Add backdoor user functionality to Monkey itself.

The backdoor user is purposefully disabled

monkey/infection_monkey/post_breach/__init__.py

@@ -0,0 +1,4 @@
+__author__ = 'danielg'
+
+
+from add_user import BackdoorUser

monkey/infection_monkey/post_breach/add_user.py

@@ -0,0 +1,49 @@
+import datetime
+import logging
+import subprocess
+import sys
+from infection_monkey.config import WormConfiguration
+
+LOG = logging.getLogger(__name__)
+
+# Linux doesn't have WindowsError
+try:
+    WindowsError
+except NameError:
+    WindowsError = None
+
+__author__ = 'danielg'
+
+
+class BackdoorUser(object):
+    """
+    This module adds a disabled user to the system.
+    This tests part of the ATT&CK matrix
+    """
+
+    def act(self):
+        LOG.info("Adding a user")
+        if sys.platform.startswith("win"):
+            retval = self.add_user_windows()
+        else:
+            retval = self.add_user_linux()
+        if retval != 0:
+            LOG.warn("Failed to add a user")
+        else:
+            LOG.info("Done adding user")
+
+    @staticmethod
+    def add_user_linux():
+        cmd_line = ['useradd', '-M', '--expiredate',
+                    datetime.datetime.today().strftime('%Y-%m-%d'), '--inactive', '0', '-c', 'MONKEY_USER',
+                    WormConfiguration.ms08_067_remote_user_add]
+        retval = subprocess.call(cmd_line)
+        return retval
+
+    @staticmethod
+    def add_user_windows():
+        cmd_line = ['net', 'user', WormConfiguration.ms08_067_remote_user_add,
+                    WormConfiguration.ms08_067_remote_user_pass,
+                    '/add', '/ACTIVE:NO']
+        retval = subprocess.call(cmd_line)
+        return retval