forked from p34709852/monkey
Added post breach processing dict and extracted consts to common
This commit is contained in:
parent
68c0f590ac
commit
98764f0291
|
@ -0,0 +1,2 @@
|
||||||
|
POST_BREACH_BACKDOOR_USER = "Backdoor user"
|
||||||
|
POST_BREACH_FILE_EXECUTION = "File execution"
|
|
@ -1,8 +1,9 @@
|
||||||
import datetime
|
import datetime
|
||||||
|
|
||||||
|
from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
|
|
||||||
|
|
||||||
__author__ = 'danielg'
|
__author__ = 'danielg'
|
||||||
|
|
||||||
LINUX_COMMANDS = ['useradd', '-M', '--expiredate',
|
LINUX_COMMANDS = ['useradd', '-M', '--expiredate',
|
||||||
|
@ -16,6 +17,6 @@ WINDOWS_COMMANDS = ['net', 'user', WormConfiguration.user_to_add,
|
||||||
|
|
||||||
class BackdoorUser(PBA):
|
class BackdoorUser(PBA):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(BackdoorUser, self).__init__("Backdoor user",
|
super(BackdoorUser, self).__init__(POST_BREACH_BACKDOOR_USER,
|
||||||
linux_cmd=' '.join(LINUX_COMMANDS),
|
linux_cmd=' '.join(LINUX_COMMANDS),
|
||||||
windows_cmd=WINDOWS_COMMANDS)
|
windows_cmd=WINDOWS_COMMANDS)
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import os
|
import os
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
|
from common.data.post_breach_consts import POST_BREACH_FILE_EXECUTION
|
||||||
from infection_monkey.utils import is_windows_os
|
from infection_monkey.utils import is_windows_os
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
|
@ -27,7 +28,7 @@ class UsersPBA(PBA):
|
||||||
Defines user's configured post breach action.
|
Defines user's configured post breach action.
|
||||||
"""
|
"""
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(UsersPBA, self).__init__("File execution")
|
super(UsersPBA, self).__init__(POST_BREACH_FILE_EXECUTION)
|
||||||
self.filename = ''
|
self.filename = ''
|
||||||
if not is_windows_os():
|
if not is_windows_os():
|
||||||
# Add linux commands to PBA's
|
# Add linux commands to PBA's
|
||||||
|
|
|
@ -1,7 +1,17 @@
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
|
from common.data.post_breach_consts import *
|
||||||
|
|
||||||
|
POST_BREACH_TELEMETRY_PROCESSING_FUNCS = {
|
||||||
|
# `lambda *args, **kwargs: None` is a no-op.
|
||||||
|
POST_BREACH_BACKDOOR_USER: lambda *args, **kwargs: None,
|
||||||
|
POST_BREACH_FILE_EXECUTION: lambda *args, **kwargs: None,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
def process_post_breach_telemetry(telemetry_json):
|
def process_post_breach_telemetry(telemetry_json):
|
||||||
mongo.db.monkey.update(
|
mongo.db.monkey.update(
|
||||||
{'guid': telemetry_json['monkey_guid']},
|
{'guid': telemetry_json['monkey_guid']},
|
||||||
{'$push': {'pba_results': telemetry_json['data']}})
|
{'$push': {'pba_results': telemetry_json['data']}})
|
||||||
|
|
||||||
|
if telemetry_json["name"] in POST_BREACH_TELEMETRY_PROCESSING_FUNCS:
|
||||||
|
POST_BREACH_TELEMETRY_PROCESSING_FUNCS[telemetry_json["name"]](telemetry_json)
|
||||||
|
|
Loading…
Reference in New Issue