Merge pull request #435 from VakarisZ/attack_winapi_smallfix

WinAPI attack telem fix.
This commit is contained in:
Daniel Goldberg 2019-09-18 09:51:15 +03:00 committed by GitHub
commit f0ee88182f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 13 deletions

View File

@ -25,9 +25,10 @@ from infection_monkey.telemetry.trace_telem import TraceTelem
from infection_monkey.telemetry.tunnel_telem import TunnelTelem from infection_monkey.telemetry.tunnel_telem import TunnelTelem
from infection_monkey.windows_upgrader import WindowsUpgrader from infection_monkey.windows_upgrader import WindowsUpgrader
from infection_monkey.post_breach.post_breach_handler import PostBreach from infection_monkey.post_breach.post_breach_handler import PostBreach
from common.utils.attack_utils import ScanStatus
from infection_monkey.exploit.tools.helpers import get_interface_to_target from infection_monkey.exploit.tools.helpers import get_interface_to_target
from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError from infection_monkey.exploit.tools.exceptions import ExploitingVulnerableMachineError
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
from common.utils.attack_utils import ScanStatus, UsageEnum
__author__ = 'itamar' __author__ = 'itamar'
@ -104,6 +105,9 @@ class InfectionMonkey(object):
ControlClient.wakeup(parent=self._parent) ControlClient.wakeup(parent=self._parent)
ControlClient.load_control_config() ControlClient.load_control_config()
if utils.is_windows_os():
T1106Telem(ScanStatus.USED, UsageEnum.SINGLETON_WINAPI).send()
if not WormConfiguration.alive: if not WormConfiguration.alive:
LOG.info("Marked not alive from configuration") LOG.info("Marked not alive from configuration")
return return

View File

@ -4,8 +4,7 @@ import sys
from abc import ABCMeta, abstractmethod from abc import ABCMeta, abstractmethod
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
from common.utils.attack_utils import ScanStatus, UsageEnum
__author__ = 'itamar' __author__ = 'itamar'
@ -46,21 +45,13 @@ class WindowsSystemSingleton(_SystemSingleton):
ctypes.c_char_p(self._mutex_name)) ctypes.c_char_p(self._mutex_name))
last_error = ctypes.windll.kernel32.GetLastError() last_error = ctypes.windll.kernel32.GetLastError()
status = None
if not handle: if not handle:
LOG.error("Cannot acquire system singleton %r, unknown error %d", LOG.error("Cannot acquire system singleton %r, unknown error %d",
self._mutex_name, last_error) self._mutex_name, last_error)
status = ScanStatus.SCANNED return False
if winerror.ERROR_ALREADY_EXISTS == last_error: if winerror.ERROR_ALREADY_EXISTS == last_error:
status = ScanStatus.SCANNED
LOG.debug("Cannot acquire system singleton %r, mutex already exist", LOG.debug("Cannot acquire system singleton %r, mutex already exist",
self._mutex_name) self._mutex_name)
if not status:
status = ScanStatus.USED
T1106Telem(status, UsageEnum.SINGLETON_WINAPI).send()
if status == ScanStatus.SCANNED:
return False return False
self._mutex_handle = handle self._mutex_handle = handle
@ -71,7 +62,6 @@ class WindowsSystemSingleton(_SystemSingleton):
def unlock(self): def unlock(self):
assert self._mutex_handle is not None, "Singleton not locked" assert self._mutex_handle is not None, "Singleton not locked"
ctypes.windll.kernel32.CloseHandle(self._mutex_handle) ctypes.windll.kernel32.CloseHandle(self._mutex_handle)
self._mutex_handle = None self._mutex_handle = None