p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
7,564 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

7564 Commits

Author SHA1 Message Date
Mike Salvatore caa6405315 Agent: Change agent permissions to 700 in SSH exploiter 
Changing the permissions to 777 introduces a security risk into the
target host. A malicious attacker with local access can potentially
modify the binary, resulting in code execution and privilege escalation
when the attacking agent launches the agent on the victim.

Issue #1750
 2022-02-28 13:18:07 -05:00
Mike Salvatore eea07461c5 Agent: Remove attempt to get architecture from target in ssh exploiter 
Since Infection Monkey only supports the x86_64 architecture,there's
little use in collecting the architecture from the destination.
 2022-02-28 13:18:07 -05:00
vakarisz 4f58a69c54 UT: added slow marks and changed some names, related to credential tests 2022-02-28 16:59:15 +02:00
vakarisz 748178a00c Island: small style improvements in stolen_credentials.py 2022-02-28 16:57:35 +02:00
Mike Salvatore 54715df43d
Merge pull request #1748 from guardicore/1675-remove-32bit-from-hadoop 
Remove 32-bit references from Hadoop
 2022-02-28 09:52:21 -05:00
Mike Salvatore d970271016 Agent: Fix get_target_monkey() bug when running from source 2022-02-28 08:29:04 -05:00
Mike Salvatore 01a21f744f Agent: Remove disused VictimHost.monkey_exe 2022-02-28 07:56:31 -05:00
Mike Salvatore a53ff7d0d9 Agent: Fix broken logic in get_target_monkey() download optimization 2022-02-28 07:56:31 -05:00
vakarisz 40820a5ba5 Island: refactor report generation to take credentials from model 
Reporting used to fetch credentials from telemetries, but they are no longer stored. Instead, credentials are being fetched from stolen_credentials collection
 2022-02-28 12:30:26 +02:00
Shreya Malviya ec9d3822a6 Island: Remove logic to download 32-bit monkeys 2022-02-26 12:55:09 +05:30
Mike Salvatore dc8bd7008e Deploy: Remove 32-bit agents from Windows deployment script 2022-02-25 14:45:57 -05:00
Shreya Malviya 62263b8fbf Agent: Remove 32-bit references from Hadoop 2022-02-25 23:04:03 +05:30
Shreya Malviya 1bf51cd047 Agent: Fix function call (misspelled) in WebRCE 2022-02-25 22:46:33 +05:30
Ilija Lazoroski 10cfe346b6 Island: Remove 32bit manual run options 2022-02-25 10:44:08 -05:00
vakarisz 02d81771a9 Island: remove remaining references to "creds" property of monkey 2022-02-25 17:13:19 +02:00
vakarisz cf56fcbef2 UT: removed telemetry encryption test 2022-02-25 15:38:36 +02:00
vakarisz 0ecfbff1e4 Island: don't store credential telemetries 
Credential telemetries are not stored on the database to prevent the need to encrypt credentials and query database directly. Instead, credentials are parsed into a document that doesn't contain secrets and is easily queryable
 2022-02-25 15:38:36 +02:00
vakarisz afc98667c4 Island: remove unused "creds" properties from monkey model 2022-02-25 15:38:36 +02:00
Shreya Malviya 069afe677a Docs: Remove 32-bit mentions 2022-02-25 02:28:53 -05:00
Shreya Malviya a3d9904f05 Island: Update README to remove mentions of 32-bit binaries 2022-02-25 02:28:53 -05:00
Shreya Malviya 9f6c25c2b2 Agent: Update README to remove mentions of 32-bit binaries 2022-02-25 02:28:53 -05:00
