Override `run()` for PBA "modify shell startup files" + assign EXECUTION_WITHOUT_OUTPUT to all relevant PBAs on the island side

This commit is contained in:
Shreya 2020-07-24 13:13:11 +05:30
parent 1fdca52788
commit 5a7e8a0b08
3 changed files with 19 additions and 9 deletions

View File

@ -47,3 +47,12 @@ class ModifyShellStartupFiles(PBA):
super().__init__(name=POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION,
linux_cmd=linux_cmds,
windows_cmd=windows_cmds)
def run(self):
if self.command:
try:
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode()
return output, True
except subprocess.CalledProcessError as e:
# Return error output of the command
return e.output.decode(), False

View File

@ -13,8 +13,6 @@ LOG = logging.getLogger(__name__)
__author__ = 'VakarisZ'
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
class PBA(Plugin):
"""
@ -54,7 +52,7 @@ class PBA(Plugin):
"""
return class_name in WormConfiguration.post_breach_actions
def run(self, return_result=False):
def run(self):
"""
Runs post breach action command
"""
@ -63,9 +61,6 @@ class PBA(Plugin):
result = exec_funct()
if self.scripts_were_used_successfully(result):
T1064Telem(ScanStatus.USED, f"Scripts were used to execute {self.name} post breach action.").send()
if return_result:
return result
else:
PostBreachTelem(self, result).send()
else:
LOG.debug(f"No command available for PBA '{self.name}' on current OS, skipping.")
@ -93,8 +88,6 @@ class PBA(Plugin):
"""
try:
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode()
if not output:
output = EXECUTION_WITHOUT_OUTPUT
return output, True
except subprocess.CalledProcessError as e:
# Return error output of the command

View File

@ -8,6 +8,8 @@ from monkey_island.cc.models import Monkey
from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import \
test_new_user_communication
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
def process_communicate_as_new_user_telemetry(telemetry_json):
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
@ -38,10 +40,16 @@ def process_post_breach_telemetry(telemetry_json):
if type(telemetry_json['data']) is list:
for pba_data in telemetry_json['data']:
modify_blank_outputs(pba_data)
mongo.db.monkey.update(
{'guid': telemetry_json['monkey_guid']},
{'$push': {'pba_results': pba_data}})
else:
modify_blank_outputs(telemetry_json['data'])
mongo.db.monkey.update(
{'guid': telemetry_json['monkey_guid']},
{'$push': {'pba_results': telemetry_json['data']}})
def modify_blank_outputs(data):
if not data['result']:
data['result'] = EXECUTION_WITHOUT_OUTPUT