def close_instance(): try: logging.debug("closing instance") backend = command.context["backend"] build.uninstall(backend) except: logging.exception("Cannot close instance")
def on_init(protocol, args): """ server side """ from AVMaster import vm_manager vm, mq = protocol.vm, protocol.mq cmd = "c:\\python27\\python.exe" if args: redis = args else: redis = config.redis arg = [ "C:\\AVTest\\AVAgent\\av_agent.py", "-m", vm, "-s", mq.session, "-d", redis ] ret = vm_manager.execute(vm, "executeCmd", cmd, arg, 40, True, True) #logging.debug("execution: %s" % ret) python = None for i in range(5): time.sleep(10) processes = vm_manager.execute(vm, "list_processes") if not processes: logging.debug("%s: null list_processes" % vm) continue python = [p for p in processes if "python" in p['cmd_line']] logging.debug("processes python: %s" % python) if python: return True if not python: logging.error("Error executing command av_agent on %s" % vm) return False
def create_user_machine(self): logging.debug("create_user_machine") privs = [ 'ADMIN', 'ADMIN_USERS', 'ADMIN_OPERATIONS', 'ADMIN_TARGETS', 'ADMIN_AUDIT', 'ADMIN_LICENSE', 'SYS', 'SYS_FRONTEND', 'SYS_BACKEND', 'SYS_BACKUP', 'SYS_INJECTORS', 'SYS_CONNECTORS', 'TECH', 'TECH_FACTORIES', 'TECH_BUILD', 'TECH_CONFIG', 'TECH_EXEC', 'TECH_UPLOAD', 'TECH_IMPORT', 'TECH_NI_RULES', 'VIEW', 'VIEW_ALERTS', 'VIEW_FILESYSTEM', 'VIEW_EDIT', 'VIEW_DELETE', 'VIEW_EXPORT', 'VIEW_PROFILES'] user_name = "avmonitor_%s_%s" % (self.prefix, self.hostname) connection.user = user_name user_exists = False try: with connection() as c: logging.debug("LOGIN SUCCESS") user_exists = True except: pass if not user_exists: connection.user = "******" with connection() as c: ret = c.operation(connection.operation) op_id, group_id = ret c.user_create(user_name, connection.passwd, privs, group_id) connection.user = user_name return True
def on_answer(vm, success, answer): from AVMaster import vm_manager #assert command.context, "Null context" logging.debug("CROP answer: %s|%s" % (success, answer)) # answer = [1,5,7] if answer and isinstance(answer, list): logging.warn("We have to PULL images: %s" % answer) dir = "%s/crop" % logger.logdir for iter in answer: try: src = "%s/%s.png" % (config.basedir_crop, iter) #name = src.split('/')[-1] dst_dir = "%s/%s" %(dir, vm) if not os.path.exists(dst_dir): os.makedirs(dst_dir) dst = "%s/%s.png" % (dst_dir, iter) src = src.replace('/','\\') logging.debug("PULL: %s -> %s" % (src, dst)) vm_manager.execute(vm, "copyFileFromGuest", src ,dst) except: logging.exception("Cannot get image %s" % src)
def add_plan_result(proj_id, plan_id, config, run_name, test_case, result, elapsed = 0, comment="avg"): logging.debug("adding plan result: %s, %s, %s, %s, %s" % (config, run_name, test_case, result, comment)) statuses = get_statuses() results = dict([ (s['name'],s['id']) for s in statuses]) plan = search_plan(proj_id, plan_id) entries = plan["entries"] for entry in entries: runs = entry["runs"] for r in runs: if r["name"] != run_name: continue #logging.debug("run: %s" % r) if r["config"] != config: continue for t in get_tests(r["id"]): if test_case in t["title"]: logging.debug("adding result for test: %s" % t["id"]) #results = get_results(t["id"]) #logging.debug("results: %s" % results ) add_result(t["id"], results[result], comment, elapsed) return r["id"] logging.error("cannot find correct test case")
def mail_summary(mail_recipients, mail_server = "mail.hackingteam.com"): logging.info("sending mail to %s" % mail_recipients) # Import smtplib for the actual sending function import smtplib # Import the email modules we'll need from email.mime.text import MIMEText report = Report() # Open a plain text file for reading. For this example, assume that # the text file contains only ASCII characters. sum = summary() # Create a text/plain message for recipient in mail_recipients: msg = MIMEText(sum) # me == the sender's email address # you == the recipient's email address hostname = helper.get_hostname() msg['Subject'] = '%s@%s: %s' % (report.name, hostname, report.timestamp) msg['From'] = "*****@*****.**" msg['To'] = recipient logging.debug(" msg to: %s" % msg['To']) # Send the message via our own SMTP server, but don't include the # envelope header. s = smtplib.SMTP(mail_server) s.sendmail(msg['From'], [msg['To']], msg.as_string()) s.quit()
