p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
7,792 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

5071 Commits

Author SHA1 Message Date
Mike Salvatore 06f33e0fa1
Merge pull request #1802 from guardicore/1782-random-agent-filename 
Agent: Add a method that appends random string to filename in path
 2022-03-23 09:41:17 -04:00
vakaris_zilius c2b06f22f0 Agent: Improve path comparison style in test_helpers.py 2022-03-23 13:37:33 +00:00
vakaris_zilius efb0039e34 Agent: Make _add_random_suffix method code more concise 2022-03-23 13:33:26 +00:00
vakaris_zilius 2e6b361a9d Agent: Add a method that appends random string to filename in path 
This method will be used to avoid duplication in destination file paths and will avoid clashes of exploiters writing to same files
 2022-03-23 10:49:25 +00:00
Mike Salvatore 426fc15ec1 Agent: Fix typo interruptable -> interruptible 2022-03-22 08:35:08 -04:00
Ilija Lazoroski 8921ed77ac Agent: Make Hadoop interruptable 2022-03-22 08:23:33 -04:00
Mike Salvatore ed817feaf2 Agent: Make SMBExploiter interruptible 2022-03-22 07:33:00 -04:00
vakaris_zilius 2c7920c95a Agent: Fix ssh timeout for open_sftp by using forked paramiko 2022-03-22 07:09:09 -04:00
VakarisZ 663c1c6471
Merge pull request #1796 from guardicore/1611-interruptable-log4shell 
Agent: Make log4shell interruptable
 2022-03-22 07:14:36 +00:00
vakaris_zilius 3cfa72f731 Agent: Remove unreliable stop check in log4shell 2022-03-22 06:57:33 +00:00
Mike Salvatore f3fddfb4ba
Merge pull request #1789 from guardicore/1611-interruptable-ssh-exploit 
1611 interruptable ssh exploit
 2022-03-21 14:09:00 -04:00
Ilija Lazoroski e3e038bf40 Agent: Add timeouts to SSH exploit 2022-03-21 18:48:53 +01:00
Ilija Lazoroski 9765f64174 Agent: Make SSH interruptable 2022-03-21 17:37:35 +01:00
vakaris_zilius 684e723b09 Agent: Fix timer usage in log4shell 2022-03-21 16:20:48 +00:00
vakaris_zilius 325c4368de Agent: Remove unnecessary interrupts from log4shell 2022-03-21 16:11:59 +00:00
Mike Salvatore 0f77d4ca37 Agent: Use Timer in Log4ShellExploiter 2022-03-21 11:46:55 -04:00
vakaris_zilius 41278c8044 Agent: Make log4shell interruptable 2022-03-21 15:04:24 +00:00
Mike Salvatore b1716e9457
Merge pull request #1791 from guardicore/1611-interruptable-powershell 
1611 Make powershell exploiter interruptable
 2022-03-21 10:27:01 -04:00
Mike Salvatore cda113d291 Agent: Check _signal_handler before resetting on Windows 
We don't need to call win32api.SetConsoleCtrlHandler if _signal_handler
is None (i.e. was never set).
 2022-03-21 10:21:10 -04:00
Mike Salvatore a2ac2658ed Agent: Initialize self._master = None 2022-03-21 10:19:54 -04:00
Mike Salvatore 7a1fcced2f Agent: Extract method _set_interrupted() from is_interrupted() 2022-03-21 09:09:15 -04:00
Mike Salvatore b0f03179c1 Agent: Add `interrupted` boolean to ExploiterResultData 
Setting an interrupted flag on the ExploiterResultData is a more useful
way to present the information to anything that uses it. If decisions
need to be made based on whether or not something was interrupted, a
flag can be checked instead of parsing an error message.
