PBA stuff
This commit is contained in:
parent
45c5546f17
commit
1d952a4781
|
@ -3,29 +3,39 @@ from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
|
|||
from infection_monkey.post_breach.pba import PBA
|
||||
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
||||
from infection_monkey.utils.hidden_files import\
|
||||
[get_commands_to_hide_files,
|
||||
get_commands_to_hide_folders] as CREATE_HIDDEN,\
|
||||
get_commands_to_hide_files,\
|
||||
get_commands_to_hide_folders,\
|
||||
cleanup_hidden_files,\
|
||||
# get_winAPI_commands
|
||||
get_winAPI_to_hide_files
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
|
||||
|
||||
CREATE_HIDDEN = [get_commands_to_hide_files,
|
||||
get_commands_to_hide_folders]
|
||||
|
||||
|
||||
class HiddenFiles(PBA):
|
||||
"""
|
||||
This PBA attempts to create hidden files and folders.
|
||||
"""
|
||||
|
||||
def __init__(self):
|
||||
pass
|
||||
super(HiddenFiles, self).__init__(name=POST_BREACH_HIDDEN_FILES)
|
||||
|
||||
def run(self):
|
||||
# create hidden files and folders
|
||||
for method_to_create in CREATE_HIDDEN:
|
||||
linux_cmds, windows_cmds = method_to_create()
|
||||
super(HiddenFiles, self).__init__(name=POST_BREACH_HIDDEN_FILES,
|
||||
linux_cmd=' '.join(linux_cmds),
|
||||
window_cmd=windows_cmds)
|
||||
# if is_windows_os():
|
||||
# get_winAPI_commands()
|
||||
# PostBreachTelem(???)
|
||||
time.sleep(10) # detection time for AV software
|
||||
windows_cmd=windows_cmds)
|
||||
super(HiddenFiles, self).run()
|
||||
if is_windows_os(): # use winAPI
|
||||
result, status = get_winAPI_to_hide_files()
|
||||
PostBreachTelem(self, (result, status)).send()
|
||||
|
||||
# detection time for AV software
|
||||
time.sleep(10)
|
||||
|
||||
# cleanup hidden files and folders
|
||||
cleanup_hidden_files(is_windows_os())
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import subprocess
|
||||
from infection_monkey.utils.linux.hidden_files import\
|
||||
get_linux_commands_to_hide_files,\
|
||||
get_linux_commands_to_hide_folders,\
|
||||
|
@ -5,8 +6,9 @@ from infection_monkey.utils.linux.hidden_files import\
|
|||
from infection_monkey.utils.windows.hidden_files import\
|
||||
get_windows_commands_to_hide_files,\
|
||||
get_windows_commands_to_hide_folders,\
|
||||
# get_winAPI_commands_to_hide_files,\
|
||||
get_windows_commands_to_delete
|
||||
get_winAPI_to_hide_files,\
|
||||
get_windows_commands_to_delete,\
|
||||
get_winAPI_to_delete_files
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
|
||||
|
||||
|
@ -22,11 +24,12 @@ def get_commands_to_hide_folders():
|
|||
return linux_cmds, windows_cmds
|
||||
|
||||
|
||||
# def get_winAPI_commands():
|
||||
# winAPI_command = get_winAPI_commands_to_hide_files()
|
||||
# return winAPI_command
|
||||
def get_winAPI_to_hide_files():
|
||||
get_winAPI_to_hide_files()
|
||||
|
||||
|
||||
def cleanup_hidden_files(is_windows=is_windows_os()):
|
||||
get_windows_commands_to_delete() if is_windows \
|
||||
else get_linux_commands_to_delete()
|
||||
if is_windows:
|
||||
get_winAPI_to_delete_files()
|
||||
subprocess.run(get_windows_commands_to_delete() if is_windows
|
||||
else get_linux_commands_to_delete())
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
import win32file
|
||||
|
||||
|
||||
HIDDEN_FILE = 'C:\\monkey-hidden-file'
|
||||
HIDDEN_FILE_WINAPI = 'C:\\monkey-hidden-file-winAPI'
|
||||
HIDDEN_FOLDER = 'C:\\monkey-hidden-folder'
|
||||
|
||||
|
||||
|
@ -24,8 +28,28 @@ def get_windows_commands_to_hide_folders():
|
|||
]
|
||||
|
||||
|
||||
# def get_winAPI_commands_to_hide_files():
|
||||
# pass
|
||||
def get_winAPI_to_hide_files():
|
||||
try:
|
||||
fileAccess = win32file.GENERIC_READ | win32file.GENERIC_WRITE # read-write access
|
||||
fileCreation = win32file.CREATE_ALWAYS # overwrite existing file
|
||||
fileFlags = win32file.FILE_ATTRIBUTE_HIDDEN # make hidden
|
||||
|
||||
hiddenFile = win32file.CreateFile(HIDDEN_FILE_WINAPI,
|
||||
fileAccess,
|
||||
0,
|
||||
None,
|
||||
fileCreation,
|
||||
fileFlags,
|
||||
0)
|
||||
|
||||
return "Created hidden file: {}".format(HIDDEN_FILE_WINAPI), True
|
||||
|
||||
except Exception as err:
|
||||
return str(err), False
|
||||
|
||||
|
||||
def get_winAPI_to_delete_files():
|
||||
win32file.DeleteFile(HIDDEN_FILE_WINAPI)
|
||||
|
||||
|
||||
def get_windows_commands_to_delete():
|
||||
|
|
Loading…
Reference in New Issue