11:50:01 +03:00
Itay Mizeretz c612ea0361 Documented sambacry, moved everything to configuration, minor fixes 2017-08-31 20:03:32 +03:00
Itay Mizeretz 5de433eae0 sambacry works
default monkey binary in linux is now 64bit
2017-08-31 18:40:42 +03:00
Itay Mizeretz 194ed624c2 sambacry almost working e2e 2017-08-31 17:50:55 +03:00
Itay Mizeretz 4ce1653c8f sambacry: Add support for using both architectures 2017-08-30 10:16:54 +03:00
Itay Mizeretz 7d72150e4e Add working POC of sambacry. still needs some modifications to fir monkey, and minor functionality 2017-08-28 19:20:44 +03:00
Itay Mizeretz 57e69fafee minor fix in dropper
Rename constants
2017-08-28 10:41:11 +03:00
Itay Mizeretz 97205e6427 Fix config property bug 2017-08-21 11:51:47 +03:00
Itay Mizeretz 26df64fb87 Fixed CR 2017-08-20 19:32:18 +03:00
Itay Mizeretz 1a55c8362f Add C&C ability to share credentials found from monkeys 2017-08-17 18:04:36 +03:00
Itay Mizeretz a671b55df3 Add mimikatz collector
Combine all users and passwords in config
2017-08-16 15:14:26 +03:00
daniel goldberg ab7f731ed5 Removed reliance on grequests. Complicates other code and no real performance improvement in a LAN enviornment. 2016-09-21 14:55:13 +03:00
itsikkes 155a03efad Small hack to support fast-user switching when RDPing to already loggen-in host
Although it doesn't always happen, because there is no easy wasy to know
- trying  to press YES on the dialog box (if any) can help the login
process
2016-09-19 22:27:17 +03:00
itsikkes b3322b2541 improved local interface selection when exploiting 2016-09-08 12:30:40 +03:00
danielguardicore d2203b2220 Removed legacy ChaosMonkey from SMB execution. 2016-09-07 19:10:30 +03:00
danielguardicore ce3eaa9b2e Fixed grequsts/gevents monkey patching of socket code, which lead to paramiko being unable to function after a shellshock scan. 2016-09-07 10:16:17 +03:00
itsikkes 39eaca300f RDP: change VBS object to reduce requirements + process is more verbose 2016-09-06 11:05:15 +03:00
daniel goldberg 32c326bd7b PEP8 in diff files
Add concept of non default timeout for copying SMB files. This is by default 5 minutes.
Changed behavior of SMB exploiter if file already exists, we don't assume exploitation is useless and try again. Worse case is we run the monkey after it finished running.
Changed behavior if managed to connect to machine to IPC$ over some dialect. If Success, we don't try again.
2016-09-05 17:45:27 +03:00
daniel goldberg 91427eb346 Tiny PEP8 change and changed reporting of vulnerable URLs in shellshock 2016-08-29 18:58:16 +03:00
daniel goldberg d80c670392 Fixed bug in HTTPFingering
Added support for skip_exploit_if_file_exists in linux exploiters.
Delayed/fixed a race in the monkey patching that gevents does.
2016-08-29 18:58:16 +03:00
daniel goldberg cd27438a1e PEP 8 changes 2016-08-29 18:58:15 +03:00
daniel goldberg 1806f9bc62 Issue #33 - Added support for skip_exploit_if_file_exist in linux 2016-08-29 13:34:21 +03:00
daniel goldberg a322a619cb Issue 23 - Added shellshock exploit. 2016-08-29 12:09:46 +03:00
acepace 88951f920d Bunch of generic PEP8 improvements 2016-08-20 17:03:49 +03:00
acepace 8f1669dd44 Added functionality to report all brute force password attempts even if unsuccessful. 2016-08-09 00:23:18 +03:00
acepace d75ce529ab Issue #18, added ability to attack multiple users in SSH brute force.
Also fixed small bug in windows kill path parsing.
2016-08-08 22:25:33 +03:00
itsikkes 76e3350fa3 merge duplicate code 2016-07-26 18:52:58 +03:00
itsikkes e26f849286 RDP module bugfix 2016-07-23 08:41:57 +03:00
itsikkes ad6b7a9893 missing parent flag 2016-07-21 11:22:01 +03:00