 2022-03-21 09:00:43 -04:00
Mike Salvatore 83b18debc0 Agent: Remove InterruptError and use `if` instead 2022-03-21 09:00:43 -04:00
vakaris_zilius f50f4cf71c Agent: Add interrupt error message to powershell results 2022-03-21 09:00:43 -04:00
vakaris_zilius 02154e38fd Agent: Make powershell exploiter interruptable 2022-03-21 09:00:43 -04:00
Mike Salvatore 61344f9861
Merge pull request #1792 from guardicore/1741-add-smb-to-puppet 
1741 add smb to puppet
 2022-03-21 08:16:24 -04:00
Mike Salvatore 896a9171ac Agent: Add missing 'f' to f-string 2022-03-21 08:14:01 -04:00
Mike Salvatore cadc23d8a5 Agent: Only start/stop tunnel if the agent is able to propagate 
Starting and stopping the tunnel is slow, and only necessary if the
agent plans to propagate. If depth < 1, propagation will not occur, so
there's no point in having a tunnel open. If a `-d` parameter is not
supplied to the agent, the tunnel will be started.
 2022-03-21 08:11:19 -04:00
Mike Salvatore 7e4ec00454 Agent: Add error message to exploit_result when SMB exploiter gives up 2022-03-21 07:21:05 -04:00
Mike Salvatore 9ca8bc1a60 Agent: Remove example.conf 
This file is out of date and an unnecessary maintenance burden.
 2022-03-21 07:16:22 -04:00
Mike Salvatore 89bda5ae87 Agent: Improve logging in SMBExploiter 2022-03-21 07:15:47 -04:00
Mike Salvatore 753f00de65 Agent: Put timestamp before random string in log names 
Putting the timestamp before the random string in the agent and dropper
log names allows them to be sorted by time.
 2022-03-20 20:40:35 -04:00
Mike Salvatore 9b66b98428 Island: Move smb_service into exploit.properties.smb_service 2022-03-20 19:39:39 -04:00
Mike Salvatore 9532aba033 Agent: Improve logging around SCM connection attempts 2022-03-18 13:38:02 -04:00
Mike Salvatore 75dd26b3df Agent: Handle case where SMB service already exists in SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore abb05730b8 Agent: Remove unnecessary __init__() from SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore c3ffd91990 Agent: Load SMBExploiter into the puppet 2022-03-18 13:38:02 -04:00
Mike Salvatore d56a6e23db Agent: Remove disused {try,}get_target_monkey() 2022-03-18 13:38:02 -04:00
Mike Salvatore f3d4f972a0 Agent: Remove disused MonkeyHTTPServer 2022-03-18 13:38:02 -04:00
Mike Salvatore 732568b34f Agent: Remove disused get_monkey_depth() 2022-03-18 13:38:02 -04:00
Mike Salvatore 8eace7c736 Agent: Return ExploitResultData from SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore eddb9d527f Agent: Remove dependency on SMBFingerprinter from SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore df24d4ab6a Agent: Use self.telemetry_messenger in SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore 4a10882bcc Agent: Remove disused methods and attributes from WormConfiguration 2022-03-18 13:38:02 -04:00
Mike Salvatore 32491d5998 Agent: Remove logging of sensitive data from SmbTools 2022-03-18 13:38:02 -04:00
Mike Salvatore 396dd0fca6 Agent: Rename SmbExploiter SMBExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore 6fda2691e5 Agent: Remove dependency on WormConfig from SmbExploiter 2022-03-18 13:38:02 -04:00
Mike Salvatore 415f3e6468 Agent: Remove smb_service_name configuration option 
This option is never changed and can be more easily stored as a
constant.
