Commit Graph

8875 Commits

Author SHA1 Message Date
Mike Salvatore 5db04c3580 Island: Register the data directory as a convention 2022-06-16 09:26:04 -04:00
Mike Salvatore c53864cdd7 Common: Add release_convention() 2022-06-16 09:26:04 -04:00
Mike Salvatore 8fb97fc8c0 Common: Remove posessive from release()'s docstring 2022-06-16 09:26:04 -04:00
Mike Salvatore c3789c4766 Common: Document dependency resolution precedence 2022-06-16 09:26:04 -04:00
Mike Salvatore ab94ddeb88 Commmon: Add register_convention() 2022-06-16 09:26:02 -04:00
vakarisz 2fa7606c23 Changelog: Add entry for added island IP's endpoint 2022-06-16 16:19:19 +03:00
vakarisz c92f6eafe3 Changelog: Add entry for changed config structure 2022-06-16 16:18:25 +03:00
vakarisz 0082cd2193 Island: Style improvements in ip_addresses.py 2022-06-16 15:46:08 +03:00
vakarisz 5fbe01a32e Island: Display tunneling ports in T1065
Non standard ports attack technique should include ports agent used for tunneling
2022-06-16 12:11:55 +03:00
Mike Salvatore 6345780182 Common: Add UnregisteredConventionError 2022-06-15 21:02:04 -04:00
Ilija Lazoroski 136747b1c8 Island: Use tunnel or island port in T1065
* adds get_tunnel_info in monkey model
2022-06-15 17:45:07 +03:00
Ilija Lazoroski ed3c369eef Island: Rename local-ips resource to ip-addresses 2022-06-15 17:45:07 +03:00
Ilija Lazoroski 8ae6bb8c73 UI: Remove testing from InternalConfig
* leftover from renaming credential_classes
2022-06-15 17:45:07 +03:00
Ilija Lazoroski 7b415be883 UT: Fix island config tests 2022-06-15 17:45:07 +03:00
Ilija Lazoroski 8af665c0a8 UI: Use local_ips endpoint to get command_servers 2022-06-15 17:45:07 +03:00
Ilija Lazoroski d76fad9e17 Island: Remove current_server and command_servers from config
* It removes whole island_server section from internal config
2022-06-15 17:45:07 +03:00
Ilija Lazoroski 9444f1a9d7 Island: Add local_ips resource 2022-06-15 17:45:07 +03:00
Mike Salvatore ac172dc81f
Merge pull request #2024 from guardicore/2019-mssql-batch-cleanup
Remove temporary "payload" file in MSSQL exploiter
2022-06-15 10:25:38 -04:00
Mike Salvatore 353594f505
Merge pull request #2021 from guardicore/mssql-method-improvements
MSSQL method improvements
2022-06-15 10:25:10 -04:00
Mike Salvatore 4e71f4b6e4 Agent: Improve MSSQL command logging 2022-06-15 08:45:56 -04:00
Mike Salvatore 95acfc36ad Agent: Remove MSSQL temporary file and directory
This temporary file was only needed when commands were subject to 128
character limit. Writing commands to a batch file and executing it was a
way to run larger commands. Now that we know single quotes circumvent
this limit, the temporary file and directory are no longer necessary.
2022-06-15 08:37:54 -04:00
Mike Salvatore f9b3d7f5eb Agent: Move agent server methods within MSSQLExploiter 2022-06-15 08:33:18 -04:00
Mike Salvatore c2170ffc4a Agent: Rename run_agent() -> _run_agent() 2022-06-15 08:32:30 -04:00
Mike Salvatore e73c9307bf Agent: Add missing type hints to MSSQLExploiter 2022-06-15 08:16:32 -04:00
Mike Salvatore 7aca587964 Agent: Replace references to "monkey" with "agent" in MSSQLExploiter 2022-06-15 08:16:26 -04:00
Mike Salvatore 79fbd8b600 Agent: Remove stale comment 2022-06-15 08:15:49 -04:00
Mike Salvatore 339619cc56 Agent: Move _brute_force() 2022-06-15 08:15:49 -04:00
Mike Salvatore 04460e1d44 Agent: Encapsulate "monkey server" details in _upload_monkey() 2022-06-15 08:15:49 -04:00
Mike Salvatore 0204ba6343 Agent: Prefix protected methods in MSSQLExploiter with "_" 2022-06-15 08:15:49 -04:00
Mike Salvatore fd0a197b7f
Merge pull request #2020 from guardicore/2018-mangled-mssql-dropper-command
2018 mangled mssql dropper command
2022-06-15 08:15:22 -04:00
Mike Salvatore 62cc401981 Agent: Add a comment about escaping single quotes in SQL 2022-06-15 08:14:29 -04:00
Mike Salvatore ad1928db98
Merge pull request #2016 from guardicore/1996-agent-worm-config-decouple
1996 agent worm config decouple
2022-06-14 20:06:25 -04:00
Mike Salvatore 83a2a911e9 CHANGELOG: Add entry for malfomed MSSQL agent launch commands 2022-06-14 14:49:35 -04:00
Mike Salvatore 8d9a2c536f Agent: Reorder methods in MSSQLExploiter 2022-06-14 14:22:43 -04:00
Mike Salvatore 819262ef73 Agent: Remove disused "Payload" classes 2022-06-14 14:22:43 -04:00
Mike Salvatore a54eca96ba Agent: Remove disused MSSQLLimitedSizePayload 2022-06-14 14:22:43 -04:00
Mike Salvatore 0e2a63b6ac Agent: Remove disused run_mssql_commands() 2022-06-14 14:22:43 -04:00
Mike Salvatore ff83f41b4a Agent: Remove disused run_mssql_command() 2022-06-14 14:22:43 -04:00
Mike Salvatore 522e62ad14 Agent: Refactor MSSQL create directory commands
Use _run_mssql_command() and remove the dependency on
MSSQLLimitedSizePayload.
2022-06-14 14:22:43 -04:00
Mike Salvatore 7b356cf893 Agent: Refactor MSSQL run payload file commands
Use _run_mssql_command() and remove the dependency on
MSSQLLimitedSizePayload.
2022-06-14 14:22:43 -04:00
Mike Salvatore f349e1a334 Agent: Refactor MSSQL run agent commands
Remove the dependency on the MSSQLLimitedSizePayload and use simple
methods like "_write_command_to_batch_file()".
2022-06-14 14:22:43 -04:00
Mike Salvatore b2aa8333c3 Agent: Refactor MSSQL cleanup commands
* Simplify!
    * Remove the dependency on MSSQLLimitedSizePayload.
    * Use f-strings
2022-06-14 14:22:43 -04:00
Mike Salvatore 257c6b0b05 Agent: Refactor MSSQL agent download command
The first step in exploitation is to instruct the victim to download the
agent. This commit refactors this code to remove the dependency on the
MSSQLLimitedSizePayload. To do this, it introduces
`_write_command_to_batch_file()` which will be reused by the agent
execution command.
2022-06-14 14:22:43 -04:00
Mike Salvatore 7846a6cac1 Agent: Remove create_empty_payload_file() in MSSQLExploiter
Since the commands are no longer split up into 128 character chunks,
it's simpler to just overwrite an existing file using `>` than to create
an empty file and append to it.
2022-06-14 14:22:43 -04:00
Mike Salvatore ea980c4594 Agent: Use PureWindowsPath in MSSQLExploiter
When using PurePath, Linux agents use the wrong path separator to build
Windows paths. Windows corrects this, so there's no actual issue, but
it's sloppy. Using PureWindowsPath objects creates the paths with the
correct separators

