Merge pull request #1981 from guardicore/1961-docs-agent-propagation

Add page about agent propagation to docs
This commit is contained in:
Mike Salvatore 2022-06-09 13:46:30 -04:00 committed by GitHub
commit 542c4265b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 52 additions and 1 deletions

View File

@ -0,0 +1,18 @@
---
title: "Agent propagation"
date: 2022-06-03T13:17:22+05:30
draft: false
pre: '<i class="fas fa-user-secret"></i> '
weight: 2
tags: ["agent", "propagation", "reference"]
---
## How does the Infection Monkey Agent propagate to a new machine?
The agent propagates using remote code execution vulnerabilities. Once the
agent has achieved remote code execution on the victim, it executes commands
that are similar to the ones described in [manual run
page.](../../usage/running-manually/)
On Windows targets, the agent is copied to `C:\Windows\temp\monkey64.exe`. On
Linux targets, it is copied to `/tmp/monkey`.

View File

@ -1,5 +1,5 @@
---
title: "Running the monkey on AWS EC2 instances"
title: "Running the agent on AWS EC2 instances"
date: 2020-06-28T10:44:05+03:00
draft: false
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."

View File

@ -0,0 +1,33 @@
---
title: "Running Manually"
date: 2022-06-09T14:47:40+03:00
draft: false
weight: 2
pre: "<i class='fas fa-terminal'></i> "
tags: ["usage"]
---
## Generating manual run command
A command to run the agent manually can be generated by the Island Server UI by
going to the "Run Monkey" -> "Manual" page.
### Downloading the agent manually
Agent binaries can be downloaded by sending a `GET` request to
`https://[IP]:5000/api/agent/download/[OS]`, where `[IP]` stands for the IP
address of the Island server and `[OS]` is either `windows` or `linux`.
### Running the agent binary
The agent binary must be started with either the `m0nk3y` or `dr0pp3r` flag.
The `m0nk3y` flag is the standard way to run the agent.
The `dr0pp3r` flag invokes the agent dropper. The dropper will move the agent
binary to a location provided with the `-l` flag. Then, it will start the agent
with the `m0nk3y` flag as a new process. Finally, the dropper will shut itself
down. This flag is useful if you want to detach the agent from an exploited
service or parent process. It alleviates the need for the parent process to
wait until the agent finishes.