 2022-03-18 13:38:02 -04:00
Mike Salvatore a247fa954c Agent: Use LONG_REQUEST_TIMEOUT for LOGIN_TIMEOUT in MSSQLExploiter 2022-03-18 10:12:34 -04:00
Mike Salvatore df5a0fe119 Agent: Make MSSQLExploiter interruptible 2022-03-18 08:29:44 -04:00
Mike Salvatore 0ffe023a9f Agent: Add a query timeout to pymssql.connect() 2022-03-18 08:29:44 -04:00
vakarisz bf6d856015 Agent: Remove interrupt check after agent upload in wmiexec.py 2022-03-18 14:27:30 +02:00
vakarisz 13e5c03cf9 Agent: Add interrupt check before/after agent upload in wmiexec.py 2022-03-18 14:14:22 +02:00
vakaris_zilius bd07459dab Agent: Fix typos and comments in WMI and HostExploiter.py 2022-03-18 08:44:35 +00:00
vakaris_zilius b70144f5e1 Agent: Remove remote check for running monkey in WMI exploiter 2022-03-18 08:43:28 +00:00
Mike Salvatore 54bbe8bf2f Agent: Add WMI error message to results if exploit failed 2022-03-17 12:46:08 -04:00
Mike Salvatore 040a23546c Agent: Add a comment about Impacket timeouts 2022-03-17 12:45:37 -04:00
Mike Salvatore a002c96bc6 Agent: Add interrupt to powershell tests 2022-03-17 10:45:56 -04:00
vakaris_zilius 6bdd5ef179 Agent, UI: Improve style with small changes in interrupt code 2022-03-17 10:35:53 -04:00
vakaris_zilius 1d74864092 Island: Fix agent stopping bugs 
2 bugs fixed: UI used miliseconds instead of seconds and island kept stopping monkeys, but it should only stop monkey once to not prevent more runs
 2022-03-17 10:35:53 -04:00
vakaris_zilius 1c79efc941 Agent: Log why exploiter got interrupted when stopped 2022-03-17 10:35:53 -04:00
vakarisz 520e98032a Agent, Island: Rename "alive" to "should_stop" in configuration 
"Alive" indicates state, when in fact we need a value indicating if stop command was sent to this monkey. Monkey alive state is already tracked elsewhere, in the Monkey document
 2022-03-17 10:35:50 -04:00
vakarisz fae25939b5 Agent: Add interrupt to WMI exploiter 2022-03-17 10:33:31 -04:00
vakarisz d1a4018d5f Agent: Pass interrupt event to HostExploiter 2022-03-17 10:33:31 -04:00
Shreya Malviya ed5e686b04 Island: Remove `keepalive` 
Fixes #1783
 2022-03-17 09:34:39 -04:00
Mike Salvatore 87a742186a
Merge pull request #1786 from guardicore/remove-dead-code 
Remove dead code
 2022-03-17 06:54:31 -04:00
Ilija Lazoroski d29990769b Agent: Use current_depth in SSH exploit 2022-03-16 20:14:13 +01:00
Ilija Lazoroski 10bb74e402 Agent: Remove cryptography and pyopenssl from Pipfile 
Fixes #1482
 2022-03-16 15:04:06 -04:00
Mike Salvatore 98fb4132ec Agent: Remove disused config values from WormConfiguration 2022-03-16 13:39:35 -04:00
Mike Salvatore aac8638df2 Agent: Remove disused get_interfaces_ranges() 2022-03-16 13:39:31 -04:00
Mike Salvatore 4cf448ebe1 Agent: Remove disused struct_unpack_tracker*() 2022-03-16 13:39:24 -04:00
Mike Salvatore 916f4a6a46 Agent: Remove disused get_exploit_user_ssh_key_pairs() 2022-03-16 13:39:21 -04:00
Mike Salvatore 7a71a99420 Agent:Remove disused TIMEOUT constant in network/info.py 2022-03-16 13:38:57 -04:00
Mike Salvatore 77e0cae441 Agent: Remove disused methods in WebRCE 2022-03-16 13:38:53 -04:00
Mike Salvatore 7facf302a4 Agent: Rename unused '_' parameter to architecture in get_agent_binary 2022-03-16 13:38:49 -04:00
Mike Salvatore 048817d60a Agent: Remove disused VictimHostGenerator 2022-03-16 13:38:43 -04:00
Mike Salvatore f0fed888cb Common: Remove disused SYSTEM_INFO telemetry category 2022-03-16 13:38:39 -04:00
Mike Salvatore 5a708db5cc Agent: Remove disused methods from ControlClient 2022-03-16 13:38:29 -04:00
Mike Salvatore 5d2303f300 Agent: Remove disused DOWNLOAD_CHUNK 2022-03-16 13:38:25 -04:00
Mike Salvatore 1eb8e07c06 Agent: Remove disused get_target_monkey_by_os() 2022-03-16 13:38:06 -04:00
Mike Salvatore 9976b8b044 Agent: Remove disused RUNS_AGENT_ON_SUCCESS 2022-03-16 13:36:41 -04:00
Mike Salvatore 7a8442b331 Agent: Remove disused ExploitType Enum 2022-03-16 13:36:20 -04:00
Mike Salvatore 2683594983
Merge pull request #1778 from guardicore/1740-add-powershell-to-puppet 
1740 add powershell to puppet
 2022-03-16 13:13:42 -04:00
Mike Salvatore 8ae37a5370 Island: Hide unresponsive hosts from the infection map 
Don't display a host on the infection map if the agent did not either
receive a response to its ICMP packet or detect an open port on the
scan target.
