forked from p15670423/monkey
Agent: Use filecmp instead of sha256 hash in ransomware payload
This commit is contained in:
parent
5fe2f80aa4
commit
ccfe0a773e
|
@ -2,4 +2,3 @@ from pathlib import Path
|
||||||
|
|
||||||
README_SRC = Path(__file__).parent / "ransomware_readme.txt"
|
README_SRC = Path(__file__).parent / "ransomware_readme.txt"
|
||||||
README_FILE_NAME = "README.txt"
|
README_FILE_NAME = "README.txt"
|
||||||
README_SHA256_HASH = "a5608df1d9dbdbb489838f9aaa33b06b6cd8702799ff843b4b1704519541e674"
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
|
import filecmp
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
from typing import List, Set
|
from typing import List, Set
|
||||||
|
|
||||||
from common.utils.file_utils import get_file_sha256_hash
|
|
||||||
from infection_monkey.utils.dir_utils import (
|
from infection_monkey.utils.dir_utils import (
|
||||||
file_extension_filter,
|
file_extension_filter,
|
||||||
filter_files,
|
filter_files,
|
||||||
|
@ -10,7 +10,7 @@ from infection_monkey.utils.dir_utils import (
|
||||||
is_not_symlink_filter,
|
is_not_symlink_filter,
|
||||||
)
|
)
|
||||||
|
|
||||||
from .consts import README_FILE_NAME, README_SHA256_HASH
|
from .consts import README_FILE_NAME, README_SRC
|
||||||
|
|
||||||
|
|
||||||
class ProductionSafeTargetFileSelector:
|
class ProductionSafeTargetFileSelector:
|
||||||
|
@ -33,4 +33,4 @@ def _is_not_ransomware_readme_filter(filepath: Path) -> bool:
|
||||||
if filepath.name != README_FILE_NAME:
|
if filepath.name != README_FILE_NAME:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
return get_file_sha256_hash(filepath) != README_SHA256_HASH
|
return not filecmp.cmp(filepath, README_SRC)
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
|
import filecmp
|
||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
from common.utils.file_utils import get_file_sha256_hash
|
from common.utils.file_utils import get_file_sha256_hash
|
||||||
from infection_monkey.payload.ransomware.readme_dropper import leave_readme
|
from infection_monkey.payload.ransomware.readme_dropper import leave_readme
|
||||||
|
|
||||||
DEST_FILE = "README.TXT"
|
DEST_FILE = "README.TXT"
|
||||||
README_HASH = "c98c24b677eff44860afea6f493bbaec5bb1c4cbb209c6fc2bbb47f66ff2ad31"
|
|
||||||
EMPTY_FILE_HASH = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
|
EMPTY_FILE_HASH = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
|
||||||
|
|
||||||
|
|
||||||
|
@ -22,11 +23,9 @@ def test_readme_already_exists(src_readme, dest_readme):
|
||||||
dest_readme.touch()
|
dest_readme.touch()
|
||||||
|
|
||||||
leave_readme(src_readme, dest_readme)
|
leave_readme(src_readme, dest_readme)
|
||||||
|
|
||||||
assert get_file_sha256_hash(dest_readme) == EMPTY_FILE_HASH
|
assert get_file_sha256_hash(dest_readme) == EMPTY_FILE_HASH
|
||||||
|
|
||||||
|
|
||||||
def test_leave_readme(src_readme, dest_readme):
|
def test_leave_readme(src_readme, dest_readme):
|
||||||
leave_readme(src_readme, dest_readme)
|
leave_readme(src_readme, dest_readme)
|
||||||
|
assert filecmp.cmp(src_readme, dest_readme)
|
||||||
assert get_file_sha256_hash(dest_readme) == README_HASH
|
|
||||||
|
|
Loading…
Reference in New Issue