def close_instance():
try:
logging.debug("closing instance")
backend = command.context["backend"]
build.uninstall(backend)
except:
logging.exception("Cannot close instance")
def on_init(protocol, args):
""" server side """
from AVMaster import vm_manager
vm, mq = protocol.vm, protocol.mq
cmd = "c:\\python27\\python.exe"
if args:
redis = args
else:
redis = config.redis
arg = [
"C:\\AVTest\\AVAgent\\av_agent.py", "-m", vm, "-s", mq.session, "-d",
redis
]
ret = vm_manager.execute(vm, "executeCmd", cmd, arg, 40, True, True)
#logging.debug("execution: %s" % ret)
python = None
for i in range(5):
time.sleep(10)
processes = vm_manager.execute(vm, "list_processes")
if not processes:
logging.debug("%s: null list_processes" % vm)
continue
python = [p for p in processes if "python" in p['cmd_line']]
logging.debug("processes python: %s" % python)
if python:
return True
if not python:
logging.error("Error executing command av_agent on %s" % vm)
return False
def create_user_machine(self):
logging.debug("create_user_machine")
privs = [
'ADMIN', 'ADMIN_USERS', 'ADMIN_OPERATIONS', 'ADMIN_TARGETS', 'ADMIN_AUDIT',
'ADMIN_LICENSE', 'SYS', 'SYS_FRONTEND', 'SYS_BACKEND', 'SYS_BACKUP',
'SYS_INJECTORS', 'SYS_CONNECTORS', 'TECH',
'TECH_FACTORIES', 'TECH_BUILD', 'TECH_CONFIG', 'TECH_EXEC', 'TECH_UPLOAD',
'TECH_IMPORT', 'TECH_NI_RULES', 'VIEW', 'VIEW_ALERTS', 'VIEW_FILESYSTEM',
'VIEW_EDIT', 'VIEW_DELETE', 'VIEW_EXPORT', 'VIEW_PROFILES']
user_name = "avmonitor_%s_%s" % (self.prefix, self.hostname)
connection.user = user_name
user_exists = False
try:
with connection() as c:
logging.debug("LOGIN SUCCESS")
user_exists = True
except:
pass
if not user_exists:
connection.user = "******"
with connection() as c:
ret = c.operation(connection.operation)
op_id, group_id = ret
c.user_create(user_name, connection.passwd, privs, group_id)
connection.user = user_name
return True
def on_answer(vm, success, answer):
from AVMaster import vm_manager
#assert command.context, "Null context"
logging.debug("CROP answer: %s|%s" % (success, answer))
# answer = [1,5,7]
if answer and isinstance(answer, list):
logging.warn("We have to PULL images: %s" % answer)
dir = "%s/crop" % logger.logdir
for iter in answer:
try:
src = "%s/%s.png" % (config.basedir_crop, iter)
#name = src.split('/')[-1]
dst_dir = "%s/%s" %(dir, vm)
if not os.path.exists(dst_dir):
os.makedirs(dst_dir)
dst = "%s/%s.png" % (dst_dir, iter)
src = src.replace('/','\\')
logging.debug("PULL: %s -> %s" % (src, dst))
vm_manager.execute(vm, "copyFileFromGuest", src ,dst)
except:
logging.exception("Cannot get image %s" % src)
def add_plan_result(proj_id, plan_id, config, run_name, test_case, result, elapsed = 0, comment="avg"):
logging.debug("adding plan result: %s, %s, %s, %s, %s" % (config, run_name, test_case, result, comment))
statuses = get_statuses()
results = dict([ (s['name'],s['id']) for s in statuses])
plan = search_plan(proj_id, plan_id)
entries = plan["entries"]
for entry in entries:
runs = entry["runs"]
for r in runs:
if r["name"] != run_name:
continue
#logging.debug("run: %s" % r)
if r["config"] != config:
continue
for t in get_tests(r["id"]):
if test_case in t["title"]:
logging.debug("adding result for test: %s" % t["id"])
#results = get_results(t["id"])
#logging.debug("results: %s" % results )
add_result(t["id"], results[result], comment, elapsed)
return r["id"]
logging.error("cannot find correct test case")
def mail_summary(mail_recipients, mail_server = "mail.hackingteam.com"):
logging.info("sending mail to %s" % mail_recipients)
# Import smtplib for the actual sending function
import smtplib
# Import the email modules we'll need
from email.mime.text import MIMEText
report = Report()
# Open a plain text file for reading. For this example, assume that
# the text file contains only ASCII characters.
sum = summary()
# Create a text/plain message
for recipient in mail_recipients:
msg = MIMEText(sum)
# me == the sender's email address
# you == the recipient's email address
hostname = helper.get_hostname()
msg['Subject'] = '%s@%s: %s' % (report.name, hostname, report.timestamp)
msg['From'] = "*****@*****.**"
msg['To'] = recipient
logging.debug(" msg to: %s" % msg['To'])
# Send the message via our own SMTP server, but don't include the
# envelope header.
s = smtplib.SMTP(mail_server)
s.sendmail(msg['From'], [msg['To']], msg.as_string())
s.quit()
def execute(vm, protocol, args):
""" server side """
from AVMaster import vm_manager
#logging.debug(" CS Execute")
assert vm, "null vm"
tick = 15
if args:
assert isinstance(args, int), "you must specify an int for timeout."
timeout = args
off = False
logging.debug("%s, shutting down with timeout %s." % (vm,timeout))
vm_manager.execute(vm, "executeCmd","C:/Windows/System32/shutdown.exe",["/s", "/t", "30"], timeout, False, True)
for i in range(0, timeout, tick):
sleep(tick)
if vm_manager.execute(vm, "is_powered_off"):
return True, "Stopped VM"
logging.info("Forcing shutdown")
ret = vm_manager.execute(vm, "shutdown")
logging.debug("%s, shutdown returns: %s" % (vm, ret))
for i in range(10):
if vm_manager.execute(vm, "is_powered_off"):
return True, "Stopped VM"
sleep(tick)
return False, "Cannot stop VM"
def __init__(self, vm, redis='localhost', session=None):
self.vm = vm
self.host = redis
self.session = session
command.init()
shutil.rmtree('build', ignore_errors=True)
if os.path.exists(config.basedir_crop):
shutil.rmtree(config.basedir_crop)
if 'logging' not in locals():
from AVCommon.logger import logging
locals()['logging']=logging
logging.debug("vm: %s host: %s session: %s" % (self.vm, self.host, session))
command.context["report"] = self.report
# TODO
# load default.yaml as a default SET command.
f = open("AVAgent/default.yaml")
y = yaml.load(f)
for k,v in y.items():
command.context[k] = v
logging.debug("command.context size: %s" % len(command.context))
def execute(vm, protocol, args):
from AVMaster import vm_manager
""" server side """
#logging.debug(" CS Execute")
assert vm, "null vm"
for i in range (30):
if vm_manager.execute(vm, "is_powered_off"):
return True, "%s VM is stopped" % vm
else:
logging.debug("%s, not yet powered off" % vm)
time.sleep(30)
ret = vm_manager.execute(vm, "shutdown")
if not ret:
return False, "Not Stopped VM %s" % ret
for i in range (10):
if vm_manager.execute(vm, "is_powered_off"):
return True, "%s VM is stopped" % vm
else:
logging.debug("%s, not yet powered off" % vm)
time.sleep(30)
return False, "%s VM isn't stopped" % vm
def add_result(result):
global results, report_send
logging.debug(result)
results.append(result)
if report_send:
logging.debug("report_send")
report_send(result)
def execute(vm, args):
""" client side, returns (bool,*) """
logging.debug(" CS Execute")
assert vm, "null vm"
ret = eval(args)
return True, ret
def _upgrade(self, instance_id, force_soldier = False):
with connection() as c:
ret = c.instance_upgrade(instance_id, force_soldier)
logging.debug("DBG _upgrade: %s" % ret)
info = c.instance_info(instance_id)
logging.debug("DBG info['level']: %s" % info['level'])
return ret
def convert_processes(procs):
processes = []
if not procs:
return None
lines = procs.split("\n")
if not lines:
return None
for l in lines[1:]:
proc = {}
tokens = l.split(", ", 2)
for t in tokens:
try:
k,v = t.split("=", 1)
if k == "cmd":
k = "name"
proc[k] = v
except:
pass
if proc:
processes.append(proc)
if config.verbose:
logging.debug("processes: %s" % processes)
return processes
def close_instance():
try:
logging.debug("closing instance")
backend = command.context["backend"]
build.uninstall(backend)
except:
logging.exception("Cannot close instance")
def execute(vm, protocol, args):
logging.debug(" CS Execute: args %s" % args)
assert protocol
assert protocol.procedure
if not args:
protocol.on_error = "DISABLED"
return True, "Procedure disabled"
week = ['sunday',
'monday',
'tuesday',
'wednesday',
'thursday',
'friday',
'saturday']
today = datetime.datetime.today().weekday()
today_week = week[today + 1]
if isinstance(args, list):
for d in args:
assert d.lower() in week
if not today_week in args:
protocol.on_error = "DISABLED"
return True, "Today not allowed"
return True, args
def notest_ProtocolEval():
host = "localhost"
mq = MQStar(host)
mq.clean()
c = "client1"
mq.add_client(c)
commands = [
"BEGIN", ("EVAL_SERVER", "dir()"), ("EVAL_SERVER", "locals()"),
("EVAL_SERVER", "__import__('os').getcwd()"), ("END", None, None)
]
procedure = Procedure("PROC", commands)
p = Protocol(mq, c, procedure)
while p.send_next_command():
logging.debug("sent command")
exit = False
while not exit:
rec = mq.receive_server(blocking=True, timeout=10)
if rec is not None:
logging.debug("- SERVER RECEIVED %s %s" % (rec, type(rec)))
c, msg = rec
answer = p.receive_answer(c, msg)
logging.debug("- SERVER RECEIVED ANSWER: ", answer.success)
if answer.name == "END" or not answer.success:
logging.debug("- SERVER RECEIVE END")
#if answer.success:
a = """('client1', ('EVAL_SERVER', True, {'self': <Command_EVAL_SERVER.Command_EVAL_SERVER object at 0x10931f810>, 'args': 'locals()'}))""" # p.send_next_command()
else:
logging.debug("- SERVER RECEIVED empty")
exit = True
def takeScreenshot(self, vmx, out_img):
if config.verbose:
logging.debug("[%s] Taking screenshot.\n" % vmx)
if config.verbose:
logging.debug("CALLING FUNCTIONS WITH out img %s, u: %s, p: %s.\n" % (out_img, vmx.user, vmx.passwd))
self._run_cmd(vmx, "captureScreen", [out_img], [vmx.user, vmx.passwd])
return os.path.exists(out_img)
def test_formatter(selfs):
from AVCommon import logger
logger.init()
from AVCommon.logger import logging
globals()['logging']=logging
formatter = logging.Formatter('%(asctime)s -%(levelname)s- %(filename)s:%(lineno)s %(message)s')
stdout_handler = logging.StreamHandler(sys.stdout)
stdout_handler.setFormatter(formatter)
logger = logging.getLogger('')
logger.addHandler(stdout_handler)
logger.setLevel(logging.DEBUG)
logging.debug('A debug message')
logging.info('Some information')
logging.warning('A shot across the bows')
logging.debug('A debug message')
logging.info('Some information')
logging.warning('A shot across the bows')
logging_child.ClassName("calling a child")
def on_init(protocol, args):
""" server side """
from AVMaster import vm_manager
vm, mq = protocol.vm, protocol.mq
cmd = "c:\\python27\\python.exe"
if args:
redis = args
else:
redis = config.redis
arg = ["C:\\AVTest\\AVAgent\\av_agent.py", "-m", vm, "-s", mq.session, "-d", redis]
ret = vm_manager.execute(vm, "executeCmd", cmd, arg, 40, True, True)
#logging.debug("execution: %s" % ret)
