Mike Salvatore
7d0e177e7a
Merge pull request #1727 from guardicore/1605-modify-ssh-exploit
...
Modify SSH exploit
2022-02-23 09:16:11 -05:00
Mike Salvatore
0f0edc3439
Agent: Log error messages at error level in SSHExploiter
2022-02-23 09:08:28 -05:00
vakarisz
9d23c3dd62
UT: fix test data to contain credential type in capitals
2022-02-23 16:00:31 +02:00
vakarisz
04b217cde5
Island: remove code duplication in credentials_parser.py
2022-02-23 15:52:04 +02:00
vakarisz
9396ac7512
Island, UT: fix ssh key processing, add unit tests
2022-02-23 15:49:56 +02:00
vakarisz
ddb227b181
Island: sort telem processing functions alphabetically
2022-02-23 15:49:56 +02:00
vakarisz
a1073bdb34
Island: add monkey guid to credentials object
2022-02-23 15:49:56 +02:00
vakarisz
1fe1293405
UT: export credential testing infrastructure to conftest
2022-02-23 15:49:56 +02:00
vakarisz
8dd033c212
Island: refactor credential parser to use Credentials object
2022-02-23 15:49:54 +02:00
vakarisz
3ff9bbe327
UT: add a test for parsing username with special characters
2022-02-23 15:47:14 +02:00
vakarisz
8dedb7eac5
Island: Revert "Island: remove unfinished ssh key processor"
...
This reverts commit 0cbfc79a92
.
2022-02-23 15:47:14 +02:00
Mike Salvatore
8e953359f8
Common: Use Enum.auto() for CredentialComponentType values
2022-02-23 08:44:41 -05:00
Mike Salvatore
7c9c4cf9fb
Island: Compare Enums instead of strings in parse_credentials()
2022-02-23 08:44:02 -05:00
Mike Salvatore
dc4273f970
Agent: Use Enum for credential_type instead of string (Enum.value)
2022-02-23 08:15:27 -05:00
Shreya Malviya
e993998432
Agent: Make ExploiterResultData a dataclass instead of a named tuple
...
and modify HostExploiter and the SSH exploiter accordingly
2022-02-23 18:28:32 +05:30
Ilija Lazoroski
d8e203dd50
Project: Change readme and remove shellshock from vulture
2022-02-23 13:50:12 +01:00
Ilija Lazoroski
ddc77e6d6a
Zoo: Remove ShellShock Exploiter
2022-02-23 13:50:12 +01:00
Ilija Lazoroski
fe3b263398
Docs: Remove ShellShock documentation
2022-02-23 13:50:12 +01:00
Ilija Lazoroski
291755e5c9
UT: Remove ShellShock from tests config
2022-02-23 13:50:05 +01:00
Ilija Lazoroski
60d16ea4d6
Island: Remove ShellShock Exploiter
2022-02-23 13:48:41 +01:00
Ilija Lazoroski
64b900b94d
Agent: Remove ShellShock exploiter
2022-02-23 13:48:41 +01:00
Mike Salvatore
1e12a55240
UT: Use time.per_counter_ns() in test_request_cache()
...
The time.time() function on windows does not provide adequate resolution
for test_request_cache(). For comparison, the time.get_clock_info()
function shows the resolution of the clock.
Linux:
>>> import time
>>> time.get_clock_info("time")
namespace(
adjustable=True,
implementation='clock_gettime(CLOCK_REALTIME)',
monotonic=False,
resolution=1e-09
)
>>> time.get_clock_info("perf_counter")
namespace(
adjustable=False,
implementation='clock_gettime(CLOCK_MONOTONIC)',
monotonic=True,
resolution=1e-09
)
Windows:
>>> time.get_clock_info("time")
namespace(
adjustable=True,
implementation='GetSystemTimeAsFileTime()',
monotonic=False,
resolution=0.015625
)
>>> time.get_clock_info("perf_counter")
namespace(
adjustable=False,
implementation='QueryPerformanceCounter()',
monotonic=True,
resolution=1e-07
)
As shown above, the "perf_counter" clock on Windows if over 5 orders of
magnitude more precise than the "time" clock. This lack of precision
caused the test to fail on Windows, as the entire test often ran in less
than 0.015625 seconds.
