search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.55k stars 763 forks source link

Change default agent binary destination, Windows #350

Open ShayNehmad opened 5 years ago

ShayNehmad commented 5 years ago

Describe the bug The Monkey assumes C:\Windows\temp\monkey32.exe is a good path for the dropper, for example in https://github.com/guardicore/monkey/blob/5ecf626705b9bfd281136c8b6ed01ad6728537ce/monkey/infection_monkey/exploit/wmiexec.py#L79 https://github.com/guardicore/monkey/blob/5ecf626705b9bfd281136c8b6ed01ad6728537ce/monkey/infection_monkey/exploit/wmiexec.py#L81 but that path might not exist in the target machine, for example if Windows is installed on the D:\ drive.

To Reproduce Didn't try to reproduce myself yet.

Steps to reproduce the behavior:

  1. Configure the Monkey with default settings, only WMI exploiter
  2. Run the monkey on specific machine, and try to use the WMI expoiter on a machine where the c:\windows\temp path isn't available
  3. Failure of the exploit.

Expected behavior On Windows exploiters, we should try to discover which folder is available to us for dropping the monkey, if at all possible - like in the wmi exploiter.

Machine version(please complete the following information):

VakarisZ commented 1 year ago

As discussed in #2023, we should use the default path of %homedrive%%homepath%\AppData\Local\Temp\ for agent binaries on windows