p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
852 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

75 Commits

Author SHA1 Message Date
Vakaris 413bdd9254 Not yet functioning and tested, but most functions are done 2018-06-19 18:08:52 +03:00
Vakaris 9a8a6c6e28 Now exploiting both win and linux. Also, added check if monkey is not already present 2018-06-19 18:05:09 +03:00
Daniel Goldberg ecdd2e8762
Merge branch 'develop' into SSH_key_stealing 2018-06-05 16:59:28 +03:00
Vakaris 0503f90168 Notes fixed 2018-06-04 12:07:10 +03:00
Daniel Goldberg c7ed02b98e Bugfix, run Shellshock attack as dropper rather than monkey 2018-05-31 15:38:54 +03:00
Vakaris 30a3bbf9a0 Exploitation of machines using ssh keys added. Also, added shh keys exploitation to report 2018-05-29 01:02:49 +03:00
Vakaris f45cebfd5e Does not store encrypted or already present ssh keys, shows all users from whom SSH private key were stolen under "stolen credentials" in report 2018-05-25 01:34:24 +03:00
Vakaris 4197ab12a3 SSH keys are now encrypted and added to database 2018-05-24 16:59:22 +03:00
Daniel Goldberg ee835d51b0 Remove Monkey testing code, dead code as it is. 2018-05-23 15:22:27 +03:00
Vakaris e8b388482b quick fix 2018-05-22 19:06:12 +03:00
Vakaris a6d2483f7b Tested with windows and fixed all notes 2018-05-22 18:54:10 +03:00
cclauss 0411811fe5 from six import string_types, text_type, xrange (#128) 
* from six import string_types, text_type, xrange
 2018-05-22 11:13:18 +03:00
maor.rayzin 60730db45d Fixed the example configuration file, it had a json syntax error. 2018-05-17 19:28:04 +03:00
Vakaris cdb4d459bb SSH key-stealing implemented 2018-05-16 15:19:59 +03:00
cclauss 023c7cb093
ftp.py: Undefined name local_ip --> self.local_ip 
__local_ip__ is an __undefined name__ in this context (could raise NameError at runtime) so this PR recommends the use of __self.local_ip__ instead.  

