monkey icon indicating copy to clipboard operation
monkey copied to clipboard
verified publisher icon guardicore

Adding different SSH key extensions

Open Piesa opened this issue 3 years ago • 1 comments

Is your feature request related to a problem? Please describe. Currently as far as I understand Monkey Agent is searching resident system home directory for SSH keys to steal, looking especially for .pub and after finding one, looking for with corresponding private key.

The problem is that monkey is ignoring the .pem or .ppk also containing private keys.

Additionally, it should in my opinion search for them even if the pubkey won't be there, as often there are only privkeys stored in a location.

Describe the solution you'd like Monkey Agent should gather also gather other popular key extensions, like .pem, .ppk, or even check the text files that are same name as .pub file. Also searching for full pair should not be nesscescary.

Describe alternatives you've considered Leaving it as it is, as it's working with .pub and pair.

Cheers!

Piesa avatar Apr 12 '22 12:04 Piesa

When resolving this issue, take a peek at https://github.com/guardicore/monkey/issues/1509. The SSH collector may be making similar assumptions.

mssalvatore avatar Apr 12 '22 12:04 mssalvatore

@Piesa This has been resolved on develop. Let me know if you'd like to test out a development binary. Otherwise, it will be released in the next few weeks with v2.2.0.

mssalvatore avatar May 10 '23 14:05 mssalvatore