Mike Salvatore
d3fc833813
Agent: Use Paths in IPowerShellClient.copy_file()
2022-03-23 14:25:28 -04:00
vakaris_zilius
7001977a88
Agent: Change powershell client to work with Path not str
2022-03-23 15:24:36 +00:00
vakaris_zilius
7c504d220d
Agent: Upload binary with random string when using powershell
2022-03-23 14:56:05 +00:00
Mike Salvatore
06f33e0fa1
Merge pull request #1802 from guardicore/1782-random-agent-filename
...
Agent: Add a method that appends random string to filename in path
2022-03-23 09:41:17 -04:00
vakaris_zilius
c2b06f22f0
Agent: Improve path comparison style in test_helpers.py
2022-03-23 13:37:33 +00:00
vakaris_zilius
efb0039e34
Agent: Make _add_random_suffix method code more concise
2022-03-23 13:33:26 +00:00
vakaris_zilius
2e6b361a9d
Agent: Add a method that appends random string to filename in path
...
This method will be used to avoid duplication in destination file paths and will avoid clashes of exploiters writing to same files
2022-03-23 10:49:25 +00:00
Mike Salvatore
3973f26192
Build: Bump Python version for building AppImage to 3.7.13
2022-03-22 19:34:25 -04:00
Mike Salvatore
426fc15ec1
Agent: Fix typo interruptable -> interruptible
2022-03-22 08:35:08 -04:00
Ilija Lazoroski
8921ed77ac
Agent: Make Hadoop interruptable
2022-03-22 08:23:33 -04:00
Mike Salvatore
ed817feaf2
Agent: Make SMBExploiter interruptible
2022-03-22 07:33:00 -04:00
vakaris_zilius
2c7920c95a
Agent: Fix ssh timeout for open_sftp by using forked paramiko
2022-03-22 07:09:09 -04:00
VakarisZ
663c1c6471
Merge pull request #1796 from guardicore/1611-interruptable-log4shell
...
Agent: Make log4shell interruptable
2022-03-22 07:14:36 +00:00
vakaris_zilius
3cfa72f731
Agent: Remove unreliable stop check in log4shell
2022-03-22 06:57:33 +00:00
Mike Salvatore
f3fddfb4ba
Merge pull request #1789 from guardicore/1611-interruptable-ssh-exploit
...
1611 interruptable ssh exploit
2022-03-21 14:09:00 -04:00
Ilija Lazoroski
e3e038bf40
Agent: Add timeouts to SSH exploit
2022-03-21 18:48:53 +01:00
Ilija Lazoroski
9765f64174
Agent: Make SSH interruptable
2022-03-21 17:37:35 +01:00
vakaris_zilius
684e723b09
Agent: Fix timer usage in log4shell
2022-03-21 16:20:48 +00:00
vakaris_zilius
325c4368de
Agent: Remove unnecessary interrupts from log4shell
2022-03-21 16:11:59 +00:00
Mike Salvatore
0f77d4ca37
Agent: Use Timer in Log4ShellExploiter
2022-03-21 11:46:55 -04:00
vakaris_zilius
41278c8044
Agent: Make log4shell interruptable
2022-03-21 15:04:24 +00:00
Mike Salvatore
b1716e9457
Merge pull request #1791 from guardicore/1611-interruptable-powershell
...
1611 Make powershell exploiter interruptable
2022-03-21 10:27:01 -04:00
Mike Salvatore
cda113d291
Agent: Check _signal_handler before resetting on Windows
...
We don't need to call win32api.SetConsoleCtrlHandler if _signal_handler
is None (i.e. was never set).
2022-03-21 10:21:10 -04:00
Mike Salvatore
a2ac2658ed
Agent: Initialize self._master = None
2022-03-21 10:19:54 -04:00
Mike Salvatore
7a1fcced2f
Agent: Extract method _set_interrupted() from is_interrupted()
2022-03-21 09:09:15 -04:00
Mike Salvatore
b0f03179c1
Agent: Add `interrupted` boolean to ExploiterResultData
...
Setting an interrupted flag on the ExploiterResultData is a more useful
way to present the information to anything that uses it. If decisions
need to be made based on whether or not something was interrupted, a
flag can be checked instead of parsing an error message.
2022-03-21 09:00:43 -04:00
Mike Salvatore
83b18debc0
Agent: Remove InterruptError and use `if` instead
2022-03-21 09:00:43 -04:00
vakaris_zilius
f50f4cf71c
Agent: Add interrupt error message to powershell results
2022-03-21 09:00:43 -04:00
vakaris_zilius
02154e38fd
Agent: Make powershell exploiter interruptable
2022-03-21 09:00:43 -04:00
Mike Salvatore
61344f9861
Merge pull request #1792 from guardicore/1741-add-smb-to-puppet
...
1741 add smb to puppet
2022-03-21 08:16:24 -04:00
Mike Salvatore
75ea2c8c3a
Docs: Remove reference to example.conf
2022-03-21 08:15:25 -04:00
Mike Salvatore
896a9171ac
Agent: Add missing 'f' to f-string
2022-03-21 08:14:01 -04:00
Mike Salvatore
cadc23d8a5
Agent: Only start/stop tunnel if the agent is able to propagate
...
Starting and stopping the tunnel is slow, and only necessary if the
agent plans to propagate. If depth < 1, propagation will not occur, so
there's no point in having a tunnel open. If a `-d` parameter is not
supplied to the agent, the tunnel will be started.
2022-03-21 08:11:19 -04:00
Mike Salvatore
7e4ec00454
Agent: Add error message to exploit_result when SMB exploiter gives up
2022-03-21 07:21:05 -04:00
Mike Salvatore
9ca8bc1a60
Agent: Remove example.conf
...
This file is out of date and an unnecessary maintenance burden.
2022-03-21 07:16:22 -04:00
Mike Salvatore
89bda5ae87
Agent: Improve logging in SMBExploiter
2022-03-21 07:15:47 -04:00
VakarisZ
fe7c7d5d9c
Merge pull request #1793 from guardicore/agent-log-timestamp-ordering
...
Agent log timestamp ordering
2022-03-21 07:46:04 +00:00
Mike Salvatore
96c8072c21
Docs: Update agent log naming scheme to put timestamp before random
2022-03-20 20:40:43 -04:00
Mike Salvatore
753f00de65
Agent: Put timestamp before random string in log names
...
Putting the timestamp before the random string in the agent and dropper
log names allows them to be sorted by time.
2022-03-20 20:40:35 -04:00
Mike Salvatore
9b66b98428
Island: Move smb_service into exploit.properties.smb_service
2022-03-20 19:39:39 -04:00
Mike Salvatore
9532aba033
Agent: Improve logging around SCM connection attempts
2022-03-18 13:38:02 -04:00
Mike Salvatore
75dd26b3df
Agent: Handle case where SMB service already exists in SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
abb05730b8
Agent: Remove unnecessary __init__() from SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
c3ffd91990
Agent: Load SMBExploiter into the puppet
2022-03-18 13:38:02 -04:00
Mike Salvatore
d56a6e23db
Agent: Remove disused {try,}get_target_monkey()
2022-03-18 13:38:02 -04:00
Mike Salvatore
f3d4f972a0
Agent: Remove disused MonkeyHTTPServer
2022-03-18 13:38:02 -04:00
Mike Salvatore
732568b34f
Agent: Remove disused get_monkey_depth()
2022-03-18 13:38:02 -04:00
Mike Salvatore
8eace7c736
Agent: Return ExploitResultData from SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
eddb9d527f
Agent: Remove dependency on SMBFingerprinter from SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
df24d4ab6a
Agent: Use self.telemetry_messenger in SMBExploiter
2022-03-18 13:38:02 -04:00