Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Traceback when running hostname_collector #1374

Closed
1 task
mssalvatore opened this issue Jul 27, 2021 · 1 comment · Fixed by #1387
Closed
1 task

Traceback when running hostname_collector #1374

mssalvatore opened this issue Jul 27, 2021 · 1 comment · Fixed by #1387
Labels
Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island. Complexity: Medium Impact: Critical

Comments

@mssalvatore
Copy link
Collaborator

mssalvatore commented Jul 27, 2021
edited
Loading

Describe the bug

After a Linux machine is breached with the SSHExploiter, the monkey agent attempts to run the hostname collector, resulting in a traceback (see screenshot below). This does not seem to happen if the monkey agent is run manually.

To Reproduce

Steps to reproduce the behavior:

  1. Build monkey binaries for linux.
  2. Set up a Monkey Island VM and a separate Linux victim VM.
  3. Configure Monkey Island to use the newly built binaries.
  4. Configure monkey to be able to breach the victim using the SSH exploiter
  5. Run monkey from the island
  6. After the victim machine is breached, view the traceback in /tmp/user-1563

Expected behavior

No errors in the log.

Screenshots

image

Machine version (please complete the following information):

  • OS: Linux

Tasks

  • Investigate the issue and Fix if possible (0.5d) @mssalvatore
@mssalvatore mssalvatore added Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island. Impact: Critical Complexity: Medium labels Jul 27, 2021
@ilija-lazoroski ilija-lazoroski self-assigned this Jul 29, 2021
@mssalvatore
Copy link
Collaborator Author

mssalvatore commented Jul 30, 2021
edited
Loading

When monkey starts, it launches a thread for executing post breach actions. It then executes its propagation loop on the main thread. If the maximum propagation depth has been reached, a PlannedShutdownException is raised on the main thread. This results in InfectionMonkey.cleanup() being called, which then calls InfectionMonkey.self_delete(). self_delete() deletes the monkey binary, but the post breach actions thread hasn't been stopped, resulting in this trace.

The solution is twofold:

  1. Don't shutdown when max propagation depth has been reached. Only skip the propagation phase so monkey does not propagate further.
  2. Ensure that tunnel and PBA threads are cleaned up (joined) before exiting.

@ilija-lazoroski ilija-lazoroski removed their assignment Jul 30, 2021
mssalvatore added a commit that referenced this issue Jul 30, 2021
@mssalvatore
Agent: Only skip propagation if max depth is reached
edd1ea9 
Fixes #1374

When monkey starts, it launches a thread for executing post breach
actions. It then executes its propagation loop on the main thread. If
the maximum propagation depth has been reached, a
PlannedShutdownException is raised on the main thread. This results in
InfectionMonkey.cleanup() being called, which then calls
InfectionMonkey.self_delete(). self_delete() deletes the monkey binary,
but the post breach actions thread hasn't been stopped, resulting in
a trace when the thread attempts an import.

We don't need to shutdown if the maximum propagation depth is reached.
We only need to skip the propagation phase so that monkey does not
propagate further. PBAs and payloads can still be allowed to run.
mssalvatore added a commit that referenced this issue Jul 30, 2021
@mssalvatore
Agent: Only skip propagation if max depth is reached
4ed6ffd 
Fixes #1374

When monkey starts, it launches a thread for executing post breach
actions. It then executes its propagation loop on the main thread. If
the maximum propagation depth has been reached, a
PlannedShutdownException is raised on the main thread. This results in
InfectionMonkey.cleanup() being called, which then calls
InfectionMonkey.self_delete(). self_delete() deletes the monkey binary,
but the post breach actions thread hasn't been stopped, resulting in
a trace when the thread attempts an import.

We don't need to shutdown if the maximum propagation depth is reached.
We only need to skip the propagation phase so that monkey does not
propagate further. PBAs and payloads can still be allowed to run.
mssalvatore added a commit that referenced this issue Jul 30, 2021
@mssalvatore
Agent: Only skip propagation if max depth is reached
338dc46 
Fixes #1374

When monkey starts, it launches a thread for executing post breach
actions. It then executes its propagation loop on the main thread. If
the maximum propagation depth has been reached, a
PlannedShutdownException is raised on the main thread. This results in
InfectionMonkey.cleanup() being called, which then calls
InfectionMonkey.self_delete(). self_delete() deletes the monkey binary,
but the post breach actions thread hasn't been stopped, resulting in
a trace when the thread attempts an import.

We don't need to shutdown if the maximum propagation depth is reached.
We only need to skip the propagation phase so that monkey does not
propagate further. PBAs and payloads can still be allowed to run.
mssalvatore added a commit that referenced this issue Jul 30, 2021
@mssalvatore
Agent: Only skip propagation if max depth is reached
cbb2834 
Fixes #1374

When monkey starts, it launches a thread for executing post breach
actions. It then executes its propagation loop on the main thread. If
the maximum propagation depth has been reached, a
PlannedShutdownException is raised on the main thread. This results in
InfectionMonkey.cleanup() being called, which then calls
InfectionMonkey.self_delete(). self_delete() deletes the monkey binary,
but the post breach actions thread hasn't been stopped, resulting in
a trace when the thread attempts an import.

We don't need to shutdown if the maximum propagation depth is reached.
We only need to skip the propagation phase so that monkey does not
propagate further. PBAs and payloads can still be allowed to run.
mssalvatore added a commit that referenced this issue Jul 30, 2021
@mssalvatore
Update changelog for #1374
b11277a
@mssalvatore mssalvatore mentioned this issue Jul 30, 2021
Merged
4 tasks
@muyenzo muyenzo mentioned this issue Feb 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug An error, flaw, misbehavior or failure in the Monkey or Monkey Island. Complexity: Medium Impact: Critical
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Skip propagation only if max depth reached guardicore/monkey
2 participants
@ilija-lazoroski @mssalvatore