 2022-03-16 13:11:34 -04:00
Mike Salvatore f9936fe65d Agent: Add connect() method to IPowerShellClient 2022-03-16 17:24:22 +01:00
Ilija Lazoroski 55f969b44f Agent: Use random instead of random.SystemRandom 
The calls to random doesn't need to be cryptographically secure.
SystemRandom can block in Linux indefinitely.
 2022-03-16 17:24:10 +01:00
Ilija Lazoroski 1d81072d83 Agent: Remove unsued GET_ARCH_WINDOWS command 2022-03-16 14:20:42 +01:00
Mike Salvatore 48cded4c7c Agent: Make CachingAgentRepository fully thread-safe 2022-03-16 14:20:42 +01:00
Ilija Lazoroski 153d65eca0 Agent: User current_depth instead of get_monkey_depth() in PowerShell 2022-03-16 14:20:42 +01:00
Ilija Lazoroski e8a162ab5b Agent: Fix powershell second hop authentication 
On the second hop powershell is trying to authenticate with
only a dummy username and passsword which is not enough.
We need to provide the local domain for the username,
which case is '.\'
 2022-03-16 14:20:42 +01:00
Ilija Lazoroski 241641ba80 Island: Fix WindowsPath when running monkey from island 2022-03-16 14:20:42 +01:00
Ilija Lazoroski 264fa440c6 Agent: Use random name for monkey temporary bin 2022-03-16 14:20:42 +01:00
Ilija Lazoroski e4d3cc8841 Agent: Use logger variable instead of logging 2022-03-16 14:18:12 +01:00
Ilija Lazoroski d154d26fe9 Agent: Load PowerShellExploiter into the puppet 2022-03-16 14:18:12 +01:00
Mike Salvatore e09f15b1bc Agent: Add a debug log message on successful auth to PowerShellClient 2022-03-16 14:03:32 +01:00
Mike Salvatore 5be0a3d6f9 UT: Use a mock IAgentRepository instead of monkeypatching open() 2022-03-16 14:03:32 +01:00
Mike Salvatore 020dbbf2fe Agent: Set exploitation_success==True if powershell login successful 2022-03-16 14:03:32 +01:00
Mike Salvatore 3b094d0478 Agent: Move test for successful login to PowerShellClient 
The current powershell client does not alert the caller that login was
unsuccessful until an attempt is made to execute a command. This is
likely a detail that is specific to the underlying pypsrp. This detail
should be abstracted away from the PowerShellExploiter so that the
PowerShellExploiter is not dealing with implementation details of the
PowerShellClient.
