vakaris_zilius
c2b06f22f0
Agent: Improve path comparison style in test_helpers.py
2022-03-23 13:37:33 +00:00
vakaris_zilius
efb0039e34
Agent: Make _add_random_suffix method code more concise
2022-03-23 13:33:26 +00:00
vakaris_zilius
2e6b361a9d
Agent: Add a method that appends random string to filename in path
...
This method will be used to avoid duplication in destination file paths and will avoid clashes of exploiters writing to same files
2022-03-23 10:49:25 +00:00
VakarisZ
663c1c6471
Merge pull request #1796 from guardicore/1611-interruptable-log4shell
...
Agent: Make log4shell interruptable
2022-03-22 07:14:36 +00:00
vakaris_zilius
3cfa72f731
Agent: Remove unreliable stop check in log4shell
2022-03-22 06:57:33 +00:00
Mike Salvatore
f3fddfb4ba
Merge pull request #1789 from guardicore/1611-interruptable-ssh-exploit
...
1611 interruptable ssh exploit
2022-03-21 14:09:00 -04:00
Ilija Lazoroski
e3e038bf40
Agent: Add timeouts to SSH exploit
2022-03-21 18:48:53 +01:00
Ilija Lazoroski
9765f64174
Agent: Make SSH interruptable
2022-03-21 17:37:35 +01:00
vakaris_zilius
684e723b09
Agent: Fix timer usage in log4shell
2022-03-21 16:20:48 +00:00
vakaris_zilius
325c4368de
Agent: Remove unnecessary interrupts from log4shell
2022-03-21 16:11:59 +00:00
Mike Salvatore
0f77d4ca37
Agent: Use Timer in Log4ShellExploiter
2022-03-21 11:46:55 -04:00
vakaris_zilius
41278c8044
Agent: Make log4shell interruptable
2022-03-21 15:04:24 +00:00
Mike Salvatore
b1716e9457
Merge pull request #1791 from guardicore/1611-interruptable-powershell
...
1611 Make powershell exploiter interruptable
2022-03-21 10:27:01 -04:00
Mike Salvatore
cda113d291
Agent: Check _signal_handler before resetting on Windows
...
We don't need to call win32api.SetConsoleCtrlHandler if _signal_handler
is None (i.e. was never set).
2022-03-21 10:21:10 -04:00
Mike Salvatore
a2ac2658ed
Agent: Initialize self._master = None
2022-03-21 10:19:54 -04:00
Mike Salvatore
7a1fcced2f
Agent: Extract method _set_interrupted() from is_interrupted()
2022-03-21 09:09:15 -04:00
Mike Salvatore
b0f03179c1
Agent: Add `interrupted` boolean to ExploiterResultData
...
Setting an interrupted flag on the ExploiterResultData is a more useful
way to present the information to anything that uses it. If decisions
need to be made based on whether or not something was interrupted, a
flag can be checked instead of parsing an error message.
2022-03-21 09:00:43 -04:00
Mike Salvatore
83b18debc0
Agent: Remove InterruptError and use `if` instead
2022-03-21 09:00:43 -04:00
vakaris_zilius
f50f4cf71c
Agent: Add interrupt error message to powershell results
2022-03-21 09:00:43 -04:00
vakaris_zilius
02154e38fd
Agent: Make powershell exploiter interruptable
2022-03-21 09:00:43 -04:00
Mike Salvatore
61344f9861
Merge pull request #1792 from guardicore/1741-add-smb-to-puppet
...
1741 add smb to puppet
2022-03-21 08:16:24 -04:00
Mike Salvatore
75ea2c8c3a
Docs: Remove reference to example.conf
2022-03-21 08:15:25 -04:00
Mike Salvatore
896a9171ac
Agent: Add missing 'f' to f-string
2022-03-21 08:14:01 -04:00
Mike Salvatore
cadc23d8a5
Agent: Only start/stop tunnel if the agent is able to propagate
...
