Merge pull request #435 from VakarisZ/attack_winapi_smallfix

WinAPI attack telem fix.
2019-09-18 09:51:15 +03:00 · 2019-09-18 09:51:15 +03:00 · f0ee88182f
parent 014e47ad5e 01a2a448de
commit f0ee88182f
2 changed files with 7 additions and 13 deletions
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@ -25,9 +25,10 @@ from infection_monkey.telemetry.trace_telem import TraceTelem
 from infection_monkey.telemetry.tunnel_telem import TunnelTelem
 from infection_monkey.windows_upgrader import WindowsUpgrader
 from infection_monkey.post_breach.post_breach_handler import PostBreach
-from common.utils.attack_utils import ScanStatus
 from infection_monkey.exploit.tools.helpers import get_interface_to_target
 from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError
+from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
+from common.utils.attack_utils import ScanStatus, UsageEnum

 __author__ = 'itamar'

@ -104,6 +105,9 @@ class InfectionMonkey(object):
        ControlClient.wakeup(parent=self._parent)
        ControlClient.load_control_config()

+        if utils.is_windows_os():
+            T1106Telem(ScanStatus.USED, UsageEnum.SINGLETON_WINAPI).send()
+
        if not WormConfiguration.alive:
            LOG.info("Marked not alive from configuration")
            return
--- a/monkey/infection_monkey/system_singleton.py
+++ b/monkey/infection_monkey/system_singleton.py
@ -4,8 +4,7 @@ import sys
 from abc import ABCMeta, abstractmethod

 from infection_monkey.config import WormConfiguration
-from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
-from common.utils.attack_utils import ScanStatus, UsageEnum
+

 __author__ = 'itamar'

@ -46,21 +45,13 @@ class WindowsSystemSingleton(_SystemSingleton):
                                                     ctypes.c_char_p(self._mutex_name))
        last_error = ctypes.windll.kernel32.GetLastError()

-        status = None
        if not handle:
            LOG.error("Cannot acquire system singleton %r, unknown error %d",
                      self._mutex_name, last_error)
-            status = ScanStatus.SCANNED
-
+            return False
        if winerror.ERROR_ALREADY_EXISTS == last_error:
-            status = ScanStatus.SCANNED
            LOG.debug("Cannot acquire system singleton %r, mutex already exist",
                      self._mutex_name)
-
-        if not status:
-            status = ScanStatus.USED
-        T1106Telem(status, UsageEnum.SINGLETON_WINAPI).send()
-        if status == ScanStatus.SCANNED:
            return False

        self._mutex_handle = handle
@ -71,7 +62,6 @@ class WindowsSystemSingleton(_SystemSingleton):

    def unlock(self):
        assert self._mutex_handle is not None, "Singleton not locked"
-
        ctypes.windll.kernel32.CloseHandle(self._mutex_handle)
        self._mutex_handle = None