 2022-03-16 14:03:32 +01:00
Mike Salvatore df572d84c0 Agent: Set self.exploit_result.error_message in PowerShellExploiter 2022-03-16 14:03:32 +01:00
Mike Salvatore f99053f3b4 Agent: Add missing __init__.py to powershell_utils/ 2022-03-16 14:03:32 +01:00
Mike Salvatore 7321eaf2c1 Agent: Improve handling of copy/execute errors in PowerShellExploiter 2022-03-16 14:03:32 +01:00
Shreya Malviya 4f0e690a7f UT: Mock `open()` in PowerShellExploiter tests instead of using `monkeyfs` 2022-03-16 14:03:32 +01:00
Ilija Lazoroski 8d9aa9890b UT: Add arguments and return exploit result data to PowerShell exploit 2022-03-16 14:03:32 +01:00
Ilija Lazoroski d1e29ed66e Agent: Return ExploitResultData in Powershell exploit 2022-03-16 14:03:32 +01:00
Shreya Malviya 7d2f9251e7 Agent: Use agent repository in PowerShell exploiter 
And create a temporary local file for the agent binary so that
pypsrp.Client can copy it to the victim
 2022-03-16 14:03:32 +01:00
Shreya Malviya 399a344619 Agent: Fix function arguments in HTTPTools 2022-03-16 14:03:32 +01:00
Shreya Malviya fbfe229cf1 Agent: Remove Windows arch constants 2022-03-16 14:03:32 +01:00
Shreya Malviya 25f90c84bc UT: Remove arch stuff from PowerShell exploiter tests 2022-03-16 14:03:32 +01:00
Shreya Malviya 7d25bf711a Agent: Remove arch checks from PowerShell exploiter 2022-03-16 14:03:32 +01:00
Shreya Malviya 7155896caa Agent: Remove PowerShell exploiter's dependency on WormConfiguration 2022-03-16 14:03:32 +01:00
Mike Salvatore 62005e6f88 Agent: Store MSSQLExploiter error message in self.exploit_result 2022-03-15 08:41:23 -04:00
vakarisz 43c8528409 Agent: Handle unexpected errors in mssqlexec.py 2022-03-15 14:10:35 +02:00
vakarisz 1f327a1305 Agent: Improve exception handling in mssqlexec.py 2022-03-15 08:51:22 +02:00
vakarisz 66ee3527d2 Agent: Pre-commit hook fixes on MSSQL exploiter infrastructure 2022-03-14 15:40:04 +02:00
vakaris_zilius 29e494cfb1 Island: Fix a ZT multiple findings bug 
A bug happened in zero trust findings: since multiple exploiters run at the same time, they send telemetries at the same time and those telemetries get parsed at the same time. So multiple threads fetch ZT findings at once, finds none and creates duplicate findings. With this bugfix only one thread can fetch for findings at a time. This means that one thread creates the finding and others fetch it and just add events to it
 2022-03-14 13:16:41 +00:00
vakaris_zilius 14953c8cdd Agent: register MSSQL exploiter plugin on the puppet 2022-03-14 12:47:29 +00:00
vakaris_zilius ae8e0b6dbb Agent: Refactor mssqlexec.py to use agent repository 2022-03-14 12:47:29 +00:00
vakarisz 50a8bf8f4a Agent: Refactor mssqlexec.py to fit the new puppet infrastructure 2022-03-14 12:47:29 +00:00
Ilija Lazoroski 4fcb28516d Island: Remove usage of deleted add_credentials_to_node function 2022-03-14 13:29:46 +01:00
Ilija Lazoroski adc1010355 Island: Fix mongo query in telemetry processing 2022-03-14 13:29:46 +01:00
Shreya Malviya 11f48a95be Island: Fix mongo query in report generation for exploits 2022-03-14 13:29:46 +01:00
Mike Salvatore 453dc21074
Merge pull request #1773 from guardicore/1737-add-zerologon-to-puppet 
1737 add zerologon to puppet
 2022-03-11 08:53:12 -05:00
Mike Salvatore 527c43a3f8 Agent: Add leading zero to single digits in worker thread names 2022-03-10 20:37:35 -05:00
Mike Salvatore dd2168e838 Agent: Log exception information on dcom.disconnect() key error 2022-03-10 12:00:27 -05:00
Ilija Lazoroski 302718c4d4 Agent: Change monkey log argument to 'agent' 2022-03-10 16:05:31 +01:00
vakaris_zilius 2c74967d71 UI: fix exploit timeline bug in map page 
Fixes #1769
 2022-03-10 10:04:57 -05:00
Mike Salvatore 45936c2f79 Agent: Remove unnecessary expandvars() in _get_log_path() 2022-03-10 09:07:38 -05:00
Mike Salvatore 2d2338f1f6 Agent: Log the path of the log file to stdout 2022-03-10 09:07:38 -05:00
Mike Salvatore 02accde812 UT: Add tests for get_{agent,dropper}_log_path() 2022-03-10 09:07:36 -05:00
Mike Salvatore 17c3fa02b3 Agent: Return agent/dropper log path as a Path instead of str 2022-03-10 09:07:18 -05:00
Mike Salvatore 96069d3ae6 Agent: Wrap get_log_path() with easier to use functions 2022-03-10 09:06:05 -05:00
Ilija Lazoroski 3c745f697f Agent, UI: Remove internal-logging from config 
The config is called after the log path is set,
so the logging config had no affect on the
log path.
