forked from p15670423/monkey
Fixes
This commit is contained in:
parent
f6556704d6
commit
1fdca52788
|
@ -1,5 +1,3 @@
|
||||||
import subprocess
|
|
||||||
|
|
||||||
from common.data.post_breach_consts import \
|
from common.data.post_breach_consts import \
|
||||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
|
@ -7,8 +5,6 @@ from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modifi
|
||||||
get_commands_to_modify_shell_startup_files
|
get_commands_to_modify_shell_startup_files
|
||||||
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
|
||||||
|
|
||||||
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
|
|
||||||
|
|
||||||
|
|
||||||
class ModifyShellStartupFiles(PBA):
|
class ModifyShellStartupFiles(PBA):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -2,8 +2,9 @@ from common.data.post_breach_consts import \
|
||||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||||
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import \
|
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import (
|
||||||
extract_shell_startup_files_modification_info, get_shell_startup_files_modification_status
|
extract_shell_startup_files_modification_info,
|
||||||
|
get_shell_startup_files_modification_status)
|
||||||
|
|
||||||
__author__ = "shreyamalviya"
|
__author__ = "shreyamalviya"
|
||||||
|
|
||||||
|
@ -17,8 +18,8 @@ class T1156(AttackTechnique):
|
||||||
query = [{'$match': {'telem_category': 'post_breach',
|
query = [{'$match': {'telem_category': 'post_breach',
|
||||||
'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}},
|
'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}},
|
||||||
{'$project': {'_id': 0,
|
{'$project': {'_id': 0,
|
||||||
'machine': {'hostname': '$data.hostname',
|
'machine': {'hostname': {'$arrayElemAt': ['$data.hostname', 0]},
|
||||||
'ips': ['$data.ip']},
|
'ips': [{'$arrayElemAt': ['$data.ip', 0]}]},
|
||||||
'result': '$data.result'}}]
|
'result': '$data.result'}}]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
|
|
@ -2,8 +2,9 @@ from common.data.post_breach_consts import \
|
||||||
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||||
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import \
|
from monkey_island.cc.services.attack.technique_reports.technique_report_tools import (
|
||||||
extract_shell_startup_files_modification_info, get_shell_startup_files_modification_status
|
extract_shell_startup_files_modification_info,
|
||||||
|
get_shell_startup_files_modification_status)
|
||||||
|
|
||||||
__author__ = "shreyamalviya"
|
__author__ = "shreyamalviya"
|
||||||
|
|
||||||
|
@ -17,8 +18,8 @@ class T1504(AttackTechnique):
|
||||||
query = [{'$match': {'telem_category': 'post_breach',
|
query = [{'$match': {'telem_category': 'post_breach',
|
||||||
'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}},
|
'data.name': POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION}},
|
||||||
{'$project': {'_id': 0,
|
{'$project': {'_id': 0,
|
||||||
'machine': {'hostname': '$data.hostname',
|
'machine': {'hostname': {'$arrayElemAt': ['$data.hostname', 0]},
|
||||||
'ips': ['$data.ip']},
|
'ips': [{'$arrayElemAt': ['$data.ip', 0]}]},
|
||||||
'result': '$data.result'}}]
|
'result': '$data.result'}}]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
from monkey_island.cc.encryptor import encryptor
|
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
|
from monkey_island.cc.encryptor import encryptor
|
||||||
|
|
||||||
|
|
||||||
def parse_creds(attempt):
|
def parse_creds(attempt):
|
||||||
|
@ -51,7 +51,7 @@ def extract_shell_startup_files_modification_info(shell_startup_files_modificati
|
||||||
required_shell_startup_files_modification_info = []
|
required_shell_startup_files_modification_info = []
|
||||||
for shell_startup_file_result in shell_startup_files_modification_info[0]['result']:
|
for shell_startup_file_result in shell_startup_files_modification_info[0]['result']:
|
||||||
if any(file_name in shell_startup_file_result[0] for file_name in required_file_names):
|
if any(file_name in shell_startup_file_result[0] for file_name in required_file_names):
|
||||||
shell_startup_files_modification_info.append({
|
required_shell_startup_files_modification_info.append({
|
||||||
'machine': shell_startup_files_modification_info[0]['machine'],
|
'machine': shell_startup_files_modification_info[0]['machine'],
|
||||||
'result': shell_startup_file_result
|
'result': shell_startup_file_result
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue