p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixes

This commit is contained in:
Shreya 2020-07-22 01:57:40 +05:30
parent d391255498
commit 177b713930
4 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
View File

@ -1,5 +1,3 @@
import subprocess
from common.data.post_breach_consts import \
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
from infection_monkey.post_breach.pba import PBA
@ -7,8 +5,6 @@ from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modifi
get_commands_to_modify_shell_startup_files
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
class ModifyShellStartupFiles(PBA):
"""

9
monkey/monkey_island/cc/services/attack/technique_reports/T1156.py
View File

@ -2,8 +2,9 @@ from common.data.post_breach_consts import \
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
from monkey_island.cc.database import mongo
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import \
extract_shell_startup_files_modification_info, get_shell_startup_files_modification_status
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import (
extract_shell_startup_files_modification_info,
get_shell_startup_files_modification_status)
__author__ = "shreyamalviya"
@ -17,8 +18,8 @@ class T1156(AttackTechnique):
query = [{'$match': {'telem_category': 'post_breach',
'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}},
{'$project': {'_id': 0,
'machine': {'hostname': '$data.hostname',
'ips': ['$data.ip']},
'machine': {'hostname': {'$arrayElemAt': ['$data.hostname', 0]},
'ips': [{'$arrayElemAt': ['$data.ip', 0]}]},
'result': '$data.result'}}]
@staticmethod

9
monkey/monkey_island/cc/services/attack/technique_reports/T1504.py
View File

@ -2,8 +2,9 @@ from common.data.post_breach_consts import \
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
from monkey_island.cc.database import mongo
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import \
extract_shell_startup_files_modification_info, get_shell_startup_files_modification_status
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import (
extract_shell_startup_files_modification_info,
get_shell_startup_files_modification_status)
__author__ = "shreyamalviya"
@ -17,8 +18,8 @@ class T1504(AttackTechnique):
query = [{'$match': {'telem_category': 'post_breach',
'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}},
{'$project': {'_id': 0,
'machine': {'hostname': '$data.hostname',
'ips': ['$data.ip']},
'machine': {'hostname': {'$arrayElemAt': ['$data.hostname', 0]},
'ips': [{'$arrayElemAt': ['$data.ip', 0]}]},
'result': '$data.result'}}]
@staticmethod

4
monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py
View File

@ -1,5 +1,5 @@
from monkey_island.cc.encryptor import encryptor
from common.utils.attack_utils import ScanStatus
from monkey_island.cc.encryptor import encryptor
def parse_creds(attempt):
@ -51,7 +51,7 @@ def extract_shell_startup_files_modification_info(shell_startup_files_modificati
required_shell_startup_files_modification_info = []
for shell_startup_file_result in shell_startup_files_modification_info[0]['result']:
if any(file_name in shell_startup_file_result[0] for file_name in required_file_names):
shell_startup_files_modification_info.append({
required_shell_startup_files_modification_info.append({
'machine': shell_startup_files_modification_info[0]['machine'],
'result': shell_startup_file_result
})