forked from p15670423/monkey
Merge pull request #1839 from guardicore/1650-signed-scripts-timeout
Add timeout to signed script PBA
This commit is contained in:
commit
6be631f731
|
@ -3,6 +3,7 @@ import subprocess
|
||||||
from typing import Dict
|
from typing import Dict
|
||||||
|
|
||||||
from common.common_consts.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
|
from common.common_consts.post_breach_consts import POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC
|
||||||
|
from common.common_consts.timeouts import MEDIUM_REQUEST_TIMEOUT, SHORT_REQUEST_TIMEOUT
|
||||||
from infection_monkey.post_breach.pba import PBA
|
from infection_monkey.post_breach.pba import PBA
|
||||||
from infection_monkey.post_breach.signed_script_proxy.signed_script_proxy import (
|
from infection_monkey.post_breach.signed_script_proxy.signed_script_proxy import (
|
||||||
cleanup_changes,
|
cleanup_changes,
|
||||||
|
@ -21,6 +22,7 @@ class SignedScriptProxyExecution(PBA):
|
||||||
telemetry_messenger,
|
telemetry_messenger,
|
||||||
POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC,
|
POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC,
|
||||||
windows_cmd=" ".join(windows_cmds),
|
windows_cmd=" ".join(windows_cmds),
|
||||||
|
timeout=MEDIUM_REQUEST_TIMEOUT,
|
||||||
)
|
)
|
||||||
|
|
||||||
def run(self, options: Dict):
|
def run(self, options: Dict):
|
||||||
|
@ -28,7 +30,7 @@ class SignedScriptProxyExecution(PBA):
|
||||||
try:
|
try:
|
||||||
if is_windows_os():
|
if is_windows_os():
|
||||||
original_comspec = subprocess.check_output( # noqa: DUO116
|
original_comspec = subprocess.check_output( # noqa: DUO116
|
||||||
"if defined COMSPEC echo %COMSPEC%", shell=True
|
"if defined COMSPEC echo %COMSPEC%", shell=True, timeout=SHORT_REQUEST_TIMEOUT
|
||||||
).decode()
|
).decode()
|
||||||
super().run(options)
|
super().run(options)
|
||||||
return self.pba_data
|
return self.pba_data
|
||||||
|
|
|
@ -2,6 +2,7 @@ import logging
|
||||||
import subprocess
|
import subprocess
|
||||||
from typing import Dict, Iterable
|
from typing import Dict, Iterable
|
||||||
|
|
||||||
|
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.i_puppet.i_puppet import PostBreachData
|
from infection_monkey.i_puppet.i_puppet import PostBreachData
|
||||||
from infection_monkey.telemetry.attack.t1064_telem import T1064Telem
|
from infection_monkey.telemetry.attack.t1064_telem import T1064Telem
|
||||||
|
@ -18,7 +19,12 @@ class PBA:
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(
|
def __init__(
|
||||||
self, telemetry_messenger: ITelemetryMessenger, name="unknown", linux_cmd="", windows_cmd=""
|
self,
|
||||||
|
telemetry_messenger: ITelemetryMessenger,
|
||||||
|
name="unknown",
|
||||||
|
linux_cmd="",
|
||||||
|
windows_cmd="",
|
||||||
|
timeout: int = LONG_REQUEST_TIMEOUT,
|
||||||
):
|
):
|
||||||
"""
|
"""
|
||||||
:param name: Name of post breach action.
|
:param name: Name of post breach action.
|
||||||
|
@ -29,6 +35,7 @@ class PBA:
|
||||||
self.name = name
|
self.name = name
|
||||||
self.pba_data = []
|
self.pba_data = []
|
||||||
self.telemetry_messenger = telemetry_messenger
|
self.telemetry_messenger = telemetry_messenger
|
||||||
|
self.timeout = timeout
|
||||||
|
|
||||||
def run(self, options: Dict) -> Iterable[PostBreachData]:
|
def run(self, options: Dict) -> Iterable[PostBreachData]:
|
||||||
"""
|
"""
|
||||||
|
@ -73,12 +80,13 @@ class PBA:
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
output = subprocess.check_output( # noqa: DUO116
|
output = subprocess.check_output( # noqa: DUO116
|
||||||
self.command, stderr=subprocess.STDOUT, shell=True
|
self.command, stderr=subprocess.STDOUT, shell=True, timeout=self.timeout
|
||||||
).decode()
|
).decode()
|
||||||
return output, True
|
return output, True
|
||||||
except subprocess.CalledProcessError as e:
|
except subprocess.CalledProcessError as err:
|
||||||
# Return error output of the command
|
return err.output.decode(), False
|
||||||
return e.output.decode(), False
|
except subprocess.TimeoutExpired as err:
|
||||||
|
return str(err), False
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def choose_command(linux_cmd, windows_cmd):
|
def choose_command(linux_cmd, windows_cmd):
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
|
import logging
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
|
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
|
||||||
from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_proxy import (
|
from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_proxy import (
|
||||||
get_windows_commands_to_delete_temp_comspec,
|
get_windows_commands_to_delete_temp_comspec,
|
||||||
get_windows_commands_to_proxy_execution_using_signed_script,
|
get_windows_commands_to_proxy_execution_using_signed_script,
|
||||||
|
@ -7,6 +9,8 @@ from infection_monkey.post_breach.signed_script_proxy.windows.signed_script_prox
|
||||||
)
|
)
|
||||||
from infection_monkey.utils.environment import is_windows_os
|
from infection_monkey.utils.environment import is_windows_os
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
def get_commands_to_proxy_execution_using_signed_script():
|
def get_commands_to_proxy_execution_using_signed_script():
|
||||||
windows_cmds = get_windows_commands_to_proxy_execution_using_signed_script()
|
windows_cmds = get_windows_commands_to_proxy_execution_using_signed_script()
|
||||||
|
@ -15,7 +19,18 @@ def get_commands_to_proxy_execution_using_signed_script():
|
||||||
|
|
||||||
def cleanup_changes(original_comspec):
|
def cleanup_changes(original_comspec):
|
||||||
if is_windows_os():
|
if is_windows_os():
|
||||||
|
try:
|
||||||
subprocess.run( # noqa: DUO116
|
subprocess.run( # noqa: DUO116
|
||||||
get_windows_commands_to_reset_comspec(original_comspec), shell=True
|
get_windows_commands_to_reset_comspec(original_comspec),
|
||||||
|
shell=True,
|
||||||
|
timeout=SHORT_REQUEST_TIMEOUT,
|
||||||
)
|
)
|
||||||
subprocess.run(get_windows_commands_to_delete_temp_comspec(), shell=True) # noqa: DUO116
|
subprocess.run( # noqa: DUO116
|
||||||
|
get_windows_commands_to_delete_temp_comspec(),
|
||||||
|
shell=True,
|
||||||
|
timeout=SHORT_REQUEST_TIMEOUT,
|
||||||
|
)
|
||||||
|
except subprocess.CalledProcessError as err:
|
||||||
|
logger.error(err.output.decode())
|
||||||
|
except subprocess.TimeoutExpired as err:
|
||||||
|
logger.error(str(err))
|
||||||
|
|
Loading…
Reference in New Issue