Commit Graph

1018 Commits

Author SHA1 Message Date
Daniel Goldberg df6dd194ca
Merge pull request #186 from guardicore/bugfix/consistent_flask_secret_key
Make flask session key consistent between sessions
2018-09-18 15:19:24 +03:00
Daniel Goldberg 6eb48c4445 See
https://stackoverflow.com/questions/27287391/why-not-generate-the-secret-key-every-time-flask-starts
2018-09-13 16:05:30 +03:00
itaymmguardicore 0518899475
Merge pull request #145 from guardicore/feature/support-common-folder
Feature/support common folder
2018-09-13 14:56:24 +03:00
Itay Mizeretz 080e3ab23d Merge remote-tracking branch 'origin/develop' into feature/support-common-folder
# Conflicts:
#	infection_monkey/transport/__init__.py
#	monkey/infection_monkey/config.py
#	monkey/infection_monkey/exploit/__init__.py
#	monkey/infection_monkey/exploit/elasticgroovy.py
#	monkey/infection_monkey/exploit/sambacry.py
#	monkey/infection_monkey/exploit/struts2.py
#	monkey/infection_monkey/exploit/tools.py
#	monkey/infection_monkey/network/tcp_scanner.py
#	monkey/infection_monkey/system_info/mimikatz_collector.py
#	monkey/monkey_island/cc/ui/cfg/base.js
#	monkey/monkey_island/cc/ui/cfg/defaults.js
#	monkey/monkey_island/cc/ui/cfg/dev.js
#	monkey/monkey_island/cc/ui/cfg/dist.js
#	monkey/monkey_island/cc/ui/cfg/test.js
2018-09-09 14:43:03 +03:00
itaymmguardicore 95ee92ff08
Merge pull request #183 from VakarisZ/web_rce_bugfix
Improved error handling if firewall does not allow to open http server
2018-09-05 17:55:41 +03:00
itaymmguardicore 5ce902fecd
Merge pull request #120 from guardicore/feature/detect-cross-segment-traffic
Feature/detect cross segment traffic
2018-09-03 15:23:21 +03:00
Vakaris f27f5cd919 Improved error handling if firewall does not allow to open http server 2018-08-30 15:42:07 +03:00
itaymmguardicore 66876fb970
Merge pull request #177 from acepace/feature/common-folder-import-rewrite
Rewrote config parsing
2018-08-30 15:00:55 +03:00
itaymmguardicore 686cca1723
Merge pull request #153 from guardicore/feature/async_scan
Opportunistic waiting, make get_tcp_ports O(timeout)
2018-08-30 15:00:33 +03:00
itaymmguardicore 62f6d7748b
Merge pull request #182 from VakarisZ/hadoop_rce
Hadoop with web_rce framework
2018-08-30 14:55:48 +03:00
Vakaris c8e131d913 Added a space before bracket in report 2018-08-30 14:20:52 +03:00
Vakaris 49904d0cb0 Undone server's closing timeout, even though I think 60 is too much 2018-08-29 22:57:52 +03:00
Vakaris 818aae3a2c Hadoop exploitation tested on windows and linux 2018-08-29 22:57:52 +03:00
Vakaris 568320c298 Refactored, notes fixed but file server still timeouts 2018-08-29 22:57:52 +03:00
Vakaris 02c27584da Refactored according to latest web_rce framework changes 2018-08-29 22:57:30 +03:00
Vakaris 504281dbcb quick-fix 2018-08-29 22:57:30 +03:00
Vakaris 390d94a8c3 Final tests, windows command changed 2018-08-29 22:57:30 +03:00
Vakaris c7952dcbc5 Fixed reporting and upploading bugs 2018-08-29 22:57:30 +03:00
Vakaris 5674bebfa6 Core code written but nothing tested 2018-08-29 22:34:16 +03:00
Daniel Goldberg f6cb7ab655 Fix possible empty initialization of scanner class.
Scanner now defaults to none, and we need to handle that case in the scanner.
