forked from p15670423/monkey
Agent: Don't download exe on Linux during signed script PBA execution
This commit is contained in:
parent
9f4bf71976
commit
59e7ac34f7
|
@ -21,6 +21,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
### Fixed
|
### Fixed
|
||||||
- A bug in network map page that caused delay of telemetry log loading. #1545
|
- A bug in network map page that caused delay of telemetry log loading. #1545
|
||||||
- Windows "run as a user" powershell command for manual agent runs. #1570
|
- Windows "run as a user" powershell command for manual agent runs. #1570
|
||||||
|
- A bug in the "Signed Script Proxy Execution" PBA that downloaded the exe on Linux
|
||||||
|
systems as well. #1557
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
|
|
@ -1,22 +1,29 @@
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
|
from infection_monkey.utils.environment import is_windows_os
|
||||||
|
|
||||||
TEMP_COMSPEC = os.path.join(os.getcwd(), "T1216_random_executable.exe")
|
TEMP_COMSPEC = os.path.join(os.getcwd(), "T1216_random_executable.exe")
|
||||||
|
|
||||||
|
|
||||||
def get_windows_commands_to_proxy_execution_using_signed_script():
|
def get_windows_commands_to_proxy_execution_using_signed_script():
|
||||||
download = ControlClient.get_T1216_pba_file()
|
signed_script = ""
|
||||||
with open(TEMP_COMSPEC, "wb") as random_exe_obj:
|
|
||||||
random_exe_obj.write(download.content)
|
|
||||||
random_exe_obj.flush()
|
|
||||||
|
|
||||||
|
if is_windows_os():
|
||||||
|
_download_random_executable()
|
||||||
windir_path = os.environ["WINDIR"]
|
windir_path = os.environ["WINDIR"]
|
||||||
signed_script = os.path.join(windir_path, "System32", "manage-bde.wsf")
|
signed_script = os.path.join(windir_path, "System32", "manage-bde.wsf")
|
||||||
|
|
||||||
return [f"set comspec={TEMP_COMSPEC} &&", f"cscript {signed_script}"]
|
return [f"set comspec={TEMP_COMSPEC} &&", f"cscript {signed_script}"]
|
||||||
|
|
||||||
|
|
||||||
|
def _download_random_executable():
|
||||||
|
download = ControlClient.get_T1216_pba_file()
|
||||||
|
with open(TEMP_COMSPEC, "wb") as random_exe_obj:
|
||||||
|
random_exe_obj.write(download.content)
|
||||||
|
random_exe_obj.flush()
|
||||||
|
|
||||||
|
|
||||||
def get_windows_commands_to_reset_comspec(original_comspec):
|
def get_windows_commands_to_reset_comspec(original_comspec):
|
||||||
return f"set comspec={original_comspec}"
|
return f"set comspec={original_comspec}"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue