From c38875d71e79f29d1037eb2b318ce70e94140d2d Mon Sep 17 00:00:00 2001 From: Shreya Date: Fri, 3 Jul 2020 17:55:42 +0530 Subject: [PATCH] Code review changes - windows commands readibility - f-strings - directory structure --- .../job_scheduling/job_scheduling.py | 9 +++--- ..._scheduling.py => linux_job_scheduling.py} | 9 +++--- .../job_scheduling/windows/job_scheduling.py | 28 ------------------- .../job_scheduling/windows_job_scheduling.py | 12 ++++++++ 4 files changed, 21 insertions(+), 37 deletions(-) rename monkey/infection_monkey/post_breach/job_scheduling/{linux/job_scheduling.py => linux_job_scheduling.py} (50%) delete mode 100644 monkey/infection_monkey/post_breach/job_scheduling/windows/job_scheduling.py create mode 100644 monkey/infection_monkey/post_breach/job_scheduling/windows_job_scheduling.py diff --git a/monkey/infection_monkey/post_breach/job_scheduling/job_scheduling.py b/monkey/infection_monkey/post_breach/job_scheduling/job_scheduling.py index fc93a96a3..8d18124f6 100644 --- a/monkey/infection_monkey/post_breach/job_scheduling/job_scheduling.py +++ b/monkey/infection_monkey/post_breach/job_scheduling/job_scheduling.py @@ -1,7 +1,7 @@ import subprocess -from infection_monkey.post_breach.job_scheduling.linux.job_scheduling import\ +from infection_monkey.post_breach.job_scheduling.linux_job_scheduling import\ get_linux_commands_to_schedule_jobs -from infection_monkey.post_breach.job_scheduling.windows.job_scheduling import\ +from infection_monkey.post_breach.job_scheduling.windows_job_scheduling import\ get_windows_commands_to_schedule_jobs,\ get_windows_commands_to_remove_scheduled_jobs from infection_monkey.utils.environment import is_windows_os @@ -14,6 +14,5 @@ def get_commands_to_schedule_jobs(): def remove_scheduled_jobs(): - subprocess.run(get_windows_commands_to_remove_scheduled_jobs() if is_windows_os() # noqa: DUO116 - else '', - shell=True) + if is_windows_os(): + subprocess.run(get_windows_commands_to_remove_scheduled_jobs(), shell=True) # noqa: DUO116 diff --git a/monkey/infection_monkey/post_breach/job_scheduling/linux/job_scheduling.py b/monkey/infection_monkey/post_breach/job_scheduling/linux_job_scheduling.py similarity index 50% rename from monkey/infection_monkey/post_breach/job_scheduling/linux/job_scheduling.py rename to monkey/infection_monkey/post_breach/job_scheduling/linux_job_scheduling.py index fa356755e..8a4046c88 100644 --- a/monkey/infection_monkey/post_breach/job_scheduling/linux/job_scheduling.py +++ b/monkey/infection_monkey/post_breach/job_scheduling/linux_job_scheduling.py @@ -3,9 +3,10 @@ TEMP_CRON = "$HOME/monkey-schedule-jobs" def get_linux_commands_to_schedule_jobs(): return [ - 'touch {} &&'.format(TEMP_CRON), - 'crontab -l > {} &&'.format(TEMP_CRON), + f'touch {TEMP_CRON} &&', + f'crontab -l > {TEMP_CRON} &&', 'echo \"# Successfully scheduled a job using crontab\" |', - 'tee -a {} &&'.format(TEMP_CRON), - 'crontab {}'.format(TEMP_CRON) + f'tee -a {TEMP_CRON} &&', + f'crontab {TEMP_CRON} &&', + f'rm {TEMP_CRON}' ] diff --git a/monkey/infection_monkey/post_breach/job_scheduling/windows/job_scheduling.py b/monkey/infection_monkey/post_breach/job_scheduling/windows/job_scheduling.py deleted file mode 100644 index d3dcea8d5..000000000 --- a/monkey/infection_monkey/post_breach/job_scheduling/windows/job_scheduling.py +++ /dev/null @@ -1,28 +0,0 @@ -SCHEDULED_TASK_NAME = 'monkey-spawn-cmd' -SCHEDULED_TASK_COMMAND = 'C:\windows\system32\cmd.exe' - - -def get_windows_commands_to_schedule_jobs(): - return [ - 'schtasks', - '/Create', - '/SC', - 'monthly', - '/TN', - SCHEDULED_TASK_NAME, - '/TR', - SCHEDULED_TASK_COMMAND - ] - - -def get_windows_commands_to_remove_scheduled_jobs(): - return [ - 'schtasks', - '/Delete', - '/TN', - SCHEDULED_TASK_NAME, - '/F', - '>', - 'nul', - '2>&1' - ] diff --git a/monkey/infection_monkey/post_breach/job_scheduling/windows_job_scheduling.py b/monkey/infection_monkey/post_breach/job_scheduling/windows_job_scheduling.py new file mode 100644 index 000000000..fe3dad525 --- /dev/null +++ b/monkey/infection_monkey/post_breach/job_scheduling/windows_job_scheduling.py @@ -0,0 +1,12 @@ +SCHEDULED_TASK_NAME = 'monkey-spawn-cmd' +SCHEDULED_TASK_COMMAND = 'C:\windows\system32\cmd.exe' + +# Commands from: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md + + +def get_windows_commands_to_schedule_jobs(): + return f'schtasks /Create /SC monthly /TN {SCHEDULED_TASK_NAME} /TR {SCHEDULED_TASK_COMMAND}' + + +def get_windows_commands_to_remove_scheduled_jobs(): + return f'schtasks /Delete /TN {SCHEDULED_TASK_NAME} /F > nul 2>&1'