Commit Graph

7129 Commits

Author SHA1 Message Date
vakarisz 0cd6b1e616 Agent: remove unused upload_monkey() and rename _trigger_exploit 2022-01-06 13:00:37 +02:00
vakarisz 7bace927f8 Agent: fix log4shell to always close ldap and http servers, even on errors 2022-01-06 12:56:04 +02:00
vakarisz 9d5ea0f41f Island: add log4shell issue processing and reporting 2022-01-06 12:26:00 +02:00
vakarisz 0b76b9f949 Agent: fix log4shell to override the correct _exploit_host method 2022-01-06 12:18:58 +02:00
vakarisz 09988b0f80 Agent: report vulnerable port and service in log4shell
Refactor log4shell.py and related service exploiters to adhere to IExploitableService interface and save which service on which port was vulnerable to log4shell
2022-01-05 17:43:28 +02:00
vakarisz 5ac6d12fe9 Agent: fix log4shell exploitation indication 2022-01-05 15:47:45 +02:00
vakarisz c382987430 Project: vulture allow LDAPServerFactory.buildProtocol 2022-01-05 15:18:12 +02:00
vakarisz dd3c5aac6f Agent: small logging improvements in log4shel 2022-01-05 14:21:26 +02:00
vakarisz d2181f6577 Agent, UT: fix ldap builder UT's and some imports in log4shell 2022-01-05 14:16:24 +02:00
Ilija Lazoroski 563438c7f8 Agent, Island: Add Apache Solr support for Log4Shell exploit 2022-01-05 12:37:08 +01:00
vakarisz 8a120110f5 Agent: change ldap and http ports to be chosen dynamically in log4shell 2022-01-05 12:46:40 +02:00
vakarisz 0659fddac6 Agent: add the docker POC exploit to log4shell
Implements the infrastructure needed to add different log4shell exploits and adds the
2022-01-04 17:48:45 +02:00
vakarisz 206abfa5e8 Agent: refactor a couple web_rce methods to static 2022-01-04 17:41:19 +02:00
vakarisz e69639b426 Agent: use separate java classes for windows and linux in log4shell
Linux and windows targets should use different java classes, because one is compiled to be launched in /bin/bash, another in cmd.exe. We can't just inject the whole command, because Runtime.getRuntime().exec() interprets the string in strange ways
2022-01-04 16:09:19 +02:00
vakarisz 1884c6d767 TEMP: base implementation of the log4shell 2021-12-23 16:45:25 +02:00
vakarisz 41b97cb54a TEMP: base implementation of the log4shell 2021-12-22 17:17:02 +02:00
Mike Salvatore fddaa16931 Agent: Improve InvalidExploitTemplateError messages 2021-12-21 15:19:45 -05:00
Mike Salvatore 4d5a2511c6 Agent: Add LDAP server for log4shell exploit 2021-12-21 15:19:44 -05:00
Mike Salvatore 2a795723ab Agent: Add ldaptor to dependencies 2021-12-21 15:12:50 -05:00
Mike Salvatore 68978907e2 Agent: Add build_exploit_bytecode for log4shell exploiter 2021-12-20 15:12:11 -05:00
Mike Salvatore a48c1afefd Agent: Construct concrete puppet in monkey.py 2021-12-20 06:56:47 -05:00
Mike Salvatore e392915b26 Merge branch '1597-integrate-automated-master' into agent-refactor 2021-12-20 06:55:53 -05:00
Mike Salvatore 50930017fb Agent: Use address_to_ip_port() in _running_on_island() 2021-12-17 10:55:58 -05:00
Mike Salvatore 8658b9edb3 Merge branch '1598-implement-run-payload' into agent-refactor 2021-12-17 10:30:46 -05:00
Mike Salvatore b19ce79df6 Agent: Use relative imports within puppet package 2021-12-17 10:25:16 -05:00
