Extend linux PBA for all users on system

TODO: ATT&CK report stuff (mongo search + show only bash file modification info) TODO: Windows
2020-06-21 00:43:15 +05:30 · 2020-06-21 00:43:15 +05:30 · 7459105bbc
parent 8d2aaac65f
commit 7459105bbc
2 changed files with 32 additions and 12 deletions
--- a/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
+++ b/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
@ -21,13 +21,15 @@ class ModifyShellStartupFiles(PBA):

 class ShellStartupPBAGenerator():
    def get_modify_shell_startup_pbas():
-        (cmds_for_linux, shell_startup_files_for_linux), windows_cmds = get_commands_to_modify_shell_startup_files()
+        (cmds_for_linux, shell_startup_files_for_linux, usernames_for_linux), windows_cmds =\
+            get_commands_to_modify_shell_startup_files()

        pbas = [ModifyShellStartupFile(linux_cmds='', windows_cmds=windows_cmds)]

-        for shell_startup_file in shell_startup_files_for_linux:
-            linux_cmds = ' '.join(cmds_for_linux).format(shell_startup_file)
-            pbas.append(ModifyShellStartupFile(linux_cmds=linux_cmds, windows_cmds=''))
+        for username in usernames_for_linux:
+            for shell_startup_file in shell_startup_files_for_linux:
+                linux_cmds = ' '.join(cmds_for_linux).format(shell_startup_file).format(username)
+                pbas.append(ModifyShellStartupFile(linux_cmds=linux_cmds, windows_cmds=''))

        return pbas

--- a/monkey/infection_monkey/post_breach/shell_startup_files/linux/shell_startup_files_modification.py
+++ b/monkey/infection_monkey/post_breach/shell_startup_files/linux/shell_startup_files_modification.py
@ -1,12 +1,30 @@
+import subprocess
+
+
+HOME_DIR = "/home/"
+
+# get list of usernames
+USERS = subprocess.check_output(
+        "cut -d: -f1,3 /etc/passwd | egrep ':[0-9]{4}$' | cut -d: -f1",
+        shell=True
+    ).decode().split('\n')[:-1]
+
+# get list of paths of different shell startup files with place for username
 STARTUP_FILES = [
-    "~/.profile",  # bash, dash, ksh, sh
-    "~/.bashrc", "~/.bash_profile",  # bash
-    "~/.config/fish/config.fish",  # fish
-    "~/.zshrc", "~/.zshenv", "~/.zprofile",  # zsh
-    "~/.kshrc",  # ksh
-    "~/.tcshrc",  # tcsh
-    "~/.cshrc",  # csh
+    file_path.format(HOME_DIR) for file_path in
+    [
+        "{0}{{0}}/.profile",                    # bash, dash, ksh, sh
+        "{0}{{0}}/.bashrc",                     # bash
+        "{0}{{0}}/.bash_profile",
+        "{0}{{0}}/.config/fish/config.fish",    # fish
+        "{0}{{0}}/.zshrc",                      # zsh
+        "{0}{{0}}/.zshenv",
+        "{0}{{0}}/.zprofile",
+        "{0}{{0}}/.kshrc",                      # ksh
+        "{0}{{0}}/.tcshrc",                     # tcsh
+        "{0}{{0}}/.cshrc",                      # csh
    ]
+]


 def get_linux_commands_to_modify_shell_startup_files():
@ -16,4 +34,4 @@ def get_linux_commands_to_modify_shell_startup_files():
        'tee -a {0} &&',  # append to file
        'sed -i \'$d\' {0}',  # remove last line of file (undo changes)
    ],\
-     STARTUP_FILES
+     STARTUP_FILES, USERS