Commit Graph

6053 Commits

Author SHA1 Message Date
Mike Salvatore 96dee616df Agent: Remove unused loggers 2021-08-31 09:57:19 -04:00
VakarisZ d2e5828c3b Replace "LOG" naming convention with "logger" naming convention. 2021-08-31 09:51:34 -04:00
Mike Salvatore 51b5fc601a
Merge pull request #1437 from guardicore/fix-swimm-unit-pba
Add Swimm unit for adding a PBA
2021-08-31 09:44:38 -04:00
Shreya Malviya d118cdf3f5 travis: Update Swimm version 2021-08-31 12:49:57 +05:30
Shreya Malviya cae1206fbd swimm: Update exercise Add a new Post Breach Action (PBA) afMu3y3ny5lnrYFWl3EI 2021-08-31 12:34:40 +05:30
Shreya Malviya fc49ad341b swimm: Create exercise Add a new Post Breach Action (PBA) 2021-08-31 12:34:28 +05:30
Mike Salvatore d22c7813a5 BB: Switch the scanning order in tunneling tests
Because the SMB exploiter deploys the 32-bit agent, which will then
upgrade itself to 64-bit, it takes a long time between when exploitation
is successful and the agent calls home. By switching the order that
hosts are scanned in, this test runs approximately 25 seconds quicker
and allows us to reduce the `keep_tunnel_open_time` setting by 30
seconds.
2021-08-30 13:28:25 -04:00
Mike Salvatore 9c352c1b1f Agent: Reformat long line in CommunicateAsBackdoorUser 2021-08-30 10:08:46 -04:00
VakarisZ 0635169362
Remove unused and broken package gathering feature on windows. (#1431)
Agent: Remove unused and broken package gathering feature on windows.
2021-08-30 09:56:34 -04:00
Mike Salvatore 00ccc3755d Move changelog entries from PR #1433 from v1.11.0 to unreleased 2021-08-30 09:46:24 -04:00
Mike Salvatore 09f14687d3 Fixed minor typos in CHANGELOG.md 2021-08-30 09:44:20 -04:00
Mike Salvatore 318e71bcb4
Merge pull request #1433 from guardicore/1410/remove-backdoor-pba
Remove Backdoor user PBA
2021-08-30 09:43:13 -04:00
Mike Salvatore 1bf3013fc2 Update changelog for PR #1433 2021-08-30 09:41:18 -04:00
Ilija Lazoroski 7aa230e9d0 UT: Renamed Communicate as new user 2021-08-30 14:22:23 +02:00
Ilija Lazoroski 10697934d6 Rename Communicate as new user to Communicate as backdoor user 2021-08-30 14:01:40 +02:00
Mike Salvatore 805ef70db1
Merge pull request #1425 from guardicore/powershell_exploiter
PowerShell Remoting exploiter refactor
2021-08-30 07:54:29 -04:00
Ilija Lazoroski 7e293ac16d Remove Backdoor user PBA 2021-08-30 13:46:07 +02:00
Mike Salvatore 02bd3efd2d
Merge pull request #1434 from guardicore/pba-use-random-pwd
Use random password for CommunicateAsNewUser PBA
2021-08-30 07:17:56 -04:00
Shreya Malviya deb037c617 tests: Add unit tests for communicate as back door user PBA 2021-08-30 16:21:22 +05:30
Shreya Malviya 0f2f39f0a0 CHANGELOG: Update with entry for random password for CommunicateAsNewUser PBA 2021-08-30 16:21:22 +05:30
Shreya Malviya f727e75697 agent: Use random password for CommunicateAsNewUser PBA 2021-08-30 16:21:22 +05:30
Shreya Malviya 54f80df1f4 bb: Remove extra line from end of file 2021-08-30 15:12:35 +05:30
Mike Salvatore 98fcfde389
Merge pull request #1426 from guardicore/1246/config-template-bb-test
Add PowerShell config and bb test
2021-08-26 09:19:03 -04:00
Shreya Malviya 57109c11a9 cc: Change 'powershell' -> 'PowerShell' in issue overview in security report 2021-08-26 17:06:19 +05:30
Ilija Lazoroski 9a96e6ed39 Zoo: Refactor start and stop gcp machine functions 2021-08-26 10:35:22 +02:00
Mike Salvatore a80cd676b4 Common: Remove unused CredentialsError 2021-08-25 15:37:17 -04:00
Mike Salvatore c875aa349f Tests: Change test order/names in powershell_utils/test_utils.py 2021-08-25 15:33:46 -04:00
Mike Salvatore 8aedc2c391 Agent: Add pyinstaller hooks for pypsrp 2021-08-25 14:44:31 -04:00
Mike Salvatore 176828d458 Agent: Log exception if PowerShellExploiter fails to copy agent 2021-08-25 14:18:43 -04:00
Mike Salvatore 86d7879c31 Agent: Remove leading space from RUN_MONKEY string template 2021-08-25 13:33:03 -04:00
Mike Salvatore e70d1c714b Agent: Remove context manager from _authenticate()
Since the PowerShellExploiter's _authenticate() method returns the
client object, it doesn't make sense for it to be constructed in a
context manager.