Starting and stopping the tunnel is slow, and only necessary if the
agent plans to propagate. If depth < 1, propagation will not occur, so
there's no point in having a tunnel open. If a `-d` parameter is not
supplied to the agent, the tunnel will be started.
2022-03-21 08:11:19 -04:00
Mike Salvatore
7e4ec00454
Agent: Add error message to exploit_result when SMB exploiter gives up
2022-03-21 07:21:05 -04:00
Mike Salvatore
9ca8bc1a60
Agent: Remove example.conf
...
This file is out of date and an unnecessary maintenance burden.
2022-03-21 07:16:22 -04:00
Mike Salvatore
89bda5ae87
Agent: Improve logging in SMBExploiter
2022-03-21 07:15:47 -04:00
VakarisZ
fe7c7d5d9c
Merge pull request #1793 from guardicore/agent-log-timestamp-ordering
...
Agent log timestamp ordering
2022-03-21 07:46:04 +00:00
Mike Salvatore
96c8072c21
Docs: Update agent log naming scheme to put timestamp before random
2022-03-20 20:40:43 -04:00
Mike Salvatore
753f00de65
Agent: Put timestamp before random string in log names
...
Putting the timestamp before the random string in the agent and dropper
log names allows them to be sorted by time.
2022-03-20 20:40:35 -04:00
Mike Salvatore
9b66b98428
Island: Move smb_service into exploit.properties.smb_service
2022-03-20 19:39:39 -04:00
Mike Salvatore
9532aba033
Agent: Improve logging around SCM connection attempts
2022-03-18 13:38:02 -04:00
Mike Salvatore
75dd26b3df
Agent: Handle case where SMB service already exists in SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
abb05730b8
Agent: Remove unnecessary __init__() from SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
c3ffd91990
Agent: Load SMBExploiter into the puppet
2022-03-18 13:38:02 -04:00
Mike Salvatore
d56a6e23db
Agent: Remove disused {try,}get_target_monkey()
2022-03-18 13:38:02 -04:00
Mike Salvatore
f3d4f972a0
Agent: Remove disused MonkeyHTTPServer
2022-03-18 13:38:02 -04:00
Mike Salvatore
732568b34f
Agent: Remove disused get_monkey_depth()
2022-03-18 13:38:02 -04:00
Mike Salvatore
8eace7c736
Agent: Return ExploitResultData from SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
eddb9d527f
Agent: Remove dependency on SMBFingerprinter from SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
df24d4ab6a
Agent: Use self.telemetry_messenger in SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
4a10882bcc
Agent: Remove disused methods and attributes from WormConfiguration
2022-03-18 13:38:02 -04:00
Mike Salvatore
32491d5998
Agent: Remove logging of sensitive data from SmbTools
2022-03-18 13:38:02 -04:00
Mike Salvatore
396dd0fca6
Agent: Rename SmbExploiter SMBExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
6fda2691e5
Agent: Remove dependency on WormConfig from SmbExploiter
2022-03-18 13:38:02 -04:00
Mike Salvatore
415f3e6468
Agent: Remove smb_service_name configuration option
...
This option is never changed and can be more easily stored as a
constant.
2022-03-18 13:38:02 -04:00
VakarisZ
6c1a4faf3a
Merge pull request #1790 from guardicore/1611-interruptible-mssql
...
1611 interruptible mssql
2022-03-18 14:33:13 +00:00
Mike Salvatore
a247fa954c
Agent: Use LONG_REQUEST_TIMEOUT for LOGIN_TIMEOUT in MSSQLExploiter
2022-03-18 10:12:34 -04:00
Mike Salvatore
df5a0fe119
Agent: Make MSSQLExploiter interruptible
2022-03-18 08:29:44 -04:00
Mike Salvatore
0ffe023a9f
Agent: Add a query timeout to pymssql.connect()
2022-03-18 08:29:44 -04:00