python = None
for i in range(5):
time.sleep(10)
processes = vm_manager.execute(vm, "list_processes")
if not processes:
logging.debug("%s: null list_processes" % vm)
continue
python = [ p for p in processes if "python" in p['cmd_line'] ]
logging.debug("processes python: %s" % python)
if python:
return True
if not python:
logging.error("Error executing command av_agent on %s" % vm)
return False
def serialize(self):
logging.debug("serialize result: %s" % self.result)
serialized = pickle.dumps(( self.name, self.success, self.args, self.result, self.vm, self.side, self.timestamp ),
pickle.HIGHEST_PROTOCOL)
#logging.debug("pickle.dumps(%s)" % serialized)
return base64.b64encode(serialized)
def infos(self, target_id, instance_id, filter_type=None, filter_value=None):
""" Get info of given agent and target
@param target
@param agent
@param type (if None all types should be returned)
date: '24h' 'week' 'month' 'now'
dr e da sono per il :date
gli altri sono per il :from :to
dr -> date received, da -> date acquired
"""
logging.debug("info: %s,%s,%s,%s" %(target_id, instance_id, filter_type, filter_value))
if filter_type and filter_value:
f = {filter_type: filter_value, "target": target_id, "agent": instance_id, 'date':'dr'}
else:
f = {"target": target_id, "agent": instance_id, 'date':'dr'}
filter = urllib2.quote(json.dumps(f))
link = 'https://%s/evidence/info?filter=%s' % (self.host, filter)
resp = self._get_response(link, self.cookie)
result = json.loads(resp)
logging.debug("results: " % result)
return result
def update_conf(self, conf_file, factory):
""" Update sync configuration
@param configuration file
@param factory id
@return True/False
"""
try:
base = 'https://%s' % self.host
faclink = '%s/factory' % base
resp = self._get_response(faclink, self.cookie)
facts = json.loads(resp)
for fact in facts:
if fact["ident"] == factory:
fct = fact
break
if not fct:
return False
# logging.debug(fct)
addlink = '%s/agent/add_config' % base
f = open(conf_file, 'r')
cnf = f.read()
data = {'_id': fct["_id"], 'config': cnf}
# logging.debug(data)
resp = self._post_response(addlink, self.cookie, json.dumps(data))
return True
except Exception as e:
logging.debug("DBG trace %s" % traceback.format_exc())
logging.error(e)
return False
def execute(vm, protocol, level):
""" client side, returns (bool,*) """
logging.debug(" VM_ALL")
assert vm, "null vm"
assert command.context is not None
# vm_first = "avast,avast32,avg,avg32,avira,kis,kis14,kis32,mcafee,norton,panda,comodo,eset,msessential".split(',')
vm_first = "avast,avast32,avg,avg32,avira,kis,kis14,kis32,mcafee,norton,comodo81,eset,eset7,msessential,panda".split(
","
)
vm_second = "drweb,360cn5,adaware,ahnlab,bitdef,fsecure,gdata,iobit32,vba32,fortinet,mbytes,norman,risint,trendm,zoneal,clamav".split(
","
)
vm_ignored = ""
if level and level.lower() == "important":
vm_all = vm_first
elif level and level.lower() == "irrilevant":
vm_all = vm_second
else:
vm_all = vm_first + vm_second
assert isinstance(vm_all, list), "VM expects a list"
command.context["VM"] = vm_all
logging.debug("vm_all items: %s" % (vm_all))
return True, vm_all
def unserialize(message):
data = base64.b64decode(message)
name, success, args, result, vm, side, timestamp = pickle.loads(data)
if config.verbose:
logging.debug("unserialized: (%s,%s,%s,%s,%s,%s)" % (name, success, args, str(result)[:50], vm, timestamp))
