Merge pull request #53 from guardicore/bugfix/expand-env-variables-in-config

Expand config env variables on demand
This commit is contained in:
Daniel Goldberg 2017-09-27 13:39:51 +03:00 committed by GitHub
commit 08aaed8eb3
5 changed files with 27 additions and 15 deletions

View File

@ -102,9 +102,9 @@ class Configuration(object):
########################### ###########################
use_file_logging = True use_file_logging = True
dropper_log_path_windows = os.path.expandvars("%temp%\~df1562.tmp") dropper_log_path_windows = '%temp%\\~df1562.tmp'
dropper_log_path_linux = '/tmp/user-1562' dropper_log_path_linux = '/tmp/user-1562'
monkey_log_path_windows = os.path.expandvars("%temp%\~df1563.tmp") monkey_log_path_windows = '%temp%\\~df1563.tmp'
monkey_log_path_linux = '/tmp/user-1563' monkey_log_path_linux = '/tmp/user-1563'
########################### ###########################
@ -113,14 +113,15 @@ class Configuration(object):
dropper_try_move_first = sys.argv[0].endswith(".exe") dropper_try_move_first = sys.argv[0].endswith(".exe")
dropper_set_date = True dropper_set_date = True
dropper_date_reference_path = r"\windows\system32\kernel32.dll" if sys.platform == "win32" else '/bin/sh' dropper_date_reference_path_windows = r"%windir%\system32\kernel32.dll"
dropper_date_reference_path_linux = '/bin/sh'
dropper_target_path = r"C:\Windows\monkey.exe" dropper_target_path = r"C:\Windows\monkey.exe"
dropper_target_path_linux = '/tmp/monkey' dropper_target_path_linux = '/tmp/monkey'
########################### ###########################
# Kill file # Kill file
########################### ###########################
kill_file_path_windows = os.path.expandvars("%windir%\monkey.not") kill_file_path_windows = '%windir%\\monkey.not'
kill_file_path_linux = '/var/run/monkey.not' kill_file_path_linux = '/var/run/monkey.not'
########################### ###########################

View File

@ -83,11 +83,15 @@ class MonkeyDrops(object):
return False return False
if WormConfiguration.dropper_set_date: if WormConfiguration.dropper_set_date:
if sys.platform == 'win32':
dropper_date_reference_path = os.path.expandvars(WormConfiguration.dropper_date_reference_path_windows)
else:
dropper_date_reference_path = WormConfiguration.dropper_date_reference_path_linux
try: try:
ref_stat = os.stat(WormConfiguration.dropper_date_reference_path) ref_stat = os.stat(dropper_date_reference_path)
except: except:
LOG.warn("Cannot set reference date using '%s', file not found", LOG.warn("Cannot set reference date using '%s', file not found",
WormConfiguration.dropper_date_reference_path) dropper_date_reference_path)
else: else:
try: try:
os.utime(self._config['destination_path'], os.utime(self._config['destination_path'],

View File

@ -16,7 +16,8 @@
"collect_system_info": true, "collect_system_info": true,
"depth": 2, "depth": 2,
"dropper_date_reference_path": "/bin/sh", "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll",
"dropper_date_reference_path_linux": "/bin/sh",
"dropper_log_path_windows": "%temp%\\~df1562.tmp", "dropper_log_path_windows": "%temp%\\~df1562.tmp",
"dropper_log_path_linux": "/tmp/user-1562", "dropper_log_path_linux": "/tmp/user-1562",
"dropper_set_date": true, "dropper_set_date": true,

View File

@ -68,7 +68,7 @@ def main():
print "Loaded Configuration: %r" % WormConfiguration.as_dict() print "Loaded Configuration: %r" % WormConfiguration.as_dict()
# Make sure we're not in a machine that has the kill file # Make sure we're not in a machine that has the kill file
kill_path = WormConfiguration.kill_file_path_windows if sys.platform == "win32" else WormConfiguration.kill_file_path_linux kill_path = os.path.expandvars(WormConfiguration.kill_file_path_windows) if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
if os.path.exists(kill_path): if os.path.exists(kill_path):
print "Kill path found, finished run" print "Kill path found, finished run"
return True return True

View File

@ -333,7 +333,7 @@ SCHEMA = {
"kill_file_path_windows": { "kill_file_path_windows": {
"title": "Kill file path on Windows", "title": "Kill file path on Windows",
"type": "string", "type": "string",
"default": "C:\\Windows\\monkey.not", "default": "%windir%\\monkey.not",
"description": "Path of file which kills monkey if it exists (on Windows)" "description": "Path of file which kills monkey if it exists (on Windows)"
}, },
"kill_file_path_linux": { "kill_file_path_linux": {
@ -354,11 +354,17 @@ SCHEMA = {
"default": True, "default": True,
"description": "Determines whether the dropper should set the monkey's file date to be the same as another file" "description": "Determines whether the dropper should set the monkey's file date to be the same as another file"
}, },
"dropper_date_reference_path": { "dropper_date_reference_path_windows": {
"title": "Droper date reference path", "title": "Dropper date reference path (Windows)",
"type": "string", "type": "string",
"default": "\\windows\\system32\\kernel32.dll", "default": "%windir%\\system32\\kernel32.dll",
"description": "Determines which file the dropper should copy the date from if it's configured to do so (use fullpath)" "description": "Determines which file the dropper should copy the date from if it's configured to do so on Windows (use fullpath)"
},
"dropper_date_reference_path_linux": {
"title": "Dropper date reference path (Linux)",
"type": "string",
"default": "/bin/sh",
"description": "Determines which file the dropper should copy the date from if it's configured to do so on Linux (use fullpath)"
}, },
"dropper_target_path_linux": { "dropper_target_path_linux": {
"title": "Dropper target path on Linux", "title": "Dropper target path on Linux",
@ -393,7 +399,7 @@ SCHEMA = {
"dropper_log_path_windows": { "dropper_log_path_windows": {
"title": "Dropper log file path on Windows", "title": "Dropper log file path on Windows",
"type": "string", "type": "string",
"default": "C:\\Users\\user\\AppData\\Local\\Temp\\~df1562.tmp", "default": "%temp%\\~df1562.tmp",
"description": "The fullpath of the dropper log file on Windows" "description": "The fullpath of the dropper log file on Windows"
}, },
"monkey_log_path_linux": { "monkey_log_path_linux": {
@ -405,7 +411,7 @@ SCHEMA = {
"monkey_log_path_windows": { "monkey_log_path_windows": {
"title": "Monkey log file path on Windows", "title": "Monkey log file path on Windows",
"type": "string", "type": "string",
"default":"C:\\Users\\user\\AppData\\Local\\Temp\\~df1563.tmp", "default": "%temp%\\~df1563.tmp",
"description": "The fullpath of the monkey log file on Windows" "description": "The fullpath of the monkey log file on Windows"
} }
} }