Commit Graph

4738 Commits

Author SHA1 Message Date
Shreya 2ef892e33f Try starting remote shell on victim with all user creds until successful 2021-02-20 01:12:04 +05:30
Shreya c227ccd3a1 Remove Zerologon fingerprinter (and move required functionality to Zerologon exploiter) 2021-02-20 01:12:04 +05:30
Shreya 869d608e09 Modify how `store_extracted_creds_for_exploitation()` is called
+ other little CR changes
2021-02-20 01:12:04 +05:30
Shreya 6c9ce028e0 Use __enter__() and __exit__() for StdoutCapture 2021-02-20 01:12:04 +05:30
Shreya e0ae8381ba restoring pwd: uses next available user account in case Administrator isn't found
and save all other credentials
2021-02-20 01:12:04 +05:30
Shreya c20e677940 Add impacket copyright notice 2021-02-20 01:12:01 +05:30
VakarisZ 4158ed802b Refactored telemetry unit tests to json encode data the same way telemetries do. 2021-02-19 17:19:21 +02:00
VakarisZ c698e0ab66
Merge pull request #848 from guardicore/519/scoutsuite-integration
519/scoutsuite integration
2021-02-19 08:08:40 +02:00
Shreya 0992e276b4 More CR changes
TODO:
- impacket license
- get pwd for some other users if 'Administrator' doesn't exist (and save all users' creds?)
- unit tests
2021-02-19 01:06:06 +05:30
Shreya 0866aee2cf Testing changes 2021-02-19 01:06:06 +05:30
Shreya 2c2a9eaaae Restructure `_exploit_host()` and `restore_password()` 2021-02-19 01:06:06 +05:30
Shreya 2bdcdcc18b CR changes 2021-02-19 01:06:06 +05:30
Shreya a3bc9188dd Increase flake8 warnings' limit from 80 to 81 2021-02-19 01:06:06 +05:30
Shreya d7086f04aa CR + testing changes 2021-02-19 01:06:06 +05:30
Shreya e357b3fbe6 Changes after rebasing 2021-02-19 01:06:06 +05:30
Shreya 435f10fb20 CR changes 2021-02-19 01:06:06 +05:30
Shreya 961d5f81f8 Make DC details object attributes 2021-02-19 01:06:06 +05:30
Shreya a908d31fc5 Remove unused imports and variable 2021-02-19 01:06:06 +05:30
Shreya 81c6de75b7 Add Zerologon to documentation 2021-02-19 01:06:06 +05:30
Shreya 290385a8a0 Zerologon's success on a machine shouldn't prevent other exploit attempts on the machine
(ZL gathers credentials for other exploits)
2021-02-19 01:06:06 +05:30
Shreya 9c0fc7e435 Changes after manual testing 2021-02-19 01:06:06 +05:30
Shreya c05a48d34d Final exploit touches and report stuff 2021-02-19 01:06:05 +05:30
Shreya b57605b58d Changes from manual testing 2021-02-19 01:06:05 +05:30
Shreya 1cf07eff89 Improve log messages and comments 2021-02-19 01:06:05 +05:30
Shreya 13ef69c3ed Clean up code and comments 2021-02-19 01:06:05 +05:30
Shreya 53ef6feadf Restore password
(wmiexec to get HKLM keys --> secretsdump to get orig pwd nthash --> restore)
2021-02-19 01:06:05 +05:30
Shreya e7485bd02f Mention CVE 2021-02-19 01:06:05 +05:30
Shreya 8549ba14cf Bringing stuff together 2021-02-19 01:06:05 +05:30
Shreya 5cd8b39f0f Get original passwords' hashes 2021-02-19 01:06:05 +05:30
Shreya a4207494ec Change classes order in file 2021-02-19 01:06:05 +05:30
Shreya 44e15bd2a0 Add restore_password() 2021-02-19 01:06:05 +05:30
Shreya 9468de471d Partially add Zerologon exploiter 2021-02-19 01:06:05 +05:30
Shreya 2cc0a159e0 Rename "WindowsServer" fingerprinter: "Zerologon" makes more sense 2021-02-19 01:06:05 +05:30
Shreya 900bb7636d Basic config and report stuff 2021-02-19 01:06:05 +05:30
Mike Salvatore 978927c329
Merge pull request #970 from shreyamalviya/telemetry-tests
Telemetry unit tests
2021-02-18 14:18:05 -05:00
Shreya 2bc27b48de Use stub for PBA 2021-02-19 00:44:28 +05:30
Shreya 8bd30ceb4c Format code using black 2021-02-19 00:09:20 +05:30
Shreya 15107eeea3 Use constants/literals for tests 2021-02-19 00:02:34 +05:30
Shreya a4603853a9 Split test_attack_telem_classes.py and test_technique_telems.py into separate test files 2021-02-18 22:44:42 +05:30
Shreya 08addff8c5 Modify tests for attack telem classes and technique telems
- test `send()` instead of `get_data()` using fixture `spy_send_telemetry`
2021-02-18 22:34:15 +05:30
Mike Salvatore 4efdeeacc3 agent: remove dependency on pytest-mock 2021-02-18 09:59:52 -05:00
Mike Salvatore 86ffaf358f agent: break test_base_telem_classes into discrete test files 2021-02-18 09:53:55 -05:00
VakarisZ 522000d169 Swimm: update unit Define what your new PBA does (id: xYkxB76pK0peJj2tSxBJ). 2021-02-18 16:51:52 +02:00
VakarisZ 51abb5dacb Swimm: update unit Add a simple Post Breach action (id: tbxb2cGgUiJQ8Btma0fp). 2021-02-18 16:49:44 +02:00
VakarisZ 6d31afacd0 Swimm: update unit Add a new System Info Collector (id: OwcKMnALpn7tuBaJY1US). 2021-02-18 16:45:34 +02:00
Mike Salvatore 0ac9ce949c agent: reformat test_base_telem_classes.py with black 2021-02-18 09:38:37 -05:00
Mike Salvatore c2ed31bde8 telemetry: test `send()` for telemetry classes in `telemetry/` 2021-02-18 09:33:58 -05:00
Shreya 7960529ee9 Add conftest.py 2021-02-18 19:41:29 +05:30
VakarisZ a977ec4397 Cleaned up imports and added no inspection comments to pass flake 2021-02-18 10:55:12 +02:00
VakarisZ 414dbf0665 Merge remote-tracking branch 'upstream/develop' into 519/scoutsuite-integration 2021-02-17 16:59:06 +02:00