def run(self):
username = CommunicateAsNewUser.get_random_new_user_name()
try:
with create_auto_new_user(username, PASSWORD) as new_user:
http_request_commandline = CommunicateAsNewUser.get_commandline_for_http_request(INFECTION_MONKEY_WEBSITE_URL)
exit_status = new_user.run_as(http_request_commandline)
self.send_result_telemetry(exit_status, http_request_commandline, username)
except subprocess.CalledProcessError as e:
PostBreachTelem(self, (e.output.decode(), False)).send()
except NewUserError as e:
PostBreachTelem(self, (str(e), False)).send()
def run(self):
username = CommunicateAsNewUser.get_random_new_user_name()
try:
with create_auto_new_user(username, PASSWORD) as new_user:
ping_commandline = CommunicateAsNewUser.get_commandline_for_ping(
)
exit_status = new_user.run_as(ping_commandline)
self.send_ping_result_telemetry(exit_status, ping_commandline,
username)
except subprocess.CalledProcessError as e:
PostBreachTelem(self, (e.output, False)).send()
except NewUserError as e:
PostBreachTelem(self, (str(e), False)).send()
def send_result_telemetry(self, exit_status, commandline, username):
"""
Parses the result of the command and sends telemetry accordingly.
:param exit_status: In both Windows and Linux, 0 exit code indicates success.
:param commandline: Exact commandline which was executed, for reporting back.
:param username: Username from which the command was executed, for reporting back.
"""
if exit_status == 0:
PostBreachTelem(self, (
CREATED_PROCESS_AS_USER_SUCCESS_FORMAT.format(commandline, username), True)).send()
else:
PostBreachTelem(self, (
CREATED_PROCESS_AS_USER_FAILED_FORMAT.format(
commandline, username, exit_status, twos_complement(exit_status)), False)).send()
def run(self):
results = [pba.run() for pba in self.modify_shell_startup_PBA_list()]
if not results:
results = [(
"Modify shell startup files PBA failed: Unable to find any regular users",
False,
)]
PostBreachTelem(self, results).send()
def run(self):
"""
Runs post breach action command
"""
exec_funct = self._execute_default
result = exec_funct()
if self.scripts_were_used_successfully(result):
T1064Telem(ScanStatus.USED, "Scripts were used to execute %s post breach action." % self.name).send()
PostBreachTelem(self, result).send()
def run(self):
# create hidden files and folders
for function_to_get_commands in HIDDEN_FSO_CREATION_COMMANDS:
linux_cmds, windows_cmds = function_to_get_commands()
super(HiddenFiles, self).__init__(name=POST_BREACH_HIDDEN_FILES,
linux_cmd=' '.join(linux_cmds),
windows_cmd=windows_cmds)
super(HiddenFiles, self).run()
if is_windows_os(): # use winAPI
result, status = get_winAPI_to_hide_files()
PostBreachTelem(self, (result, status)).send()
# cleanup hidden files and folders
cleanup_hidden_files(is_windows_os())
def run(self):
"""
Runs post breach action command
"""
if self.command:
exec_funct = self._execute_default
result = exec_funct()
if self.scripts_were_used_successfully(result):
T1064Telem(
ScanStatus.USED, f"Scripts were used to execute {self.name} post breach action."
).send()
PostBreachTelem(self, result).send()
else:
logger.debug(f"No command available for PBA '{self.name}' on current OS, skipping.")
def run(self):
results = [pba.run() for pba in self.clear_command_history_PBA_list()]
if results:
PostBreachTelem(self, results).send()
def post_breach_telem_test_instance(monkeypatch):
PBA = StubSomePBA()
monkeypatch.setattr(PostBreachTelem, "_get_hostname_and_ip", lambda:
(HOSTNAME, IP))
return PostBreachTelem(PBA, RESULT)
def run(self):
results = [pba.run() for pba in self.modify_shell_startup_PBA_list()]
PostBreachTelem(self, results).send()