search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.62k stars 772 forks source link

Infection Monkey can't find any victims #141

Closed moonspell79 closed 6 years ago

moonspell79 commented 6 years ago

I installed Infection Monkey from AWS Marketplace in public subnet along with a few other servers. One server has apache running and the other has SSH port open which allows to login using local user (defined in IM Configuration login/password to check). Unfortunatly the Infection Map does not show anything except machine where it is installed.

08/06/2018 14:29:03 ip-172-31-15-198: Monkey died. 08/06/2018 14:29:18 ip-172-31-15-198: Monkey started. 08/06/2018 14:29:18 ip-172-31-15-198: No tunnel is used. 08/06/2018 14:29:18 ip-172-31-15-198: Monkey collected system information.

What might be wrong?

danielguardicore commented 6 years ago

Hey, I'd suggest using the Google Group for these type of questions.

My first question would be

  1. Are the two machines in the same subnet?
  2. Is the Monkey configured with Local network scan ? You can check this under Basic -Network and to make sure it's marked.
TRGamer-tech commented 3 years ago

Sorry for opening this issue again, but I am currently having the exact same problem. Im working on a virtual windows 10 PC with the Island Server installed. All the devices (2x Windows Server 2019, 3x Windows 10 and 1x Windows 7) are in the same subnet and can be pinged. Local Network Scan is also enabled. I tried searching, but couldn't find anything about this. And since the google group is not available anymore, I have to open this up again. I also already tried entering the credentials and users to the config, which didn't work.

This is my Log:

05/05/2021 14:07:34 MSCH2021PC01.msch.local: Monkey started.
05/05/2021 14:07:34 MSCH2021PC01.msch.local: No tunnel is used.
05/05/2021 14:07:48 MSCH2021PC01.msch.local: Monkey collected system information.
05/05/2021 14:08:02 MSCH2021PC01.msch.local: Monkey collected system information.
05/05/2021 14:08:03 MSCH2021PC01.msch.local: Backdoor user post breach action executed on MSCH2021PC01 (192.168.99.100) machine.
05/05/2021 14:08:03 MSCH2021PC01.msch.local: Hide files and directories post breach action executed on MSCH2021PC01 (192.168.99.100) machine.
05/05/2021 14:08:03 MSCH2021PC01.msch.local: Schedule jobs post breach action executed on MSCH2021PC01 (192.168.99.100) machine.
05/05/2021 14:08:04 MSCH2021PC01.msch.local: Monkey finishing its execution.
05/05/2021 14:08:15 MSCH2021PC01.msch.local: Hide files and directories post breach action executed on MSCH2021PC01 (192.168.99.100) machine.
05/05/2021 14:08:15 MSCH2021PC01.msch.local: Hide files and directories post breach action executed on MSCH2021PC01 (192.168.99.100) machine.
05/05/2021 14:08:21 MSCH2021PC01.msch.local: Communicate as new user post breach action executed on MSCH2021PC01 (192.168.99.100) machine.

Is there anything else I could try to do?

mssalvatore commented 3 years ago

@TRGamer-tech Join our slack. We can help you out there.