forked from p15670423/monkey
Modify `run()` for "modify shell startup files" PBA
This commit is contained in:
parent
dec7d9021f
commit
f6556704d6
|
@ -21,7 +21,7 @@ class ModifyShellStartupFiles(PBA):
|
|||
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION)
|
||||
|
||||
def run(self):
|
||||
results = [pba.run() for pba in self.modify_shell_startup_PBA_list()]
|
||||
results = [pba.run(return_result=True) for pba in self.modify_shell_startup_PBA_list()]
|
||||
PostBreachTelem(self, results).send()
|
||||
|
||||
def modify_shell_startup_PBA_list(self):
|
||||
|
@ -51,14 +51,3 @@ class ModifyShellStartupFiles(PBA):
|
|||
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION,
|
||||
linux_cmd=linux_cmds,
|
||||
windows_cmd=windows_cmds)
|
||||
|
||||
def run(self):
|
||||
if self.command:
|
||||
try:
|
||||
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode()
|
||||
if not output:
|
||||
output = EXECUTION_WITHOUT_OUTPUT
|
||||
return output, True
|
||||
except subprocess.CalledProcessError as e:
|
||||
# Return error output of the command
|
||||
return e.output.decode(), False
|
||||
|
|
|
@ -54,7 +54,7 @@ class PBA(Plugin):
|
|||
"""
|
||||
return class_name in WormConfiguration.post_breach_actions
|
||||
|
||||
def run(self):
|
||||
def run(self, return_result=False):
|
||||
"""
|
||||
Runs post breach action command
|
||||
"""
|
||||
|
@ -63,6 +63,9 @@ class PBA(Plugin):
|
|||
result = exec_funct()
|
||||
if self.scripts_were_used_successfully(result):
|
||||
T1064Telem(ScanStatus.USED, f"Scripts were used to execute {self.name} post breach action.").send()
|
||||
if return_result:
|
||||
return result
|
||||
else:
|
||||
PostBreachTelem(self, result).send()
|
||||
else:
|
||||
LOG.debug(f"No command available for PBA '{self.name}' on current OS, skipping.")
|
||||
|
|
Loading…
Reference in New Issue