From 4e1bc21e95e9b78f581318dcdec5d7ceb0c03c7f Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Fri, 3 Jun 2022 13:35:16 +0530 Subject: [PATCH 1/4] Docs: Add reference page about agent propagation --- docs/content/reference/agent_propagation.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 docs/content/reference/agent_propagation.md diff --git a/docs/content/reference/agent_propagation.md b/docs/content/reference/agent_propagation.md new file mode 100644 index 000000000..7d1bb8004 --- /dev/null +++ b/docs/content/reference/agent_propagation.md @@ -0,0 +1,15 @@ +--- +title: "Agent propagation" +date: 2022-06-03T13:17:22+05:30 +draft: false +pre: ' ' +weight: 2 +tags: ["agent", "propagation", "reference"] +--- + +## How does the Infection Monkey Agent propagate to a new machine? + +Once an Agent exploits a vulnerable system, it propagates to the machine by copying the appropriate +Agent binary to it. + +On Windows, it is copied to `C:\Windows\temp\monkey64.exe`. On Linux, it is copied to `/tmp/monkey`. From 04aacc2cbabca2b1b59754b52f35c5d3c19f156f Mon Sep 17 00:00:00 2001 From: vakarisz Date: Thu, 9 Jun 2022 15:20:04 +0300 Subject: [PATCH 2/4] Docs: Improve agent propagation and add running manually page --- docs/content/reference/agent_propagation.md | 4 +-- .../integrations/aws-run-on-ec2-machine.md | 2 +- docs/content/usage/running-manually.md | 32 +++++++++++++++++++ 3 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 docs/content/usage/running-manually.md diff --git a/docs/content/reference/agent_propagation.md b/docs/content/reference/agent_propagation.md index 7d1bb8004..e75f320c5 100644 --- a/docs/content/reference/agent_propagation.md +++ b/docs/content/reference/agent_propagation.md @@ -9,7 +9,7 @@ tags: ["agent", "propagation", "reference"] ## How does the Infection Monkey Agent propagate to a new machine? -Once an Agent exploits a vulnerable system, it propagates to the machine by copying the appropriate -Agent binary to it. +Agent mainly propagates using remote code execution vulnerabilities. Once the agent is able to +run commands on the victim it executes commands that are similar to the ones described in [manual run page.](../../usage/running-manually/) On Windows, it is copied to `C:\Windows\temp\monkey64.exe`. On Linux, it is copied to `/tmp/monkey`. diff --git a/docs/content/usage/integrations/aws-run-on-ec2-machine.md b/docs/content/usage/integrations/aws-run-on-ec2-machine.md index 0fb6be6dd..690a3a6c7 100644 --- a/docs/content/usage/integrations/aws-run-on-ec2-machine.md +++ b/docs/content/usage/integrations/aws-run-on-ec2-machine.md @@ -1,5 +1,5 @@ --- -title: "Running the monkey on AWS EC2 instances" +title: "Running the agent on AWS EC2 instances" date: 2020-06-28T10:44:05+03:00 draft: false description: "Use AWS SSM to execute Infection Monkey on your AWS instances." diff --git a/docs/content/usage/running-manually.md b/docs/content/usage/running-manually.md new file mode 100644 index 000000000..4903c789d --- /dev/null +++ b/docs/content/usage/running-manually.md @@ -0,0 +1,32 @@ +--- +title: "Running Manually" +date: 2022-06-09T14:47:40+03:00 +draft: false +weight: 2 +pre: " " +tags: ["usage"] +--- + + +## Generating manual run command + +Manual run command can be generated through the Island Server UI, by going to "Run Monkey" -> "Manual" page. + +### Downloading the agent manually + +As evident by the generated commands, agent binaries can be downloaded +by sending a get request to `https://[IP]:5000/api/agent/download/[OS]`, where +`[IP]` stands for the IP address of the Island server and `[OS]` is either `windows` or `linux`. + +### Running the agent binary + +Agent binary can be started with `m0nk3y` or `dr0pp3r` flags. + +`m0nk3y` flag is the standard way +to run the agent. + +`dr0pp3r` will move the agent binary to a location provided with an `-l` flag. +Then it will start that binary with a `m0nk3y` flag on a new process. Finally, it will stop +the current process and shut down. This flag is useful if you want to start the agent on a separate +process. This flag is used by the agent to execute other agents on exploited machines. +This way, the parent agent doesn't have to wait until the child finishes to continue the execution. From 01bb7dd2b4479d385bb7acbb495f35f65c8b6167 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 9 Jun 2022 13:29:21 -0400 Subject: [PATCH 3/4] Docs: Copyedits to agent_propagation.md --- docs/content/reference/agent_propagation.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/content/reference/agent_propagation.md b/docs/content/reference/agent_propagation.md index e75f320c5..788da6420 100644 --- a/docs/content/reference/agent_propagation.md +++ b/docs/content/reference/agent_propagation.md @@ -9,7 +9,10 @@ tags: ["agent", "propagation", "reference"] ## How does the Infection Monkey Agent propagate to a new machine? -Agent mainly propagates using remote code execution vulnerabilities. Once the agent is able to -run commands on the victim it executes commands that are similar to the ones described in [manual run page.](../../usage/running-manually/) +The agent propagates using remote code execution vulnerabilities. Once the +agent has achieved remote code execution on the victim, it executes commands +that are similar to the ones described in [manual run +page.](../../usage/running-manually/) -On Windows, it is copied to `C:\Windows\temp\monkey64.exe`. On Linux, it is copied to `/tmp/monkey`. +On Windows targets, the agent is copied to `C:\Windows\temp\monkey64.exe`. On +Linux targets, it is copied to `/tmp/monkey`. From f0fbafc01afe5471cbd7a2fec7dbd82bbf7b435a Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 9 Jun 2022 13:37:52 -0400 Subject: [PATCH 4/4] Docs: Copyedits to running-manually.md --- docs/content/usage/running-manually.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/docs/content/usage/running-manually.md b/docs/content/usage/running-manually.md index 4903c789d..dcfcf0b66 100644 --- a/docs/content/usage/running-manually.md +++ b/docs/content/usage/running-manually.md @@ -10,23 +10,24 @@ tags: ["usage"] ## Generating manual run command -Manual run command can be generated through the Island Server UI, by going to "Run Monkey" -> "Manual" page. +A command to run the agent manually can be generated by the Island Server UI by +going to the "Run Monkey" -> "Manual" page. ### Downloading the agent manually -As evident by the generated commands, agent binaries can be downloaded -by sending a get request to `https://[IP]:5000/api/agent/download/[OS]`, where -`[IP]` stands for the IP address of the Island server and `[OS]` is either `windows` or `linux`. +Agent binaries can be downloaded by sending a `GET` request to +`https://[IP]:5000/api/agent/download/[OS]`, where `[IP]` stands for the IP +address of the Island server and `[OS]` is either `windows` or `linux`. ### Running the agent binary -Agent binary can be started with `m0nk3y` or `dr0pp3r` flags. +The agent binary must be started with either the `m0nk3y` or `dr0pp3r` flag. -`m0nk3y` flag is the standard way -to run the agent. +The `m0nk3y` flag is the standard way to run the agent. -`dr0pp3r` will move the agent binary to a location provided with an `-l` flag. -Then it will start that binary with a `m0nk3y` flag on a new process. Finally, it will stop -the current process and shut down. This flag is useful if you want to start the agent on a separate -process. This flag is used by the agent to execute other agents on exploited machines. -This way, the parent agent doesn't have to wait until the child finishes to continue the execution. +The `dr0pp3r` flag invokes the agent dropper. The dropper will move the agent +binary to a location provided with the `-l` flag. Then, it will start the agent +with the `m0nk3y` flag as a new process. Finally, the dropper will shut itself +down. This flag is useful if you want to detach the agent from an exploited +service or parent process. It alleviates the need for the parent process to +wait until the agent finishes.