Open Pr0xyBu6 opened 6 months ago
Hi, it seems like while the machine was exploited, propagation was unsuccessful. This can be seen in the logs as well as in the Infection Map (there's no arrow going back to the Island machine from the exploited machine).
The file copy wasn't successful, i.e. an Agent binary was not copied to the machine because of an access denial (check lines 144 to 161 in your Agent logs). That's why the ransomware simulation didn't run.
It seems like Usuario
is not an admin user and machine is not in a domain-joined network. There are a couple of possible fixes:
Usuario
an admin accountMore information on why this is happening: https://github.com/fortra/impacket/issues/664
I need to know why Infection Monkey no encrypt files in the ransomware simulation, no matter that the configuration is fine, and an exploter run without problems.
To Reproduce
I have an instance of Infecntion Monkey in version 2.3.0, I configured the plugin based on the technical requirements described in the documentation.
Attached is a log of the test.
Expected behavior
The report states that it managed to exploit the computer via SMB but was unable to encrypt the files, mainly office files.
Screenshots
Machine version (please complete the following information):
Syslog Agent
2023-12-07T03.57.35.840Z-wazuhserver.log
Syslog Island
Island_log.txt