Agent: Load PBA's into puppet

This commit is contained in:
vakarisz 2022-03-28 10:17:26 +03:00 committed by VakarisZ
parent 703dc315bc
commit 0877b0a885
1 changed files with 36 additions and 0 deletions

View File

@ -37,6 +37,19 @@ from infection_monkey.network_scanning.mssql_fingerprinter import MSSQLFingerpri
from infection_monkey.network_scanning.smb_fingerprinter import SMBFingerprinter from infection_monkey.network_scanning.smb_fingerprinter import SMBFingerprinter
from infection_monkey.network_scanning.ssh_fingerprinter import SSHFingerprinter from infection_monkey.network_scanning.ssh_fingerprinter import SSHFingerprinter
from infection_monkey.payload.ransomware.ransomware_payload import RansomwarePayload from infection_monkey.payload.ransomware.ransomware_payload import RansomwarePayload
from infection_monkey.post_breach.actions.change_file_privileges import ChangeSetuidSetgid
from infection_monkey.post_breach.actions.clear_command_history import ClearCommandHistory
from infection_monkey.post_breach.actions.collect_processes_list import ProcessListCollection
from infection_monkey.post_breach.actions.communicate_as_backdoor_user import (
CommunicateAsBackdoorUser,
)
from infection_monkey.post_breach.actions.discover_accounts import AccountDiscovery
from infection_monkey.post_breach.actions.hide_files import HiddenFiles
from infection_monkey.post_breach.actions.modify_shell_startup_files import ModifyShellStartupFiles
from infection_monkey.post_breach.actions.schedule_jobs import ScheduleJobs
from infection_monkey.post_breach.actions.timestomping import Timestomping
from infection_monkey.post_breach.actions.use_signed_scripts import SignedScriptProxyExecution
from infection_monkey.post_breach.actions.use_trap_command import TrapCommand
from infection_monkey.puppet.puppet import Puppet from infection_monkey.puppet.puppet import Puppet
from infection_monkey.system_singleton import SystemSingleton from infection_monkey.system_singleton import SystemSingleton
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
@ -234,6 +247,29 @@ class InfectionMonkey:
PluginType.EXPLOITER, PluginType.EXPLOITER,
) )
puppet.load_plugin(
"CommunicateAsBackdoorUser", CommunicateAsBackdoorUser, PluginType.POST_BREACH_ACTION
)
puppet.load_plugin(
"ModifyShellStartupFiles", ModifyShellStartupFiles, PluginType.POST_BREACH_ACTION
)
puppet.load_plugin("HiddenFiles", HiddenFiles, PluginType.POST_BREACH_ACTION)
puppet.load_plugin("TrapCommand", CommunicateAsBackdoorUser, PluginType.POST_BREACH_ACTION)
puppet.load_plugin("ChangeSetuidSetgid", ChangeSetuidSetgid, PluginType.POST_BREACH_ACTION)
puppet.load_plugin("ScheduleJobs", ScheduleJobs, PluginType.POST_BREACH_ACTION)
puppet.load_plugin("Timestomping", Timestomping, PluginType.POST_BREACH_ACTION)
puppet.load_plugin("AccountDiscovery", AccountDiscovery, PluginType.POST_BREACH_ACTION)
puppet.load_plugin(
"ProcessListCollection", ProcessListCollection, PluginType.POST_BREACH_ACTION
)
puppet.load_plugin("TrapCommand", TrapCommand, PluginType.POST_BREACH_ACTION)
puppet.load_plugin(
"SignedScriptProxyExecution", SignedScriptProxyExecution, PluginType.POST_BREACH_ACTION
)
puppet.load_plugin(
"ClearCommandHistory", ClearCommandHistory, PluginType.POST_BREACH_ACTION
)
puppet.load_plugin("ransomware", RansomwarePayload(), PluginType.PAYLOAD) puppet.load_plugin("ransomware", RansomwarePayload(), PluginType.PAYLOAD)
return puppet return puppet