Merge pull request #1434 from guardicore/pba-use-random-pwd

Use random password for CommunicateAsNewUser PBA

CHANGELOG.md

@@ -22,6 +22,9 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - Malfunctioning timestomping PBA. #1405
 - Malfunctioning shell startup script PBA. #1419
 
+### Security
+- Generate a random password when creating a new user for CommunicateAsNewUser PBA. #1434
+
 ## [1.11.0] - 2021-08-13
 ### Added
 - A runtime-configurable option to specify a data directory where runtime

monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py

@@ -10,6 +10,7 @@ from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
 from infection_monkey.utils.auto_new_user_factory import create_auto_new_user
 from infection_monkey.utils.environment import is_windows_os
 from infection_monkey.utils.new_user_error import NewUserError
+from infection_monkey.utils.random_password_generator import get_random_password
 
 INFECTION_MONKEY_WEBSITE_URL = "https://infectionmonkey.com/"
 
@@ -21,7 +22,6 @@ CREATED_PROCESS_AS_USER_FAILED_FORMAT = (
 )
 
 USERNAME_PREFIX = "somenewuser"
-PASSWORD = "N3WPa55W0rD!1"
 
 logger = logging.getLogger(__name__)
 
@@ -29,8 +29,8 @@ logger = logging.getLogger(__name__)
 class CommunicateAsNewUser(PBA):
     """
     This PBA creates a new user, and then creates HTTPS requests as that user. This is used for a
-    Zero Trust test of the
-    People pillar. See the relevant telemetry processing to see what findings are created.
+    Zero Trust test of the People pillar. See the relevant telemetry processing to see what findings
+    are created.
     """
 
     def __init__(self):
@@ -39,7 +39,8 @@ class CommunicateAsNewUser(PBA):
     def run(self):
         username = CommunicateAsNewUser.get_random_new_user_name()
         try:
-            with create_auto_new_user(username, PASSWORD) as new_user:
+            password = get_random_password()
+            with create_auto_new_user(username, password) as new_user:
                 http_request_commandline = CommunicateAsNewUser.get_commandline_for_http_request(
                     INFECTION_MONKEY_WEBSITE_URL
                 )

monkey/tests/unit_tests/infection_monkey/post_breach/actions/test_communicate_as_backdoor_user.py

@@ -0,0 +1,38 @@
+from infection_monkey.post_breach.actions.communicate_as_new_user import (
+    USERNAME_PREFIX,
+    CommunicateAsNewUser,
+)
+
+URL = "this-is-where-i-wanna-go"
+
+
+def test_get_random_new_user_name():
+    username = CommunicateAsNewUser.get_random_new_user_name()
+    assert len(username) == len(USERNAME_PREFIX) + 5
+    assert username.islower()
+    assert username.startswith(USERNAME_PREFIX)
+
+
+def test_get_commandline_for_http_request_windows():
+    cmd_line = CommunicateAsNewUser.get_commandline_for_http_request(URL, is_windows=True)
+    assert "powershell.exe" in cmd_line
+    assert URL in cmd_line
+
+
+def test_get_commandline_for_http_request_linux_curl(monkeypatch):
+    monkeypatch.setattr(
+        "infection_monkey.post_breach.actions.communicate_as_new_user.shutil.which",
+        lambda _: "not None",
+    )
+    cmd_line = CommunicateAsNewUser.get_commandline_for_http_request(URL, is_windows=False)
+    assert "curl" in cmd_line
+    assert URL in cmd_line
+
+
+def test_get_commandline_for_http_request_linux_wget(monkeypatch):
+    monkeypatch.setattr(
+        "infection_monkey.post_breach.actions.communicate_as_new_user.shutil.which", lambda _: None
+    )
+    cmd_line = CommunicateAsNewUser.get_commandline_for_http_request(URL, is_windows=False)
+    assert "wget" in cmd_line
+    assert URL in cmd_line