forked from p15670423/monkey
Modify `run()` for "modify shell startup files" PBA
This commit is contained in:
parent
6698de3edb
commit
d391255498
|
@ -21,7 +21,7 @@ class ModifyShellStartupFiles(PBA):
|
||||||
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION)
|
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION)
|
||||||
|
|
||||||
def run(self):
|
def run(self):
|
||||||
results = [pba.run() for pba in self.modify_shell_startup_PBA_list()]
|
results = [pba.run(return_result=True) for pba in self.modify_shell_startup_PBA_list()]
|
||||||
PostBreachTelem(self, results).send()
|
PostBreachTelem(self, results).send()
|
||||||
|
|
||||||
def modify_shell_startup_PBA_list(self):
|
def modify_shell_startup_PBA_list(self):
|
||||||
|
@ -51,14 +51,3 @@ class ModifyShellStartupFiles(PBA):
|
||||||
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION,
|
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION,
|
||||||
linux_cmd=linux_cmds,
|
linux_cmd=linux_cmds,
|
||||||
windows_cmd=windows_cmds)
|
windows_cmd=windows_cmds)
|
||||||
|
|
||||||
def run(self):
|
|
||||||
if self.command:
|
|
||||||
try:
|
|
||||||
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode()
|
|
||||||
if not output:
|
|
||||||
output = EXECUTION_WITHOUT_OUTPUT
|
|
||||||
return output, True
|
|
||||||
except subprocess.CalledProcessError as e:
|
|
||||||
# Return error output of the command
|
|
||||||
return e.output.decode(), False
|
|
||||||
|
|
|
@ -54,7 +54,7 @@ class PBA(Plugin):
|
||||||
"""
|
"""
|
||||||
return class_name in WormConfiguration.post_breach_actions
|
return class_name in WormConfiguration.post_breach_actions
|
||||||
|
|
||||||
def run(self):
|
def run(self, return_result=False):
|
||||||
"""
|
"""
|
||||||
Runs post breach action command
|
Runs post breach action command
|
||||||
"""
|
"""
|
||||||
|
@ -63,6 +63,9 @@ class PBA(Plugin):
|
||||||
result = exec_funct()
|
result = exec_funct()
|
||||||
if self.scripts_were_used_successfully(result):
|
if self.scripts_were_used_successfully(result):
|
||||||
T1064Telem(ScanStatus.USED, f"Scripts were used to execute {self.name} post breach action.").send()
|
T1064Telem(ScanStatus.USED, f"Scripts were used to execute {self.name} post breach action.").send()
|
||||||
|
if return_result:
|
||||||
|
return result
|
||||||
|
else:
|
||||||
PostBreachTelem(self, result).send()
|
PostBreachTelem(self, result).send()
|
||||||
else:
|
else:
|
||||||
LOG.debug(f"No command available for PBA '{self.name}' on current OS, skipping.")
|
LOG.debug(f"No command available for PBA '{self.name}' on current OS, skipping.")
|
||||||
|
|
Loading…
Reference in New Issue