Mike Salvatore 7b8b485b57 Agent: Mock out unimplemented functions in Puppet 2021-12-17 10:22:42 -05:00
Mike Salvatore 973c88678e Agent: Move PluginType to the i_plugin package 2021-12-17 10:13:28 -05:00
Ilija Lazoroski afbc313a7c Agent: Handle interrupts in ransomware 2021-12-17 16:10:42 +01:00
Mike Salvatore 05c5764487 Agent: Add i_puppet package 2021-12-17 09:40:46 -05:00
Ilija Lazoroski 61a7647f9b Agent: Add interrupt handling to ransomware 2021-12-17 15:31:20 +01:00
Shreya Malviya 958cf3a252 Agent, UT: Rename 'config' to 'options' in ransomware files 2021-12-17 19:55:26 +05:30
Mike Salvatore 0328d2860e Agent: Add a RansomwarePayload that implements to the IPayload interface 2021-12-17 09:19:47 -05:00
Mike Salvatore 2299c029d7 Agent: Rename RansomwarePayload to Ransomware
A payload adheres to a specific IPayload interface. The class that is
now called RansomwarePayload is just a concrete ransomware. A new
RansomwarePayload will be introduced to wrap the build and execute of
the Ransomware.
2021-12-17 09:16:27 -05:00
Ilija Lazoroski 0a4ff25843 Agent: Implement Puppet.run_payload() 2021-12-17 09:02:12 -05:00
Ilija Lazoroski b798255249 Agent: Add plugin_name attribute to puppet's load_plugin 2021-12-17 09:02:12 -05:00
Shreya Malviya 8e6abcb795 Agent: Add PluginRegistry 2021-12-17 09:02:12 -05:00
Mike Salvatore ee1fa01dda UT: Move ransomware unit tests to payload/ransomware/ 2021-12-17 09:02:12 -05:00
Mike Salvatore 33e3a31030 Agent: Move ransomware/ to payload/ransomware/ 2021-12-17 09:02:04 -05:00
Mike Salvatore 09a1297f47 Agent: User relative imports within ransomware package 2021-12-17 09:00:56 -05:00
Mike Salvatore c18af3c3fb Agent: Change return type of IPuppet.run_payload() to None
At the moment, we don't expect payloads to return any values. This may
be reevaluated as development proceeds or when telemetry is refactored.
2021-12-17 09:00:54 -05:00
vakarisz 89368f729f Agent, Common, UT: Separate IP and Port in monkey
Instead of splitting IP/port on demand, separate the IP and port from monkey commandline parameter and pass them to VictimHostFactory
2021-12-17 15:30:10 +02:00
Mike Salvatore 3adb1d5b07 Agent: Add IPayload interface 2021-12-17 08:12:37 -05:00
Mike Salvatore 19bcaad7f2 Agent: Fix broken logic in get_local_network_interfaces() 2021-12-17 07:08:48 -05:00
Mike Salvatore 9e127b49ae Agent: Get local network interfaces inside _build_master() 2021-12-16 19:17:05 -05:00
Mike Salvatore 637053e6cd Agent: Integrate VictimHostFactory with monkey.py 2021-12-16 15:20:38 -05:00
Mike Salvatore 18fb4e7533 Agent: Add self._default_server to monkey.py 2021-12-16 15:08:43 -05:00
Mike Salvatore b3bc9b2ffa Agent: Refactor build_victim_host() to improve readability 2021-12-16 14:39:54 -05:00
Mike Salvatore b6f2bab15b Agent: Pass str (not None) to VictimHost constructor 2021-12-16 14:39:54 -05:00
Mike Salvatore 7cb1f761d8 Agent: Add type hints to VictimHost constructor 2021-12-16 14:39:54 -05:00
vakarisz 29d3cc2aaf Agent, UT: Implement VictimHostFactory
Implements and unit tests the VictimHostFactory. The factory allows creation of victims based on current network situation of the agent
2021-12-16 14:39:54 -05:00