Agent: Modify communicates as backdoor user PBA to return PostBreachData
This commit is contained in:
parent
0b2ac96dee
commit
29d40f8e9d
|
@ -5,8 +5,8 @@ import string
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_BACKDOOR_USER
|
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_BACKDOOR_USER
|
||||||
|
from infection_monkey.i_puppet.i_puppet import PostBreachData
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
|
||||||
from infection_monkey.utils.auto_new_user_factory import create_auto_new_user
|
from infection_monkey.utils.auto_new_user_factory import create_auto_new_user
|
||||||
from infection_monkey.utils.environment import is_windows_os
|
from infection_monkey.utils.environment import is_windows_os
|
||||||
from infection_monkey.utils.new_user_error import NewUserError
|
from infection_monkey.utils.new_user_error import NewUserError
|
||||||
|
@ -49,11 +49,16 @@ class CommunicateAsBackdoorUser(PBA):
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
exit_status = new_user.run_as(http_request_commandline)
|
exit_status = new_user.run_as(http_request_commandline)
|
||||||
self.send_result_telemetry(exit_status, http_request_commandline, username)
|
result = self._get_result_for_telemetry(
|
||||||
|
exit_status, http_request_commandline, username
|
||||||
|
)
|
||||||
|
# `command` is empty here; we could get the command from `new_user` but that
|
||||||
|
# doesn't work either since Windows doesn't use a command, it uses win32 modules
|
||||||
|
return PostBreachData(self.name, "", result)
|
||||||
except subprocess.CalledProcessError as e:
|
except subprocess.CalledProcessError as e:
|
||||||
PostBreachTelem(self, (e.output.decode(), False)).send()
|
return PostBreachData(self.name, "", (e.output.decode(), False))
|
||||||
except NewUserError as e:
|
except NewUserError as e:
|
||||||
PostBreachTelem(self, (str(e), False)).send()
|
return PostBreachData(self.name, "", (str(e), False))
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_random_new_user_name():
|
def get_random_new_user_name():
|
||||||
|
@ -79,28 +84,25 @@ class CommunicateAsBackdoorUser(PBA):
|
||||||
format_string = "wget -O/dev/null -q {url} --method=HEAD --timeout=10"
|
format_string = "wget -O/dev/null -q {url} --method=HEAD --timeout=10"
|
||||||
return format_string.format(url=url)
|
return format_string.format(url=url)
|
||||||
|
|
||||||
def send_result_telemetry(self, exit_status, commandline, username):
|
def _get_result_for_telemetry(self, exit_status, commandline, username):
|
||||||
"""
|
"""
|
||||||
Parses the result of the command and sends telemetry accordingly.
|
Parses the result of the command and returns it to be sent as telemetry from the master.
|
||||||
|
|
||||||
:param exit_status: In both Windows and Linux, 0 exit code indicates success.
|
:param exit_status: In both Windows and Linux, 0 exit code indicates success.
|
||||||
:param commandline: Exact commandline which was executed, for reporting back.
|
:param commandline: Exact commandline which was executed, for reporting back.
|
||||||
:param username: Username from which the command was executed, for reporting back.
|
:param username: Username from which the command was executed, for reporting back.
|
||||||
"""
|
"""
|
||||||
if exit_status == 0:
|
if exit_status == 0:
|
||||||
PostBreachTelem(
|
result = (CREATED_PROCESS_AS_USER_SUCCESS_FORMAT.format(commandline, username), True)
|
||||||
self, (CREATED_PROCESS_AS_USER_SUCCESS_FORMAT.format(commandline, username), True)
|
|
||||||
).send()
|
|
||||||
else:
|
else:
|
||||||
PostBreachTelem(
|
result = (
|
||||||
self,
|
CREATED_PROCESS_AS_USER_FAILED_FORMAT.format(
|
||||||
(
|
commandline, username, exit_status, twos_complement(exit_status)
|
||||||
CREATED_PROCESS_AS_USER_FAILED_FORMAT.format(
|
|
||||||
commandline, username, exit_status, twos_complement(exit_status)
|
|
||||||
),
|
|
||||||
False,
|
|
||||||
),
|
),
|
||||||
).send()
|
False,
|
||||||
|
)
|
||||||
|
|
||||||
|
return result
|
||||||
|
|
||||||
|
|
||||||
def twos_complement(exit_status):
|
def twos_complement(exit_status):
|
||||||
|
|
Loading…
Reference in New Issue