forked from p15670423/monkey
Merge pull request #435 from VakarisZ/attack_winapi_smallfix
WinAPI attack telem fix.
This commit is contained in:
commit
f0ee88182f
|
@ -25,9 +25,10 @@ from infection_monkey.telemetry.trace_telem import TraceTelem
|
||||||
from infection_monkey.telemetry.tunnel_telem import TunnelTelem
|
from infection_monkey.telemetry.tunnel_telem import TunnelTelem
|
||||||
from infection_monkey.windows_upgrader import WindowsUpgrader
|
from infection_monkey.windows_upgrader import WindowsUpgrader
|
||||||
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
from infection_monkey.post_breach.post_breach_handler import PostBreach
|
||||||
from common.utils.attack_utils import ScanStatus
|
|
||||||
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
from infection_monkey.exploit.tools.helpers import get_interface_to_target
|
||||||
from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError
|
from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError
|
||||||
|
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
||||||
|
from common.utils.attack_utils import ScanStatus, UsageEnum
|
||||||
|
|
||||||
__author__ = 'itamar'
|
__author__ = 'itamar'
|
||||||
|
|
||||||
|
@ -104,6 +105,9 @@ class InfectionMonkey(object):
|
||||||
ControlClient.wakeup(parent=self._parent)
|
ControlClient.wakeup(parent=self._parent)
|
||||||
ControlClient.load_control_config()
|
ControlClient.load_control_config()
|
||||||
|
|
||||||
|
if utils.is_windows_os():
|
||||||
|
T1106Telem(ScanStatus.USED, UsageEnum.SINGLETON_WINAPI).send()
|
||||||
|
|
||||||
if not WormConfiguration.alive:
|
if not WormConfiguration.alive:
|
||||||
LOG.info("Marked not alive from configuration")
|
LOG.info("Marked not alive from configuration")
|
||||||
return
|
return
|
||||||
|
|
|
@ -4,8 +4,7 @@ import sys
|
||||||
from abc import ABCMeta, abstractmethod
|
from abc import ABCMeta, abstractmethod
|
||||||
|
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
|
||||||
from common.utils.attack_utils import ScanStatus, UsageEnum
|
|
||||||
|
|
||||||
__author__ = 'itamar'
|
__author__ = 'itamar'
|
||||||
|
|
||||||
|
@ -46,21 +45,13 @@ class WindowsSystemSingleton(_SystemSingleton):
|
||||||
ctypes.c_char_p(self._mutex_name))
|
ctypes.c_char_p(self._mutex_name))
|
||||||
last_error = ctypes.windll.kernel32.GetLastError()
|
last_error = ctypes.windll.kernel32.GetLastError()
|
||||||
|
|
||||||
status = None
|
|
||||||
if not handle:
|
if not handle:
|
||||||
LOG.error("Cannot acquire system singleton %r, unknown error %d",
|
LOG.error("Cannot acquire system singleton %r, unknown error %d",
|
||||||
self._mutex_name, last_error)
|
self._mutex_name, last_error)
|
||||||
status = ScanStatus.SCANNED
|
return False
|
||||||
|
|
||||||
if winerror.ERROR_ALREADY_EXISTS == last_error:
|
if winerror.ERROR_ALREADY_EXISTS == last_error:
|
||||||
status = ScanStatus.SCANNED
|
|
||||||
LOG.debug("Cannot acquire system singleton %r, mutex already exist",
|
LOG.debug("Cannot acquire system singleton %r, mutex already exist",
|
||||||
self._mutex_name)
|
self._mutex_name)
|
||||||
|
|
||||||
if not status:
|
|
||||||
status = ScanStatus.USED
|
|
||||||
T1106Telem(status, UsageEnum.SINGLETON_WINAPI).send()
|
|
||||||
if status == ScanStatus.SCANNED:
|
|
||||||
return False
|
return False
|
||||||
|
|
||||||
self._mutex_handle = handle
|
self._mutex_handle = handle
|
||||||
|
@ -71,7 +62,6 @@ class WindowsSystemSingleton(_SystemSingleton):
|
||||||
|
|
||||||
def unlock(self):
|
def unlock(self):
|
||||||
assert self._mutex_handle is not None, "Singleton not locked"
|
assert self._mutex_handle is not None, "Singleton not locked"
|
||||||
|
|
||||||
ctypes.windll.kernel32.CloseHandle(self._mutex_handle)
|
ctypes.windll.kernel32.CloseHandle(self._mutex_handle)
|
||||||
self._mutex_handle = None
|
self._mutex_handle = None
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue