p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added some logs, and more error handling for winapis. Still not working

This commit is contained in:
Shay Nehmad 2019-09-03 21:42:48 +03:00
parent 52a95935c8
commit 1befe35d34
2 changed files with 44 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
monkey/infection_monkey/post_breach/actions/add_user.py
View File

@ -27,7 +27,7 @@ class BackdoorUser(PBA):
@staticmethod @staticmethod
def get_commands_to_add_user(username, password): def get_commands_to_add_user(username, password):
linux_cmds = BackdoorUser.get_linux_commands_to_add_user(username) linux_cmds = BackdoorUser.get_linux_commands_to_add_user(username)
windows_cmds = BackdoorUser.get_windows_commands_to_add_user(password, username) windows_cmds = BackdoorUser.get_windows_commands_to_add_user(username, password)
return linux_cmds, windows_cmds return linux_cmds, windows_cmds
@staticmethod @staticmethod
@ -45,12 +45,13 @@ class BackdoorUser(PBA):
return linux_cmds return linux_cmds
@staticmethod @staticmethod
def get_windows_commands_to_add_user(password, username): def get_windows_commands_to_add_user(username, password, should_be_active=False):
windows_cmds = [ windows_cmds = [
'net', 'net',
'user', 'user',
username, username,
password, password,
'/add', '/add']
'/ACTIVE:NO'] if not should_be_active:
windows_cmds.append('/ACTIVE:NO')
return windows_cmds return windows_cmds

26
monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py
View File

@ -1,3 +1,4 @@
import logging
import os import os
import random import random
import string import string
@ -15,7 +16,9 @@ from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
from infection_monkey.utils import is_windows_os from infection_monkey.utils import is_windows_os
USERNAME = "somenewuser" USERNAME = "somenewuser"
PASSWORD = "N3WPa55W0rD!@12" PASSWORD = "N3WPa55W0rD!1"
logger = logging.getLogger(__name__)
class CommunicateAsNewUser(PBA): class CommunicateAsNewUser(PBA):
@ -33,27 +36,28 @@ class CommunicateAsNewUser(PBA):
if not self.try_to_create_user_windows(username, PASSWORD): if not self.try_to_create_user_windows(username, PASSWORD):
return # no point to continue if failed creating the user. return # no point to continue if failed creating the user.
try:
# Logon as new user: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonusera # Logon as new user: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonusera
new_user_logon_token_handle = win32security.LogonUser( new_user_logon_token_handle = win32security.LogonUser(
username, username,
".", # current domain ".", # use current domain
PASSWORD, PASSWORD,
win32con.LOGON32_LOGON_BATCH, # logon type win32con.LOGON32_LOGON_INTERACTIVE, # logon type - interactive (normal user)
win32con.LOGON32_PROVIDER_DEFAULT) # logon provider win32con.LOGON32_PROVIDER_DEFAULT) # logon provider
except Exception as e:
if new_user_logon_token_handle == 0:
PostBreachTelem( PostBreachTelem(
self, self,
("Can't logon as {} Last error: {}".format(username, win32api.GetLastError()), False) ("Can't logon as {}. Error: {}".format(username, e.message), False)
).send() ).send()
return # no point to continue if can't log on. return # no point to continue if can't log on.
# Using os.path is OK, as this is on windows for sure # Using os.path is OK, as this is on windows for sure
ping_app_path = os.path.join(os.environ["WINDIR"], "system32", "PING.exe") ping_app_path = os.path.join(os.environ["WINDIR"], "system32", "PING.exe")
if not os.path.exists(ping_app_path): if not os.path.exists(ping_app_path):
PostBreachTelem(self, ("{} not found".format(ping_app_path), False)).send() PostBreachTelem(self, ("{} not found.".format(ping_app_path), False)).send()
return # Can't continue without ping. return # Can't continue without ping.
try:
# Open process as that user: # Open process as that user:
# https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessasusera # https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessasusera
return_value_create_process = win32process.CreateProcessAsUser( return_value_create_process = win32process.CreateProcessAsUser(
@ -73,10 +77,9 @@ class CommunicateAsNewUser(PBA):
win32process.STARTUPINFO() # STARTUPINFO structure. win32process.STARTUPINFO() # STARTUPINFO structure.
# https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/ns-processthreadsapi-startupinfoa # https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/ns-processthreadsapi-startupinfoa
) )
except Exception as e:
if return_value_create_process == 0:
PostBreachTelem(self, ( PostBreachTelem(self, (
"Failed to open process as user. Last error: {}".format(win32api.GetLastError()), False)).send() "Failed to open process as user {}. Error: {}".format(username, e.message), False)).send()
return return
else: else:
try: try:
@ -89,7 +92,8 @@ class CommunicateAsNewUser(PBA):
def try_to_create_user_windows(self, username, password): def try_to_create_user_windows(self, username, password):
try: try:
windows_cmds = BackdoorUser.get_windows_commands_to_add_user(username, password) windows_cmds = BackdoorUser.get_windows_commands_to_add_user(username, password, True)
logger.debug("Trying these commands: {}".format(str(windows_cmds)))
subprocess.check_output(windows_cmds, stderr=subprocess.STDOUT, shell=True) subprocess.check_output(windows_cmds, stderr=subprocess.STDOUT, shell=True)
return True return True
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e: