p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
6,489 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

6489 Commits

Author SHA1 Message Date
vakarisz 0cd6b1e616 Agent: remove unused upload_monkey() and rename _trigger_exploit 2022-01-06 13:00:37 +02:00
vakarisz 7bace927f8 Agent: fix log4shell to always close ldap and http servers, even on errors 2022-01-06 12:56:04 +02:00
vakarisz 9d5ea0f41f Island: add log4shell issue processing and reporting 2022-01-06 12:26:00 +02:00
vakarisz 0b76b9f949 Agent: fix log4shell to override the correct _exploit_host method 2022-01-06 12:18:58 +02:00
vakarisz 09988b0f80 Agent: report vulnerable port and service in log4shell 
Refactor log4shell.py and related service exploiters to adhere to IExploitableService interface and save which service on which port was vulnerable to log4shell
 2022-01-05 17:43:28 +02:00
vakarisz 5ac6d12fe9 Agent: fix log4shell exploitation indication 2022-01-05 15:47:45 +02:00
vakarisz c382987430 Project: vulture allow LDAPServerFactory.buildProtocol 2022-01-05 15:18:12 +02:00
vakarisz dd3c5aac6f Agent: small logging improvements in log4shel 2022-01-05 14:21:26 +02:00
vakarisz d2181f6577 Agent, UT: fix ldap builder UT's and some imports in log4shell 2022-01-05 14:16:24 +02:00
Ilija Lazoroski 563438c7f8 Agent, Island: Add Apache Solr support for Log4Shell exploit 2022-01-05 12:37:08 +01:00
vakarisz 8a120110f5 Agent: change ldap and http ports to be chosen dynamically in log4shell 2022-01-05 12:46:40 +02:00
vakarisz 0659fddac6 Agent: add the docker POC exploit to log4shell 
Implements the infrastructure needed to add different log4shell exploits and adds the
 2022-01-04 17:48:45 +02:00
vakarisz 206abfa5e8 Agent: refactor a couple web_rce methods to static 2022-01-04 17:41:19 +02:00
vakarisz e69639b426 Agent: use separate java classes for windows and linux in log4shell 
Linux and windows targets should use different java classes, because one is compiled to be launched in /bin/bash, another in cmd.exe. We can't just inject the whole command, because Runtime.getRuntime().exec() interprets the string in strange ways
 2022-01-04 16:09:19 +02:00
vakarisz 1884c6d767 TEMP: base implementation of the log4shell 2021-12-23 16:45:25 +02:00
vakarisz 41b97cb54a TEMP: base implementation of the log4shell 2021-12-22 17:17:02 +02:00
Mike Salvatore fddaa16931 Agent: Improve InvalidExploitTemplateError messages 2021-12-21 15:19:45 -05:00
Mike Salvatore 4d5a2511c6 Agent: Add LDAP server for log4shell exploit 2021-12-21 15:19:44 -05:00
Mike Salvatore 2a795723ab Agent: Add ldaptor to dependencies 2021-12-21 15:12:50 -05:00
Mike Salvatore 68978907e2 Agent: Add build_exploit_bytecode for log4shell exploiter 2021-12-20 15:12:11 -05:00
Mike Salvatore 230ca3faf8 Docs: Add v1.12.0 checksums 2021-10-27 10:21:28 -04:00
Mike Salvatore d5e12725a9 Changelog: Release v1.12.0 2021-10-27 10:14:36 -04:00
Mike Salvatore bc5ca5b613 Docs: Add --tty and --interactive to docker commands 
These options allow the monkey-island docker container to be killed with
<CTRL-C>
 2021-10-27 07:58:39 -04:00
Shreya Malviya a55f86ceea Docs: Update Zerologon documentation to mention that brute force exploiters use its stolen creds 2021-10-26 19:58:11 +05:30
Shreya Malviya ea31d27bf1 Island: Update Zerologon's description in the configuration 2021-10-26 19:58:11 +05:30
VakarisZ 1ad74a4bff BB: fix zerologon test to check propagation via SMB as well 
