From 90d9d5933a54754021321b1c1a349bbf1200bd0a Mon Sep 17 00:00:00 2001 From: Shreya Date: Mon, 15 Mar 2021 18:11:26 +0530 Subject: [PATCH 1/5] Handle UnicodeDecodeError when getting installed packages on Windows systems --- .../system_info/windows_info_collector.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 38feb6815..657746e84 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -47,8 +47,19 @@ class WindowsInfoCollector(InfoCollector): def get_installed_packages(self): LOG.info('getting installed packages') - self.info["installed_packages"] = os.popen("dism /online /get-packages").read() - self.info["installed_features"] = os.popen("dism /online /get-features").read() + + packages = subprocess.Popen("dism /online /get-packages", shell=True, stdout=subprocess.PIPE).stdout.read() + try: + self.info["installed_packages"] = packages.decode('utf-8') + except UnicodeDecodeError: + self.info["installed_packages"] = packages.decode('raw-unicode-escape') + + features = subprocess.Popen("dism /online /get-features", shell=True, stdout=subprocess.PIPE).stdout.read() + try: + self.info["installed_features"] = features.decode('utf-8') + except UnicodeDecodeError: + self.info["installed_features"] = features.decode('raw-unicode-escape') + LOG.debug('Got installed packages') def get_wmi_info(self): From ece4e6e9119318aa16f42980eed9065525031a95 Mon Sep 17 00:00:00 2001 From: Shreya Date: Tue, 16 Mar 2021 15:26:20 +0530 Subject: [PATCH 2/5] Change import --- monkey/infection_monkey/system_info/windows_info_collector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 657746e84..1960126a5 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -1,5 +1,5 @@ import logging -import os +import subprocess import sys from common.common_consts.system_info_collectors_names import MIMIKATZ_COLLECTOR From 5192953dd008e6a904dc55e68f304e5bb96f2bd4 Mon Sep 17 00:00:00 2001 From: Shreya Date: Tue, 16 Mar 2021 15:27:06 +0530 Subject: [PATCH 3/5] Unrelated log statement changes --- .../infection_monkey/system_info/windows_info_collector.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 1960126a5..81b0c8125 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -46,7 +46,7 @@ class WindowsInfoCollector(InfoCollector): return self.info def get_installed_packages(self): - LOG.info('getting installed packages') + LOG.info('Getting installed packages') packages = subprocess.Popen("dism /online /get-packages", shell=True, stdout=subprocess.PIPE).stdout.read() try: @@ -63,10 +63,10 @@ class WindowsInfoCollector(InfoCollector): LOG.debug('Got installed packages') def get_wmi_info(self): - LOG.info('getting wmi info') + LOG.info('Getting wmi info') for wmi_class_name in WMI_CLASSES: self.info['wmi'][wmi_class_name] = WMIUtils.get_wmi_class(wmi_class_name) - LOG.debug('finished get_wmi_info') + LOG.debug('Finished get_wmi_info') def get_mimikatz_info(self): LOG.info("Gathering mimikatz info") From a83c97519cbe8d31c88613ea2a5124c4fdc551a5 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 18 Mar 2021 13:14:26 +0530 Subject: [PATCH 4/5] CR changes --- .../system_info/windows_info_collector.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 81b0c8125..8a53898c7 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -48,17 +48,11 @@ class WindowsInfoCollector(InfoCollector): def get_installed_packages(self): LOG.info('Getting installed packages') - packages = subprocess.Popen("dism /online /get-packages", shell=True, stdout=subprocess.PIPE).stdout.read() - try: - self.info["installed_packages"] = packages.decode('utf-8') - except UnicodeDecodeError: - self.info["installed_packages"] = packages.decode('raw-unicode-escape') + packages = subprocess.check_output("dism /online /get-packages", shell=True) + self.info["installed_packages"] = packages.decode('utf-8', errors='ignore') - features = subprocess.Popen("dism /online /get-features", shell=True, stdout=subprocess.PIPE).stdout.read() - try: - self.info["installed_features"] = features.decode('utf-8') - except UnicodeDecodeError: - self.info["installed_features"] = features.decode('raw-unicode-escape') + features = subprocess.check_output("dism /online /get-features", shell=True) + self.info["installed_features"] = features.decode('utf-8', errors='ignore') LOG.debug('Got installed packages') From 91577c6464f8b071330190afc13c51bb4229ea27 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 18 Mar 2021 13:30:18 +0530 Subject: [PATCH 5/5] Add try/except to system info collection so agent doesn't crash if exception is encountered --- monkey/infection_monkey/monkey.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index f5af73d43..3a5c5619f 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -252,9 +252,12 @@ class InfectionMonkey(object): def collect_system_info_if_configured(self): LOG.debug("Calling for system info collection") - system_info_collector = SystemInfoCollector() - system_info = system_info_collector.get_info() - SystemInfoTelem(system_info).send() + try: + system_info_collector = SystemInfoCollector() + system_info = system_info_collector.get_info() + SystemInfoTelem(system_info).send() + except Exception as e: + LOG.exception(f"Exception encountered during system info collection: {str(e)}") def shutdown_by_not_alive_config(self): if not WormConfiguration.alive: