Commit Graph

7561 Commits

Author SHA1 Message Date
Shreya Malviya 25f90c84bc UT: Remove arch stuff from PowerShell exploiter tests 2022-03-16 14:03:32 +01:00
Shreya Malviya 7d25bf711a Agent: Remove arch checks from PowerShell exploiter 2022-03-16 14:03:32 +01:00
Shreya Malviya 7155896caa Agent: Remove PowerShell exploiter's dependency on WormConfiguration 2022-03-16 14:03:32 +01:00
VakarisZ 87cbb07da0
Merge pull request #1779 from guardicore/1738-add-mssql-to-puppet
1738 add mssql to puppet
2022-03-15 16:21:36 +02:00
Mike Salvatore 62005e6f88 Agent: Store MSSQLExploiter error message in self.exploit_result 2022-03-15 08:41:23 -04:00
vakarisz 43c8528409 Agent: Handle unexpected errors in mssqlexec.py 2022-03-15 14:10:35 +02:00
vakarisz 1f327a1305 Agent: Improve exception handling in mssqlexec.py 2022-03-15 08:51:22 +02:00
vakarisz 66ee3527d2 Agent: Pre-commit hook fixes on MSSQL exploiter infrastructure 2022-03-14 15:40:04 +02:00
vakaris_zilius 29e494cfb1 Island: Fix a ZT multiple findings bug
A bug happened in zero trust findings: since multiple exploiters run at the same time, they send telemetries at the same time and those telemetries get parsed at the same time. So multiple threads fetch ZT findings at once, finds none and creates duplicate findings. With this bugfix only one thread can fetch for findings at a time. This means that one thread creates the finding and others fetch it and just add events to it
2022-03-14 13:16:41 +00:00
vakaris_zilius 14953c8cdd Agent: register MSSQL exploiter plugin on the puppet 2022-03-14 12:47:29 +00:00
vakaris_zilius ae8e0b6dbb Agent: Refactor mssqlexec.py to use agent repository 2022-03-14 12:47:29 +00:00
vakarisz 50a8bf8f4a Agent: Refactor mssqlexec.py to fit the new puppet infrastructure 2022-03-14 12:47:29 +00:00
Ilija Lazoroski 4fcb28516d Island: Remove usage of deleted add_credentials_to_node function 2022-03-14 13:29:46 +01:00
Ilija Lazoroski adc1010355 Island: Fix mongo query in telemetry processing 2022-03-14 13:29:46 +01:00
Shreya Malviya 11f48a95be Island: Fix mongo query in report generation for exploits 2022-03-14 13:29:46 +01:00
Mike Salvatore 453dc21074
Merge pull request #1773 from guardicore/1737-add-zerologon-to-puppet
1737 add zerologon to puppet
2022-03-11 08:53:12 -05:00
Mike Salvatore 527c43a3f8 Agent: Add leading zero to single digits in worker thread names 2022-03-10 20:37:35 -05:00
Mike Salvatore dd2168e838 Agent: Log exception information on dcom.disconnect() key error 2022-03-10 12:00:27 -05:00
Ilija Lazoroski 302718c4d4 Agent: Change monkey log argument to 'agent' 2022-03-10 16:05:31 +01:00
vakaris_zilius 2c74967d71 UI: fix exploit timeline bug in map page
Fixes #1769
2022-03-10 10:04:57 -05:00
Mike Salvatore f279cc5e99
Merge pull request #1767 from guardicore/1761-rename-log-files
1761 rename log files
2022-03-10 09:27:39 -05:00
Mike Salvatore 452252c5c9 Docs: Update information about agent log storage locations 2022-03-10 09:25:03 -05:00
Mike Salvatore 8b4d1d084e Changelog: Improve message for removing log path config options 2022-03-10 09:11:06 -05:00
Mike Salvatore 45936c2f79 Agent: Remove unnecessary expandvars() in _get_log_path() 2022-03-10 09:07:38 -05:00
Mike Salvatore 2d2338f1f6 Agent: Log the path of the log file to stdout 2022-03-10 09:07:38 -05:00
Mike Salvatore 02accde812 UT: Add tests for get_{agent,dropper}_log_path() 2022-03-10 09:07:36 -05:00
Mike Salvatore 17c3fa02b3 Agent: Return agent/dropper log path as a Path instead of str 2022-03-10 09:07:18 -05:00
Mike Salvatore 96069d3ae6 Agent: Wrap get_log_path() with easier to use functions 2022-03-10 09:06:05 -05:00
Ilija Lazoroski 0947e41ea9 Changelog: Add entry for changing log file name 2022-03-10 12:39:50 +01:00
Ilija Lazoroski 52617cfcdc Docs: Change monkey log filename 2022-03-10 12:38:10 +01:00
Ilija Lazoroski 3c745f697f Agent, UI: Remove internal-logging from config
The config is called after the log path is set,
so the logging config had no affect on the
log path.
