Commit Graph

7454 Commits

Author SHA1 Message Date
Mike Salvatore 928192b9b0 Agent: Add helpful debug logging to log4shell exploiter 2022-03-03 13:48:00 -05:00
Mike Salvatore d3c75200fd Agent: Remove SystemInfoCollector references from dropper.py 2022-03-03 11:31:11 -05:00
vakarisz b20abad0b6 Island: change manual run commands to target /os download endpoints
Now monkey agents are downloaded not by name, but by os, so url's had to change
2022-03-03 17:42:10 +02:00
Mike Salvatore 9af6c3bed1 Agent: Suppress debug logging of urllib3
urllib3 debug logs are unnecessarily verbose for our purposes. Setting
the log level of urllib3 to debug unclutters the logs and makes
debugging simpler.
2022-03-03 09:37:39 -05:00
Mike Salvatore 4408601332 UT: Add unit test for missing server header in valid http response 2022-03-03 09:18:54 -05:00
vakaris_zilius 08aac019d8 Agent: Fix false negatives in HTTPFingerprinter 2022-03-03 09:10:30 -05:00
vakaris_zilius 454b038948 Monkey: fix a bug where incorrect windows type string results in key error in pre_exploit() 2022-03-03 09:25:56 +00:00
Mike Salvatore 031cafbe12 Agent: Refactor Log4ShellExploiter to work with Puppet 2022-03-02 14:23:34 -05:00
Mike Salvatore 7e957e5310 Agent: Create temporary monkey directory in monkey.py 2022-03-02 14:22:34 -05:00
Mike Salvatore 8a6a820d14 Agent: Use a random, secure /tmp directory for "monkey_dir" 2022-03-02 14:20:57 -05:00
Shreya Malviya 1ca9a21d43 UT: Add test for thread-safety of ExploitClassHTTPServer 2022-03-02 17:02:37 +02:00
Shreya Malviya 7739094cfd UT: Fix test function name's spelling 2022-03-02 17:02:37 +02:00
Shreya Malviya 3cd3d661bf Agent: Create HTTP handler class dynamically for ExploitClassHTTPServer 2022-03-02 17:02:37 +02:00
Shreya Malviya 896bcfebea Agent: Load Log4ShellExploiter into puppet 2022-03-02 17:02:37 +02:00
Shreya Malviya 36e01ae472 Agent: Return ExploiterResultData from Log4ShellExploiter's _exploit_host() 2022-03-02 16:55:23 +02:00
Mike Salvatore f270a50c00 Agent: Fix typo in monkey.py (repoitory -> repository) 2022-03-02 09:13:24 -05:00
Mike Salvatore 145078839d Merge branch '1675-remove-32-bit-agents' into agent-refactor
PR #1758
2022-03-02 08:49:52 -05:00
Mike Salvatore 46eb8a4484 CHANGELOG: Add changelog entries for removing 32-bit agents. 2022-03-02 06:50:15 -05:00
Mike Salvatore 07658802f3
Merge pull request #1756 from guardicore/1675-agent-repository
Add IAgentRepository to simplify agent download during propagation
2022-03-02 06:42:59 -05:00
Mike Salvatore 932d4401d8 Island: Remove redundant file name in commit hash log message 2022-03-02 06:42:06 -05:00
Mike Salvatore 279aed36af Agent: Remove monkeyfs and download methods from ControlClient 2022-03-01 14:57:00 -05:00
Mike Salvatore 1b1b68f6a6 Use IAgentRepository in Hadoop/WebRCE exploiter 2022-03-01 13:58:03 -05:00
Mike Salvatore 86c18b556f Agent: Remove disused transport.http.HTTPServer 2022-03-01 13:29:55 -05:00
Mike Salvatore c33318646a
Merge pull request #1754 from guardicore/1695-attack-changes
1695 attack changes
2022-03-01 09:46:30 -05:00
vakarisz 458b2121cd Changelog: added entry for removed T1082 attack technique report 2022-03-01 16:16:06 +02:00
vakarisz 4e1fc525ae Island: remove T1082 attack technique
This attack technique gathered data from deprecated system info telemetries. This attack technique needs to be reworked and perhaps it's better to have a single, dedicated and controlable system info gathering procedure
2022-03-01 16:06:18 +02:00
vakarisz 3734cb007e Island: change T1016 to format results from Monkey document
Previously T1016 pulled results from system info telemetries, but system info telemetries are deprecated and network information is stored on monkey documents
2022-03-01 16:06:18 +02:00
vakarisz 1c602a3315 Agent, Island: send network information in monkey wakeup telemetry
Network information is required for segmentation reports, that's why it gets sent in the wakeup telemetry. It could be joined with "ip_addresses", but that would require a bigger refactoring on the island side
2022-03-01 15:31:02 +02:00
VakarisZ 1b484e0365
Merge pull request #1752 from guardicore/1695-removing-system-info-infra
1695 removing system info infrastructure
2022-03-01 14:58:04 +02:00
vakarisz 61ba85bdc2 Island: alphabetically sort telemetry processing dictionary 2022-03-01 14:55:23 +02:00
vakarisz 1d15288b64 Agent, Island: remove/rename system info collection infrastructure
System info collectors got replaced with credential collectors. Infrastructure in the code needs to be renamed accordingly
2022-03-01 14:54:20 +02:00
Mike Salvatore 9e8d1d2539
Merge pull request #1749 from guardicore/1695-reporting-credentials
1695 reporting credentials
2022-03-01 07:27:21 -05:00
vakarisz 52c0413797 Island, UT: remove credential processing from exploit telemetry
Credentials should be sent via credential telemetry, not exploit telemetry. This will remove the need to maintain duplicate code of credential extraction
2022-03-01 11:31:47 +02:00
Mike Salvatore c93835245c Agent: Use IAgentRepository in SSHExploiter 2022-02-28 19:26:33 -05:00
Mike Salvatore cc9cfc5e3b Agent: Inject IAgentRepository into exploiters 2022-02-28 19:08:25 -05:00
Mike Salvatore c888c84e64 Agent: Add CachingAgentRepository 2022-02-28 19:08:24 -05:00
Mike Salvatore 50ca81f0fc Agent: Add IAgentRepository 2022-02-28 19:07:50 -05:00
Mike Salvatore 0df165e140 Island: Refactor monkey download to take OS and return agent file 2022-02-28 14:55:20 -05:00
Mike Salvatore c075fed2da BB: Remove 'PingScanner' from fingerprinters in config templates 2022-02-28 13:18:07 -05:00
Mike Salvatore a3de04d9c0 Agent: Remove agent download optimization from get_target_monkey()
This optimization was not functioning properly. This will be refactored
and optimized in the near future, so it's not worth the effort to debug
this at the present time.
2022-02-28 13:18:07 -05:00
Mike Salvatore caa6405315 Agent: Change agent permissions to 700 in SSH exploiter
Changing the permissions to 777 introduces a security risk into the
target host. A malicious attacker with local access can potentially
modify the binary, resulting in code execution and privilege escalation
when the attacking agent launches the agent on the victim.

