p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1815 from guardicore/1604-remove-pba-plugin-dependency 

Remove PBA's Plugin dependency + add display_name to PostBreachData
This commit is contained in:
Shreya Malviya 2022-03-25 14:29:51 +05:30 committed by GitHub
parent db03ac3dd9 dda922d06f
commit 5bc961d715
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 10 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/infection_monkey/i_puppet/i_puppet.py
View File

@ -34,7 +34,7 @@ class ExploiterResultData:
PingScanData = namedtuple("PingScanData", ["response_received", "os"]) PingScanData = namedtuple("PingScanData", ["response_received", "os"])
PortScanData = namedtuple("PortScanData", ["port", "status", "banner", "service"]) PortScanData = namedtuple("PortScanData", ["port", "status", "banner", "service"])
FingerprintData = namedtuple("FingerprintData", ["os_type", "os_version", "services"]) FingerprintData = namedtuple("FingerprintData", ["os_type", "os_version", "services"])
PostBreachData = namedtuple("PostBreachData", ["command", "result"]) PostBreachData = namedtuple("PostBreachData", ["display_name", "command", "result"])
class IPuppet(metaclass=abc.ABCMeta): class IPuppet(metaclass=abc.ABCMeta):

7
monkey/infection_monkey/master/automated_master.py
View File

@ -195,14 +195,11 @@ class AutomatedMaster(IMaster):
logger.debug(f"No credentials were collected by {collector}") logger.debug(f"No credentials were collected by {collector}")
def _run_pba(self, pba: Tuple[str, Dict]): def _run_pba(self, pba: Tuple[str, Dict]):
# TODO: This is the class's name right now. We need `display_name` (see the
# ProcessListCollection PBA). This is shown in the Security report as the PBA
# name and is checked against in the T1082's mongo query in the ATT&CK report.
name = pba[0] name = pba[0]
options = pba[1] options = pba[1]
command, result = self._puppet.run_pba(name, options) display_name, command, result = self._puppet.run_pba(name, options)
self._telemetry_messenger.send_telemetry(PostBreachTelem(name, command, result)) self._telemetry_messenger.send_telemetry(PostBreachTelem(display_name, command, result))
def _can_propagate(self) -> bool: def _can_propagate(self) -> bool:
return True return True

8
monkey/infection_monkey/master/mock_master.py
View File

@ -50,12 +50,12 @@ class MockMaster(IMaster):
logger.info("Running post breach actions") logger.info("Running post breach actions")
name = "AccountDiscovery" name = "AccountDiscovery"
command, result = self._puppet.run_pba(name, {}) display_name, command, result = self._puppet.run_pba(name, {})
self._telemetry_messenger.send_telemetry(PostBreachTelem(name, command, result)) self._telemetry_messenger.send_telemetry(PostBreachTelem(display_name, command, result))
name = "CommunicateAsBackdoorUser" name = "CommunicateAsBackdoorUser"
command, result = self._puppet.run_pba(name, {}) display_name, command, result = self._puppet.run_pba(name, {})
self._telemetry_messenger.send_telemetry(PostBreachTelem(name, command, result)) self._telemetry_messenger.send_telemetry(PostBreachTelem(display_name, command, result))
logger.info("Finished running post breach actions") logger.info("Finished running post breach actions")
def _scan_victims(self): def _scan_victims(self):

21
monkey/infection_monkey/post_breach/pba.py
View File

@ -1,31 +1,20 @@
import logging import logging
import subprocess import subprocess
import infection_monkey.post_breach.actions
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from infection_monkey.config import WormConfiguration
from infection_monkey.telemetry.attack.t1064_telem import T1064Telem from infection_monkey.telemetry.attack.t1064_telem import T1064Telem
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.environment import is_windows_os
from infection_monkey.utils.plugins.plugin import Plugin
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class PBA(Plugin): class PBA:
""" """
Post breach action object. Can be extended to support more than command execution on target Post breach action object. Can be extended to support more than command execution on target
machine. machine.
""" """
@staticmethod
def base_package_name():
return infection_monkey.post_breach.actions.__package__
@staticmethod
def base_package_file():
return infection_monkey.post_breach.actions.__file__
def __init__(self, name="unknown", linux_cmd="", windows_cmd=""): def __init__(self, name="unknown", linux_cmd="", windows_cmd=""):
""" """
:param name: Name of post breach action. :param name: Name of post breach action.
@ -35,14 +24,6 @@ class PBA(Plugin):
self.command = PBA.choose_command(linux_cmd, windows_cmd) self.command = PBA.choose_command(linux_cmd, windows_cmd)
self.name = name self.name = name
@staticmethod
def should_run(class_name):
"""
Decides if post breach action is enabled in config
:return: True if it needs to be ran, false otherwise
"""
return class_name in WormConfiguration.post_breach_actions
def run(self): def run(self):
""" """
Runs post breach action command Runs post breach action command

4
monkey/infection_monkey/puppet/mock_puppet.py
View File

@ -53,9 +53,9 @@ class MockPuppet(IPuppet):
logger.debug(f"run_pba({name}, {options})") logger.debug(f"run_pba({name}, {options})")
if name == "AccountDiscovery": if name == "AccountDiscovery":
return PostBreachData("pba command 1", ["pba result 1", True]) return PostBreachData(name, "pba command 1", ["pba result 1", True])
else: else:
return PostBreachData("pba command 2", ["pba result 2", False]) return PostBreachData(name, "pba command 2", ["pba result 2", False])
def ping(self, host: str, timeout: float = 1) -> PingScanData: def ping(self, host: str, timeout: float = 1) -> PingScanData:
logger.debug(f"run_ping({host}, {timeout})") logger.debug(f"run_ping({host}, {timeout})")