p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Code review + other tiny changes

This commit is contained in:
Shreya 2020-07-03 22:54:09 +05:30
parent a74f2a5ead
commit d9d8c813aa
5 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/common/data/post_breach_consts.py
View File

@ -3,4 +3,4 @@ POST_BREACH_BACKDOOR_USER = "Backdoor user"
POST_BREACH_FILE_EXECUTION = "File execution" POST_BREACH_FILE_EXECUTION = "File execution"
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = "Modify shell startup file" POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = "Modify shell startup file"
POST_BREACH_HIDDEN_FILES = "Hide files and directories" POST_BREACH_HIDDEN_FILES = "Hide files and directories"
POST_BREACH_TRAP_COMMAND = "Execute command on signal interrupt" POST_BREACH_TRAP_COMMAND = "Execute command when a particular signal is received"

2
monkey/infection_monkey/post_breach/actions/use_trap_command.py
View File

@ -10,4 +10,4 @@ class TrapCommand(PBA):
if not is_windows_os(): if not is_windows_os():
linux_cmds = get_trap_commands() linux_cmds = get_trap_commands()
super(TrapCommand, self).__init__(POST_BREACH_TRAP_COMMAND, super(TrapCommand, self).__init__(POST_BREACH_TRAP_COMMAND,
linux_cmd=' '.join(linux_cmds)) linux_cmd=linux_cmds)

3
monkey/infection_monkey/post_breach/trap_command/linux/trap_command.py → monkey/infection_monkey/post_breach/trap_command/linux_trap_command.py
View File

@ -1,6 +1,5 @@
def get_linux_trap_commands(): def get_linux_trap_commands():
return [ return [
'trap \'echo \"Successfully used trap command\"\' INT &&', 'trap \'echo \"Successfully used trap command\"\' INT && kill -2 $$ ;', # trap and send SIGINT signal
'kill -2 $$ ;', # send SIGINT signal
'trap - INT' # untrap SIGINT 'trap - INT' # untrap SIGINT
] ]

2
monkey/infection_monkey/post_breach/trap_command/trap_command.py
View File

@ -1,4 +1,4 @@
from infection_monkey.post_breach.trap_command.linux.trap_command import\ from infection_monkey.post_breach.trap_command.linux_trap_command import\
get_linux_trap_commands get_linux_trap_commands

6
monkey/monkey_island/cc/services/attack/technique_reports/T1154.py
View File

@ -9,9 +9,9 @@ __author__ = "shreyamalviya"
class T1154(AttackTechnique): class T1154(AttackTechnique):
tech_id = "T1154" tech_id = "T1154"
unscanned_msg = "Monkey did not use the trap command on the system." unscanned_msg = "Monkey did not use the trap command."
scanned_msg = "Monkey tried using the trap command but failed on the system." scanned_msg = "Monkey tried using the trap command but failed."
used_msg = "Monkey used the trap command on the system." used_msg = "Monkey used the trap command successfully."
query = [{'$match': {'telem_category': 'post_breach', query = [{'$match': {'telem_category': 'post_breach',
'data.name': POST_BREACH_TRAP_COMMAND}}, 'data.name': POST_BREACH_TRAP_COMMAND}},