Extend windows PBA for all users on system

This commit is contained in:
Shreya 2020-06-22 21:32:41 +05:30
parent 7efeff3ff0
commit f21dbde27d
2 changed files with 30 additions and 12 deletions
monkey/infection_monkey/post_breach

View File

@ -2,7 +2,6 @@ from common.data.post_breach_consts import POST_BREACH_SHELL_STARTUP_FILE_MODIFI
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import\ from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import\
get_commands_to_modify_shell_startup_files get_commands_to_modify_shell_startup_files
from infection_monkey.utils.environment import is_windows_os
class ModifyShellStartupFiles(PBA): class ModifyShellStartupFiles(PBA):
@ -21,10 +20,14 @@ class ModifyShellStartupFiles(PBA):
class ShellStartupPBAGenerator(): class ShellStartupPBAGenerator():
def get_modify_shell_startup_pbas(): def get_modify_shell_startup_pbas():
(cmds_for_linux, shell_startup_files_for_linux, usernames_for_linux), windows_cmds =\ (cmds_for_linux, shell_startup_files_for_linux, usernames_for_linux),\
get_commands_to_modify_shell_startup_files() (cmds_for_windows, shell_startup_files_per_user_for_windows) = get_commands_to_modify_shell_startup_files()
pbas = [ModifyShellStartupFile(linux_cmds='', windows_cmds=windows_cmds)] pbas = []
for startup_file_per_user in shell_startup_files_per_user_for_windows:
windows_cmds = ' '.join(cmds_for_windows).format(startup_file_per_user)
pbas.append(ModifyShellStartupFile(linux_cmds='', windows_cmds=['powershell.exe', windows_cmds]))
for username in usernames_for_linux: for username in usernames_for_linux:
for shell_startup_file in shell_startup_files_for_linux: for shell_startup_file in shell_startup_files_for_linux:

View File

@ -1,12 +1,27 @@
SHELL_STARTUP_FILE = '$Profile' import subprocess
from infection_monkey.utils.environment import is_windows_os
def get_windows_commands_to_modify_shell_startup_files(): def get_windows_commands_to_modify_shell_startup_files():
if not is_windows_os():
return '', []
# get powershell startup file path
SHELL_STARTUP_FILE = subprocess.check_output('powershell $Profile').decode().split("\r\n")[0]
SHELL_STARTUP_FILE_PATH_COMPONENTS = SHELL_STARTUP_FILE.split("\\")
# get list of usernames
USERS = subprocess.check_output('dir C:\\Users /b', shell=True).decode().split("\r\n")[:-1]
STARTUP_FILES_PER_USER = ['\\'.join(SHELL_STARTUP_FILE_PATH_COMPONENTS[:2] +
[user] +
SHELL_STARTUP_FILE_PATH_COMPONENTS[3:])
for user in USERS]
return [ return [
'powershell.exe', # run with powershell 'Add-Content {0}',
'Add-Content {0} '.format(SHELL_STARTUP_FILE), '\"# Successfully modified {0}\" ;', # add line to $profile
'\"# Successfully modified {0}\" ;'.format(SHELL_STARTUP_FILE), # add line to $profile 'cat {0} | Select -last 1 ;', # print last line of $profile
'cat {0} | Select -last 1 ;'.format(SHELL_STARTUP_FILE), # print last line of $profile '$OldProfile = cat {0} | Select -skiplast 1 ;',
'$OldProfile = cat {0} | Select -skiplast 1 ;'.format(SHELL_STARTUP_FILE), 'Set-Content {0} -Value $OldProfile ;' # remove last line of $profile
'Set-Content {0} -Value $OldProfile ;'.format(SHELL_STARTUP_FILE) # remove last line of $profile ], STARTUP_FILES_PER_USER
]