8000 Implement exploitation in Puppet · Issue #1605 · guardicore/monkey · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Implement exploitation in Puppet #1605
New issue
New issue
Closed
Closed
Implement exploitation in Puppet#1605
Labels
Complexity: HighImpact: HighRefactorsp/5
@mssalvatore

Description

8A41 @mssalvatore
mssalvatore
opened on Nov 16, 2021

Implement the exploit_host() function of the concrete Puppet. Modify the Master to pass the appropriate options to the exploiters (i.e. propagation credentials). The smb exploit may require additional options.

Note
There's currently a bug where MSSQL exploiter can fail to propagate and prevent other exploiters from running. We can most likely resolve this by having each exploiter return two booleans, one to indicate whether or not the victim is vulnerable and another to indicate whether or not propagation was successful. This would also let us simplify the exploiters config, which now have a true/false field to indicate whether or not an exploiter is capable of propagating.

Tasks

  • Modify config to remove boolean "propagator" field from config (0d) @ilija-lazoroski
  • Add a periodic check (between hosts and/or between exploiters) to get updated credentials from the Island (0d) @mssalvatore
  • Pass other WormConfig settings as options (0d) @ilija-lazoroski
  • Copy commonly used functions on WormConfig to a utils/tools module and add tests (0d) @mssalvatore
    • get_exploit_user_password_or_hash_product()
    • get_exploit_user_ssh_key_pairs()
    • get_exploit_user_password_pairs()
  • Modify ExploitResultData (0d) @shreyamalviya
    • Add OS
    • Add exploit_successful
    • Add propagation_successful
    • Modify mock_puppet
  • Remove skip_if_exploit_file_exists option from config (0d) @shreyamalviya
  • SSH (0d) @ilija-lazoroski
    • Don't modify VictimHost object
    • Change attempt logging and remove credential hashes from log statements
    • Return ExploitResultData
    • Call new get_exploit_user*() functions instead of self._config.*()
    • Accept ITelemetryMessenger in __init__() and use it to send telemetries
  • Hadoop (0d) @shreyamalviya
    • Remove code that sets architecture from web_rce.py
    • Return ExploitResultData
    • Accept ITelemetryMessenger in __init__() and use it to send telemetries
    • Wrap StrutsHadoop with wrapper and load into the puppet in monkey.py
  • Remove dependency on Plugin from HostExploiter (0d) @mssalvatore
  • Implement exploit_host() in Puppet (0d) @mssalvatore
    • Add a wrapper around Exploiters that accepts the necessary parameters for exploitation and object construction (VictimHost, Telemetry messenger, options)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Complexity: HighImpact: HighRefactorsp/5

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0