flake8 testing of https://github.com/guardicore/monkey on Python 3.6.3

$ __flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics__
```
./infection_monkey/transport/ftp.py:86:29: F821 undefined name 'local_ip'
        self.servsock.bind((local_ip,0))
                            ^
```
 2018-05-08 12:23:30 +02:00
Daniel Goldberg 2bc87794b7
Merge pull request #130 from cclauss/long-was-removed-in-Python3 
long was removed in Python 3
 2018-05-08 13:06:36 +03:00
Daniel Goldberg 1af9ffc0d4
Merge pull request #129 from cclauss/new-style-exceptions 
New style exceptions, has_key(), and types
 2018-05-08 13:05:08 +03:00
cclauss 0bb0cfbd5d long was removed in Python 3 2018-05-07 16:48:49 +02:00
cclauss bc76ea977b New style exceptions, has_key(), and types 2018-05-07 16:24:11 +02:00
Daniel Goldberg b6e39280be Spacing in __str__ method of VictimHost 2018-05-05 16:23:58 +03:00
Rahul Goswami 7503a77ff7
update __repr__ method in VictimHost class 
- __repr__ method should return the standard constructor string (pep8)
 2018-05-03 00:50:02 +05:30
Daniel Goldberg 3f0569a29e EG bugfixes 
- Use dropper instead of monkey
 - Run disconnected shell
 - Check for dropper log instead of monkey log
 2018-04-17 14:34:26 +03:00
Daniel Goldberg 558fa749ca Bugfix in dropper.py, handle gracefully failure in cleanup 2018-04-17 14:20:21 +03:00
Daniel Goldberg cc4ad05be8 Bugfix in dropper.py, return value in all fail paths 2018-04-17 14:16:46 +03:00
Daniel Goldberg ca65be8946 Additional edge case in parsing Azure configuration files 2018-04-17 11:33:14 +03:00
Daniel Goldberg 3fe6d2456b Bugfix when upgrading the monkey without admin permissions. 
Can happen during development or future exploit flows
 2018-04-17 11:27:35 +03:00
Daniel Goldberg c82fd3400a
Merge pull request #104 from guardicore/bugfix/upgrade-windows-32-to-64 
Bugfix/upgrade windows 32 to 64
 2018-04-17 10:26:30 +03:00
Daniel Goldberg 3e859d84fb Rename check for 64-bit to make explict it's a windows only check 2018-04-12 17:57:21 +03:00
Daniel Goldberg 7eb2a5c98b Remove class C limitation when getting local subnet 2018-04-12 14:57:22 +03:00
Itay Mizeretz 1407ab3969 Fix last CR comments 2018-04-11 21:09:06 +03:00
Itay Mizeretz 86d802882a Fix race-condition bug on upgrade 2018-04-11 20:59:23 +03:00
Itay Mizeretz be5d17ab42 Merge branch 'develop' into bugfix/upgrade-windows-32-to-64 
# Conflicts:
#	infection_monkey/monkey.py
 2018-04-11 19:21:52 +03:00
Itay Mizeretz 148684d78f Fixed most CR 2018-04-11 19:07:03 +03:00
Itay Mizeretz dcbcc34af0 Merge branch 'develop' into feature/support-subnet-in-config 
# Conflicts:
#	monkey_island/cc/services/report.py
 2018-04-11 11:33:16 +03:00
Itay Mizeretz fcb5b8f85d Fix CR 2018-04-11 11:28:59 +03:00
Daniel Goldberg 2365f4db42 Fix edge case when returning invalid input in EG exploiter 2018-04-02 18:28:44 +03:00
Daniel Goldberg 7f89cc753d Add missing pip dependency 2018-04-02 18:05:52 +03:00
Daniel Goldberg f1bbb255cd Fix edge case in ElasticGroovy 2018-04-02 17:19:45 +03:00
Daniel Goldberg 99b22cfa56 Fail gracefully in case of no open ports on Windows 2018-04-02 16:49:18 +03:00
Daniel Goldberg f37c3aaa2c
Merge pull request #114 from guardicore/master 
Rebase develop onto master
 2018-04-02 16:44:11 +03:00
Daniel Goldberg 2d9481f142
Merge pull request #111 from guardicore/bugfixes 
Bugfixes
 2018-04-02 16:43:09 +03:00
Daniel Goldberg 9d59e9164c
Merge pull request #113 from guardicore/master 
Rebase develop onto master
 2018-04-02 14:39:48 +03:00
Oran Nadler ac8f218586 fix unicode bug 2018-04-02 01:47:15 -07:00
Daniel Goldberg d754d39e75 Fix spurious successful connection attempts in check_tcp_ports 2018-04-01 15:17:13 +03:00
Daniel Goldberg 3aa1b9e5a9 Bugfix in _cast_by_example, see issue #109 2018-03-29 15:39:47 +03:00
Daniel Goldberg 095510e8e2 Add filtering of invalid results, otherwise it'll propagate 2018-03-29 11:01:07 +03:00
Daniel Goldberg 9b44fc8b98 Adds configuration option to turn Azure collection on and off 
Merge mimikatz and Azure into system info collection settings.
 2018-03-29 11:01:06 +03:00
Daniel Goldberg 9d7b345d1d Split up Azure credential working to make it easier for the server to understand. 
Fixed bugs in Azure report server side and fixed a hardcoded constant in get_issues_overview
 2018-03-29 11:01:06 +03:00
Daniel Goldberg 93fee0d2c5 Add Azure password stealing to the report. 2018-03-29 11:01:06 +03:00
Daniel Goldberg 21abdb5cef Add tag to system info if on Azure and harvested creds. 2018-03-29 11:01:05 +03:00