Skip to content

T1086 powershell #344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 44 commits into from
Jul 7, 2019
Merged

T1086 powershell #344

merged 44 commits into from
Jul 7, 2019

Conversation

VakarisZ
Copy link
Contributor

Feature

Powershell attack technique gets reported.
image

VakarisZ added 21 commits June 5, 2019 13:37
@VakarisZ
Merge branch 'brute_force_report' into attack_pass_the_hash
7c67ee4
@VakarisZ
Merge branch 'brute_force_report' into attack_pass_the_hash
ed23fd3
@VakarisZ
PTH implementation finished, helper methods added
c4d5aed
@VakarisZ
Merge branch 'brute_force_report' into attack_pass_the_hash
75d52a7
@VakarisZ
T1003 credential dumping implemented
350c7d9
@VakarisZ
Table not shown if no hashes were used.
af63e93
@VakarisZ
Merge branch 'attack_pass_the_hash' into attack_credential_dumping
7e059cb
@VakarisZ
Table not shown if no passwords were stolen
c99ceff
@VakarisZ
CLI implementation started
9b08e60
@VakarisZ
command line implementation finished
908c531
@VakarisZ
Changed cmds from array to dict
6636cd2
@VakarisZ
Added header to used commands table.
6ca33ff
@VakarisZ
Powershell started
dbf469f
@VakarisZ
web_rce bugfix
9cc526c
@VakarisZ
Merge branch 'attack_comand_line_interface' into attack_powershell
5fe468f
@VakarisZ
Powershell implementation started
71edd48
@VakarisZ
technique added to report UI
911c2e8
@VakarisZ
Merge remote-tracking branch 'upstream/develop' into attack_pass_the_…
881911e 
…hash
@VakarisZ
Merge remote-tracking branch 'upstream/develop' into attack_pass_the_…
676eca6 
…hash
@VakarisZ
Refactored AttackTechnique methods to use @classmethod and minor impr…
8505ad0 
…ovenets in UI
@VakarisZ
Merge remote-tracking branch 'upstream/develop' into attack_pass_the_…
9367e64 
…hash

# Conflicts:
#	monkey/monkey_island/cc/services/attack/attack_report.py
#	monkey/monkey_island/cc/services/attack/technique_reports/T1197.py
#	monkey/monkey_island/cc/services/attack/technique_reports/__init__.py
itaymmguardicore
itaymmguardicore suggested changes Jun 18, 2019
View reviewed changes
monkey/infection_monkey/exploit/weblogic.py Outdated
# How long should be wait after each request in seconds
REQUEST_DELAY = 0.0001
# How long should we wait after each request in seconds
REQUEST_DELAY = 0.1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any good reason to change this? And specifically in this branch?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. Needed this bugfix to test and forgot to revert. Bugfix will be included in new weblogic exploiter.

@VakarisZ
Merge branch 'attack_comand_line_interface' into attack_powershell
17d08c7 
# Conflicts:
#	monkey/infection_monkey/exploit/hadoop.py
itaymmguardicore
itaymmguardicore suggested changes Jun 23, 2019
View reviewed changes
Copy link
Contributor

@itaymmguardicore itaymmguardicore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you fixed things before, don't forget to push the changes.
Also adapt add_example_cmd to include the shell type when you add a new command.
To be clear, add_example_cmd doesn't need to receive the type as a parameter (unless it makes it easier/more accurate), you just need to detect the type like you detect powershell right now.
An entry in the cmds array will look something like:
{'cmd': 'dir C:\', 'shell_type': 'cmd'} or like this {'cmd': 'Get-Service WinDefend', 'shell_type': 'powershell'}

VakarisZ added 9 commits June 25, 2019 08:36
@VakarisZ
powershell command storage refactor
c4c53f7
@VakarisZ
Readability improvements
8ec5a6a
@VakarisZ
Executed cmds info variable refactored
f9bf3ef
@VakarisZ
Merge branch 'attack_pass_the_hash' into attack_comand_line_interface
b7d1737 
# Conflicts:
#	monkey/monkey_island/cc/services/attack/technique_reports/T1210.py
@VakarisZ
Merge remote-tracking branch 'upstream/develop' into attack_comand_li…
b667cb7 
…ne_interface

# Conflicts:
#	monkey/monkey_island/cc/services/attack/technique_reports/T1197.py
#	monkey/monkey_island/cc/services/attack/technique_reports/__init__.py
@VakarisZ
Merge remote-tracking branch 'upstream/develop' into attack_pass_the_…
3cab7ba 
…hash

# Conflicts:
#	monkey/monkey_island/cc/services/attack/technique_reports/T1197.py
#	monkey/monkey_island/cc/services/attack/technique_reports/__init__.py
@VakarisZ
Merge branch 'attack_pass_the_hash' into attack_comand_line_interface
f8d5247 
# Conflicts:
#	monkey/monkey_island/cc/services/attack/technique_reports/__init__.py
@VakarisZ
Updated branch according to changes in dev.
36f917b
@VakarisZ
Merge branch 'attack_comand_line_interface' into attack_powershell
fea8567 
# Conflicts:
#	monkey/infection_monkey/exploit/__init__.py
#	monkey/infection_monkey/exploit/hadoop.py
#	monkey/monkey_island/cc/services/attack/attack_report.py
@VakarisZ VakarisZ force-pushed the attack_powershell branch from 4f881a8 to 7fe100b Compare June 26, 2019 12:05
@VakarisZ
Copy link
Contributor Author

If you fixed things before, don't forget to push the changes.
Also adapt add_example_cmd to include the shell type when you add a new command.
To be clear, add_example_cmd doesn't need to receive the type as a parameter (unless it makes it easier/more accurate), you just need to detect the type like you detect powershell right now.
An entry in the cmds array will look something like:
{'cmd': 'dir C:\', 'shell_type': 'cmd'} or like this {'cmd': 'Get-Service WinDefend', 'shell_type': 'powershell'}

Why do we need the shell_type? I think powershell flag in command is enough.

@VakarisZ VakarisZ force-pushed the attack_powershell branch from 7fe100b to 3e9dcd3 Compare June 26, 2019 12:30
@itaymmguardicore itaymmguardicore merged commit d926a92 into guardicore:develop Jul 7, 2019
@VakarisZ VakarisZ deleted the attack_powershell branch September 2, 2019 07:29
@snyk-bot snyk-bot mentioned this pull request Jul 15, 2020
Merged
@snyk-bot snyk-bot mentioned this pull request Apr 28, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@itaymmguardicore itaymmguardicore itaymmguardicore approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@VakarisZ @itaymmguardicore