diff --git a/monkey/common/data/post_breach_consts.py b/monkey/common/data/post_breach_consts.py index 1dc739a7d..1650b89c5 100644 --- a/monkey/common/data/post_breach_consts.py +++ b/monkey/common/data/post_breach_consts.py @@ -6,4 +6,4 @@ POST_BREACH_HIDDEN_FILES = "Hide files and directories" POST_BREACH_TRAP_COMMAND = "Execute command when a particular signal is received" POST_BREACH_SETUID_SETGID = "Setuid and Setgid" POST_BREACH_JOB_SCHEDULING = "Schedule jobs" -POST_BREACH_TIMESTOMPPING = "Modify files' timestamps" +POST_BREACH_TIMESTOMPING = "Modify files' timestamps" diff --git a/monkey/infection_monkey/post_breach/actions/timestomping.py b/monkey/infection_monkey/post_breach/actions/timestomping.py index 3d0564b0d..50a940524 100644 --- a/monkey/infection_monkey/post_breach/actions/timestomping.py +++ b/monkey/infection_monkey/post_breach/actions/timestomping.py @@ -1,4 +1,4 @@ -from common.data.post_breach_consts import POST_BREACH_TIMESTOMPPING +from common.data.post_breach_consts import POST_BREACH_TIMESTOMPING from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.timestomping.timestomping import \ get_timestomping_commands @@ -7,6 +7,6 @@ from infection_monkey.post_breach.timestomping.timestomping import \ class Timestomping(PBA): def __init__(self): linux_cmds, windows_cmds = get_timestomping_commands() - super().__init__(POST_BREACH_TIMESTOMPPING, + super().__init__(POST_BREACH_TIMESTOMPING, linux_cmd=linux_cmds, windows_cmd=windows_cmds) diff --git a/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.ps1 b/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.ps1 index 8965a149a..ce94ac08a 100644 --- a/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.ps1 +++ b/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.ps1 @@ -3,7 +3,7 @@ $TIMESTAMP_EPOCH = '01/01/1970 00:00:00' # create temporary file New-Item -Path $TEMP_FILE -Force | Out-Null -Set-Content $TEMP_FILE -Value "Successfully changed a file\'s modification timestamp" -Force | Out-Null +Set-Content $TEMP_FILE -Value "Successfully changed a file's modification timestamp" -Force | Out-Null # attempt to change modification timestamp Get-ChildItem $TEMP_FILE | % { $_.LastWriteTime = $TIMESTAMP_EPOCH } diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1099.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1099.py index 3ca46408d..9cd4dc903 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1099.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1099.py @@ -1,4 +1,4 @@ -from common.data.post_breach_consts import POST_BREACH_TIMESTOMPPING +from common.data.post_breach_consts import POST_BREACH_TIMESTOMPING from monkey_island.cc.services.attack.technique_reports.pba_technique import \ PostBreachTechnique @@ -10,4 +10,4 @@ class T1099(PostBreachTechnique): unscanned_msg = "Monkey didn't try changing any file's time attributes." scanned_msg = "Monkey tried changing a file's time attributes but failed." used_msg = "Monkey successfully changed a file's time attributes." - pba_names = [POST_BREACH_TIMESTOMPPING] + pba_names = [POST_BREACH_TIMESTOMPING] diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py index ab4356850..ec1ea4b91 100644 --- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py +++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py @@ -77,7 +77,7 @@ POST_BREACH_ACTIONS = { "Timestomping" ], "title": "Timestomping", - "info": "Creates a temporary file and attempts to modify its file time attributes. Removes temporary file.", + "info": "Creates a temporary file and attempts to modify its time attributes. Removes the file afterwards.", "attack_techniques": ["T1099"] } ]