p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

PBA stuff

This commit is contained in:
Shreya 2020-06-04 23:05:06 +05:30
parent 45c5546f17
commit 1d952a4781
3 changed files with 55 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
monkey/infection_monkey/post_breach/actions/hide_files.py
View File

@ -3,29 +3,39 @@ from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
from infection_monkey.post_breach.pba import PBA
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
from infection_monkey.utils.hidden_files import\
[get_commands_to_hide_files,
get_commands_to_hide_folders] as CREATE_HIDDEN,\
get_commands_to_hide_files,\
get_commands_to_hide_folders,\
cleanup_hidden_files,\
# get_winAPI_commands
get_winAPI_to_hide_files
from infection_monkey.utils.environment import is_windows_os
CREATE_HIDDEN = [get_commands_to_hide_files,
get_commands_to_hide_folders]
class HiddenFiles(PBA):
"""
This PBA attempts to create hidden files and folders.
"""
def __init__(self):
pass
super(HiddenFiles, self).__init__(name=POST_BREACH_HIDDEN_FILES)
def run(self):
# create hidden files and folders
for method_to_create in CREATE_HIDDEN:
linux_cmds, windows_cmds = method_to_create()
super(HiddenFiles, self).__init__(name=POST_BREACH_HIDDEN_FILES,
linux_cmd=' '.join(linux_cmds),
window_cmd=windows_cmds)
# if is_windows_os():
# get_winAPI_commands()
# PostBreachTelem(???)
time.sleep(10) # detection time for AV software
windows_cmd=windows_cmds)
super(HiddenFiles, self).run()
if is_windows_os(): # use winAPI
result, status = get_winAPI_to_hide_files()
PostBreachTelem(self, (result, status)).send()
# detection time for AV software
time.sleep(10)
# cleanup hidden files and folders
cleanup_hidden_files(is_windows_os())

17
monkey/infection_monkey/utils/hidden_files.py
View File

@ -1,3 +1,4 @@
import subprocess
from infection_monkey.utils.linux.hidden_files import\
get_linux_commands_to_hide_files,\
get_linux_commands_to_hide_folders,\
@ -5,8 +6,9 @@ from infection_monkey.utils.linux.hidden_files import\
from infection_monkey.utils.windows.hidden_files import\
get_windows_commands_to_hide_files,\
get_windows_commands_to_hide_folders,\
# get_winAPI_commands_to_hide_files,\
get_windows_commands_to_delete
get_winAPI_to_hide_files,\
get_windows_commands_to_delete,\
get_winAPI_to_delete_files
from infection_monkey.utils.environment import is_windows_os
@ -22,11 +24,12 @@ def get_commands_to_hide_folders():
return linux_cmds, windows_cmds
# def get_winAPI_commands():
# winAPI_command = get_winAPI_commands_to_hide_files()
# return winAPI_command
def get_winAPI_to_hide_files():
get_winAPI_to_hide_files()
def cleanup_hidden_files(is_windows=is_windows_os()):
get_windows_commands_to_delete() if is_windows \
else get_linux_commands_to_delete()
if is_windows:
get_winAPI_to_delete_files()
subprocess.run(get_windows_commands_to_delete() if is_windows
else get_linux_commands_to_delete())

28
monkey/infection_monkey/utils/windows/hidden_files.py
View File

@ -1,4 +1,8 @@
import win32file
HIDDEN_FILE = 'C:\\monkey-hidden-file'
HIDDEN_FILE_WINAPI = 'C:\\monkey-hidden-file-winAPI'
HIDDEN_FOLDER = 'C:\\monkey-hidden-folder'
@ -24,8 +28,28 @@ def get_windows_commands_to_hide_folders():
]
# def get_winAPI_commands_to_hide_files():
# pass
def get_winAPI_to_hide_files():
try:
fileAccess = win32file.GENERIC_READ | win32file.GENERIC_WRITE # read-write access
fileCreation = win32file.CREATE_ALWAYS # overwrite existing file
fileFlags = win32file.FILE_ATTRIBUTE_HIDDEN # make hidden
hiddenFile = win32file.CreateFile(HIDDEN_FILE_WINAPI,
fileAccess,
0,
None,
fileCreation,
fileFlags,
0)
return "Created hidden file: {}".format(HIDDEN_FILE_WINAPI), True
except Exception as err:
return str(err), False
def get_winAPI_to_delete_files():
win32file.DeleteFile(HIDDEN_FILE_WINAPI)
def get_windows_commands_to_delete():