 2022-03-10 11:51:33 +01:00
vakaris_zilius d9ee377945 Agent: fix access denied error handling in wmi_tools.py 2022-03-10 10:18:35 +00:00
Mike Salvatore 27e3cc6b4c Agent: Add @wraps to WmiTools decorators 2022-03-09 15:21:46 -05:00
Mike Salvatore 720768e25d Agent: Add debug logging to decorators in WmiTools 2022-03-09 14:45:49 -05:00
vakaris_zilius 2c8aef6d80 Island: remove unused node states 
Exploited node state is no longer used, returning it in the list caused errors on the ui
 2022-03-09 15:55:38 +00:00
vakaris_zilius a8018a7956 Agent: Add impacket_user decorator to the zerologon 
impacket_user decorator will awoid race conditions with other exploiters using wmi tools
 2022-03-09 15:54:23 +00:00
Ilija Lazoroski 71328ea2b1 Agent, Island: User friendly log name 
* Configurable log directories
* Random component to the log file
* 'infection-monkey-<monkey-arg>-<random-str>-<timestamp>.log'
 2022-03-09 16:49:32 +01:00
Shreya Malviya a3eb0bc6f2 Island: Remove unused `set_node_group()` in NodeService 2022-03-09 10:21:52 -05:00
Shreya Malviya 5e3829aab3 Island: Add field `propagated` to node and rename image files 2022-03-09 10:21:52 -05:00
Shreya Malviya d6fe9c2ef2 Agent: Remove `add_extracted_creds_to_exploiter_options()` from Zerologon exploiter 2022-03-09 10:21:52 -05:00
Mike Salvatore 8bc6086e1a Agent: Correctly set propagation/exploitation status in Zerologon 2022-03-09 10:21:52 -05:00
Mike Salvatore 0d5fcf7fbf Agent: Fix name of self.telemetry_messenger in ZerologonExploiter 2022-03-09 10:21:52 -05:00
Mike Salvatore 118c2abaee Agent: Load ZerologonExploiter into the puppet 2022-03-09 10:21:51 -05:00
vakarisz c322446aee Agent: use exploit_results in zerologon 2022-03-09 10:20:45 -05:00
vakarisz 325e58cea2 Agent: explicitly specify some timeouts in zerologon exploiter 2022-03-09 10:20:45 -05:00
Shreya Malviya 5ec05d5617 UT: Fix Zerologon UTs 2022-03-09 10:20:45 -05:00
Shreya Malviya a927879334 Agent: Remove `host` from Zerologon exploiter's constructor 2022-03-09 10:20:45 -05:00
Shreya Malviya 040227286a Agent: Send extracted creds as CredentialTelemetry from Zerologon exploiter 2022-03-09 10:20:45 -05:00
Shreya Malviya aee3566a0c Agent: Remove WormConfiguration references in Zerologon exploiter 2022-03-09 10:20:45 -05:00