diff --git a/monkey/infection_monkey/monkey_utils/windows/new_user.py b/monkey/infection_monkey/monkey_utils/windows/new_user.py index be6e2534d..14db5c1ae 100644 --- a/monkey/infection_monkey/monkey_utils/windows/new_user.py +++ b/monkey/infection_monkey/monkey_utils/windows/new_user.py @@ -2,7 +2,6 @@ import logging import subprocess from infection_monkey.post_breach.actions.add_user import BackdoorUser -from infection_monkey.telemetry.post_breach_telem import PostBreachTelem logger = logging.getLogger(__name__) @@ -17,14 +16,14 @@ class NewUser(object): RAII object to use for creating and using a new user in Windows. Use with `with`. User will be created when the instance is instantiated. User will log on start of `with` scope. - User will log off on end of `with` scope. + User will log off and get deleted on end of `with` scope. Example: # Created # Logged on with NewUser("user", "pass") as new_user: ... ... - # Logged off + # Logged off and deleted ... """ def __init__(self, username, password): @@ -36,7 +35,6 @@ class NewUser(object): self.password = password windows_cmds = BackdoorUser.get_windows_commands_to_add_user(self.username, self.password, True) - logger.debug("Trying these commands: {}".format(str(windows_cmds))) _ = subprocess.check_output(windows_cmds, stderr=subprocess.STDOUT, shell=True) def __enter__(self): @@ -60,5 +58,12 @@ class NewUser(object): return self.logon_handle def __exit__(self, exc_type, exc_val, exc_tb): + # Logoff self.logon_handle.Close() - # TODO Delete user + + # Try to delete user + try: + _ = subprocess.check_output( + BackdoorUser.get_windows_commands_to_delete_user(self.username), stderr=subprocess.STDOUT, shell=True) + except Exception as err: + raise NewUserError("Can't delete user {}. Info: {}".format(self.username, err)) diff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py index b82c59a66..9bb8cfcba 100644 --- a/monkey/infection_monkey/post_breach/actions/add_user.py +++ b/monkey/infection_monkey/post_breach/actions/add_user.py @@ -22,7 +22,7 @@ class BackdoorUser(PBA): @staticmethod def get_linux_commands_to_add_user(username): - linux_cmds = [ + return [ 'useradd', '-M', # Do not create homedir '--expiredate', @@ -32,7 +32,13 @@ class BackdoorUser(PBA): '-c', # Comment 'MONKEY_USER', # Comment username] - return linux_cmds + + @staticmethod + def get_linux_commands_to_delete_user(username): + return [ + 'deluser', + username + ] @staticmethod def get_windows_commands_to_add_user(username, password, should_be_active=False): @@ -45,3 +51,11 @@ class BackdoorUser(PBA): if not should_be_active: windows_cmds.append('/ACTIVE:NO') return windows_cmds + + @staticmethod + def get_windows_commands_to_delete_user(username): + return [ + 'net', + 'user', + username, + '/delete'] diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py index 8869a225f..590912c0b 100644 --- a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py +++ b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py @@ -38,14 +38,17 @@ class CommunicateAsNewUser(PBA): def communicate_as_new_user_linux(self, username): try: + # add user + ping linux_cmds = BackdoorUser.get_linux_commands_to_add_user(username) commandline = "ping -c 2 google.com" linux_cmds.extend([";", "sudo", "-u", username, commandline]) final_command = ' '.join(linux_cmds) - logger.debug("Trying to execute these commands: {}".format(final_command)) output = subprocess.check_output(final_command, stderr=subprocess.STDOUT, shell=True) PostBreachTelem(self, ( CREATED_PROCESS_AS_USER_LINUX_FORMAT.format(commandline, username, output[:150]), True)).send() + # delete the user + _ = subprocess.check_output( + BackdoorUser.get_linux_commands_to_delete_user(username), stderr=subprocess.STDOUT, shell=True) except subprocess.CalledProcessError as e: PostBreachTelem(self, (e.output, False)).send()