Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Random executable left in agent dir #1864

Closed
1 task done
VakarisZ opened this issue Apr 6, 2022 · 0 comments
Closed
1 task done

Random executable left in agent dir #1864

VakarisZ opened this issue Apr 6, 2022 · 0 comments
Labels
Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island.

Comments

@VakarisZ
Copy link
Contributor

VakarisZ commented Apr 6, 2022
edited by mssalvatore
Loading

Describe the bug

A file named T1216_random_executable.exe appears in the directory where agent is ran even though no post breach actions were configured:

2022-04-06 09:08:57,227 [5212:CredentialCollectorThread:DEBUG] plugin_registry.get_plugin.39: Plugin 'SSHCollector' found
2022-04-06 09:08:57,228 [5212:PBAThread:DEBUG] automated_master._run_plugins.224: Found 0 post-breach action(s) to run
2022-04-06 09:08:57,229 [5212:CredentialCollectorThread:INFO] ssh_credential_collector.collect_credentials.21: Started scanning for SSH credentials
2022-04-06 09:08:57,229 [5212:PBAThread:INFO] automated_master._run_plugins.231: Finished running post-breach actions
2022-04-06 09:08:57,230 [5212:CredentialCollectorThread:DEBUG] ssh_handler.get_ssh_info.21: Skipping SSH credentials collection because the operating system is not Linux

image

This file might be included into the binary with pyinstaller and then unpacked during execution?

To Reproduce

Steps to reproduce the behavior:

  1. Enable the signed script proxy execution PBA
  2. Run the agent manually, via commandline (I did "monkey-windows-64.exe m0nk3y -s localhost:5000")
  3. See the executable

Machine version (please complete the following information):

  • OS: Windows

Tasks
@VakarisZ VakarisZ added the Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island. label Apr 6, 2022
@mssalvatore mssalvatore mentioned this issue Apr 7, 2022
Merged
8 tasks
@SarmadBytes SarmadBytes mentioned this issue May 16, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mssalvatore @VakarisZ