forked from p15670423/monkey
parent
08727305d8
commit
45c5546f17
|
@ -2,3 +2,4 @@ POST_BREACH_COMMUNICATE_AS_NEW_USER = "Communicate as new user"
|
|||
POST_BREACH_BACKDOOR_USER = "Backdoor user"
|
||||
POST_BREACH_FILE_EXECUTION = "File execution"
|
||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = "Modify shell startup file"
|
||||
POST_BREACH_HIDDEN_FILES = "Hide files and directories"
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
import time
|
||||
from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
|
||||
from infection_monkey.post_breach.pba import PBA
|
||||
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
||||
from infection_monkey.utils.hidden_files import\
|
||||
[get_commands_to_hide_files,
|
||||
get_commands_to_hide_folders] as CREATE_HIDDEN,\
|
||||
cleanup_hidden_files,\
|
||||
# get_winAPI_commands
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
|
||||
|
||||
class HiddenFiles(PBA):
|
||||
"""
|
||||
This PBA attempts to create hidden files and folders.
|
||||
"""
|
||||
|
||||
def __init__(self):
|
||||
pass
|
||||
|
||||
def run(self):
|
||||
for method_to_create in CREATE_HIDDEN:
|
||||
linux_cmds, windows_cmds = method_to_create()
|
||||
super(HiddenFiles, self).__init__(name=POST_BREACH_HIDDEN_FILES,
|
||||
linux_cmd=' '.join(linux_cmds),
|
||||
window_cmd=windows_cmds)
|
||||
# if is_windows_os():
|
||||
# get_winAPI_commands()
|
||||
# PostBreachTelem(???)
|
||||
time.sleep(10) # detection time for AV software
|
||||
cleanup_hidden_files(is_windows_os())
|
|
@ -0,0 +1,32 @@
|
|||
from infection_monkey.utils.linux.hidden_files import\
|
||||
get_linux_commands_to_hide_files,\
|
||||
get_linux_commands_to_hide_folders,\
|
||||
get_linux_commands_to_delete
|
||||
from infection_monkey.utils.windows.hidden_files import\
|
||||
get_windows_commands_to_hide_files,\
|
||||
get_windows_commands_to_hide_folders,\
|
||||
# get_winAPI_commands_to_hide_files,\
|
||||
get_windows_commands_to_delete
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
|
||||
|
||||
def get_commands_to_hide_files():
|
||||
linux_cmds = get_linux_commands_to_hide_files()
|
||||
windows_cmds = get_windows_commands_to_hide_files()
|
||||
return linux_cmds, windows_cmds
|
||||
|
||||
|
||||
def get_commands_to_hide_folders():
|
||||
linux_cmds = get_linux_commands_to_hide_folders()
|
||||
windows_cmds = get_windows_commands_to_hide_folders()
|
||||
return linux_cmds, windows_cmds
|
||||
|
||||
|
||||
# def get_winAPI_commands():
|
||||
# winAPI_command = get_winAPI_commands_to_hide_files()
|
||||
# return winAPI_command
|
||||
|
||||
|
||||
def cleanup_hidden_files(is_windows=is_windows_os()):
|
||||
get_windows_commands_to_delete() if is_windows \
|
||||
else get_linux_commands_to_delete()
|
|
@ -0,0 +1,32 @@
|
|||
HIDDEN_FILE = '/var/tmp/.monkey-hidden-file'
|
||||
HIDDEN_FOLDER = '/var/tmp/.monkey-hidden-folder'
|
||||
|
||||
|
||||
def get_linux_commands_to_hide_files():
|
||||
return [
|
||||
'touch', # create file
|
||||
HIDDEN_FILE,
|
||||
'; echo \"Successfully created hidden file\" >', # write to
|
||||
HIDDEN_FILE
|
||||
]
|
||||
|
||||
|
||||
def get_linux_commands_to_hide_folders():
|
||||
return [
|
||||
'mkdir', # make directory
|
||||
HIDDEN_FOLDER,
|
||||
'; touch', # create file
|
||||
'{}/{}'.format(HIDDEN_FOLDER, 'some-file'), # random file in hidden folder
|
||||
'; echo \"Successfully created hidden folder\" >', # write to
|
||||
'{}/{}'.format(HIDDEN_FOLDER, 'some-file') # random file in hidden folder
|
||||
]
|
||||
|
||||
|
||||
def get_linux_commands_to_delete():
|
||||
return [
|
||||
'rm', # remove
|
||||
'-r', # delete recursively
|
||||
'-f', # force delete
|
||||
HIDDEN_FILE,
|
||||
HIDDEN_FOLDER
|
||||
]
|
|
@ -0,0 +1,38 @@
|
|||
HIDDEN_FILE = 'C:\\monkey-hidden-file'
|
||||
HIDDEN_FOLDER = 'C:\\monkey-hidden-folder'
|
||||
|
||||
|
||||
def get_windows_commands_to_hide_files():
|
||||
return [
|
||||
'echo Successfully created hidden file >', # create text file
|
||||
HIDDEN_FILE,
|
||||
'&& attrib', # change file attributes
|
||||
'+h', # make hidden
|
||||
HIDDEN_FILE
|
||||
]
|
||||
|
||||
|
||||
def get_windows_commands_to_hide_folders():
|
||||
return [
|
||||
'mkdir', # make directory
|
||||
HIDDEN_FOLDER,
|
||||
'&& attrib', # change file attributes
|
||||
'+h', # make hidden
|
||||
HIDDEN_FOLDER,
|
||||
'&& echo Successfully created hidden folder >'
|
||||
'{}\{}'.format(HIDDEN_FOLDER, 'some-file')
|
||||
]
|
||||
|
||||
|
||||
# def get_winAPI_commands_to_hide_files():
|
||||
# pass
|
||||
|
||||
|
||||
def get_windows_commands_to_delete():
|
||||
return [
|
||||
'del', # delete file
|
||||
'/f', # force delete
|
||||
HIDDEN_FILE,
|
||||
'&& rmdir', # delete folder
|
||||
HIDDEN_FOLDER
|
||||
]
|
Loading…
Reference in New Issue