2018-08-29 11:37:00 -04:00
itaymmguardicore 61592776e9
Merge pull request #181 from VakarisZ/elastic_with_framework
Elastic with framework
2018-08-29 17:40:51 +03:00
itaymmguardicore bed482d70b
Merge pull request #169 from guardicore/feature/wrap-mimikatz-zip
Make mimikatz inside zip and extract only if config says so
2018-08-29 17:28:27 +03:00
Vakaris a2bebca4bc spaces removed 2018-08-29 17:20:43 +03:00
Daniel Goldberg 83b1933296 Remove subcasing for classes 2018-08-29 10:20:30 -04:00
Vakaris 477836e1c9 Blank newline added to match source file 2018-08-29 17:19:51 +03:00
Vakaris 304f5bd643 Removed unused commands 2018-08-29 17:14:55 +03:00
itaymmguardicore 91c37cc68f
Merge pull request #180 from VakarisZ/WebLogic_with_framework
Web logic with framework
2018-08-29 17:02:14 +03:00
Itay Mizeretz cd020668ef Add note regarding 7zip 2018-08-29 16:58:33 +03:00
Itay Mizeretz 5b6a9595f4 mimikatz zip is now in datas 2018-08-29 16:56:55 +03:00
Vakaris 4d6472cce1 Ports are now taken from elastic_fingerprint module 2018-08-29 16:55:35 +03:00
Vakaris d4262ef0bd Removed unused constants 2018-08-29 16:55:35 +03:00
Vakaris 56b3190cb5 Refactored elastic according to latest web_rce framework changes. Tested on windows and linux 2018-08-29 16:55:35 +03:00
Vakaris 76523e7379 Refactored elastic for latest framework changes 2018-08-29 16:55:35 +03:00
Vakaris a54eedec11 Commands tested and working on windows. 2018-08-29 16:55:35 +03:00
Vakaris 7e2cc86ab9 Code cleaned and tested on ubuntu 2018-08-29 16:55:35 +03:00
Vakaris 8ddfb03f27 Uploaded and modified standard web_rce code usage.Not working, not tested 2018-08-29 16:55:35 +03:00
Vakaris 3f809403d1 Custom http server class moved to the end of file 2018-08-29 16:55:03 +03:00
itaymmguardicore 9317d0a805
Merge pull request #179 from VakarisZ/Struts2_with_framework
Struts2 with framework
2018-08-29 15:05:09 +03:00
itaymmguardicore aab8f9295e
Merge pull request #178 from VakarisZ/WebRCE_Framework
Added functions get_monkey_paths and run_backup_commands
2018-08-29 15:01:12 +03:00
itaymmguardicore 7a5e53ee69
Merge pull request #176 from acepace/feature/support-common-folder-exploit-import
Feature/support common folder exploit import
2018-08-29 14:52:34 +03:00
Vakaris 57e795573e Documented what's required and other minor changes 2018-08-29 14:43:40 +03:00
Vakaris 307a7c396c Notes fixed and tested 2018-08-29 14:43:39 +03:00
Vakaris 39bb41ed25 Removed unused imports and tested 2018-08-29 14:43:39 +03:00
Vakaris f001403a92 Fixed lock bug and made uploaded monkey names standard 2018-08-29 14:43:39 +03:00
Vakaris 8e8422b3b7 Lock changed from singleton into local variable 2018-08-29 14:43:39 +03:00
Vakaris 8fd42abd5d Refactored according to final web_rce framework changes 2018-08-29 14:43:39 +03:00
Vakaris 10528c313d Webblogic refactored to web RCE framework changes(from static methods into class methods) 2018-08-29 14:43:39 +03:00
Vakaris 66bc852742 Bugfix: http servers thread is stopped if remote target is not vulnerable 2018-08-29 14:43:39 +03:00
Vakaris ab64e78f00 Core functions of Oracle weblogic rce 2018-08-29 14:43:39 +03:00
Vakaris 8af2ab70e7 Removed unused import statement 2018-08-29 14:42:40 +03:00