forked from p15670423/monkey
Merge pull request #1981 from guardicore/1961-docs-agent-propagation
Add page about agent propagation to docs
This commit is contained in:
commit
542c4265b7
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
title: "Agent propagation"
|
||||
date: 2022-06-03T13:17:22+05:30
|
||||
draft: false
|
||||
pre: '<i class="fas fa-user-secret"></i> '
|
||||
weight: 2
|
||||
tags: ["agent", "propagation", "reference"]
|
||||
---
|
||||
|
||||
## How does the Infection Monkey Agent propagate to a new machine?
|
||||
|
||||
The agent propagates using remote code execution vulnerabilities. Once the
|
||||
agent has achieved remote code execution on the victim, it executes commands
|
||||
that are similar to the ones described in [manual run
|
||||
page.](../../usage/running-manually/)
|
||||
|
||||
On Windows targets, the agent is copied to `C:\Windows\temp\monkey64.exe`. On
|
||||
Linux targets, it is copied to `/tmp/monkey`.
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
title: "Running the monkey on AWS EC2 instances"
|
||||
title: "Running the agent on AWS EC2 instances"
|
||||
date: 2020-06-28T10:44:05+03:00
|
||||
draft: false
|
||||
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
title: "Running Manually"
|
||||
date: 2022-06-09T14:47:40+03:00
|
||||
draft: false
|
||||
weight: 2
|
||||
pre: "<i class='fas fa-terminal'></i> "
|
||||
tags: ["usage"]
|
||||
---
|
||||
|
||||
|
||||
## Generating manual run command
|
||||
|
||||
A command to run the agent manually can be generated by the Island Server UI by
|
||||
going to the "Run Monkey" -> "Manual" page.
|
||||
|
||||
### Downloading the agent manually
|
||||
|
||||
Agent binaries can be downloaded by sending a `GET` request to
|
||||
`https://[IP]:5000/api/agent/download/[OS]`, where `[IP]` stands for the IP
|
||||
address of the Island server and `[OS]` is either `windows` or `linux`.
|
||||
|
||||
### Running the agent binary
|
||||
|
||||
The agent binary must be started with either the `m0nk3y` or `dr0pp3r` flag.
|
||||
|
||||
The `m0nk3y` flag is the standard way to run the agent.
|
||||
|
||||
The `dr0pp3r` flag invokes the agent dropper. The dropper will move the agent
|
||||
binary to a location provided with the `-l` flag. Then, it will start the agent
|
||||
with the `m0nk3y` flag as a new process. Finally, the dropper will shut itself
|
||||
down. This flag is useful if you want to detach the agent from an exploited
|
||||
service or parent process. It alleviates the need for the parent process to
|
||||
wait until the agent finishes.
|
Loading…
Reference in New Issue