Ilija Lazoroski
58b1a04bd7
Agent: Modify exploit_host() to accept object instead of string
2022-02-22 19:30:53 +01:00
Ilija Lazoroski
f2b2a9c5c3
Agent: Modify SSH exploit
...
* Remove credential hashes from logs
* Get rid of config and use brute_force utils
* Use telemetry messenger to send attack telemetries
* Zerologon and Powershell needs to be revised based on UT
2022-02-22 19:24:21 +01:00
vakarisz
8c90a98d05
UT: rename mimikatz credential processing to credential processing
2022-02-22 17:42:36 +02:00
vakarisz
0cbfc79a92
Island: remove unfinished ssh key processor
2022-02-22 17:42:33 +02:00
vakarisz
719d8dd2ad
Island, Agent, Common: rename CredentialsType to CredentialComponentType
2022-02-22 17:41:38 +02:00
vakarisz
c87297eb2a
Island: fix a bug in lm_hash_processor.py
2022-02-22 17:40:56 +02:00
vakarisz
80bf561820
Island: fix a bug in lm_hash_processor.py
2022-02-22 17:40:56 +02:00
vakarisz
600753b53c
Island: add username processor
2022-02-22 17:40:56 +02:00
vakaris_zilius
4b3750076a
Agent, Island, Common: change code to process CredentialType value
...
Island: rename credentials_type.py
2022-02-22 17:40:55 +02:00
vakarisz
bb760c7e8a
Island: fix detection if credential is a keypair
2022-02-22 17:21:48 +02:00
vakaris_zilius
d874cd9d5a
Agent: fix broken pwd import on windows for ssh_handler.py
2022-02-22 17:18:57 +02:00
vakaris_zilius
b344676425
Agent: add basic log statements to the mimikatz collector
2022-02-22 17:18:32 +02:00
vakaris_zilius
036388e704
Agent: don't log the contents of credentials telemetries
2022-02-22 17:18:31 +02:00
Ilija Lazoroski
b224348881
Island: Fix credential collector parsing for SSH
2022-02-22 17:18:31 +02:00
vakarisz
c96674f834
Island, Agent: fixed imports to reference credential type enum in common
2022-02-22 17:18:31 +02:00
vakarisz
73434537fe
Island: remove system_info processing file
...
No system info telemetries need to be processed anymore
2022-02-22 17:18:31 +02:00
vakarisz
5471e9854c
Island: remove credentials parsing boundary
2022-02-22 17:18:31 +02:00
vakarisz
a8717dc691
Agent: rename and move credentials_type enum to common
2022-02-22 17:18:31 +02:00
Ilija Lazoroski
597fe35806
Island: Remove WMI handler that processed wmi info
...
* Leftover from broken info gathering package
2022-02-22 17:18:31 +02:00
vakarisz
5c5e170296
Island: Add processors for credentials
2022-02-22 17:18:31 +02:00
Shreya Malviya
96bd7bca24
Merge pull request #1728 from guardicore/1605-modify-exploit-result-data
...
Modify ExploiterResultData
2022-02-22 20:38:22 +05:30
Shreya Malviya
b91f3b1551
Agent: Fix comment in ExploitTelem
2022-02-22 17:54:31 +05:30
Shreya Malviya
f0679ebb26
Agent: Move `pwd`'s import statement to avoid using try/except
2022-02-22 17:49:08 +05:30
Shreya Malviya
e47239f81c
Island: Modify exploit telemetry processing to conform to changes to ExploiterResultData
2022-02-22 14:08:39 +05:30
Shreya Malviya
dff5bde894
UT: Modify ExploitTelem calls in UTs
2022-02-22 12:50:01 +05:30
Shreya Malviya
afb7210179
Agent: Modify ExploitTelem to accept param of type ExploiterResultData
2022-02-22 12:47:42 +05:30
ilija-lazoroski
4b83c79134
Merge pull request #1724 from guardicore/1605-pass-wormconfig-options
...
