forked from p15670423/monkey
55 lines
3.6 KiB
Plaintext
55 lines
3.6 KiB
Plaintext
{
|
|
"id": "VW4rf3AxRslfT7lwaug7",
|
|
"name": "Implement a new PBA — `ScheduleJobs`",
|
|
"task": {
|
|
"dod": "You should implement a new PBA in Monkey which schedules jobs on the machine.",
|
|
"tests": [],
|
|
"hints": [
|
|
"Check out the `Timestomping` PBA to get an idea about the implementation.",
|
|
"Don't forget to add code to remove the scheduled jobs!"
|
|
]
|
|
},
|
|
"content": [
|
|
{
|
|
"type": "text",
|
|
"text": "You need to implement the `ScheduleJobs` PBA which creates scheduled jobs on the machine. <br><br>\n<img src=\"https://media.giphy.com/media/l0K4mVE5b5WZ1sctW/giphy.gif\" height=175><br><br>\nThe commands that add scheduled jobs for Windows and Linux can be retrieved from `get_commands_to_schedule_jobs` — make sure you understand how to use this function correctly.\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- Make sure the \"Job scheduling\" PBA is enabled in the \"Monkey\" tab in the configuration — for this test, disable network scanning, exploiting, and all other PBAs\n- Run the Monkey\n- Make sure you see the PBA with its results in the Security report as well as in the ATT&CK report under the relevant MITRE technique\n\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2Ff0e53e6c-9dbe-41d8-9454-2b5761c3f53a.png?alt=media&token=21aa4bb8-7ebe-4dab-a739-c77e059144dd\" height=400>\n<br><br>\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2F528389a0-35c8-4380-b6e2-353068ed01e4.png?alt=media&token=08767f55-86e2-4f51-8ecf-13fd6cc25ad5\" height=400>"
|
|
},
|
|
{
|
|
"type": "snippet",
|
|
"path": "monkey/infection_monkey/post_breach/actions/schedule_jobs.py",
|
|
"comments": [],
|
|
"firstLineNumber": 12,
|
|
"lines": [
|
|
" \"\"\"",
|
|
" ",
|
|
" def __init__(self):",
|
|
"* linux_cmds, windows_cmds = get_commands_to_schedule_jobs()",
|
|
"+ pass",
|
|
"*",
|
|
"+ # Swimmer: IMPLEMENT HERE!",
|
|
"* super(ScheduleJobs, self).__init__(",
|
|
"* name=POST_BREACH_JOB_SCHEDULING,",
|
|
"* linux_cmd=\" \".join(linux_cmds),",
|
|
"* windows_cmd=windows_cmds,",
|
|
"* )",
|
|
"*",
|
|
"* def run(self):",
|
|
"* super(ScheduleJobs, self).run()",
|
|
"* remove_scheduled_jobs()"
|
|
]
|
|
},
|
|
{
|
|
"type": "text",
|
|
"text": "Many other PBAs are as simple as this one, using shell commands or scripts — see `Timestomping` and `AccountDiscovery`. <br><br>\n\nHowever, for less straightforward ones, you can override functions and implement new classes depending on what is required — see `SignedScriptProxyExecution` and `ModifyShellStartupFiles`.<br><br>\n\nThis PBA, along with all the other PBAs, will run on a system after it has been breached. The purpose of this code is to test whether target systems allow attackers to schedule jobs, which they could use to run malicious code at some specified date and time."
|
|
}
|
|
],
|
|
"symbols": {},
|
|
"file_version": "2.0.1",
|
|
"meta": {
|
|
"app_version": "0.4.1-1",
|
|
"file_blobs": {
|
|
"monkey/infection_monkey/post_breach/actions/schedule_jobs.py": "e7845968a0c27d2eba71a8889645fe88491cb2a8"
|
|
}
|
|
}
|
|
}
|