forked from p15670423/monkey
Agent: Add display_name to PostBreachData
This commit is contained in:
parent
196f814860
commit
dda922d06f
|
@ -34,7 +34,7 @@ class ExploiterResultData:
|
||||||
PingScanData = namedtuple("PingScanData", ["response_received", "os"])
|
PingScanData = namedtuple("PingScanData", ["response_received", "os"])
|
||||||
PortScanData = namedtuple("PortScanData", ["port", "status", "banner", "service"])
|
PortScanData = namedtuple("PortScanData", ["port", "status", "banner", "service"])
|
||||||
FingerprintData = namedtuple("FingerprintData", ["os_type", "os_version", "services"])
|
FingerprintData = namedtuple("FingerprintData", ["os_type", "os_version", "services"])
|
||||||
PostBreachData = namedtuple("PostBreachData", ["command", "result"])
|
PostBreachData = namedtuple("PostBreachData", ["display_name", "command", "result"])
|
||||||
|
|
||||||
|
|
||||||
class IPuppet(metaclass=abc.ABCMeta):
|
class IPuppet(metaclass=abc.ABCMeta):
|
||||||
|
|
|
@ -195,14 +195,11 @@ class AutomatedMaster(IMaster):
|
||||||
logger.debug(f"No credentials were collected by {collector}")
|
logger.debug(f"No credentials were collected by {collector}")
|
||||||
|
|
||||||
def _run_pba(self, pba: Tuple[str, Dict]):
|
def _run_pba(self, pba: Tuple[str, Dict]):
|
||||||
# TODO: This is the class's name right now. We need `display_name` (see the
|
|
||||||
# ProcessListCollection PBA). This is shown in the Security report as the PBA
|
|
||||||
# name and is checked against in the T1082's mongo query in the ATT&CK report.
|
|
||||||
name = pba[0]
|
name = pba[0]
|
||||||
options = pba[1]
|
options = pba[1]
|
||||||
|
|
||||||
command, result = self._puppet.run_pba(name, options)
|
display_name, command, result = self._puppet.run_pba(name, options)
|
||||||
self._telemetry_messenger.send_telemetry(PostBreachTelem(name, command, result))
|
self._telemetry_messenger.send_telemetry(PostBreachTelem(display_name, command, result))
|
||||||
|
|
||||||
def _can_propagate(self) -> bool:
|
def _can_propagate(self) -> bool:
|
||||||
return True
|
return True
|
||||||
|
|
|
@ -50,12 +50,12 @@ class MockMaster(IMaster):
|
||||||
|
|
||||||
logger.info("Running post breach actions")
|
logger.info("Running post breach actions")
|
||||||
name = "AccountDiscovery"
|
name = "AccountDiscovery"
|
||||||
command, result = self._puppet.run_pba(name, {})
|
display_name, command, result = self._puppet.run_pba(name, {})
|
||||||
self._telemetry_messenger.send_telemetry(PostBreachTelem(name, command, result))
|
self._telemetry_messenger.send_telemetry(PostBreachTelem(display_name, command, result))
|
||||||
|
|
||||||
name = "CommunicateAsBackdoorUser"
|
name = "CommunicateAsBackdoorUser"
|
||||||
command, result = self._puppet.run_pba(name, {})
|
display_name, command, result = self._puppet.run_pba(name, {})
|
||||||
self._telemetry_messenger.send_telemetry(PostBreachTelem(name, command, result))
|
self._telemetry_messenger.send_telemetry(PostBreachTelem(display_name, command, result))
|
||||||
logger.info("Finished running post breach actions")
|
logger.info("Finished running post breach actions")
|
||||||
|
|
||||||
def _scan_victims(self):
|
def _scan_victims(self):
|
||||||
|
|
|
@ -53,9 +53,9 @@ class MockPuppet(IPuppet):
|
||||||
logger.debug(f"run_pba({name}, {options})")
|
logger.debug(f"run_pba({name}, {options})")
|
||||||
|
|
||||||
if name == "AccountDiscovery":
|
if name == "AccountDiscovery":
|
||||||
return PostBreachData("pba command 1", ["pba result 1", True])
|
return PostBreachData(name, "pba command 1", ["pba result 1", True])
|
||||||
else:
|
else:
|
||||||
return PostBreachData("pba command 2", ["pba result 2", False])
|
return PostBreachData(name, "pba command 2", ["pba result 2", False])
|
||||||
|
|
||||||
def ping(self, host: str, timeout: float = 1) -> PingScanData:
|
def ping(self, host: str, timeout: float = 1) -> PingScanData:
|
||||||
logger.debug(f"run_ping({host}, {timeout})")
|
logger.debug(f"run_ping({host}, {timeout})")
|
||||||
|
|
Loading…
Reference in New Issue