p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,184 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

6184 Commits

Author SHA1 Message Date
Shreya Malviya 54f80df1f4 bb: Remove extra line from end of file 2021-08-30 15:12:35 +05:30
Ilija Lazoroski e9ac64f108 docs: Add better documentation for powershell remoting exploiter 2021-08-27 11:18:16 +02:00
Mike Salvatore 98fcfde389
Merge pull request #1426 from guardicore/1246/config-template-bb-test 
Add PowerShell config and bb test
 2021-08-26 09:19:03 -04:00
Shreya Malviya 57109c11a9 cc: Change 'powershell' -> 'PowerShell' in issue overview in security report 2021-08-26 17:06:19 +05:30
Ilija Lazoroski 9a96e6ed39 Zoo: Refactor start and stop gcp machine functions 2021-08-26 10:35:22 +02:00
Mike Salvatore a80cd676b4 Common: Remove unused CredentialsError 2021-08-25 15:37:17 -04:00
Mike Salvatore c875aa349f Tests: Change test order/names in powershell_utils/test_utils.py 2021-08-25 15:33:46 -04:00
Mike Salvatore 8aedc2c391 Agent: Add pyinstaller hooks for pypsrp 2021-08-25 14:44:31 -04:00
Mike Salvatore 176828d458 Agent: Log exception if PowerShellExploiter fails to copy agent 2021-08-25 14:18:43 -04:00
Mike Salvatore 86d7879c31 Agent: Remove leading space from RUN_MONKEY string template 2021-08-25 13:33:03 -04:00
Mike Salvatore e70d1c714b Agent: Remove context manager from _authenticate() 
Since the PowerShellExploiter's _authenticate() method returns the
client object, it doesn't make sense for it to be constructed in a
context manager.
 2021-08-25 13:30:30 -04:00
Mike Salvatore b871398682 Agent: Add useful logging to powershell exploiter 2021-08-25 13:30:30 -04:00
Shreya Malviya 876cdbeffa island: Check if credential in exploit telemetry is `None` before processing it 2021-08-25 19:31:36 +05:30
Ilija Lazoroski e6ca0fd3b6 Zoo: Parallelize start and stop of gcp machines 2021-08-25 10:07:41 +02:00
Mike Salvatore 1da79f78bf Agent: Use format strings in powershell exploiter log statements 2021-08-24 15:32:51 -04:00
unknown f046e9d7a7 Agent: Add pypsrp to PipFile 2021-08-24 15:11:15 -04:00
Mike Salvatore af57272e36 Island: Update python dependencies (Flask-JWT-Extended 3.24.1 -> 4.*) 
Resolves #1048
 2021-08-24 14:35:50 -04:00
Mike Salvatore dd56f3d650 Island: Fix minor formatting error 2021-08-24 13:37:40 -04:00
Mike Salvatore c385177dac Agent: Extract _build_monkey_execution_command() into powershell_utils 2021-08-24 13:14:29 -04:00
Mike Salvatore 58f23f4fc0 Agent: Extract powershell client parameters into powershell_utils 2021-08-24 13:13:37 -04:00
Mike Salvatore 4e7a95316e Agent: Extract _get_credentials() into powershell_utils/utils.py 2021-08-24 12:53:37 -04:00
Mike Salvatore aef8f2e37a Agent: Extract method _build_monkey_execution_command 2021-08-24 12:16:52 -04:00
Mike Salvatore 1928f1b9bc Agent: Remove "credentials" local variable 2021-08-24 12:11:59 -04:00
Mike Salvatore a2bdc69388 Agent: Log and report exploitation attempts from PowerShellExploiter 2021-08-24 12:03:42 -04:00
Mike Salvatore 8209fa55df Agent: Set client parameters if password is "" in PowerShellExploiter 2021-08-24 11:53:48 -04:00
Mike Salvatore fb18c1cbd4 Agent: Only use "None" creds in powershell exploiter if host is Windows 2021-08-24 11:43:17 -04:00
Mike Salvatore 79cc82b159 Agent: Remove duplicated try/except if/else from PowerShellExploiter 2021-08-24 10:35:21 -04:00
Mike Salvatore 66527b1bde Agent: Move Windows architecture constants from web_rce.py -> consts.py 2021-08-24 09:37:05 -04:00
Mike Salvatore f1c247ad93 Agent: Refactored PowerShellExploiter authentication function names 2021-08-24 09:29:02 -04:00
Ilija Lazoroski 73a3f2057a Docs: Documentation for PowerShell. Update zoo docs 2021-08-24 15:16:10 +02:00
Ilija Lazoroski 5cee9443ff Zoo: Remove GCPHandler class. Powershell-3-47 renamed to 
Powershell-3-46. Powershell-45 moved to different zone
 2021-08-24 15:11:22 +02:00
Ilija Lazoroski 9f2a4cb7e4 Zoo: Update terraform scripts. Update gcp test machine list with new zone 2021-08-24 11:56:09 +02:00
Ilija Lazoroski 305b2cf716 Zoo: Add PowerShell config and bb test 2021-08-24 10:32:54 +02:00
Shreya Malviya e339932fde island: Change 'Powershell' to 'PowerShell' in attack schema for T1210 2021-08-24 13:16:59 +05:30
Shreya Malviya b6c3623e74 agent, island, vulture: Update class name and text related to powershell exploiter to maintain consistency ('PowerShell Remoting') 2021-08-24 13:15:47 +05:30
Shreya Malviya 72e0378335 agent: Fix import path in powershell exploiter 2021-08-24 11:52:12 +05:30
Shreya Malviya ee9fde4005 agent: Refactor powershell remoting exploiter 2021-08-24 11:40:41 +05:30
Shreya Malviya 29788776fa agent: Modify exploitation log messages in powershell exploiter 2021-08-24 11:40:41 +05:30
Shreya Malviya 04125e5e14 agent: Add separate function to set log levels for sensitive packages in powershell exploiter 2021-08-24 11:40:40 +05:30
Shreya Malviya dc4a5fbb85 agent: Use variable 'is_32bit' for function argument 2021-08-24 11:40:40 +05:30
Shreya Malviya ba8c44d22c agent: Fix typos in powershell remoting exploiter 2021-08-24 11:40:40 +05:30
Shreya Malviya 5419200d61 agent: Update exploited service name in powershell remoting exploiter 2021-08-24 11:40:40 +05:30
VakarisZ 2b71fb80c7 Fixed missing powershell exploiter report components. 2021-08-24 11:40:39 +05:30
VakarisZ 9966c54fe2 Added powershell remoting exploiter. 2021-08-24 11:40:39 +05:30
VakarisZ 55a817931d Bugfix for monkey binary removal if dropper fails to do so 2021-08-24 11:40:39 +05:30
Mike Salvatore d203b28a38
Merge pull request #1424 from guardicore/post-breach-pyinstaller-hook 
Post breach pyinstaller hook
 2021-08-23 13:54:55 -04:00
Mike Salvatore 342b5689f1 Update changelog with fixes for #1405 and #1419 2021-08-23 11:44:29 -04:00
Mike Salvatore 7f71901a29 Agent: Use path relative to __file__ to locate powershell scripts 2021-08-23 11:14:23 -04:00
Mike Salvatore 536b061cc7 Agent: Remove unused TEMP_FILE constant from windows timestomping PBA 2021-08-23 11:14:23 -04:00
Mike Salvatore 1ef884ae4e Agent: Add pyinstaller hook for post_breach package 2021-08-23 11:14:20 -04:00