PBA command modifications

2020-06-22 02:09:25 +05:30 · 2020-06-22 02:09:25 +05:30 · 3819041632
parent 2dbf798c4a
commit 3819041632
4 changed files with 18 additions and 11 deletions
--- a/monkey/infection_monkey/post_breach/actions/hide_files.py
+++ b/monkey/infection_monkey/post_breach/actions/hide_files.py
@ -1,4 +1,3 @@
-import time
 from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
 from infection_monkey.post_breach.pba import PBA
 from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
--- a/monkey/infection_monkey/utils/hidden_files.py
+++ b/monkey/infection_monkey/utils/hidden_files.py
@ -25,4 +25,5 @@ def get_commands_to_hide_folders():

 def cleanup_hidden_files(is_windows=is_windows_os()):
    subprocess.run(get_windows_commands_to_delete() if is_windows
-                   else ' '.join(get_linux_commands_to_delete()))
+                   else ' '.join(get_linux_commands_to_delete()),
+                   shell=True)
--- a/monkey/infection_monkey/utils/linux/hidden_files.py
+++ b/monkey/infection_monkey/utils/linux/hidden_files.py
@ -17,9 +17,9 @@ def get_linux_commands_to_hide_folders():
    return [
        'mkdir',  # make directory
        HIDDEN_FOLDER,
-        '; touch',  # create file
+        '&& touch',  # create file
        '{}/{}'.format(HIDDEN_FOLDER, 'some-file'),  # random file in hidden folder
-        '; echo \"Successfully created hidden folder: {}\" |'.format(HIDDEN_FOLDER),  # output
+        '&& echo \"Successfully created hidden folder: {}\" |'.format(HIDDEN_FOLDER),  # output
        'tee -a',  # and write to file
        '{}/{}'.format(HIDDEN_FOLDER, 'some-file')  # random file in hidden folder
    ]
@ -28,8 +28,7 @@ def get_linux_commands_to_hide_folders():
 def get_linux_commands_to_delete():
    return [
        'rm',  # remove
-        '-r',  # delete recursively
-        '-f',  # force delete
+        '-rf',  # force delete recursively
        HIDDEN_FILE,
        HIDDEN_FOLDER
    ]
--- a/monkey/infection_monkey/utils/windows/hidden_files.py
+++ b/monkey/infection_monkey/utils/windows/hidden_files.py
@ -1,6 +1,11 @@
-HIDDEN_FILE = "%homepath%\\monkey-hidden-file"
-HIDDEN_FILE_WINAPI = "%homepath%\\monkey-hidden-file-winAPI"
-HIDDEN_FOLDER = "%homepath%\\monkey-hidden-folder"
+import os
+
+
+HOME_PATH = os.path.expanduser("~")
+
+HIDDEN_FILE = HOME_PATH + "\\monkey-hidden-file"
+HIDDEN_FOLDER = HOME_PATH + "\\monkey-hidden-folder"
+HIDDEN_FILE_WINAPI = HOME_PATH + "\\monkey-hidden-file-winAPI"


 def get_windows_commands_to_hide_files():
@ -62,12 +67,15 @@ def get_winAPI_to_hide_files():

 def get_windows_commands_to_delete():
    return [
+        'powershell.exe',
        'del',  # delete file
-        '-Force',  # force delete
+        '-Force',
        HIDDEN_FILE,
+        ',',
        HIDDEN_FILE_WINAPI,
-        '&&',
+        ';',
        'rmdir',  # delete folder
        '-Force',
+        '-Recurse',
        HIDDEN_FOLDER
    ]