Mike Salvatore
5d2303f300
Agent: Remove disused DOWNLOAD_CHUNK
2022-03-16 13:38:25 -04:00
Mike Salvatore
1eb8e07c06
Agent: Remove disused get_target_monkey_by_os()
2022-03-16 13:38:06 -04:00
Mike Salvatore
9976b8b044
Agent: Remove disused RUNS_AGENT_ON_SUCCESS
2022-03-16 13:36:41 -04:00
Mike Salvatore
7a8442b331
Agent: Remove disused ExploitType Enum
2022-03-16 13:36:20 -04:00
Mike Salvatore
2683594983
Merge pull request #1778 from guardicore/1740-add-powershell-to-puppet
...
1740 add powershell to puppet
2022-03-16 13:13:42 -04:00
Mike Salvatore
8ae37a5370
Island: Hide unresponsive hosts from the infection map
...
Don't display a host on the infection map if the agent did not either
receive a response to its ICMP packet or detect an open port on the
scan target.
2022-03-16 13:11:34 -04:00
Mike Salvatore
f9936fe65d
Agent: Add connect() method to IPowerShellClient
2022-03-16 17:24:22 +01:00
Ilija Lazoroski
55f969b44f
Agent: Use random instead of random.SystemRandom
...
The calls to random doesn't need to be cryptographically secure.
SystemRandom can block in Linux indefinitely.
2022-03-16 17:24:10 +01:00
Ilija Lazoroski
747365818f
BB: Update documentation for PowerShell machines
2022-03-16 14:20:42 +01:00
Ilija Lazoroski
1d81072d83
Agent: Remove unsued GET_ARCH_WINDOWS command
2022-03-16 14:20:42 +01:00
Mike Salvatore
48cded4c7c
Agent: Make CachingAgentRepository fully thread-safe
2022-03-16 14:20:42 +01:00
Ilija Lazoroski
153d65eca0
Agent: User current_depth instead of get_monkey_depth() in PowerShell
2022-03-16 14:20:42 +01:00
Ilija Lazoroski
e8a162ab5b
Agent: Fix powershell second hop authentication
...
On the second hop powershell is trying to authenticate with
only a dummy username and passsword which is not enough.
We need to provide the local domain for the username,
which case is '.\'
2022-03-16 14:20:42 +01:00
Ilija Lazoroski
241641ba80
Island: Fix WindowsPath when running monkey from island
2022-03-16 14:20:42 +01:00
Ilija Lazoroski
264fa440c6
Agent: Use random name for monkey temporary bin
2022-03-16 14:20:42 +01:00
Ilija Lazoroski
e4d3cc8841
Agent: Use logger variable instead of logging
2022-03-16 14:18:12 +01:00
Ilija Lazoroski
d154d26fe9
Agent: Load PowerShellExploiter into the puppet
2022-03-16 14:18:12 +01:00
Mike Salvatore
e09f15b1bc
Agent: Add a debug log message on successful auth to PowerShellClient
2022-03-16 14:03:32 +01:00
Mike Salvatore
5be0a3d6f9
UT: Use a mock IAgentRepository instead of monkeypatching open()
2022-03-16 14:03:32 +01:00
Mike Salvatore
020dbbf2fe
Agent: Set exploitation_success==True if powershell login successful
2022-03-16 14:03:32 +01:00
Mike Salvatore
3b094d0478
Agent: Move test for successful login to PowerShellClient
...
The current powershell client does not alert the caller that login was
unsuccessful until an attempt is made to execute a command. This is
likely a detail that is specific to the underlying pypsrp. This detail
should be abstracted away from the PowerShellExploiter so that the
PowerShellExploiter is not dealing with implementation details of the
PowerShellClient.
2022-03-16 14:03:32 +01:00
Mike Salvatore
df572d84c0
Agent: Set self.exploit_result.error_message in PowerShellExploiter
2022-03-16 14:03:32 +01:00
Mike Salvatore
f99053f3b4
Agent: Add missing __init__.py to powershell_utils/
2022-03-16 14:03:32 +01:00
Mike Salvatore
7321eaf2c1
Agent: Improve handling of copy/execute errors in PowerShellExploiter
2022-03-16 14:03:32 +01:00
Shreya Malviya
4f0e690a7f
UT: Mock `open()` in PowerShellExploiter tests instead of using `monkeyfs`
2022-03-16 14:03:32 +01:00
Ilija Lazoroski
8d9aa9890b
UT: Add arguments and return exploit result data to PowerShell exploit
2022-03-16 14:03:32 +01:00
Ilija Lazoroski
d1e29ed66e
Agent: Return ExploitResultData in Powershell exploit
2022-03-16 14:03:32 +01:00
Shreya Malviya
7d2f9251e7
Agent: Use agent repository in PowerShell exploiter
...
And create a temporary local file for the agent binary so that
pypsrp.Client can copy it to the victim
2022-03-16 14:03:32 +01:00
Shreya Malviya
399a344619
Agent: Fix function arguments in HTTPTools
2022-03-16 14:03:32 +01:00
Shreya Malviya
fbfe229cf1
Agent: Remove Windows arch constants
2022-03-16 14:03:32 +01:00
Shreya Malviya
25f90c84bc
UT: Remove arch stuff from PowerShell exploiter tests
2022-03-16 14:03:32 +01:00
Shreya Malviya
7d25bf711a
Agent: Remove arch checks from PowerShell exploiter
2022-03-16 14:03:32 +01:00
Shreya Malviya
7155896caa
Agent: Remove PowerShell exploiter's dependency on WormConfiguration
2022-03-16 14:03:32 +01:00
VakarisZ
87cbb07da0
Merge pull request #1779 from guardicore/1738-add-mssql-to-puppet
...
1738 add mssql to puppet
2022-03-15 16:21:36 +02:00
Mike Salvatore
62005e6f88
Agent: Store MSSQLExploiter error message in self.exploit_result
2022-03-15 08:41:23 -04:00
vakarisz
43c8528409
Agent: Handle unexpected errors in mssqlexec.py
2022-03-15 14:10:35 +02:00
vakarisz
1f327a1305
Agent: Improve exception handling in mssqlexec.py
2022-03-15 08:51:22 +02:00
vakarisz
66ee3527d2
Agent: Pre-commit hook fixes on MSSQL exploiter infrastructure
2022-03-14 15:40:04 +02:00
vakaris_zilius
29e494cfb1
Island: Fix a ZT multiple findings bug
...
A bug happened in zero trust findings: since multiple exploiters run at the same time, they send telemetries at the same time and those telemetries get parsed at the same time. So multiple threads fetch ZT findings at once, finds none and creates duplicate findings. With this bugfix only one thread can fetch for findings at a time. This means that one thread creates the finding and others fetch it and just add events to it
2022-03-14 13:16:41 +00:00
vakaris_zilius
14953c8cdd
Agent: register MSSQL exploiter plugin on the puppet
2022-03-14 12:47:29 +00:00
vakaris_zilius
ae8e0b6dbb
Agent: Refactor mssqlexec.py to use agent repository
2022-03-14 12:47:29 +00:00
vakarisz
50a8bf8f4a
Agent: Refactor mssqlexec.py to fit the new puppet infrastructure
2022-03-14 12:47:29 +00:00
Ilija Lazoroski
4fcb28516d
Island: Remove usage of deleted add_credentials_to_node function
2022-03-14 13:29:46 +01:00
Ilija Lazoroski
adc1010355
Island: Fix mongo query in telemetry processing
2022-03-14 13:29:46 +01:00
Shreya Malviya
11f48a95be
Island: Fix mongo query in report generation for exploits
2022-03-14 13:29:46 +01:00
Mike Salvatore
453dc21074
Merge pull request #1773 from guardicore/1737-add-zerologon-to-puppet
...
1737 add zerologon to puppet
2022-03-11 08:53:12 -05:00
Mike Salvatore
527c43a3f8
Agent: Add leading zero to single digits in worker thread names
2022-03-10 20:37:35 -05:00
Mike Salvatore
dd2168e838
Agent: Log exception information on dcom.disconnect() key error
2022-03-10 12:00:27 -05:00
Ilija Lazoroski
302718c4d4
Agent: Change monkey log argument to 'agent'
2022-03-10 16:05:31 +01:00
vakaris_zilius
2c74967d71
UI: fix exploit timeline bug in map page
...
Fixes #1769
2022-03-10 10:04:57 -05:00