Zerologon black box test (also SMB and probably every other exploiter) fails but passess if we add 2 or more seconds to keep_tunnel_open_time. The exploiter should not use the tunnel open time so it can communicate back. The zerologon-25 machine can communicate back to the island (we can see the login page).
I have also tested this with SMB and got same results.
To Reproduce
Steps to reproduce the behavior:
Run zerologon blackbox (or any other exploit) test
See failing test
Change keep_tunnel_open_time to 2 or more seconds
See passing test
Expected behavior
Zerologon test (and probably every exploit) to pass without keep_tunnel_open_time to 2 seconds.
The issue can be that we are choosing a server that we shouldn't choose.
Screenshots
Agent Log:
2022-09-29 11:24:01,499 [2572:MainThread:INFO] main.main.92: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 2572 <<<<<<<<<<
2022-09-29 11:24:01,499 [2572:MainThread:INFO] main.main.95: version: 1.13.0+dev
2022-09-29 11:24:01,499 [2572:MainThread:INFO] main.main.96: writing log file to C:\Windows\TEMP\infection-monkey-agent-2022-09-29-11-24-01-i6zy3a4h.log
2022-09-29 11:24:01,499 [2572:MainThread:INFO] monkey.__init__.110: Monkey is initializing...
2022-09-29 11:24:01,499 [2572:MainThread:INFO] monkey._log_arguments.202: Monkey started with arguments: parent: 72572230304506, servers: [SocketAddress(ip=IPv4Address('172.17.0.1'), port=8080), SocketAddress(ip=IPv4Address('10.2.2.250'), port=8080), SocketAddress(ip=IPv4Address('10.2.2.250'), port=5000)], depth: 1
2022-09-29 11:24:01,499 [2572:MainThread:DEBUG] monkey._connect_to_island_api.155: Trying to wake up with servers: 172.17.0.1:8080, 10.2.2.250:8080, 10.2.2.250:5000
2022-09-29 11:24:01,499 [2572:FindIslandServer-01:DEBUG] utils._check_if_island_server.62: Trying to connect to server: 172.17.0.1:8080
2022-09-29 11:24:01,499 [2572:FindIslandServer-02:DEBUG] utils._check_if_island_server.62: Trying to connect to server: 10.2.2.250:8080
2022-09-29 11:24:01,499 [2572:FindIslandServer-03:DEBUG] utils._check_if_island_server.62: Trying to connect to server: 10.2.2.250:5000
2022-09-29 11:24:06,499 [2572:FindIslandServer-01:ERROR] utils._check_if_island_server.70: Unable to connect to server/relay 172.17.0.1:8080: HTTPSConnectionPool(host='172.17.0.1', port=8080): Max retries exceeded with url: /api?action=is-up (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x0000024D7DAE42C8>, 'Connection to 172.17.0.1 timed out. (connect timeout=5)'))
2022-09-29 11:24:06,499 [2572:MainThread:INFO] monkey._connect_to_island_api.163: Successfully connected to the island via 10.2.2.250:8080
2022-09-29 11:24:06,515 [2572:SendRemoveFromWaitlistControlMessageToRelaysThread-01:INFO] utils.notify_disconnect.103: Control message was sent to the server/relay 10.2.2.250:5000
2022-09-29 11:24:07,530 [2572:MainThread:CRITICAL] main.log_uncaught_exceptions.86: File "infection_monkey\main.py", line 110, in <module>
File "infection_monkey\main.py", line 98, in main
File "infection_monkey\monkey.py", line 128, in __init__
File "infection_monkey\monkey.py", line 188, in _register_agent
File "infection_monkey\island_api_client\http_island_api_client.py", line 42, in decorated
2022-09-29 11:24:07,530 [2572:MainThread:CRITICAL] main.log_uncaught_exceptions.87: <class 'infection_monkey.island_api_client.island_api_client_errors.IslandAPIConnectionError'>: HTTPSConnectionPool(host='10.2.2.250', port=8080): Max retries exceeded with url: /api/agents (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x0000024D7DAED848>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it'))
SMB example:
Machine version (please complete the following information):
Describe the bug
Zerologon black box test (also SMB and probably every other exploiter) fails but passess if we add 2 or more seconds to
keep_tunnel_open_time
. The exploiter should not use the tunnel open time so it can communicate back. Thezerologon-25
machine can communicate back to the island (we can see the login page).I have also tested this with SMB and got same results.
To Reproduce
Steps to reproduce the behavior:
keep_tunnel_open_time
to 2 or more secondsExpected behavior
Zerologon test (and probably every exploit) to pass without
keep_tunnel_open_time
to 2 seconds.The issue can be that we are choosing a server that we shouldn't choose.
Screenshots
Agent Log:
SMB example:
Machine version (please complete the following information):