Modify `run()` for "modify shell startup files" PBA

This commit is contained in:
Shreya 2020-07-22 01:57:11 +05:30
parent 6698de3edb
commit d391255498
2 changed files with 6 additions and 14 deletions

View File

@ -21,7 +21,7 @@ class ModifyShellStartupFiles(PBA):
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION) super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION)
def run(self): def run(self):
results = [pba.run() for pba in self.modify_shell_startup_PBA_list()] results = [pba.run(return_result=True) for pba in self.modify_shell_startup_PBA_list()]
PostBreachTelem(self, results).send() PostBreachTelem(self, results).send()
def modify_shell_startup_PBA_list(self): def modify_shell_startup_PBA_list(self):
@ -51,14 +51,3 @@ class ModifyShellStartupFiles(PBA):
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION, super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION,
linux_cmd=linux_cmds, linux_cmd=linux_cmds,
windows_cmd=windows_cmds) windows_cmd=windows_cmds)
def run(self):
if self.command:
try:
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode()
if not output:
output = EXECUTION_WITHOUT_OUTPUT
return output, True
except subprocess.CalledProcessError as e:
# Return error output of the command
return e.output.decode(), False

View File

@ -54,7 +54,7 @@ class PBA(Plugin):
""" """
return class_name in WormConfiguration.post_breach_actions return class_name in WormConfiguration.post_breach_actions
def run(self): def run(self, return_result=False):
""" """
Runs post breach action command Runs post breach action command
""" """
@ -63,6 +63,9 @@ class PBA(Plugin):
result = exec_funct() result = exec_funct()
if self.scripts_were_used_successfully(result): if self.scripts_were_used_successfully(result):
T1064Telem(ScanStatus.USED, f"Scripts were used to execute {self.name} post breach action.").send() T1064Telem(ScanStatus.USED, f"Scripts were used to execute {self.name} post breach action.").send()
if return_result:
return result
else:
PostBreachTelem(self, result).send() PostBreachTelem(self, result).send()
else: else:
LOG.debug(f"No command available for PBA '{self.name}' on current OS, skipping.") LOG.debug(f"No command available for PBA '{self.name}' on current OS, skipping.")