2022-03-10 11:51:33 +01:00
vakaris_zilius d9ee377945 Agent: fix access denied error handling in wmi_tools.py 2022-03-10 10:18:35 +00:00
Mike Salvatore 27e3cc6b4c Agent: Add @wraps to WmiTools decorators 2022-03-09 15:21:46 -05:00
Mike Salvatore 720768e25d Agent: Add debug logging to decorators in WmiTools 2022-03-09 14:45:49 -05:00
vakaris_zilius 2c8aef6d80 Island: remove unused node states
Exploited node state is no longer used, returning it in the list caused errors on the ui
2022-03-09 15:55:38 +00:00
vakaris_zilius a8018a7956 Agent: Add impacket_user decorator to the zerologon
impacket_user decorator will awoid race conditions with other exploiters using wmi tools
2022-03-09 15:54:23 +00:00
Ilija Lazoroski 71328ea2b1 Agent, Island: User friendly log name
* Configurable log directories
* Random component to the log file
* 'infection-monkey-<monkey-arg>-<random-str>-<timestamp>.log'
2022-03-09 16:49:32 +01:00
Shreya Malviya a3eb0bc6f2 Island: Remove unused `set_node_group()` in NodeService 2022-03-09 10:21:52 -05:00
Shreya Malviya 5e3829aab3 Island: Add field `propagated` to node and rename image files 2022-03-09 10:21:52 -05:00
Shreya Malviya d6fe9c2ef2 Agent: Remove `add_extracted_creds_to_exploiter_options()` from Zerologon exploiter 2022-03-09 10:21:52 -05:00
Mike Salvatore 8bc6086e1a Agent: Correctly set propagation/exploitation status in Zerologon 2022-03-09 10:21:52 -05:00
Mike Salvatore 0d5fcf7fbf Agent: Fix name of self.telemetry_messenger in ZerologonExploiter 2022-03-09 10:21:52 -05:00
Mike Salvatore 118c2abaee Agent: Load ZerologonExploiter into the puppet 2022-03-09 10:21:51 -05:00
vakarisz c322446aee Agent: use exploit_results in zerologon 2022-03-09 10:20:45 -05:00
vakarisz 325e58cea2 Agent: explicitly specify some timeouts in zerologon exploiter 2022-03-09 10:20:45 -05:00
Shreya Malviya 5ec05d5617 UT: Fix Zerologon UTs 2022-03-09 10:20:45 -05:00
Shreya Malviya a927879334 Agent: Remove `host` from Zerologon exploiter's constructor 2022-03-09 10:20:45 -05:00
Shreya Malviya 040227286a Agent: Send extracted creds as CredentialTelemetry from Zerologon exploiter 2022-03-09 10:20:45 -05:00
Shreya Malviya aee3566a0c Agent: Remove WormConfiguration references in Zerologon exploiter 2022-03-09 10:20:45 -05:00
Shreya Malviya 08cbf75b5f Agent: Remove credential hashes in logging in Zerologon exploiter 2022-03-09 10:20:45 -05:00