guardicore/monkey

In domain networks, query domain to scan machines in domain

Open

Aperta il 7 ott 2018

Vedi su GitHub
 (1 commento) (0 reazioni) (1 assegnatario)Python (6250 star) (752 fork)batch import
Complexity: MediumFeatureHelp wantedImpact: Medium

Descrizione

Expected Behavior

The Monkey should have a feature (with a toggle) to query the domain controller and get a list of domain joined machines to try and attack. Since the Monkey in this case would be running in a domain machine, the credentials stolen by mimikatz will likely be valid for other domain joined machines.

We could get the data using WMI queries we're already running or by running PowerShell commands

Guida contributor

Tech stack
python
Dominio
backendsecurity
Tipo issue
feature
DifficoltàQuanto dovrebbe essere impegnativa per un nuovo contributor.
4
Tempo stimatoTempo stimato per completare e verificare uno scope piccolo.
over 1 week
Stato attivitàQuanto è probabile che la issue sia ancora attiva e reviewable.
stale
ChiarezzaQuanto chiaramente la issue descrive problema, scope e risultato atteso.
mostly clear
Prerequisiti
PythonWindows domain knowledgePowerShell basicsWMI understanding
Adatta ai principiantiQuanto la issue è adatta a contributor alla prima esperienza.
20
Direzione di ricerca
Investigate how the Monkey currently performs WMI queries (likely in the exploit modules). Look at existing code for WMI execution (e.g., 'exploit/wmi' class). Research how to query Active Directory for domain joined machines via LDAP or PowerShell from Python. Consider using the 'pyad' library or subprocess to run PowerShell commands. The issue suggests a toggle to enable this feature; design a configuration option. Check if there are any linked PRs or comments that provide more context.