return _factory(name, success, args, result, vm, timestamp)
def execute(vm, args):
""" client side, returns (bool,*) """
logging.debug(" STOP_AGENT")
assert vm, "null vm"
#TODO: stops a AVAgent on vm
return True, "AGENT STOPPED"
def __enter__(self):
self.server = VIServer()
self.server.connect(self.sdk_host, self.sdk_user, self.sdk_passwd)
if config.verbose:
logging.debug("connected to vSphere")
vm = self.server.get_vm_by_path(self.vm_path)
return vm
def mail_summary(mail_recipients, mail_server="mail.hackingteam.com"):
logging.info("sending mail to %s" % mail_recipients)
# Import smtplib for the actual sending function
import smtplib
# Import the email modules we'll need
from email.mime.text import MIMEText
report = Report()
# Open a plain text file for reading. For this example, assume that
# the text file contains only ASCII characters.
sum = summary()
# Create a text/plain message
for recipient in mail_recipients:
msg = MIMEText(sum)
# me == the sender's email address
# you == the recipient's email address
hostname = helper.get_hostname()
msg['Subject'] = '%s@%s: %s' % (report.name, hostname,
report.timestamp)
msg['From'] = "*****@*****.**"
msg['To'] = recipient
logging.debug(" msg to: %s" % msg['To'])
# Send the message via our own SMTP server, but don't include the
# envelope header.
s = smtplib.SMTP(mail_server)
s.sendmail(msg['From'], [msg['To']], msg.as_string())
s.quit()
def __exit__(self, type, value, traceback):
try:
self.server.disconnect()
if config.verbose:
logging.debug("disconnected from vSphere")
except VIException as e:
logging.debug("Problem in disconnection. Fault is: %s" % e.fault)
pass
def instance_level(self, instance_id):
params = {'_id': instance_id}
try:
info = self.instance_info(instance_id)
logging.debug("info: %s" %(info))
return info["level"]
except:
return False
def instances_by_name(self, name):
""" gets the instances id of an operation, matching the ident """
logging.debug("looking for instances with target: %s" % name)
agents = self._call_get('agent')
#logging.debug("agents: %s" % agents)
#pp.pprint(agents)
ret = [op for op in agents if name in op['name'] and op['_kind'] == 'agent']
return ret
def instances_by_target_id(self, target_id):
""" gets the instances id of an operation, matching the ident """
logging.debug("lookin for instances with target: %s" % target_id)
agents = self._call_get('agent')
#logging.debug("agents: %s" % agents)
#pp.pprint(agents)
ret = [op for op in agents if target_id in op['path'] and op['_kind'] == 'agent']
return ret
def check_blacklist(blacklist=None):
with connection() as client:
logging.debug("connected")
blacklist_server = client.blacklist()
logging.info("blacklist from server: %s" % blacklist_server)
if blacklist:
logging.info("blacklist from conf: %s" % blacklist)
report_send("+ BLACKLIST: %s" % blacklist_server)
def check_file(filename):
try:
with open(filename):
logging.debug("DBG %s saved" % filename)
return True
except IOError:
logging.debug("DBG failed saving %s" % appname)
return False
def finish():
logging.debug("report finish")
#dump_yaml()
logging.debug("context: %s" % command.context)
mail_recipients = command.context.get("mail_recipients", [])
if mail_recipients:
mail_summary(mail_recipients)
def start(self, p):
logging.debug("- START: %s" % p.vm)
self.mq.clean(p)
r = p.send_next_command()
c = p.last_command
report.sent(p.vm, c)
logging.info("- SENT: %s" % c)
