From d7b228897fbb2c857b7c3602a577468d8b6dcc1e Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Mon, 11 Feb 2019 11:10:00 +0200 Subject: [PATCH 1/3] Require traceroute for build only on linux --- monkey/infection_monkey/monkey.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index ac6e9f03e..a7f0f0396 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -69,7 +69,6 @@ def process_datas(orig_datas): def get_binaries(): binaries = get_windows_only_binaries() if is_windows() else get_linux_only_binaries() binaries += get_sc_binaries() - binaries += get_traceroute_binaries() return binaries @@ -81,6 +80,7 @@ def get_windows_only_binaries(): def get_linux_only_binaries(): binaries = [] + binaries += get_traceroute_binaries() return binaries From 8c76e244ad0be637c142096202e2c684c79c79a9 Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Mon, 11 Feb 2019 14:00:23 +0200 Subject: [PATCH 2/3] Update readme for relevant instruction to build/download required binaries --- monkey/infection_monkey/readme.txt | 58 ++++++++++++++++++++++-------- 1 file changed, 44 insertions(+), 14 deletions(-) diff --git a/monkey/infection_monkey/readme.txt b/monkey/infection_monkey/readme.txt index eb757d144..970b17d01 100644 --- a/monkey/infection_monkey/readme.txt +++ b/monkey/infection_monkey/readme.txt @@ -5,6 +5,7 @@ The monkey is composed of three separate parts. * The Infection Monkey itself - PyInstaller compressed python archives * Sambacry binaries - Two linux binaries, 32/64 bit. * Mimikatz binaries - Two windows binaries, 32/64 bit. +* Traceroute binaries - Two linux binaries, 32/64bit. --- Windows --- @@ -51,8 +52,11 @@ Tested on Ubuntu 16.04 and 17.04. pip install -r requirements.txt 2. Build Sambacry binaries a. Build/Download according to sections at the end of this readme. - b. Place the binaries under [code location]\infection_monkey\bin -3. To build, run in terminal: + b. Place the binaries under [code location]\infection_monkey\bin, under the names 'sc_monkey_runner32.so', 'sc_monkey_runner64.so' +3. Build Traceroute binaries + a. Build/Download according to sections at the end of this readme. + b. Place the binaries under [code location]\infection_monkey\bin, under the names 'traceroute32', 'traceroute64' +4. To build, run in terminal: cd [code location]/infection_monkey chmod +x build_linux.sh ./build_linux.sh @@ -61,19 +65,45 @@ Tested on Ubuntu 16.04 and 17.04. -- Sambacry -- Sambacry requires two standalone binaries to execute remotely. -1. Install gcc-multilib if it's not installed - sudo apt-get install gcc-multilib -2. Build the binaries - cd [code location]/infection_monkey/monkey_utils/sambacry_monkey_runner - ./build.sh +a. Build sambacry binaries yourself + a.1. Install gcc-multilib if it's not installed + sudo apt-get install gcc-multilib + a.2. Build the binaries + cd [code location]/infection_monkey/monkey_utils/sambacry_monkey_runner + ./build.sh + +b. Download our pre-built sambacry binaries + b.1. Available here: + 32bit: https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so + 64bit: https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so -- Mimikatz -- Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile from sources (requires Visual Studio 2013 and up) or download the binaries from -https://github.com/guardicore/mimikatz/releases/tag/1.0.0 -Download both 32 and 64 bit zipped DLLs and place them under [code location]\infection_monkey\bin -Alternatively, if you build Mimikatz, put each version in a zip file. -1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll -2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'. -3. The zip file should be named mk32.zip/mk64.zip accordingly. -4. Zipping with 7zip has been tested. Other zipping software may not work. +You can either build them yourself or download pre-built binaries. +a. Build Mimikatz yourself + a.0. Building mimikatz requires Visual Studio 2013 and up + a.1. Clone our version of mimikatz from https://github.com/guardicore/mimikatz/tree/1.1.0 + a.2. Build using Visual Studio. + a.3. Put each version in a zip file + a.3.1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll + a.3.2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'. + a.3.3. The zip file should be named mk32.zip/mk64.zip accordingly. + a.3.4. Zipping with 7zip has been tested. Other zipping software may not work. + +b. Download our pre-built traceroute binaries + b.1. Download both 32 and 64 bit zipped DLLs from https://github.com/guardicore/mimikatz/releases/tag/1.1.0 + b.2. Place them under [code location]\infection_monkey\bin + +-- Traceroute -- + +Traceroute requires two standalone binaries to execute remotely. +The monkey carries it since traceroute isn't built in all linux distributions. +You can either build them yourself or download pre-built binaries. + +a. Build traceroute yourself + a.1. The sources of traceroute are available here with building instructions: http://traceroute.sourceforge.net +b. Download our pre-built traceroute binaries + b.1. Available here: + 32bit: https://github.com/guardicore/monkey/releases/download/1.6/traceroute32 + 64bit: https://github.com/guardicore/monkey/releases/download/1.6/traceroute64 From 1528966f6b8f6b02557fa8f9cd86b4a140d95616 Mon Sep 17 00:00:00 2001 From: Daniel Goldberg Date: Mon, 11 Feb 2019 19:17:25 +0200 Subject: [PATCH 3/3] Fix traceroute phrasing --- monkey/infection_monkey/readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/readme.txt b/monkey/infection_monkey/readme.txt index 970b17d01..27318e386 100644 --- a/monkey/infection_monkey/readme.txt +++ b/monkey/infection_monkey/readme.txt @@ -98,7 +98,7 @@ b. Download our pre-built traceroute binaries -- Traceroute -- Traceroute requires two standalone binaries to execute remotely. -The monkey carries it since traceroute isn't built in all linux distributions. +The monkey carries the standalone binaries since traceroute isn't built in all Linux distributions. You can either build them yourself or download pre-built binaries. a. Build traceroute yourself