p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Joining commands using ,,.join() for linux

This commit is contained in:
Shay Nehmad 2019-09-04 12:40:53 +03:00
parent 4f912d9d1e
commit 097d8831c8
2 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
monkey/infection_monkey/post_breach/actions/add_user.py
View File

@ -4,16 +4,6 @@ from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration
__author__ = 'danielg'
LINUX_COMMANDS = ['useradd', '-M', '--expiredate',
datetime.datetime.today().strftime('%Y-%m-%d'), '--inactive', '0', '-c', 'MONKEY_USER',
WormConfiguration.user_to_add]
WINDOWS_COMMANDS = ['net', 'user', WormConfiguration.user_to_add,
WormConfiguration.remote_user_pass,
'/add', '/ACTIVE:NO']
class BackdoorUser(PBA): class BackdoorUser(PBA):
def __init__(self): def __init__(self):
@ -34,13 +24,13 @@ class BackdoorUser(PBA):
def get_linux_commands_to_add_user(username): def get_linux_commands_to_add_user(username):
linux_cmds = [ linux_cmds = [
'useradd', 'useradd',
'-M', '-M', # Do not create homedir
'--expiredate', '--expiredate',
datetime.datetime.today().strftime('%Y-%m-%d'), datetime.datetime.today().strftime('%Y-%m-%d'),
'--inactive', '--inactive',
'0', '0',
'-c', '-c', # Comment
'MONKEY_USER', 'MONKEY_USER', # Comment
username] username]
return linux_cmds return linux_cmds

5
monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py
View File

@ -95,8 +95,9 @@ class CommunicateAsNewUser(PBA):
linux_cmds = BackdoorUser.get_linux_commands_to_add_user(username) linux_cmds = BackdoorUser.get_linux_commands_to_add_user(username)
commandline = "'ping -c 2 google.com'" commandline = "'ping -c 2 google.com'"
linux_cmds.extend([";", "sudo", "-u", username, commandline]) linux_cmds.extend([";", "sudo", "-u", username, commandline])
logger.debug("Trying these commands: {}".format(str(linux_cmds))) final_command = ' '.join(linux_cmds)
output = subprocess.check_output(linux_cmds, stderr=subprocess.STDOUT, shell=True) logger.debug("Trying to execute these commands: {}".format(final_command))
output = subprocess.check_output(final_command, stderr=subprocess.STDOUT, shell=True)
PostBreachTelem(self, ( PostBreachTelem(self, (
CREATED_PROCESS_AS_USER_LINUX_FORMAT.format(commandline, username, output[:50]), True)).send() CREATED_PROCESS_AS_USER_LINUX_FORMAT.format(commandline, username, output[:50]), True)).send()
return return