def execute(vm, protocol, args): """ server side """ from AVMaster import vm_manager #logging.debug(" CS Execute") assert vm, "null vm" tick = 15 if args: assert isinstance(args, int), "you must specify an int for timeout." timeout = args off = False logging.debug("%s, shutting down with timeout %s." % (vm,timeout)) vm_manager.execute(vm, "executeCmd","C:/Windows/System32/shutdown.exe",["/s", "/t", "30"], timeout, False, True) for i in range(0, timeout, tick): sleep(tick) if vm_manager.execute(vm, "is_powered_off"): return True, "Stopped VM" logging.info("Forcing shutdown") ret = vm_manager.execute(vm, "shutdown") logging.debug("%s, shutdown returns: %s" % (vm, ret)) for i in range(10): if vm_manager.execute(vm, "is_powered_off"): return True, "Stopped VM" sleep(tick) return False, "Cannot stop VM"
def __init__(self, vm, redis='localhost', session=None): self.vm = vm self.host = redis self.session = session command.init() shutil.rmtree('build', ignore_errors=True) if os.path.exists(config.basedir_crop): shutil.rmtree(config.basedir_crop) if 'logging' not in locals(): from AVCommon.logger import logging locals()['logging']=logging logging.debug("vm: %s host: %s session: %s" % (self.vm, self.host, session)) command.context["report"] = self.report # TODO # load default.yaml as a default SET command. f = open("AVAgent/default.yaml") y = yaml.load(f) for k,v in y.items(): command.context[k] = v logging.debug("command.context size: %s" % len(command.context))
def execute(vm, protocol, args): from AVMaster import vm_manager """ server side """ #logging.debug(" CS Execute") assert vm, "null vm" for i in range (30): if vm_manager.execute(vm, "is_powered_off"): return True, "%s VM is stopped" % vm else: logging.debug("%s, not yet powered off" % vm) time.sleep(30) ret = vm_manager.execute(vm, "shutdown") if not ret: return False, "Not Stopped VM %s" % ret for i in range (10): if vm_manager.execute(vm, "is_powered_off"): return True, "%s VM is stopped" % vm else: logging.debug("%s, not yet powered off" % vm) time.sleep(30) return False, "%s VM isn't stopped" % vm
def add_result(result): global results, report_send logging.debug(result) results.append(result) if report_send: logging.debug("report_send") report_send(result)
def execute(vm, args): """ client side, returns (bool,*) """ logging.debug(" CS Execute") assert vm, "null vm" ret = eval(args) return True, ret
def _upgrade(self, instance_id, force_soldier = False): with connection() as c: ret = c.instance_upgrade(instance_id, force_soldier) logging.debug("DBG _upgrade: %s" % ret) info = c.instance_info(instance_id) logging.debug("DBG info['level']: %s" % info['level']) return ret
def convert_processes(procs): processes = [] if not procs: return None lines = procs.split("\n") if not lines: return None for l in lines[1:]: proc = {} tokens = l.split(", ", 2) for t in tokens: try: k,v = t.split("=", 1) if k == "cmd": k = "name" proc[k] = v except: pass if proc: processes.append(proc) if config.verbose: logging.debug("processes: %s" % processes) return processes
def execute(vm, protocol, args): logging.debug(" CS Execute: args %s" % args) assert protocol assert protocol.procedure if not args: protocol.on_error = "DISABLED" return True, "Procedure disabled" week = ['sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday'] today = datetime.datetime.today().weekday() today_week = week[today + 1] if isinstance(args, list): for d in args: assert d.lower() in week if not today_week in args: protocol.on_error = "DISABLED" return True, "Today not allowed" return True, args
def notest_ProtocolEval(): host = "localhost" mq = MQStar(host) mq.clean() c = "client1" mq.add_client(c) commands = [ "BEGIN", ("EVAL_SERVER", "dir()"), ("EVAL_SERVER", "locals()"), ("EVAL_SERVER", "__import__('os').getcwd()"), ("END", None, None) ] procedure = Procedure("PROC", commands) p = Protocol(mq, c, procedure) while p.send_next_command(): logging.debug("sent command") exit = False while not exit: rec = mq.receive_server(blocking=True, timeout=10) if rec is not None: logging.debug("- SERVER RECEIVED %s %s" % (rec, type(rec))) c, msg = rec answer = p.receive_answer(c, msg) logging.debug("- SERVER RECEIVED ANSWER: ", answer.success) if answer.name == "END" or not answer.success: logging.debug("- SERVER RECEIVE END") #if answer.success: a = """('client1', ('EVAL_SERVER', True, {'self': <Command_EVAL_SERVER.Command_EVAL_SERVER object at 0x10931f810>, 'args': 'locals()'}))""" # p.send_next_command() else: logging.debug("- SERVER RECEIVED empty") exit = True
def takeScreenshot(self, vmx, out_img): if config.verbose: logging.debug("[%s] Taking screenshot.\n" % vmx) if config.verbose: logging.debug("CALLING FUNCTIONS WITH out img %s, u: %s, p: %s.\n" % (out_img, vmx.user, vmx.passwd)) self._run_cmd(vmx, "captureScreen", [out_img], [vmx.user, vmx.passwd]) return os.path.exists(out_img)
def test_formatter(selfs): from AVCommon import logger logger.init() from AVCommon.logger import logging globals()['logging']=logging formatter = logging.Formatter('%(asctime)s -%(levelname)s- %(filename)s:%(lineno)s %(message)s') stdout_handler = logging.StreamHandler(sys.stdout) stdout_handler.setFormatter(formatter) logger = logging.getLogger('') logger.addHandler(stdout_handler) logger.setLevel(logging.DEBUG) logging.debug('A debug message') logging.info('Some information') logging.warning('A shot across the bows') logging.debug('A debug message') logging.info('Some information') logging.warning('A shot across the bows') logging_child.ClassName("calling a child")
def on_init(protocol, args): """ server side """ from AVMaster import vm_manager vm, mq = protocol.vm, protocol.mq cmd = "c:\\python27\\python.exe" if args: redis = args else: redis = config.redis arg = ["C:\\AVTest\\AVAgent\\av_agent.py", "-m", vm, "-s", mq.session, "-d", redis] ret = vm_manager.execute(vm, "executeCmd", cmd, arg, 40, True, True) #logging.debug("execution: %s" % ret) python = None for i in range(5): time.sleep(10) processes = vm_manager.execute(vm, "list_processes") if not processes: logging.debug("%s: null list_processes" % vm) continue python = [ p for p in processes if "python" in p['cmd_line'] ] logging.debug("processes python: %s" % python) if python: return True if not python: logging.error("Error executing command av_agent on %s" % vm) return False
def serialize(self): logging.debug("serialize result: %s" % self.result) serialized = pickle.dumps(( self.name, self.success, self.args, self.result, self.vm, self.side, self.timestamp ), pickle.HIGHEST_PROTOCOL) #logging.debug("pickle.dumps(%s)" % serialized) return base64.b64encode(serialized)
def infos(self, target_id, instance_id, filter_type=None, filter_value=None): """ Get info of given agent and target @param target @param agent @param type (if None all types should be returned) date: '24h' 'week' 'month' 'now' dr e da sono per il :date gli altri sono per il :from :to dr -> date received, da -> date acquired """ logging.debug("info: %s,%s,%s,%s" %(target_id, instance_id, filter_type, filter_value)) if filter_type and filter_value: f = {filter_type: filter_value, "target": target_id, "agent": instance_id, 'date':'dr'} else: f = {"target": target_id, "agent": instance_id, 'date':'dr'} filter = urllib2.quote(json.dumps(f)) link = 'https://%s/evidence/info?filter=%s' % (self.host, filter) resp = self._get_response(link, self.cookie) result = json.loads(resp) logging.debug("results: " % result) return result
def update_conf(self, conf_file, factory): """ Update sync configuration @param configuration file @param factory id @return True/False """ try: base = 'https://%s' % self.host faclink = '%s/factory' % base resp = self._get_response(faclink, self.cookie) facts = json.loads(resp) for fact in facts: if fact["ident"] == factory: fct = fact break if not fct: return False # logging.debug(fct) addlink = '%s/agent/add_config' % base f = open(conf_file, 'r') cnf = f.read() data = {'_id': fct["_id"], 'config': cnf} # logging.debug(data) resp = self._post_response(addlink, self.cookie, json.dumps(data)) return True except Exception as e: logging.debug("DBG trace %s" % traceback.format_exc()) logging.error(e) return False
def execute(vm, protocol, level): """ client side, returns (bool,*) """ logging.debug(" VM_ALL") assert vm, "null vm" assert command.context is not None # vm_first = "avast,avast32,avg,avg32,avira,kis,kis14,kis32,mcafee,norton,panda,comodo,eset,msessential".split(',') vm_first = "avast,avast32,avg,avg32,avira,kis,kis14,kis32,mcafee,norton,comodo81,eset,eset7,msessential,panda".split( "," ) vm_second = "drweb,360cn5,adaware,ahnlab,bitdef,fsecure,gdata,iobit32,vba32,fortinet,mbytes,norman,risint,trendm,zoneal,clamav".split( "," ) vm_ignored = "" if level and level.lower() == "important": vm_all = vm_first elif level and level.lower() == "irrilevant": vm_all = vm_second else: vm_all = vm_first + vm_second assert isinstance(vm_all, list), "VM expects a list" command.context["VM"] = vm_all logging.debug("vm_all items: %s" % (vm_all)) return True, vm_all
def unserialize(message): data = base64.b64decode(message) name, success, args, result, vm, side, timestamp = pickle.loads(data) if config.verbose: logging.debug("unserialized: (%s,%s,%s,%s,%s,%s)" % (name, success, args, str(result)[:50], vm, timestamp)) return _factory(name, success, args, result, vm, timestamp)
def execute(vm, args): """ client side, returns (bool,*) """ logging.debug(" STOP_AGENT") assert vm, "null vm" #TODO: stops a AVAgent on vm return True, "AGENT STOPPED"
def __enter__(self): self.server = VIServer() self.server.connect(self.sdk_host, self.sdk_user, self.sdk_passwd) if config.verbose: logging.debug("connected to vSphere") vm = self.server.get_vm_by_path(self.vm_path) return vm
def mail_summary(mail_recipients, mail_server="mail.hackingteam.com"): logging.info("sending mail to %s" % mail_recipients) # Import smtplib for the actual sending function import smtplib # Import the email modules we'll need from email.mime.text import MIMEText report = Report() # Open a plain text file for reading. For this example, assume that # the text file contains only ASCII characters. sum = summary() # Create a text/plain message for recipient in mail_recipients: msg = MIMEText(sum) # me == the sender's email address # you == the recipient's email address hostname = helper.get_hostname() msg['Subject'] = '%s@%s: %s' % (report.name, hostname, report.timestamp) msg['From'] = "*****@*****.**" msg['To'] = recipient logging.debug(" msg to: %s" % msg['To']) # Send the message via our own SMTP server, but don't include the # envelope header. s = smtplib.SMTP(mail_server) s.sendmail(msg['From'], [msg['To']], msg.as_string()) s.quit()
def __exit__(self, type, value, traceback): try: self.server.disconnect() if config.verbose: logging.debug("disconnected from vSphere") except VIException as e: logging.debug("Problem in disconnection. Fault is: %s" % e.fault) pass
def instance_level(self, instance_id): params = {'_id': instance_id} try: info = self.instance_info(instance_id) logging.debug("info: %s" %(info)) return info["level"] except: return False
def instances_by_name(self, name): """ gets the instances id of an operation, matching the ident """ logging.debug("looking for instances with target: %s" % name) agents = self._call_get('agent') #logging.debug("agents: %s" % agents) #pp.pprint(agents) ret = [op for op in agents if name in op['name'] and op['_kind'] == 'agent'] return ret
def instances_by_target_id(self, target_id): """ gets the instances id of an operation, matching the ident """ logging.debug("lookin for instances with target: %s" % target_id) agents = self._call_get('agent') #logging.debug("agents: %s" % agents) #pp.pprint(agents) ret = [op for op in agents if target_id in op['path'] and op['_kind'] == 'agent'] return ret
def check_blacklist(blacklist=None): with connection() as client: logging.debug("connected") blacklist_server = client.blacklist() logging.info("blacklist from server: %s" % blacklist_server) if blacklist: logging.info("blacklist from conf: %s" % blacklist) report_send("+ BLACKLIST: %s" % blacklist_server)
def check_file(filename): try: with open(filename): logging.debug("DBG %s saved" % filename) return True except IOError: logging.debug("DBG failed saving %s" % appname) return False
def finish(): logging.debug("report finish") #dump_yaml() logging.debug("context: %s" % command.context) mail_recipients = command.context.get("mail_recipients", []) if mail_recipients: mail_summary(mail_recipients)
def start(self, p): logging.debug("- START: %s" % p.vm) self.mq.clean(p) r = p.send_next_command() c = p.last_command report.sent(p.vm, c) logging.info("- SENT: %s" % c)