Mike Salvatore
96dee616df
Agent: Remove unused loggers
2021-08-31 09:57:19 -04:00
VakarisZ
d2e5828c3b
Replace "LOG" naming convention with "logger" naming convention.
2021-08-31 09:51:34 -04:00
Mike Salvatore
51b5fc601a
Merge pull request #1437 from guardicore/fix-swimm-unit-pba
...
Add Swimm unit for adding a PBA
2021-08-31 09:44:38 -04:00
Shreya Malviya
d118cdf3f5
travis: Update Swimm version
2021-08-31 12:49:57 +05:30
Shreya Malviya
cae1206fbd
swimm: Update exercise Add a new Post Breach Action (PBA) afMu3y3ny5lnrYFWl3EI
2021-08-31 12:34:40 +05:30
Shreya Malviya
fc49ad341b
swimm: Create exercise Add a new Post Breach Action (PBA)
2021-08-31 12:34:28 +05:30
Mike Salvatore
d22c7813a5
BB: Switch the scanning order in tunneling tests
...
Because the SMB exploiter deploys the 32-bit agent, which will then
upgrade itself to 64-bit, it takes a long time between when exploitation
is successful and the agent calls home. By switching the order that
hosts are scanned in, this test runs approximately 25 seconds quicker
and allows us to reduce the `keep_tunnel_open_time` setting by 30
seconds.
2021-08-30 13:28:25 -04:00
Mike Salvatore
9c352c1b1f
Agent: Reformat long line in CommunicateAsBackdoorUser
2021-08-30 10:08:46 -04:00
VakarisZ
0635169362
Remove unused and broken package gathering feature on windows. ( #1431 )
...
Agent: Remove unused and broken package gathering feature on windows.
2021-08-30 09:56:34 -04:00
Mike Salvatore
00ccc3755d
Move changelog entries from PR #1433 from v1.11.0 to unreleased
2021-08-30 09:46:24 -04:00
Mike Salvatore
09f14687d3
Fixed minor typos in CHANGELOG.md
2021-08-30 09:44:20 -04:00
Mike Salvatore
318e71bcb4
Merge pull request #1433 from guardicore/1410/remove-backdoor-pba
...
Remove Backdoor user PBA
2021-08-30 09:43:13 -04:00
Mike Salvatore
1bf3013fc2
Update changelog for PR #1433
2021-08-30 09:41:18 -04:00
Ilija Lazoroski
7aa230e9d0
UT: Renamed Communicate as new user
2021-08-30 14:22:23 +02:00
Ilija Lazoroski
10697934d6
Rename Communicate as new user to Communicate as backdoor user
2021-08-30 14:01:40 +02:00
Mike Salvatore
805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
...
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
Ilija Lazoroski
7e293ac16d
Remove Backdoor user PBA
2021-08-30 13:46:07 +02:00
Mike Salvatore
02bd3efd2d
Merge pull request #1434 from guardicore/pba-use-random-pwd
...
Use random password for CommunicateAsNewUser PBA
2021-08-30 07:17:56 -04:00
Shreya Malviya
deb037c617
tests: Add unit tests for communicate as back door user PBA
2021-08-30 16:21:22 +05:30
Shreya Malviya
0f2f39f0a0
CHANGELOG: Update with entry for random password for CommunicateAsNewUser PBA
2021-08-30 16:21:22 +05:30
Shreya Malviya
f727e75697
agent: Use random password for CommunicateAsNewUser PBA
2021-08-30 16:21:22 +05:30
Shreya Malviya
54f80df1f4
bb: Remove extra line from end of file
2021-08-30 15:12:35 +05:30
Mike Salvatore
98fcfde389
Merge pull request #1426 from guardicore/1246/config-template-bb-test
...
Add PowerShell config and bb test
2021-08-26 09:19:03 -04:00
Shreya Malviya
57109c11a9
cc: Change 'powershell' -> 'PowerShell' in issue overview in security report
2021-08-26 17:06:19 +05:30
Ilija Lazoroski
9a96e6ed39
Zoo: Refactor start and stop gcp machine functions
2021-08-26 10:35:22 +02:00
Mike Salvatore
a80cd676b4
Common: Remove unused CredentialsError
2021-08-25 15:37:17 -04:00
Mike Salvatore
c875aa349f
Tests: Change test order/names in powershell_utils/test_utils.py
2021-08-25 15:33:46 -04:00
Mike Salvatore
8aedc2c391
Agent: Add pyinstaller hooks for pypsrp
2021-08-25 14:44:31 -04:00
Mike Salvatore
176828d458
Agent: Log exception if PowerShellExploiter fails to copy agent
2021-08-25 14:18:43 -04:00
Mike Salvatore
86d7879c31
Agent: Remove leading space from RUN_MONKEY string template
2021-08-25 13:33:03 -04:00
Mike Salvatore
e70d1c714b
Agent: Remove context manager from _authenticate()
...
Since the PowerShellExploiter's _authenticate() method returns the
client object, it doesn't make sense for it to be constructed in a
context manager.
2021-08-25 13:30:30 -04:00
Mike Salvatore
b871398682
Agent: Add useful logging to powershell exploiter
2021-08-25 13:30:30 -04:00
Shreya Malviya
876cdbeffa
island: Check if credential in exploit telemetry is `None` before processing it
2021-08-25 19:31:36 +05:30
Ilija Lazoroski
e6ca0fd3b6
Zoo: Parallelize start and stop of gcp machines
2021-08-25 10:07:41 +02:00
Mike Salvatore
1da79f78bf
Agent: Use format strings in powershell exploiter log statements
2021-08-24 15:32:51 -04:00
unknown
f046e9d7a7
Agent: Add pypsrp to PipFile
2021-08-24 15:11:15 -04:00
Mike Salvatore
af57272e36
Island: Update python dependencies (Flask-JWT-Extended 3.24.1 -> 4.*)
...
Resolves #1048
2021-08-24 14:35:50 -04:00
Mike Salvatore
dd56f3d650
Island: Fix minor formatting error
2021-08-24 13:37:40 -04:00
Mike Salvatore
c385177dac
Agent: Extract _build_monkey_execution_command() into powershell_utils
2021-08-24 13:14:29 -04:00
Mike Salvatore
58f23f4fc0
Agent: Extract powershell client parameters into powershell_utils
2021-08-24 13:13:37 -04:00
Mike Salvatore
4e7a95316e
Agent: Extract _get_credentials() into powershell_utils/utils.py
2021-08-24 12:53:37 -04:00
Mike Salvatore
aef8f2e37a
Agent: Extract method _build_monkey_execution_command
2021-08-24 12:16:52 -04:00
Mike Salvatore
1928f1b9bc
Agent: Remove "credentials" local variable
2021-08-24 12:11:59 -04:00
Mike Salvatore
a2bdc69388
Agent: Log and report exploitation attempts from PowerShellExploiter
2021-08-24 12:03:42 -04:00
Mike Salvatore
8209fa55df
Agent: Set client parameters if password is "" in PowerShellExploiter
2021-08-24 11:53:48 -04:00
Mike Salvatore
fb18c1cbd4
Agent: Only use "None" creds in powershell exploiter if host is Windows
2021-08-24 11:43:17 -04:00
Mike Salvatore
79cc82b159
Agent: Remove duplicated try/except if/else from PowerShellExploiter
2021-08-24 10:35:21 -04:00
Mike Salvatore
66527b1bde
Agent: Move Windows architecture constants from web_rce.py -> consts.py
2021-08-24 09:37:05 -04:00
Mike Salvatore
f1c247ad93
Agent: Refactored PowerShellExploiter authentication function names
2021-08-24 09:29:02 -04:00
Ilija Lazoroski
5cee9443ff
Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
...
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00