1605 pass wormconfig options
2022-02-21 13:52:28 +01:00
Ilija Lazoroski
c83285c782
Agent: Modify exploiters to have general and exploiter options
2022-02-21 13:45:58 +01:00
Shreya Malviya
10d8dc1f33
Merge pull request #1729 from guardicore/1605-remove-skip_exploit_if_file_exist-config-option
...
Remove `skip_exploit_if_file_exist` config option
2022-02-21 17:59:51 +05:30
Shreya Malviya
3c80e1c38b
UT: Remove `skip_exploit_if_file_exist` config field
2022-02-21 16:46:23 +05:30
Shreya Malviya
201a838e23
Island: Remove `skip_exploit_if_file_exist` from internal config
2022-02-21 16:45:45 +05:30
Shreya Malviya
e6f4c74b79
Agent: Remove `skip_exploit_if_file_exist` option
2022-02-21 16:45:17 +05:30
Shreya Malviya
1cce742692
UT: Fix UTs as per changes to ExploiterResultData and ExploitTelem
2022-02-21 16:02:00 +05:30
Shreya Malviya
125412ee18
Agent: Rename variables to make more sense
2022-02-21 14:50:33 +05:30
Shreya Malviya
a9e000f100
Agent: Modify ExploitTelem based on ExploiterResultData changes
2022-02-21 14:38:12 +05:30
Shreya Malviya
9f01aa0a0d
Agent: Add try/except for importing pwd (can't do it on Windows)
2022-02-21 13:49:40 +05:30
Shreya Malviya
ae856383a9
UT: Modify UTs to conform to modified ExploiterResultData
2022-02-21 13:27:11 +05:30
Shreya Malviya
add9c3a4fe
Agent: Modify mock puppet to conform to modified ExploiterResultData
2022-02-21 13:26:25 +05:30
Shreya Malviya
8d0fa3faef
Agent: Modify ExploiterResultData to have more details
2022-02-21 13:18:53 +05:30
Mike Salvatore
6150610bdc
Agent: Remove HostExploiter's dependency on Plugin
...
Issue #1605
PR #1725
2022-02-21 09:29:45 +02:00
Mike Salvatore
250530b456
Agent: Remove disused HostScanner abstract class
2022-02-20 14:21:21 -05:00
Mike Salvatore
17be51fe71
Agent: Remove disused HostFinger abstract class
2022-02-20 14:20:33 -05:00
Mike Salvatore
ccfe0a773e
Agent: Use filecmp instead of sha256 hash in ransomware payload
2022-02-20 14:03:42 -05:00
Ilija Lazoroski
cecf131528
Island: Modify config to add exploiters and exploit options
2022-02-18 20:04:24 +01:00
Mike Salvatore
5fe2f80aa4
Merge pull request #1723 from guardicore/1605-brute-force-utils
...
1605 brute force utils
2022-02-18 09:04:00 -05:00
Mike Salvatore
4d6f552ba2
Agent: Add documentation to functions in brute_force.
2022-02-18 09:02:41 -05:00
Mike Salvatore
5c872a67c3
Agent: Simplify generate_username_password_or_ntlm_hash_combinations()
2022-02-18 08:01:49 -05:00
Mike Salvatore
b7c7650f49
Agent: Copy credential generation from WormConfig to new brute_force.py
...
* Create a new module for useful functions for brute-force exploiters
* Copy functions for generating all pairs of username/password to
brute_force.py
* Replace specific functions for generating username/password pairs and
username/ssh_key pairs with a single generate_identity_secret_pairs()
function, since the distinction is no longer needed.
* Add unit tests
2022-02-18 08:00:46 -05:00
Ilija Lazoroski
915c58e8cc
Agent, Island: Modify config to remove boolean propagator field
2022-02-18 06:06:11 -05:00
Mike Salvatore
0bfa0cd1ca
Merge pull request #1721 from guardicore/1605-get-updated-credentials
...
1605 get updated credentials
2022-02-18 06:01:25 -05:00