Commit Graph

7820 Commits

Author SHA1 Message Date
Mike Salvatore ed817feaf2 Agent: Make SMBExploiter interruptible 2022-03-22 07:33:00 -04:00
vakaris_zilius 2c7920c95a Agent: Fix ssh timeout for open_sftp by using forked paramiko 2022-03-22 07:09:09 -04:00
VakarisZ 663c1c6471
Merge pull request #1796 from guardicore/1611-interruptable-log4shell
Agent: Make log4shell interruptable
2022-03-22 07:14:36 +00:00
vakaris_zilius 3cfa72f731 Agent: Remove unreliable stop check in log4shell 2022-03-22 06:57:33 +00:00
Mike Salvatore f3fddfb4ba
Merge pull request #1789 from guardicore/1611-interruptable-ssh-exploit
1611 interruptable ssh exploit
2022-03-21 14:09:00 -04:00
Ilija Lazoroski e3e038bf40 Agent: Add timeouts to SSH exploit 2022-03-21 18:48:53 +01:00
Ilija Lazoroski 9765f64174 Agent: Make SSH interruptable 2022-03-21 17:37:35 +01:00
vakaris_zilius 684e723b09 Agent: Fix timer usage in log4shell 2022-03-21 16:20:48 +00:00
vakaris_zilius 325c4368de Agent: Remove unnecessary interrupts from log4shell 2022-03-21 16:11:59 +00:00
Mike Salvatore 0f77d4ca37 Agent: Use Timer in Log4ShellExploiter 2022-03-21 11:46:55 -04:00
vakaris_zilius 41278c8044 Agent: Make log4shell interruptable 2022-03-21 15:04:24 +00:00
Mike Salvatore b1716e9457
Merge pull request #1791 from guardicore/1611-interruptable-powershell
1611 Make powershell exploiter interruptable
2022-03-21 10:27:01 -04:00
Mike Salvatore cda113d291 Agent: Check _signal_handler before resetting on Windows
We don't need to call win32api.SetConsoleCtrlHandler if _signal_handler
is None (i.e. was never set).
2022-03-21 10:21:10 -04:00
Mike Salvatore a2ac2658ed Agent: Initialize self._master = None 2022-03-21 10:19:54 -04:00
Mike Salvatore 7a1fcced2f Agent: Extract method _set_interrupted() from is_interrupted() 2022-03-21 09:09:15 -04:00
Mike Salvatore b0f03179c1 Agent: Add `interrupted` boolean to ExploiterResultData
Setting an interrupted flag on the ExploiterResultData is a more useful
way to present the information to anything that uses it. If decisions
need to be made based on whether or not something was interrupted, a
flag can be checked instead of parsing an error message.
2022-03-21 09:00:43 -04:00
Mike Salvatore 83b18debc0 Agent: Remove InterruptError and use `if` instead 2022-03-21 09:00:43 -04:00
vakaris_zilius f50f4cf71c Agent: Add interrupt error message to powershell results 2022-03-21 09:00:43 -04:00
vakaris_zilius 02154e38fd Agent: Make powershell exploiter interruptable 2022-03-21 09:00:43 -04:00
Mike Salvatore 61344f9861
Merge pull request #1792 from guardicore/1741-add-smb-to-puppet
1741 add smb to puppet
2022-03-21 08:16:24 -04:00
Mike Salvatore 75ea2c8c3a Docs: Remove reference to example.conf 2022-03-21 08:15:25 -04:00
Mike Salvatore 896a9171ac Agent: Add missing 'f' to f-string 2022-03-21 08:14:01 -04:00
Mike Salvatore cadc23d8a5 Agent: Only start/stop tunnel if the agent is able to propagate
Starting and stopping the tunnel is slow, and only necessary if the
agent plans to propagate. If depth < 1, propagation will not occur, so
there's no point in having a tunnel open. If a `-d` parameter is not
supplied to the agent, the tunnel will be started.
2022-03-21 08:11:19 -04:00
Mike Salvatore 7e4ec00454 Agent: Add error message to exploit_result when SMB exploiter gives up 2022-03-21 07:21:05 -04:00
Mike Salvatore 9ca8bc1a60 Agent: Remove example.conf
This file is out of date and an unnecessary maintenance burden.
2022-03-21 07:16:22 -04:00
Mike Salvatore 89bda5ae87 Agent: Improve logging in SMBExploiter 2022-03-21 07:15:47 -04:00
VakarisZ fe7c7d5d9c
Merge pull request #1793 from guardicore/agent-log-timestamp-ordering
Agent log timestamp ordering
2022-03-21 07:46:04 +00:00
Mike Salvatore 96c8072c21 Docs: Update agent log naming scheme to put timestamp before random 2022-03-20 20:40:43 -04:00
Mike Salvatore 753f00de65 Agent: Put timestamp before random string in log names
Putting the timestamp before the random string in the agent and dropper
log names allows them to be sorted by time.
2022-03-20 20:40:35 -04:00
Mike Salvatore 9b66b98428 Island: Move smb_service into exploit.properties.smb_service 2022-03-20 19:39:39 -04:00
Mike Salvatore 9532aba033 Agent: Improve logging around SCM connection attempts 2022-03-18 13:38:02 -04:00
Mike Salvatore 75dd26b3df Agent: Handle case where SMB service already exists in SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore abb05730b8 Agent: Remove unnecessary __init__() from SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore c3ffd91990 Agent: Load SMBExploiter into the puppet 2022-03-18 13:38:02 -04:00
Mike Salvatore d56a6e23db Agent: Remove disused {try,}get_target_monkey() 2022-03-18 13:38:02 -04:00
Mike Salvatore f3d4f972a0 Agent: Remove disused MonkeyHTTPServer 2022-03-18 13:38:02 -04:00
Mike Salvatore 732568b34f Agent: Remove disused get_monkey_depth() 2022-03-18 13:38:02 -04:00
Mike Salvatore 8eace7c736 Agent: Return ExploitResultData from SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore eddb9d527f Agent: Remove dependency on SMBFingerprinter from SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore df24d4ab6a Agent: Use self.telemetry_messenger in SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore 4a10882bcc Agent: Remove disused methods and attributes from WormConfiguration 2022-03-18 13:38:02 -04:00
Mike Salvatore 32491d5998 Agent: Remove logging of sensitive data from SmbTools 2022-03-18 13:38:02 -04:00
Mike Salvatore 396dd0fca6 Agent: Rename SmbExploiter SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore 6fda2691e5 Agent: Remove dependency on WormConfig from SmbExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore 415f3e6468 Agent: Remove smb_service_name configuration option
This option is never changed and can be more easily stored as a
constant.
2022-03-18 13:38:02 -04:00
VakarisZ 6c1a4faf3a
Merge pull request #1790 from guardicore/1611-interruptible-mssql
1611 interruptible mssql
2022-03-18 14:33:13 +00:00
Mike Salvatore a247fa954c Agent: Use LONG_REQUEST_TIMEOUT for LOGIN_TIMEOUT in MSSQLExploiter 2022-03-18 10:12:34 -04:00
Mike Salvatore df5a0fe119 Agent: Make MSSQLExploiter interruptible 2022-03-18 08:29:44 -04:00
Mike Salvatore 0ffe023a9f Agent: Add a query timeout to pymssql.connect() 2022-03-18 08:29:44 -04:00
Mike Salvatore 33f2bac275
Merge pull request #1785 from guardicore/1611-interruptable-exploiters
1611 interruptable exploiters
2022-03-18 08:28:52 -04:00