2022-02-23 07:44:56 -05:00
Shreya Malviya
2a8186928d
Agent: Remove unused function `send_exploit_telemetry` in `HostExploiter`
2022-02-23 17:42:00 +05:30
Shreya Malviya
58703f9b5b
Agent: Remove code that set `exploit_result`'s fields to the default value in SSH exploiter
2022-02-23 17:38:48 +05:30
VakarisZ
3fee7dec90
Merge pull request #1731 from guardicore/1695-parsing-mimikatz
...
1695 parsing mimikatz
2022-02-23 13:58:47 +02:00
Shreya Malviya
4ecc5283e5
Agent: Rename function for returning ExploiterResultData
2022-02-23 17:11:53 +05:30
Shreya Malviya
6cdb86aa4b
Agent: Add TODO comment for VictimHost type hint to HostExploiter.py
2022-02-23 17:10:53 +05:30
Ilija Lazoroski
03178b6011
Island: Fix attack technique T1210
2022-02-23 10:59:28 +01:00
Ilija Lazoroski
a0b5ac2330
Agent: Fix monkey exploitation reporting
2022-02-23 10:59:28 +01:00
Ilija Lazoroski
4dfe0cf7db
Agent: Remove monkey import from exploit_telem
2022-02-23 10:59:28 +01:00
Ilija Lazoroski
522d0d388d
Agent: Modify SSH exploiter to return ExploiterResultData
2022-02-23 10:59:21 +01:00
Ilija Lazoroski
58b1a04bd7
Agent: Modify exploit_host() to accept object instead of string
2022-02-22 19:30:53 +01:00
Ilija Lazoroski
f2b2a9c5c3
Agent: Modify SSH exploit
...
* Remove credential hashes from logs
* Get rid of config and use brute_force utils
* Use telemetry messenger to send attack telemetries
* Zerologon and Powershell needs to be revised based on UT
2022-02-22 19:24:21 +01:00
vakarisz
8c90a98d05
UT: rename mimikatz credential processing to credential processing
2022-02-22 17:42:36 +02:00
vakarisz
0cbfc79a92
Island: remove unfinished ssh key processor
2022-02-22 17:42:33 +02:00
vakarisz
719d8dd2ad
Island, Agent, Common: rename CredentialsType to CredentialComponentType
2022-02-22 17:41:38 +02:00
vakarisz
c87297eb2a
Island: fix a bug in lm_hash_processor.py
2022-02-22 17:40:56 +02:00
vakarisz
80bf561820
Island: fix a bug in lm_hash_processor.py
2022-02-22 17:40:56 +02:00
vakarisz
600753b53c
Island: add username processor
2022-02-22 17:40:56 +02:00
vakaris_zilius
4b3750076a
Agent, Island, Common: change code to process CredentialType value
...
Island: rename credentials_type.py
2022-02-22 17:40:55 +02:00
vakarisz
bb760c7e8a
Island: fix detection if credential is a keypair
2022-02-22 17:21:48 +02:00
vakaris_zilius
d874cd9d5a
Agent: fix broken pwd import on windows for ssh_handler.py
2022-02-22 17:18:57 +02:00
vakaris_zilius
b344676425
Agent: add basic log statements to the mimikatz collector
2022-02-22 17:18:32 +02:00
vakaris_zilius
036388e704
Agent: don't log the contents of credentials telemetries
2022-02-22 17:18:31 +02:00
Ilija Lazoroski
b224348881
Island: Fix credential collector parsing for SSH
2022-02-22 17:18:31 +02:00
vakarisz
c96674f834
Island, Agent: fixed imports to reference credential type enum in common
2022-02-22 17:18:31 +02:00
vakarisz
73434537fe
Island: remove system_info processing file
...
No system info telemetries need to be processed anymore
2022-02-22 17:18:31 +02:00
vakarisz
5471e9854c
Island: remove credentials parsing boundary
2022-02-22 17:18:31 +02:00
vakarisz
a8717dc691
Agent: rename and move credentials_type enum to common
2022-02-22 17:18:31 +02:00
Ilija Lazoroski
597fe35806
Island: Remove WMI handler that processed wmi info
...
* Leftover from broken info gathering package
2022-02-22 17:18:31 +02:00