Add deletion of users

monkey/infection_monkey/monkey_utils/windows/new_user.py

@@ -2,7 +2,6 @@ import logging
 import subprocess
 
 from infection_monkey.post_breach.actions.add_user import BackdoorUser
-from infection_monkey.telemetry.post_breach_telem import PostBreachTelem
 
 
 logger = logging.getLogger(__name__)
@@ -17,14 +16,14 @@ class NewUser(object):
     RAII object to use for creating and using a new user in Windows. Use with `with`.
     User will be created when the instance is instantiated.
     User will log on start of `with` scope.
-    User will log off on end of `with` scope.
+    User will log off and get deleted on end of `with` scope.
 
     Example:
              # Created                           # Logged on
         with NewUser("user", "pass") as new_user:
             ...
             ...
-        # Logged off
+        # Logged off and deleted
         ...
     """
     def __init__(self, username, password):
@@ -36,7 +35,6 @@ class NewUser(object):
         self.password = password
 
         windows_cmds = BackdoorUser.get_windows_commands_to_add_user(self.username, self.password, True)
-        logger.debug("Trying these commands: {}".format(str(windows_cmds)))
         _ = subprocess.check_output(windows_cmds, stderr=subprocess.STDOUT, shell=True)
 
     def __enter__(self):
@@ -60,5 +58,12 @@ class NewUser(object):
         return self.logon_handle
 
     def __exit__(self, exc_type, exc_val, exc_tb):
+        # Logoff
         self.logon_handle.Close()
-        # TODO Delete user
+
+        # Try to delete user
+        try:
+            _ = subprocess.check_output(
+                BackdoorUser.get_windows_commands_to_delete_user(self.username), stderr=subprocess.STDOUT, shell=True)
+        except Exception as err:
+            raise NewUserError("Can't delete user {}. Info: {}".format(self.username, err))

monkey/infection_monkey/post_breach/actions/add_user.py

@@ -22,7 +22,7 @@ class BackdoorUser(PBA):
 
     @staticmethod
     def get_linux_commands_to_add_user(username):
-        linux_cmds = [
+        return [
             'useradd',
             '-M',  # Do not create homedir
             '--expiredate',
@@ -32,7 +32,13 @@ class BackdoorUser(PBA):
             '-c',  # Comment
             'MONKEY_USER',  # Comment
             username]
-        return linux_cmds
+
+    @staticmethod
+    def get_linux_commands_to_delete_user(username):
+        return [
+            'deluser',
+            username
+        ]
 
     @staticmethod
     def get_windows_commands_to_add_user(username, password, should_be_active=False):
@@ -45,3 +51,11 @@ class BackdoorUser(PBA):
         if not should_be_active:
             windows_cmds.append('/ACTIVE:NO')
         return windows_cmds
+
+    @staticmethod
+    def get_windows_commands_to_delete_user(username):
+        return [
+            'net',
+            'user',
+            username,
+            '/delete']

monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py

@@ -38,14 +38,17 @@ class CommunicateAsNewUser(PBA):
 
     def communicate_as_new_user_linux(self, username):
         try:
+            # add user + ping
             linux_cmds = BackdoorUser.get_linux_commands_to_add_user(username)
             commandline = "ping -c 2 google.com"
             linux_cmds.extend([";", "sudo", "-u", username, commandline])
             final_command = ' '.join(linux_cmds)
-            logger.debug("Trying to execute these commands: {}".format(final_command))
             output = subprocess.check_output(final_command, stderr=subprocess.STDOUT, shell=True)
             PostBreachTelem(self, (
                 CREATED_PROCESS_AS_USER_LINUX_FORMAT.format(commandline, username, output[:150]), True)).send()
+            # delete the user
+            _ = subprocess.check_output(
+                BackdoorUser.get_linux_commands_to_delete_user(username), stderr=subprocess.STDOUT, shell=True)
         except subprocess.CalledProcessError as e:
             PostBreachTelem(self, (e.output, False)).send()