forked from p34709852/monkey
Merge pull request #1981 from guardicore/1961-docs-agent-propagation
Add page about agent propagation to docs
This commit is contained in:
commit
542c4265b7
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
title: "Agent propagation"
|
||||||
|
date: 2022-06-03T13:17:22+05:30
|
||||||
|
draft: false
|
||||||
|
pre: '<i class="fas fa-user-secret"></i> '
|
||||||
|
weight: 2
|
||||||
|
tags: ["agent", "propagation", "reference"]
|
||||||
|
---
|
||||||
|
|
||||||
|
## How does the Infection Monkey Agent propagate to a new machine?
|
||||||
|
|
||||||
|
The agent propagates using remote code execution vulnerabilities. Once the
|
||||||
|
agent has achieved remote code execution on the victim, it executes commands
|
||||||
|
that are similar to the ones described in [manual run
|
||||||
|
page.](../../usage/running-manually/)
|
||||||
|
|
||||||
|
On Windows targets, the agent is copied to `C:\Windows\temp\monkey64.exe`. On
|
||||||
|
Linux targets, it is copied to `/tmp/monkey`.
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
title: "Running the monkey on AWS EC2 instances"
|
title: "Running the agent on AWS EC2 instances"
|
||||||
date: 2020-06-28T10:44:05+03:00
|
date: 2020-06-28T10:44:05+03:00
|
||||||
draft: false
|
draft: false
|
||||||
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
|
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
title: "Running Manually"
|
||||||
|
date: 2022-06-09T14:47:40+03:00
|
||||||
|
draft: false
|
||||||
|
weight: 2
|
||||||
|
pre: "<i class='fas fa-terminal'></i> "
|
||||||
|
tags: ["usage"]
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
## Generating manual run command
|
||||||
|
|
||||||
|
A command to run the agent manually can be generated by the Island Server UI by
|
||||||
|
going to the "Run Monkey" -> "Manual" page.
|
||||||
|
|
||||||
|
### Downloading the agent manually
|
||||||
|
|
||||||
|
Agent binaries can be downloaded by sending a `GET` request to
|
||||||
|
`https://[IP]:5000/api/agent/download/[OS]`, where `[IP]` stands for the IP
|
||||||
|
address of the Island server and `[OS]` is either `windows` or `linux`.
|
||||||
|
|
||||||
|
### Running the agent binary
|
||||||
|
|
||||||
|
The agent binary must be started with either the `m0nk3y` or `dr0pp3r` flag.
|
||||||
|
|
||||||
|
The `m0nk3y` flag is the standard way to run the agent.
|
||||||
|
|
||||||
|
The `dr0pp3r` flag invokes the agent dropper. The dropper will move the agent
|
||||||
|
binary to a location provided with the `-l` flag. Then, it will start the agent
|
||||||
|
with the `m0nk3y` flag as a new process. Finally, the dropper will shut itself
|
||||||
|
down. This flag is useful if you want to detach the agent from an exploited
|
||||||
|
service or parent process. It alleviates the need for the parent process to
|
||||||
|
wait until the agent finishes.
|
Loading…
Reference in New Issue