p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix typos

This commit is contained in:
Shreya 2020-08-20 19:39:14 +05:30
parent e8f72f5cd5
commit 5dc2d54cef
5 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/common/data/post_breach_consts.py
View File

@ -6,4 +6,4 @@ POST_BREACH_HIDDEN_FILES = "Hide files and directories"
POST_BREACH_TRAP_COMMAND = "Execute command when a particular signal is received" POST_BREACH_TRAP_COMMAND = "Execute command when a particular signal is received"
POST_BREACH_SETUID_SETGID = "Setuid and Setgid" POST_BREACH_SETUID_SETGID = "Setuid and Setgid"
POST_BREACH_JOB_SCHEDULING = "Schedule jobs" POST_BREACH_JOB_SCHEDULING = "Schedule jobs"
POST_BREACH_TIMESTOMPPING = "Modify files' timestamps" POST_BREACH_TIMESTOMPING = "Modify files' timestamps"

4
monkey/infection_monkey/post_breach/actions/timestomping.py
View File

@ -1,4 +1,4 @@
from common.data.post_breach_consts import POST_BREACH_TIMESTOMPPING from common.data.post_breach_consts import POST_BREACH_TIMESTOMPING
from infection_monkey.post_breach.pba import PBA from infection_monkey.post_breach.pba import PBA
from infection_monkey.post_breach.timestomping.timestomping import \ from infection_monkey.post_breach.timestomping.timestomping import \
get_timestomping_commands get_timestomping_commands
@ -7,6 +7,6 @@ from infection_monkey.post_breach.timestomping.timestomping import \
class Timestomping(PBA): class Timestomping(PBA):
def __init__(self): def __init__(self):
linux_cmds, windows_cmds = get_timestomping_commands() linux_cmds, windows_cmds = get_timestomping_commands()
super().__init__(POST_BREACH_TIMESTOMPPING, super().__init__(POST_BREACH_TIMESTOMPING,
linux_cmd=linux_cmds, linux_cmd=linux_cmds,
windows_cmd=windows_cmds) windows_cmd=windows_cmds)

2
monkey/infection_monkey/post_breach/timestomping/windows/timestomping.ps1
View File

@ -3,7 +3,7 @@ $TIMESTAMP_EPOCH = '01/01/1970 00:00:00'
# create temporary file # create temporary file
New-Item -Path $TEMP_FILE -Force | Out-Null New-Item -Path $TEMP_FILE -Force | Out-Null
Set-Content $TEMP_FILE -Value "Successfully changed a file\'s modification timestamp" -Force | Out-Null Set-Content $TEMP_FILE -Value "Successfully changed a file's modification timestamp" -Force | Out-Null
# attempt to change modification timestamp # attempt to change modification timestamp
Get-ChildItem $TEMP_FILE | % { $_.LastWriteTime = $TIMESTAMP_EPOCH } Get-ChildItem $TEMP_FILE | % { $_.LastWriteTime = $TIMESTAMP_EPOCH }

4
monkey/monkey_island/cc/services/attack/technique_reports/T1099.py
View File

@ -1,4 +1,4 @@
from common.data.post_breach_consts import POST_BREACH_TIMESTOMPPING from common.data.post_breach_consts import POST_BREACH_TIMESTOMPING
from monkey_island.cc.services.attack.technique_reports.pba_technique import \ from monkey_island.cc.services.attack.technique_reports.pba_technique import \
PostBreachTechnique PostBreachTechnique
@ -10,4 +10,4 @@ class T1099(PostBreachTechnique):
unscanned_msg = "Monkey didn't try changing any file's time attributes." unscanned_msg = "Monkey didn't try changing any file's time attributes."
scanned_msg = "Monkey tried changing a file's time attributes but failed." scanned_msg = "Monkey tried changing a file's time attributes but failed."
used_msg = "Monkey successfully changed a file's time attributes." used_msg = "Monkey successfully changed a file's time attributes."
pba_names = [POST_BREACH_TIMESTOMPPING] pba_names = [POST_BREACH_TIMESTOMPING]

2
monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py
View File

@ -77,7 +77,7 @@ POST_BREACH_ACTIONS = {
"Timestomping" "Timestomping"
], ],
"title": "Timestomping", "title": "Timestomping",
"info": "Creates a temporary file and attempts to modify its file time attributes. Removes temporary file.", "info": "Creates a temporary file and attempts to modify its time attributes. Removes the file afterwards.",
"attack_techniques": ["T1099"] "attack_techniques": ["T1099"]
} }
] ]