From 0877b0a88535ed596dec9ed498d3f482dfaa0925 Mon Sep 17 00:00:00 2001 From: vakarisz Date: Mon, 28 Mar 2022 10:17:26 +0300 Subject: [PATCH] Agent: Load PBA's into puppet --- monkey/infection_monkey/monkey.py | 36 +++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 66d881d93..478c8dde2 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -37,6 +37,19 @@ from infection_monkey.network_scanning.mssql_fingerprinter import MSSQLFingerpri from infection_monkey.network_scanning.smb_fingerprinter import SMBFingerprinter from infection_monkey.network_scanning.ssh_fingerprinter import SSHFingerprinter from infection_monkey.payload.ransomware.ransomware_payload import RansomwarePayload +from infection_monkey.post_breach.actions.change_file_privileges import ChangeSetuidSetgid +from infection_monkey.post_breach.actions.clear_command_history import ClearCommandHistory +from infection_monkey.post_breach.actions.collect_processes_list import ProcessListCollection +from infection_monkey.post_breach.actions.communicate_as_backdoor_user import ( + CommunicateAsBackdoorUser, +) +from infection_monkey.post_breach.actions.discover_accounts import AccountDiscovery +from infection_monkey.post_breach.actions.hide_files import HiddenFiles +from infection_monkey.post_breach.actions.modify_shell_startup_files import ModifyShellStartupFiles +from infection_monkey.post_breach.actions.schedule_jobs import ScheduleJobs +from infection_monkey.post_breach.actions.timestomping import Timestomping +from infection_monkey.post_breach.actions.use_signed_scripts import SignedScriptProxyExecution +from infection_monkey.post_breach.actions.use_trap_command import TrapCommand from infection_monkey.puppet.puppet import Puppet from infection_monkey.system_singleton import SystemSingleton from infection_monkey.telemetry.attack.t1106_telem import T1106Telem @@ -234,6 +247,29 @@ class InfectionMonkey: PluginType.EXPLOITER, ) + puppet.load_plugin( + "CommunicateAsBackdoorUser", CommunicateAsBackdoorUser, PluginType.POST_BREACH_ACTION + ) + puppet.load_plugin( + "ModifyShellStartupFiles", ModifyShellStartupFiles, PluginType.POST_BREACH_ACTION + ) + puppet.load_plugin("HiddenFiles", HiddenFiles, PluginType.POST_BREACH_ACTION) + puppet.load_plugin("TrapCommand", CommunicateAsBackdoorUser, PluginType.POST_BREACH_ACTION) + puppet.load_plugin("ChangeSetuidSetgid", ChangeSetuidSetgid, PluginType.POST_BREACH_ACTION) + puppet.load_plugin("ScheduleJobs", ScheduleJobs, PluginType.POST_BREACH_ACTION) + puppet.load_plugin("Timestomping", Timestomping, PluginType.POST_BREACH_ACTION) + puppet.load_plugin("AccountDiscovery", AccountDiscovery, PluginType.POST_BREACH_ACTION) + puppet.load_plugin( + "ProcessListCollection", ProcessListCollection, PluginType.POST_BREACH_ACTION + ) + puppet.load_plugin("TrapCommand", TrapCommand, PluginType.POST_BREACH_ACTION) + puppet.load_plugin( + "SignedScriptProxyExecution", SignedScriptProxyExecution, PluginType.POST_BREACH_ACTION + ) + puppet.load_plugin( + "ClearCommandHistory", ClearCommandHistory, PluginType.POST_BREACH_ACTION + ) + puppet.load_plugin("ransomware", RansomwarePayload(), PluginType.PAYLOAD) return puppet