Agent: Refactor InfectionMonkey._self_delete()

This commit is contained in:
Mike Salvatore 2022-04-20 07:45:10 -04:00
parent 2568a46790
commit c2e01eaea7
1 changed files with 40 additions and 28 deletions

View File

@ -3,6 +3,7 @@ import logging
import os import os
import subprocess import subprocess
import sys import sys
from pathlib import Path
from typing import List from typing import List
import infection_monkey.tunnel as tunnel import infection_monkey.tunnel as tunnel
@ -401,14 +402,32 @@ class InfectionMonkey:
@staticmethod @staticmethod
def _self_delete() -> bool: def _self_delete() -> bool:
InfectionMonkey._remove_monkey_dir()
if "python" in Path(sys.executable).name:
return False
try:
if "win32" == sys.platform:
InfectionMonkey._self_delete_windows()
else:
InfectionMonkey._self_delete_linux()
T1107Telem(ScanStatus.USED, sys.executable).send()
return True
except Exception as exc:
logger.error("Exception in self delete: %s", exc)
T1107Telem(ScanStatus.SCANNED, sys.executable).send()
return False
@staticmethod
def _remove_monkey_dir():
status = ScanStatus.USED if remove_monkey_dir() else ScanStatus.SCANNED status = ScanStatus.USED if remove_monkey_dir() else ScanStatus.SCANNED
T1107Telem(status, get_monkey_dir_path()).send() T1107Telem(status, get_monkey_dir_path()).send()
deleted = False
if -1 == sys.executable.find("python"): @staticmethod
try: def _self_delete_windows():
status = None
if "win32" == sys.platform:
from subprocess import CREATE_NEW_CONSOLE, STARTF_USESHOWWINDOW, SW_HIDE from subprocess import CREATE_NEW_CONSOLE, STARTF_USESHOWWINDOW, SW_HIDE
startupinfo = subprocess.STARTUPINFO() startupinfo = subprocess.STARTUPINFO()
@ -422,14 +441,7 @@ class InfectionMonkey:
close_fds=True, close_fds=True,
startupinfo=startupinfo, startupinfo=startupinfo,
) )
deleted = True
else: @staticmethod
def _self_delete_linux():
os.remove(sys.executable) os.remove(sys.executable)
status = ScanStatus.USED
deleted = True
except Exception as exc:
logger.error("Exception in self delete: %s", exc)
status = ScanStatus.SCANNED
if status:
T1107Telem(status, sys.executable).send()
return deleted