2021-08-25 13:30:30 -04:00
Mike Salvatore b871398682 Agent: Add useful logging to powershell exploiter 2021-08-25 13:30:30 -04:00
Shreya Malviya 876cdbeffa island: Check if credential in exploit telemetry is `None` before processing it 2021-08-25 19:31:36 +05:30
Ilija Lazoroski e6ca0fd3b6 Zoo: Parallelize start and stop of gcp machines 2021-08-25 10:07:41 +02:00
Mike Salvatore 1da79f78bf Agent: Use format strings in powershell exploiter log statements 2021-08-24 15:32:51 -04:00
unknown f046e9d7a7 Agent: Add pypsrp to PipFile 2021-08-24 15:11:15 -04:00
Mike Salvatore af57272e36 Island: Update python dependencies (Flask-JWT-Extended 3.24.1 -> 4.*)
Resolves #1048
2021-08-24 14:35:50 -04:00
Mike Salvatore dd56f3d650 Island: Fix minor formatting error 2021-08-24 13:37:40 -04:00
Mike Salvatore c385177dac Agent: Extract _build_monkey_execution_command() into powershell_utils 2021-08-24 13:14:29 -04:00
Mike Salvatore 58f23f4fc0 Agent: Extract powershell client parameters into powershell_utils 2021-08-24 13:13:37 -04:00
Mike Salvatore 4e7a95316e Agent: Extract _get_credentials() into powershell_utils/utils.py 2021-08-24 12:53:37 -04:00
Mike Salvatore aef8f2e37a Agent: Extract method _build_monkey_execution_command 2021-08-24 12:16:52 -04:00
Mike Salvatore 1928f1b9bc Agent: Remove "credentials" local variable 2021-08-24 12:11:59 -04:00
Mike Salvatore a2bdc69388 Agent: Log and report exploitation attempts from PowerShellExploiter 2021-08-24 12:03:42 -04:00
Mike Salvatore 8209fa55df Agent: Set client parameters if password is "" in PowerShellExploiter 2021-08-24 11:53:48 -04:00
Mike Salvatore fb18c1cbd4 Agent: Only use "None" creds in powershell exploiter if host is Windows 2021-08-24 11:43:17 -04:00
Mike Salvatore 79cc82b159 Agent: Remove duplicated try/except if/else from PowerShellExploiter 2021-08-24 10:35:21 -04:00
Mike Salvatore 66527b1bde Agent: Move Windows architecture constants from web_rce.py -> consts.py 2021-08-24 09:37:05 -04:00
Mike Salvatore f1c247ad93 Agent: Refactored PowerShellExploiter authentication function names 2021-08-24 09:29:02 -04:00
Ilija Lazoroski 5cee9443ff Zoo: Remove GCPHandler class. Powershell-3-47 renamed to
Powershell-3-46. Powershell-45 moved to different zone
2021-08-24 15:11:22 +02:00