ZeroLogon doesn't propagate to the machine it only steals the credentials. It's best to make sure that propagation is also possible by running SMB exploiter
 2021-10-26 10:21:36 -04:00
Shreya Malviya 820d47c9cc Agent: Change logic for generating random password 2021-10-26 19:39:34 +05:30
Mike Salvatore b8ed464909
Merge pull request #1550 from guardicore/config_import_fix 
Config import fix
 2021-10-26 09:57:48 -04:00
VakarisZ aa6f202a8f Island: change the log message level of wrong password in password_based_bytes_encryptor.py to debug 
Wrong password is in some cases expected behavior, not an error of an application
 2021-10-26 15:47:33 +03:00
VakarisZ 8e6a2d8e7d UI: bugfix the need to double click on the import when importing an encrypted configuration 
When back-end sends the schema for ui to validate that no unsafe options are selected, UI didn't automatically send a response back in case there were no unsafe options selected
 2021-10-26 15:23:07 +03:00
Mike Salvatore 2df588ca59 Changelog: Add missing period 2021-10-25 14:56:29 -04:00
Mike Salvatore bc3b1b274f Changelog: Formatting changes and other small fixes 2021-10-25 14:40:28 -04:00
Mike Salvatore 1b74119812
Merge pull request #1548 from guardicore/update-docker-docs 
Docs: Update docker Upgrading section
 2021-10-25 13:03:08 -04:00
Mike Salvatore c91d922277 Docs: Clarify "upgrade proceedure" for docker 2021-10-25 12:58:30 -04:00
Ilija Lazoroski d14e4dee31 Docs: Reword Docker upgrading section 2021-10-25 18:54:28 +02:00
Mike Salvatore b91120a677
Merge pull request #1549 from guardicore/docker_data_dir_fix 
Docker data dir fix
 2021-10-25 12:26:14 -04:00
VakarisZ 01f8488b07 UT's: assert correct behavior on docker if empty data directory is present and if no version file, but other files are present in the data directory 2021-10-25 18:30:53 +03:00
VakarisZ 9ef9ba0024 Island: improve and fix data directory exception handling/logging 2021-10-25 18:29:44 +03:00
VakarisZ a399e8a0ea Docs: reverted the numbering to use 1. instead of manual numeration in docker.md 2021-10-25 17:30:25 +03:00
VakarisZ cebd41b264 Build: change docker container to set MONKEY_DOCKER_CONTAINER env var. This variable is needed because we can't prompt for data dir removal on docker like we do on other deployments 
Due to the fact that docker is not running interactively and user might be running on an old data dir if he uses volumes, we need special case for docker
 2021-10-25 17:11:31 +03:00
Ilija Lazoroski 9f9744a77f Docs: Update docker Upgrading section 2021-10-25 15:21:04 +02:00
VakarisZ 97642f45dc Island: if the data directory is empty no need to consider backing it up 2021-10-25 11:13:06 +03:00
VakarisZ f6e02e2a6a Project: bump version numbers from 1.11.0 to 1.12.0 for release 2021-10-22 13:52:11 +03:00
VakarisZ c8b1694d27 Island: add an exit import statement because when MSI is built exit method is not found 2021-10-22 13:13:14 +03:00
ilija-lazoroski 3b9eaf34c0
Merge pull request #1544 from guardicore/1524-broken-updates 
AppImage and Docker deployment renaming
 2021-10-22 09:19:41 +02:00
VakarisZ 82cffc4748 Docs: add a note about possibility to run AppImage from WSL 2021-10-22 10:03:58 +03:00
VakarisZ fcc444b098 Docs: change installer filenames in docker and appImage setup docs 2021-10-22 10:03:18 +03:00
Mike Salvatore c3f5812906 Build: Refactor agent versioning 2021-10-21 12:19:08 -04:00
Ilija Lazoroski d55cbcfbd3 Build: Fix move package to dist dir on appimage 2021-10-21 17:25:00 +02:00
Ilija Lazoroski 6d827ad1af Build: Refactor commit id 2021-10-21 17:12:01 +02:00