Mike Salvatore 22ec96c4ee Deploy: Use `npm ci` instead of install/update in Linux deployment 2022-02-24 13:23:58 -05:00
Mike Salvatore c8c1aa7036 Deploy: Remove --single-branch from `git clone` in Linux deployment 2022-02-24 13:23:58 -05:00
Mike Salvatore fb1880dd24 Deploy: Remove 32-bit binaries from Linux deployment script 2022-02-24 13:23:58 -05:00
Mike Salvatore 1ad79b9c96
Merge pull request #1745 from guardicore/1675-remove-32-bit-config-option 
Remove dropper_target_path_win_32 bit config option
 2022-02-24 13:15:18 -05:00
Ilija Lazoroski 8a3a92182e Agent: Fix WebRCE windows target path 2022-02-24 19:04:57 +01:00
Ilija Lazoroski 47306b0d38 UT: Modify tests to suite removal of dropper_target_path_win_32 option 2022-02-24 18:43:25 +01:00
Ilija Lazoroski 6144564760 Island: Remove dropper_target_path_win_32 from config 2022-02-24 18:43:25 +01:00
Ilija Lazoroski 2c76c6de3c Agent: Remove dropper_target_path_win_32 from config 2022-02-24 18:43:16 +01:00
Mike Salvatore 8c304e809d Agent: Remove Windows 32-bit to 64-bit upgrade feature 2022-02-24 10:50:13 -05:00
Mike Salvatore d84e35f637 Build: Remove references to 32-bit agents from Docker and Appimage build 2022-02-24 09:42:40 -05:00
Mike Salvatore e21f643014 Agent: Remove references to 32-bit agents in monkey.spec 2022-02-24 09:42:40 -05:00
Mike Salvatore 0a7637c944
Merge pull request #1744 from guardicore/1732-remove-elasticsearch 
Remove ElasticGroovyExploiter
 2022-02-24 09:05:09 -05:00
Shreya Malviya 7e362283fa Changelog: Add entry for removing the Elastic Search exploiter 2022-02-24 19:14:20 +05:30
Mike Salvatore 85eb3a2c0d
Merge pull request #1743 from guardicore/1605-modify-hadoop 
Modify Hadoop exploiter
 2022-02-24 08:02:01 -05:00
Ilija Lazoroski e8ba34b055 Island: Use exploitation_result in telemetry_feed 2022-02-24 13:33:32 +01:00
Ilija Lazoroski 871b02d514 Agent: Stop Hadoop http_thread regardless the exploit result 2022-02-24 12:21:54 +01:00
Shreya Malviya 7d76d94959 Zoo: Remove Elastic machines from terraform scripts and docs 2022-02-24 15:16:19 +05:30
Shreya Malviya 6c7e630465 BB: Remove ElasticGroovyExploiter references 2022-02-24 15:14:32 +05:30
Shreya Malviya a599edec15 Project: Remove ELASTIC exploiter descriptor enum from Vulture's allowlist 2022-02-24 15:12:00 +05:30
Shreya Malviya 35d39b46c7 UT: Remove ElasticGroovyExploiter references 2022-02-24 15:10:31 +05:30
Shreya Malviya 3ff7daa2d5 UI: Remove ElasticGroovyExploiter reporting 2022-02-24 15:03:57 +05:30
Shreya Malviya b6438edb82 Agent: Remove ElasticGroovyExploiter 2022-02-24 15:01:16 +05:30
Shreya Malviya b1fbf64730 Docs: Remove ElasticSearch exploiter documentation 2022-02-24 15:00:52 +05:30
Shreya Malviya 31e6c09673 Project: Replace ElasticSearch with Zerologon in README.md 2022-02-24 14:49:53 +05:30
Shreya Malviya 4d6869fbf6 Agent: Use `ExploiterWrapper` for loading the Hadoop exploiter 2022-02-24 13:29:53 +05:30
Shreya Malviya eb9adc08c2 Agent: Override `HostExploiter`'s `pre_exploit()` in `WebRCE` 2022-02-24 13:21:15 +05:30
Ilija Lazoroski 87547c4da1 Agent: Use http_ports from exploiter options in WebRCE 2022-02-24 13:21:15 +05:30
Ilija Lazoroski b859b8820f Island: Add HTTP_PORTS to exploiter common options 2022-02-24 13:21:15 +05:30
Ilija Lazoroski 34953f1c88 Agent: Enable Hadoop exploiter to run 2022-02-24 13:21:12 +05:30