Mike Salvatore
928192b9b0
Agent: Add helpful debug logging to log4shell exploiter
2022-03-03 13:48:00 -05:00
Mike Salvatore
d3c75200fd
Agent: Remove SystemInfoCollector references from dropper.py
2022-03-03 11:31:11 -05:00
vakarisz
b20abad0b6
Island: change manual run commands to target /os download endpoints
...
Now monkey agents are downloaded not by name, but by os, so url's had to change
2022-03-03 17:42:10 +02:00
Mike Salvatore
9af6c3bed1
Agent: Suppress debug logging of urllib3
...
urllib3 debug logs are unnecessarily verbose for our purposes. Setting
the log level of urllib3 to debug unclutters the logs and makes
debugging simpler.
2022-03-03 09:37:39 -05:00
Mike Salvatore
4408601332
UT: Add unit test for missing server header in valid http response
2022-03-03 09:18:54 -05:00
vakaris_zilius
08aac019d8
Agent: Fix false negatives in HTTPFingerprinter
2022-03-03 09:10:30 -05:00
vakaris_zilius
454b038948
Monkey: fix a bug where incorrect windows type string results in key error in pre_exploit()
2022-03-03 09:25:56 +00:00
Mike Salvatore
031cafbe12
Agent: Refactor Log4ShellExploiter to work with Puppet
2022-03-02 14:23:34 -05:00
Mike Salvatore
7e957e5310
Agent: Create temporary monkey directory in monkey.py
2022-03-02 14:22:34 -05:00
Mike Salvatore
8a6a820d14
Agent: Use a random, secure /tmp directory for "monkey_dir"
2022-03-02 14:20:57 -05:00
Shreya Malviya
1ca9a21d43
UT: Add test for thread-safety of ExploitClassHTTPServer
2022-03-02 17:02:37 +02:00
Shreya Malviya
7739094cfd
UT: Fix test function name's spelling
2022-03-02 17:02:37 +02:00
Shreya Malviya
3cd3d661bf
Agent: Create HTTP handler class dynamically for ExploitClassHTTPServer
2022-03-02 17:02:37 +02:00
Shreya Malviya
896bcfebea
Agent: Load Log4ShellExploiter into puppet
2022-03-02 17:02:37 +02:00
Shreya Malviya
36e01ae472
Agent: Return ExploiterResultData from Log4ShellExploiter's _exploit_host()
2022-03-02 16:55:23 +02:00
Mike Salvatore
f270a50c00
Agent: Fix typo in monkey.py (repoitory -> repository)
2022-03-02 09:13:24 -05:00
Mike Salvatore
145078839d
Merge branch '1675-remove-32-bit-agents' into agent-refactor
...
PR #1758
2022-03-02 08:49:52 -05:00
Mike Salvatore
46eb8a4484
CHANGELOG: Add changelog entries for removing 32-bit agents.
2022-03-02 06:50:15 -05:00
Mike Salvatore
07658802f3
Merge pull request #1756 from guardicore/1675-agent-repository
...
Add IAgentRepository to simplify agent download during propagation
2022-03-02 06:42:59 -05:00
Mike Salvatore
932d4401d8
Island: Remove redundant file name in commit hash log message
2022-03-02 06:42:06 -05:00
Mike Salvatore
279aed36af
Agent: Remove monkeyfs and download methods from ControlClient
2022-03-01 14:57:00 -05:00
Mike Salvatore
1b1b68f6a6
Use IAgentRepository in Hadoop/WebRCE exploiter
2022-03-01 13:58:03 -05:00
Mike Salvatore
86c18b556f
Agent: Remove disused transport.http.HTTPServer
2022-03-01 13:29:55 -05:00
Mike Salvatore
c33318646a
Merge pull request #1754 from guardicore/1695-attack-changes
...
1695 attack changes
2022-03-01 09:46:30 -05:00
vakarisz
458b2121cd
Changelog: added entry for removed T1082 attack technique report
2022-03-01 16:16:06 +02:00
vakarisz
4e1fc525ae
Island: remove T1082 attack technique
...
This attack technique gathered data from deprecated system info telemetries. This attack technique needs to be reworked and perhaps it's better to have a single, dedicated and controlable system info gathering procedure
2022-03-01 16:06:18 +02:00
vakarisz
3734cb007e
Island: change T1016 to format results from Monkey document
...
Previously T1016 pulled results from system info telemetries, but system info telemetries are deprecated and network information is stored on monkey documents
2022-03-01 16:06:18 +02:00
vakarisz
1c602a3315
Agent, Island: send network information in monkey wakeup telemetry
...
Network information is required for segmentation reports, that's why it gets sent in the wakeup telemetry. It could be joined with "ip_addresses", but that would require a bigger refactoring on the island side
2022-03-01 15:31:02 +02:00
VakarisZ
1b484e0365
Merge pull request #1752 from guardicore/1695-removing-system-info-infra
...
1695 removing system info infrastructure
2022-03-01 14:58:04 +02:00
vakarisz
61ba85bdc2
Island: alphabetically sort telemetry processing dictionary
2022-03-01 14:55:23 +02:00
vakarisz
1d15288b64
Agent, Island: remove/rename system info collection infrastructure
...
System info collectors got replaced with credential collectors. Infrastructure in the code needs to be renamed accordingly
2022-03-01 14:54:20 +02:00
Mike Salvatore
9e8d1d2539
Merge pull request #1749 from guardicore/1695-reporting-credentials
...
1695 reporting credentials
2022-03-01 07:27:21 -05:00
vakarisz
52c0413797
Island, UT: remove credential processing from exploit telemetry
...
Credentials should be sent via credential telemetry, not exploit telemetry. This will remove the need to maintain duplicate code of credential extraction
2022-03-01 11:31:47 +02:00
Mike Salvatore
c93835245c
Agent: Use IAgentRepository in SSHExploiter
2022-02-28 19:26:33 -05:00
Mike Salvatore
cc9cfc5e3b
Agent: Inject IAgentRepository into exploiters
2022-02-28 19:08:25 -05:00
Mike Salvatore
c888c84e64
Agent: Add CachingAgentRepository
2022-02-28 19:08:24 -05:00
Mike Salvatore
50ca81f0fc
Agent: Add IAgentRepository
2022-02-28 19:07:50 -05:00
Mike Salvatore
0df165e140
Island: Refactor monkey download to take OS and return agent file
2022-02-28 14:55:20 -05:00
Mike Salvatore
c075fed2da
BB: Remove 'PingScanner' from fingerprinters in config templates
2022-02-28 13:18:07 -05:00
Mike Salvatore
a3de04d9c0
Agent: Remove agent download optimization from get_target_monkey()
...
This optimization was not functioning properly. This will be refactored
and optimized in the near future, so it's not worth the effort to debug
this at the present time.
2022-02-28 13:18:07 -05:00
Mike Salvatore
caa6405315
Agent: Change agent permissions to 700 in SSH exploiter
...
Changing the permissions to 777 introduces a security risk into the
target host. A malicious attacker with local access can potentially
modify the binary, resulting in code execution and privilege escalation
when the attacking agent launches the agent on the victim.
Issue #1750
2022-02-28 13:18:07 -05:00
Mike Salvatore
eea07461c5
Agent: Remove attempt to get architecture from target in ssh exploiter
...
Since Infection Monkey only supports the x86_64 architecture,there's
little use in collecting the architecture from the destination.
2022-02-28 13:18:07 -05:00
vakarisz
4f58a69c54
UT: added slow marks and changed some names, related to credential tests
2022-02-28 16:59:15 +02:00
vakarisz
748178a00c
Island: small style improvements in stolen_credentials.py
2022-02-28 16:57:35 +02:00
Mike Salvatore
54715df43d
Merge pull request #1748 from guardicore/1675-remove-32bit-from-hadoop
...
Remove 32-bit references from Hadoop
2022-02-28 09:52:21 -05:00
Mike Salvatore
d970271016
Agent: Fix get_target_monkey() bug when running from source
2022-02-28 08:29:04 -05:00
Mike Salvatore
01a21f744f
Agent: Remove disused VictimHost.monkey_exe
2022-02-28 07:56:31 -05:00
Mike Salvatore
a53ff7d0d9
Agent: Fix broken logic in get_target_monkey() download optimization
2022-02-28 07:56:31 -05:00
vakarisz
40820a5ba5
Island: refactor report generation to take credentials from model
...
Reporting used to fetch credentials from telemetries, but they are no longer stored. Instead, credentials are being fetched from stolen_credentials collection
2022-02-28 12:30:26 +02:00
Shreya Malviya
ec9d3822a6
Island: Remove logic to download 32-bit monkeys
2022-02-26 12:55:09 +05:30