p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
7,589 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

7589 Commits

Author SHA1 Message Date
Ilija Lazoroski d29990769b Agent: Use current_depth in SSH exploit 2022-03-16 20:14:13 +01:00
Ilija Lazoroski 10bb74e402 Agent: Remove cryptography and pyopenssl from Pipfile 
Fixes #1482
 2022-03-16 15:04:06 -04:00
Mike Salvatore 2683594983
Merge pull request #1778 from guardicore/1740-add-powershell-to-puppet 
1740 add powershell to puppet
 2022-03-16 13:13:42 -04:00
Mike Salvatore 8ae37a5370 Island: Hide unresponsive hosts from the infection map 
Don't display a host on the infection map if the agent did not either
receive a response to its ICMP packet or detect an open port on the
scan target.
 2022-03-16 13:11:34 -04:00
Mike Salvatore f9936fe65d Agent: Add connect() method to IPowerShellClient 2022-03-16 17:24:22 +01:00
Ilija Lazoroski 55f969b44f Agent: Use random instead of random.SystemRandom 
The calls to random doesn't need to be cryptographically secure.
SystemRandom can block in Linux indefinitely.
 2022-03-16 17:24:10 +01:00
Ilija Lazoroski 747365818f BB: Update documentation for PowerShell machines 2022-03-16 14:20:42 +01:00
Ilija Lazoroski 1d81072d83 Agent: Remove unsued GET_ARCH_WINDOWS command 2022-03-16 14:20:42 +01:00
Mike Salvatore 48cded4c7c Agent: Make CachingAgentRepository fully thread-safe 2022-03-16 14:20:42 +01:00
Ilija Lazoroski 153d65eca0 Agent: User current_depth instead of get_monkey_depth() in PowerShell 2022-03-16 14:20:42 +01:00
Ilija Lazoroski e8a162ab5b Agent: Fix powershell second hop authentication 
On the second hop powershell is trying to authenticate with
only a dummy username and passsword which is not enough.
We need to provide the local domain for the username,
which case is '.\'
 2022-03-16 14:20:42 +01:00
Ilija Lazoroski 241641ba80 Island: Fix WindowsPath when running monkey from island 2022-03-16 14:20:42 +01:00
Ilija Lazoroski 264fa440c6 Agent: Use random name for monkey temporary bin 2022-03-16 14:20:42 +01:00
Ilija Lazoroski e4d3cc8841 Agent: Use logger variable instead of logging 2022-03-16 14:18:12 +01:00
Ilija Lazoroski d154d26fe9 Agent: Load PowerShellExploiter into the puppet 2022-03-16 14:18:12 +01:00
Mike Salvatore e09f15b1bc Agent: Add a debug log message on successful auth to PowerShellClient 2022-03-16 14:03:32 +01:00
Mike Salvatore 5be0a3d6f9 UT: Use a mock IAgentRepository instead of monkeypatching open() 2022-03-16 14:03:32 +01:00
Mike Salvatore 020dbbf2fe Agent: Set exploitation_success==True if powershell login successful 2022-03-16 14:03:32 +01:00
Mike Salvatore 3b094d0478 Agent: Move test for successful login to PowerShellClient 
The current powershell client does not alert the caller that login was
unsuccessful until an attempt is made to execute a command. This is
likely a detail that is specific to the underlying pypsrp. This detail
should be abstracted away from the PowerShellExploiter so that the
PowerShellExploiter is not dealing with implementation details of the
PowerShellClient.
 2022-03-16 14:03:32 +01:00
Mike Salvatore df572d84c0 Agent: Set self.exploit_result.error_message in PowerShellExploiter 2022-03-16 14:03:32 +01:00
Mike Salvatore f99053f3b4 Agent: Add missing __init__.py to powershell_utils/ 2022-03-16 14:03:32 +01:00
Mike Salvatore 7321eaf2c1 Agent: Improve handling of copy/execute errors in PowerShellExploiter 2022-03-16 14:03:32 +01:00
Shreya Malviya 4f0e690a7f UT: Mock `open()` in PowerShellExploiter tests instead of using `monkeyfs` 2022-03-16 14:03:32 +01:00
Ilija Lazoroski 8d9aa9890b UT: Add arguments and return exploit result data to PowerShell exploit 2022-03-16 14:03:32 +01:00
Ilija Lazoroski d1e29ed66e Agent: Return ExploitResultData in Powershell exploit 2022-03-16 14:03:32 +01:00
Shreya Malviya 7d2f9251e7 Agent: Use agent repository in PowerShell exploiter 
And create a temporary local file for the agent binary so that
pypsrp.Client can copy it to the victim
 2022-03-16 14:03:32 +01:00
Shreya Malviya 399a344619 Agent: Fix function arguments in HTTPTools 2022-03-16 14:03:32 +01:00
Shreya Malviya fbfe229cf1 Agent: Remove Windows arch constants 2022-03-16 14:03:32 +01:00
Shreya Malviya 25f90c84bc UT: Remove arch stuff from PowerShell exploiter tests 2022-03-16 14:03:32 +01:00
Shreya Malviya 7d25bf711a Agent: Remove arch checks from PowerShell exploiter 2022-03-16 14:03:32 +01:00
Shreya Malviya 7155896caa Agent: Remove PowerShell exploiter's dependency on WormConfiguration 2022-03-16 14:03:32 +01:00
VakarisZ 87cbb07da0
Merge pull request #1779 from guardicore/1738-add-mssql-to-puppet 
1738 add mssql to puppet
 2022-03-15 16:21:36 +02:00
Mike Salvatore 62005e6f88 Agent: Store MSSQLExploiter error message in self.exploit_result 2022-03-15 08:41:23 -04:00
vakarisz 43c8528409 Agent: Handle unexpected errors in mssqlexec.py 2022-03-15 14:10:35 +02:00
vakarisz 1f327a1305 Agent: Improve exception handling in mssqlexec.py 2022-03-15 08:51:22 +02:00
vakarisz 66ee3527d2 Agent: Pre-commit hook fixes on MSSQL exploiter infrastructure 2022-03-14 15:40:04 +02:00
vakaris_zilius 29e494cfb1 Island: Fix a ZT multiple findings bug 
A bug happened in zero trust findings: since multiple exploiters run at the same time, they send telemetries at the same time and those telemetries get parsed at the same time. So multiple threads fetch ZT findings at once, finds none and creates duplicate findings. With this bugfix only one thread can fetch for findings at a time. This means that one thread creates the finding and others fetch it and just add events to it
 2022-03-14 13:16:41 +00:00
vakaris_zilius 14953c8cdd Agent: register MSSQL exploiter plugin on the puppet 2022-03-14 12:47:29 +00:00
vakaris_zilius ae8e0b6dbb Agent: Refactor mssqlexec.py to use agent repository 2022-03-14 12:47:29 +00:00
vakarisz 50a8bf8f4a Agent: Refactor mssqlexec.py to fit the new puppet infrastructure 2022-03-14 12:47:29 +00:00
Ilija Lazoroski 4fcb28516d Island: Remove usage of deleted add_credentials_to_node function 2022-03-14 13:29:46 +01:00
Ilija Lazoroski adc1010355 Island: Fix mongo query in telemetry processing 2022-03-14 13:29:46 +01:00
Shreya Malviya 11f48a95be Island: Fix mongo query in report generation for exploits 2022-03-14 13:29:46 +01:00
Mike Salvatore 453dc21074
Merge pull request #1773 from guardicore/1737-add-zerologon-to-puppet 
1737 add zerologon to puppet
 2022-03-11 08:53:12 -05:00
Mike Salvatore 527c43a3f8 Agent: Add leading zero to single digits in worker thread names 2022-03-10 20:37:35 -05:00
Mike Salvatore dd2168e838 Agent: Log exception information on dcom.disconnect() key error 2022-03-10 12:00:27 -05:00
Ilija Lazoroski 302718c4d4 Agent: Change monkey log argument to 'agent' 2022-03-10 16:05:31 +01:00
vakaris_zilius 2c74967d71 UI: fix exploit timeline bug in map page 
Fixes #1769
 2022-03-10 10:04:57 -05:00
Mike Salvatore f279cc5e99
Merge pull request #1767 from guardicore/1761-rename-log-files 
1761 rename log files
 2022-03-10 09:27:39 -05:00
Mike Salvatore 452252c5c9 Docs: Update information about agent log storage locations 2022-03-10 09:25:03 -05:00