Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify SSH exploit #1727

Merged
merged 12 commits into from
Feb 23, 2022
Merged

Modify SSH exploit #1727

merged 12 commits into from
Feb 23, 2022

Conversation

ilija-lazoroski
Copy link
Contributor

@ilija-lazoroski ilija-lazoroski commented Feb 21, 2022
edited
Loading

What does this PR do?

Modify SSH exploiter, related to #1605.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by {Running the Monkey locally with relevant config/running Island/...}

  • If applicable, add screenshots or log transcripts of the feature working

image
image
image
image
image

@ilija-lazoroski ilija-lazoroski changed the title Agent: Use telemetry messenger in SSH exploit Modify SSH exploit Feb 21, 2022
@ilija-lazoroski ilija-lazoroski force-pushed the 1605-modify-ssh-exploit branch 3 times, most recently from 5eb5e0c to c17af16 Compare February 22, 2022 11:22
shreyamalviya
shreyamalviya requested changes Feb 22, 2022
View reviewed changes
@ilija-lazoroski ilija-lazoroski force-pushed the 1605-modify-ssh-exploit branch 7 times, most recently from e1e8cfb to 681e119 Compare February 22, 2022 16:17
@ilija-lazoroski
Agent: Modify SSH exploit
f2b2a9c 
* Remove credential hashes from logs
* Get rid of config and use brute_force utils
* Use telemetry messenger to send attack telemetries
* Zerologon and Powershell needs to be revised based on UT
@ilija-lazoroski
Agent: Modify exploit_host() to accept object instead of string
58b1a04
@ilija-lazoroski ilija-lazoroski marked this pull request as ready for review February 22, 2022 19:08
mssalvatore
mssalvatore requested changes Feb 22, 2022
View reviewed changes
@ilija-lazoroski ilija-lazoroski force-pushed the 1605-modify-ssh-exploit branch 2 times, most recently from a703cbe to fa26311 Compare February 23, 2022 09:27
shreyamalviya
shreyamalviya reviewed Feb 23, 2022
View reviewed changes
shreyamalviya
shreyamalviya reviewed Feb 23, 2022
View reviewed changes
Copy link
Contributor

@shreyamalviya shreyamalviya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should also get rid of any stale code in HostExploiter now.

shreyamalviya
shreyamalviya reviewed Feb 23, 2022
View reviewed changes
Copy link
Contributor

@shreyamalviya shreyamalviya left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of creating a dictionary exploit_result and passing everything to ExploiterResultData one by one, we could use default values for named tuples, and simply instantiate it as self.exploit_result = ExploiterResultData() in pre_exploit(). Then, we could simply modify that object instead of having a dictionary tracking the exact same values.

@mssalvatore
Copy link
Collaborator

Instead of creating a dictionary exploit_result and passing everything to ExploiterResultData one by one, we could use default values for named tuples, and simply instantiate it as self.exploit_result = ExploiterResultData() in pre_exploit(). Then, we could simply modify that object instead of having a dictionary tracking the exact same values.

@shreyamalviya NamedTuples are immutable. We could convert it to a dataclass. The conversion will happen sooner or later, I don't much mind if it happens here or down the road.

@shreyamalviya
Copy link
Contributor

@mssalvatore I'll do it now so we won't have to modify the exploiters again.

@shreyamalviya
Agent: Make ExploiterResultData a dataclass instead of a named tuple
e993998 
and modify HostExploiter and the SSH exploiter accordingly
@mssalvatore mssalvatore merged commit 7d0e177 into agent-refactor Feb 23, 2022
@mssalvatore mssalvatore deleted the 1605-modify-ssh-exploit branch February 23, 2022 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shreyamalviya shreyamalviya shreyamalviya approved these changes

@VakarisZ VakarisZ Awaiting requested review from VakarisZ

@mssalvatore mssalvatore Awaiting requested review from mssalvatore

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ilija-lazoroski @mssalvatore @shreyamalviya