Add "Hidden files" PBA feature

TODO: winAPI
2020-06-03 02:36:17 +05:30 · 2020-06-03 02:36:17 +05:30 · 45c5546f17
parent 08727305d8
commit 45c5546f17
5 changed files with 134 additions and 0 deletions
--- a/monkey/common/data/post_breach_consts.py
+++ b/monkey/common/data/post_breach_consts.py
@ -2,3 +2,4 @@ POST_BREACH_COMMUNICATE_AS_NEW_USER = "Communicate as new user"
 POST_BREACH_BACKDOOR_USER = "Backdoor user"
 POST_BREACH_FILE_EXECUTION = "File execution"
 POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = "Modify shell startup file"
+POST_BREACH_HIDDEN_FILES = "Hide files and directories"
--- a/monkey/infection_monkey/post_breach/actions/hide_files.py
+++ b/monkey/infection_monkey/post_breach/actions/hide_files.py
@ -0,0 +1,31 @@
+import time
+from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
+from infection_monkey.post_breach.pba import PBA
+from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
+from infection_monkey.utils.hidden_files import\
+    [get_commands_to_hide_files,
+     get_commands_to_hide_folders] as CREATE_HIDDEN,\
+    cleanup_hidden_files,\
+    # get_winAPI_commands
+from infection_monkey.utils.environment import is_windows_os
+
+
+class HiddenFiles(PBA):
+    """
+    This PBA attempts to create hidden files and folders.
+    """
+
+    def __init__(self):
+        pass
+
+    def run(self):
+        for method_to_create in CREATE_HIDDEN:
+            linux_cmds, windows_cmds = method_to_create()
+            super(HiddenFiles, self).__init__(name=POST_BREACH_HIDDEN_FILES,
+                                              linux_cmd=' '.join(linux_cmds),
+                                              window_cmd=windows_cmds)
+        # if is_windows_os():
+        #     get_winAPI_commands()
+        #     PostBreachTelem(???)
+        time.sleep(10)  # detection time for AV software
+        cleanup_hidden_files(is_windows_os())
--- a/monkey/infection_monkey/utils/hidden_files.py
+++ b/monkey/infection_monkey/utils/hidden_files.py
@ -0,0 +1,32 @@
+from infection_monkey.utils.linux.hidden_files import\
+    get_linux_commands_to_hide_files,\
+    get_linux_commands_to_hide_folders,\
+    get_linux_commands_to_delete
+from infection_monkey.utils.windows.hidden_files import\
+    get_windows_commands_to_hide_files,\
+    get_windows_commands_to_hide_folders,\
+    # get_winAPI_commands_to_hide_files,\
+    get_windows_commands_to_delete
+from infection_monkey.utils.environment import is_windows_os
+
+
+def get_commands_to_hide_files():
+    linux_cmds = get_linux_commands_to_hide_files()
+    windows_cmds = get_windows_commands_to_hide_files()
+    return linux_cmds, windows_cmds
+
+
+def get_commands_to_hide_folders():
+    linux_cmds = get_linux_commands_to_hide_folders()
+    windows_cmds = get_windows_commands_to_hide_folders()
+    return linux_cmds, windows_cmds
+
+
+# def get_winAPI_commands():
+#     winAPI_command = get_winAPI_commands_to_hide_files()
+#     return winAPI_command
+
+
+def cleanup_hidden_files(is_windows=is_windows_os()):
+    get_windows_commands_to_delete() if is_windows \
+                                     else get_linux_commands_to_delete()
--- a/monkey/infection_monkey/utils/linux/hidden_files.py
+++ b/monkey/infection_monkey/utils/linux/hidden_files.py
@ -0,0 +1,32 @@
+HIDDEN_FILE = '/var/tmp/.monkey-hidden-file'
+HIDDEN_FOLDER = '/var/tmp/.monkey-hidden-folder'
+
+
+def get_linux_commands_to_hide_files():
+    return [
+        'touch',    # create file
+        HIDDEN_FILE,
+        '; echo \"Successfully created hidden file\" >',    # write to
+        HIDDEN_FILE
+    ]
+
+
+def get_linux_commands_to_hide_folders():
+    return [
+        'mkdir',    # make directory
+        HIDDEN_FOLDER,
+        '; touch',  # create file
+        '{}/{}'.format(HIDDEN_FOLDER, 'some-file'),    # random file in hidden folder
+        '; echo \"Successfully created hidden folder\" >',  # write to
+        '{}/{}'.format(HIDDEN_FOLDER, 'some-file')     # random file in hidden folder
+    ]
+
+
+def get_linux_commands_to_delete():
+    return [
+        'rm',       # remove
+        '-r',       # delete recursively
+        '-f',       # force delete
+        HIDDEN_FILE,
+        HIDDEN_FOLDER
+    ]
--- a/monkey/infection_monkey/utils/windows/hidden_files.py
+++ b/monkey/infection_monkey/utils/windows/hidden_files.py
@ -0,0 +1,38 @@
+HIDDEN_FILE = 'C:\\monkey-hidden-file'
+HIDDEN_FOLDER = 'C:\\monkey-hidden-folder'
+
+
+def get_windows_commands_to_hide_files():
+    return [
+        'echo Successfully created hidden file >',  # create text file
+        HIDDEN_FILE,
+        '&& attrib',    # change file attributes
+        '+h',           # make hidden
+        HIDDEN_FILE
+    ]
+
+
+def get_windows_commands_to_hide_folders():
+    return [
+        'mkdir',        # make directory
+        HIDDEN_FOLDER,
+        '&& attrib',    # change file attributes
+        '+h',           # make hidden
+        HIDDEN_FOLDER,
+        '&& echo Successfully created hidden folder >'
+        '{}\{}'.format(HIDDEN_FOLDER, 'some-file')
+    ]
+
+
+# def get_winAPI_commands_to_hide_files():
+#     pass
+
+
+def get_windows_commands_to_delete():
+    return [
+        'del',          # delete file
+        '/f',           # force delete
+        HIDDEN_FILE,
+        '&& rmdir',     # delete folder
+        HIDDEN_FOLDER
+    ]