Removed infrastructure related to mimikatz binary: deployment scripts and docs updated

This commit is contained in:
VakarisZ 2020-06-05 14:40:58 +03:00
parent 0be709958c
commit c03c70ba28
4 changed files with 1 additions and 47 deletions

View File

@ -29,8 +29,6 @@ $TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32"
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island" $MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey" $MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin" $SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
$MK32_DLL = "mk32.zip"
$MK64_DLL = "mk64.zip"
$TEMP_PYTHON_INSTALLER = ".\python.exe" $TEMP_PYTHON_INSTALLER = ".\python.exe"
$TEMP_MONGODB_ZIP = ".\mongodb.zip" $TEMP_MONGODB_ZIP = ".\mongodb.zip"
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip" $TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
@ -44,6 +42,4 @@ $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2012plu
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip" $OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572" $CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi" $NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip"
$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip"
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip" $UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"

View File

@ -226,20 +226,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
Remove-Item $TEMP_UPX_ZIP Remove-Item $TEMP_UPX_ZIP
} }
# Download mimikatz binaries
$mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL
if (!(Test-Path -Path $mk32_path))
{
"Downloading mimikatz 32 binary"
$webClient.DownloadFile($MK32_DLL_URL, $mk32_path)
}
$mk64_path = Join-Path -Path $binDir -ChildPath $MK64_DLL
if (!(Test-Path -Path $mk64_path))
{
"Downloading mimikatz 64 binary"
$webClient.DownloadFile($MK64_DLL_URL, $mk64_path)
}
# Download sambacry binaries # Download sambacry binaries
$samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR $samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR
$samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME $samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME

View File

@ -8,9 +8,6 @@ __author__ = 'itay.mizeretz'
block_cipher = None block_cipher = None
# Name of zip file in monkey. That's the name of the file in the _MEI folder
MIMIKATZ_ZIP_NAME = 'tmpzipfile123456.zip'
def main(): def main():
a = Analysis(['main.py'], a = Analysis(['main.py'],
@ -66,7 +63,6 @@ def process_datas(orig_datas):
datas = orig_datas datas = orig_datas
if is_windows(): if is_windows():
datas = [i for i in datas if i[0].find('Include') < 0] datas = [i for i in datas if i[0].find('Include') < 0]
datas += [(MIMIKATZ_ZIP_NAME, get_mimikatz_zip_path(), 'BINARY')]
return datas return datas
@ -118,9 +114,4 @@ def get_exe_icon():
return 'monkey.ico' if is_windows() else None return 'monkey.ico' if is_windows() else None
def get_mimikatz_zip_path():
mk_filename = 'mk32.zip' if is_32_bit() else 'mk64.zip'
return os.path.join(get_bin_folder(), mk_filename)
main() # We don't check if __main__ because this isn't the main script. main() # We don't check if __main__ because this isn't the main script.

View File

@ -7,7 +7,6 @@ The monkey is composed of three separate parts.
- The Infection Monkey itself - PyInstaller compressed python archives - The Infection Monkey itself - PyInstaller compressed python archives
- Sambacry binaries - Two linux binaries, 32/64 bit. - Sambacry binaries - Two linux binaries, 32/64 bit.
- Mimikatz binaries - Two windows binaries, 32/64 bit.
- Traceroute binaries - Two linux binaries, 32/64bit. - Traceroute binaries - Two linux binaries, 32/64bit.
## Windows ## Windows
@ -28,7 +27,7 @@ The monkey is composed of three separate parts.
`pip install -r requirements.txt` `pip install -r requirements.txt`
4. Download and extract UPX binary to monkey\infection_monkey\bin\upx.exe: 4. Download and extract UPX binary to monkey\infection_monkey\bin\upx.exe:
<https://github.com/upx/upx/releases/download/v3.94/upx394w.zip> <https://github.com/upx/upx/releases/download/v3.94/upx394w.zip>
5. Build/Download Sambacry and Mimikatz binaries 5. Build/Download Sambacry
- Build/Download according to sections at the end of this readme. - Build/Download according to sections at the end of this readme.
- Place the binaries under monkey\infection_monkey\bin - Place the binaries under monkey\infection_monkey\bin
6. To build the final exe: 6. To build the final exe:
@ -83,24 +82,6 @@ Sambacry requires two standalone binaries to execute remotely.
- 32bit: <https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so> - 32bit: <https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner32.so>
- 64bit: <https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so> - 64bit: <https://github.com/guardicore/monkey/releases/download/1.6/sc_monkey_runner64.so>
### Mimikatz
Mimikatz is required for the Monkey to be able to steal credentials on Windows. It's possible to either compile binaries from source (requires Visual Studio 2013 and up) or download them from our repository.
1. Build Mimikatz yourself
- Building mimikatz requires Visual Studio 2013 and up
- Clone our version of mimikatz from <https://github.com/guardicore/mimikatz/tree/1.1.0>
- Build using Visual Studio.
- Put each version in a zip file
1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll
2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'.
3. The zip file should be named mk32.zip/mk64.zip accordingly.
4. Zipping with 7zip has been tested. Other zipping software may not work.
2. Download our pre-built mimikatz binaries
- Download both 32 and 64 bit zipped DLLs from <https://github.com/guardicore/mimikatz/releases/tag/1.1.0>
- Place them under [code location]\infection_monkey\bin
### Traceroute ### Traceroute
Traceroute requires two standalone binaries to execute remotely. Traceroute requires two standalone binaries to execute remotely.