Issue #1750
2022-02-28 13:18:07 -05:00
Mike Salvatore eea07461c5 Agent: Remove attempt to get architecture from target in ssh exploiter
Since Infection Monkey only supports the x86_64 architecture,there's
little use in collecting the architecture from the destination.
2022-02-28 13:18:07 -05:00
vakarisz 4f58a69c54 UT: added slow marks and changed some names, related to credential tests 2022-02-28 16:59:15 +02:00
vakarisz 748178a00c Island: small style improvements in stolen_credentials.py 2022-02-28 16:57:35 +02:00
Mike Salvatore 54715df43d
Merge pull request #1748 from guardicore/1675-remove-32bit-from-hadoop
Remove 32-bit references from Hadoop
2022-02-28 09:52:21 -05:00
Mike Salvatore d970271016 Agent: Fix get_target_monkey() bug when running from source 2022-02-28 08:29:04 -05:00
Mike Salvatore 01a21f744f Agent: Remove disused VictimHost.monkey_exe 2022-02-28 07:56:31 -05:00
Mike Salvatore a53ff7d0d9 Agent: Fix broken logic in get_target_monkey() download optimization 2022-02-28 07:56:31 -05:00
vakarisz 40820a5ba5 Island: refactor report generation to take credentials from model
Reporting used to fetch credentials from telemetries, but they are no longer stored. Instead, credentials are being fetched from stolen_credentials collection
2022-02-28 12:30:26 +02:00
Shreya Malviya ec9d3822a6 Island: Remove logic to download 32-bit monkeys 2022-02-26 12:55:09 +05:30