Before: xp_cmdshell "NUL>%temp%\tmp_monkey_dir/tmp_monkey.bat"
After: xp_cmdshell "NUL>%temp%\tmp_monkey_dir\tmp_monkey.bat"
2022-06-14 14:22:43 -04:00
Mike Salvatore ef63f2699b Agent: Use single quotes to avoid 128 character limit
The logic that splits up commands into 128 character chunks in
MSSQLExploiter is flawed, which results in malformed commands being
written to a batch file on the victim. By using single quotes instead of
double quotes, the 128 character limit is circumvented and there's no
longer any need to break up the commands. See #2018 for more details.

Fixes #2018
2022-06-14 14:22:43 -04:00
Mike Salvatore 6db63d3c69 Agent: Add additional debug logging to MSSQLExploiter 2022-06-14 14:22:43 -04:00
Ilija Lazoroski 5ff617b811 UT: Pass MagicMock instead of instance of ControlClient 2022-06-14 16:53:16 +02:00
vakarisz e6e6587f46 Agent: Fix bugs in control.py
Bugs happened because of incorrect indentation in the recent refactoring attempting to remove worm config dependency
2022-06-14 16:50:26 +03:00
Mike Salvatore f1bc5f4707 Agent: Use f-strings in _connect_to_island() 2022-06-14 08:26:38 -04:00