From 3819041632dbb2c11c4352885ce5086e3f3686d7 Mon Sep 17 00:00:00 2001 From: Shreya Date: Mon, 22 Jun 2020 02:09:25 +0530 Subject: [PATCH] PBA command modifications --- .../post_breach/actions/hide_files.py | 1 - monkey/infection_monkey/utils/hidden_files.py | 3 ++- .../utils/linux/hidden_files.py | 7 +++---- .../utils/windows/hidden_files.py | 18 +++++++++++++----- 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/monkey/infection_monkey/post_breach/actions/hide_files.py b/monkey/infection_monkey/post_breach/actions/hide_files.py index eadd31e61..da9caca6c 100644 --- a/monkey/infection_monkey/post_breach/actions/hide_files.py +++ b/monkey/infection_monkey/post_breach/actions/hide_files.py @@ -1,4 +1,3 @@ -import time from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES from infection_monkey.post_breach.pba import PBA from infection_monkey.telemetry.post_breach_telem import PostBreachTelem diff --git a/monkey/infection_monkey/utils/hidden_files.py b/monkey/infection_monkey/utils/hidden_files.py index ee1281cd7..2c629af39 100644 --- a/monkey/infection_monkey/utils/hidden_files.py +++ b/monkey/infection_monkey/utils/hidden_files.py @@ -25,4 +25,5 @@ def get_commands_to_hide_folders(): def cleanup_hidden_files(is_windows=is_windows_os()): subprocess.run(get_windows_commands_to_delete() if is_windows - else ' '.join(get_linux_commands_to_delete())) + else ' '.join(get_linux_commands_to_delete()), + shell=True) diff --git a/monkey/infection_monkey/utils/linux/hidden_files.py b/monkey/infection_monkey/utils/linux/hidden_files.py index ca03e8809..468318cf8 100644 --- a/monkey/infection_monkey/utils/linux/hidden_files.py +++ b/monkey/infection_monkey/utils/linux/hidden_files.py @@ -17,9 +17,9 @@ def get_linux_commands_to_hide_folders(): return [ 'mkdir', # make directory HIDDEN_FOLDER, - '; touch', # create file + '&& touch', # create file '{}/{}'.format(HIDDEN_FOLDER, 'some-file'), # random file in hidden folder - '; echo \"Successfully created hidden folder: {}\" |'.format(HIDDEN_FOLDER), # output + '&& echo \"Successfully created hidden folder: {}\" |'.format(HIDDEN_FOLDER), # output 'tee -a', # and write to file '{}/{}'.format(HIDDEN_FOLDER, 'some-file') # random file in hidden folder ] @@ -28,8 +28,7 @@ def get_linux_commands_to_hide_folders(): def get_linux_commands_to_delete(): return [ 'rm', # remove - '-r', # delete recursively - '-f', # force delete + '-rf', # force delete recursively HIDDEN_FILE, HIDDEN_FOLDER ] diff --git a/monkey/infection_monkey/utils/windows/hidden_files.py b/monkey/infection_monkey/utils/windows/hidden_files.py index ce1bf3450..3ffad48f5 100644 --- a/monkey/infection_monkey/utils/windows/hidden_files.py +++ b/monkey/infection_monkey/utils/windows/hidden_files.py @@ -1,6 +1,11 @@ -HIDDEN_FILE = "%homepath%\\monkey-hidden-file" -HIDDEN_FILE_WINAPI = "%homepath%\\monkey-hidden-file-winAPI" -HIDDEN_FOLDER = "%homepath%\\monkey-hidden-folder" +import os + + +HOME_PATH = os.path.expanduser("~") + +HIDDEN_FILE = HOME_PATH + "\\monkey-hidden-file" +HIDDEN_FOLDER = HOME_PATH + "\\monkey-hidden-folder" +HIDDEN_FILE_WINAPI = HOME_PATH + "\\monkey-hidden-file-winAPI" def get_windows_commands_to_hide_files(): @@ -62,12 +67,15 @@ def get_winAPI_to_hide_files(): def get_windows_commands_to_delete(): return [ + 'powershell.exe', 'del', # delete file - '-Force', # force delete + '-Force', HIDDEN_FILE, + ',', HIDDEN_FILE_WINAPI, - '&&', + ';', 'rmdir', # delete folder '-Force', + '-Recurse', HIDDEN_FOLDER ]