Skip to content

Trap command PBA shows no output #1406

New issue
New issue
Closed
#1440
Closed
Trap command PBA shows no output#1406
#1440
Labels
BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: MediumImpact: Mediumsp/5
@ilija-lazoroski

Description

@ilija-lazoroski
ilija-lazoroski
opened on Aug 9, 2021

Describe the bug

When running the Trap PBA the report shows that the execution has produced no output. The trap command can be run on the victim machine and it is producing output. The same output is on 1.10.0 and 1.11.0 versions. The agent log is showing that the pba has been run succesfully

2021-08-09 15:15:48,607 [5227:139715135133440:DEBUG] base_telem._log_telem_sending.45: Sending attack telemetry.
2021-08-09 15:15:48,608 [5227:139715135133440:DEBUG] base_telem._log_telem_sending.47: Telemetry contents: {"status": 2, "technique": "T1064", "usage": "Scripts were used to execute Execute command when a particular signal is received post breach action."}
2021-08-09 15:15:48,609 [5227:139715135133440:DEBUG] connectionpool._new_conn.959: Starting new HTTPS connection (1): 10.0.2.5:5000
2021-08-09 15:15:48,633 [5227:139715135133440:DEBUG] connectionpool._make_request.437: https://10.0.2.5:5000 "POST /api/telemetry HTTP/1.1" 200 368
2021-08-09 15:15:48,635 [5227:139715135133440:DEBUG] base_telem._log_telem_sending.45: Sending post_breach telemetry.
2021-08-09 15:15:48,635 [5227:139715135133440:DEBUG] base_telem._log_telem_sending.47: Telemetry contents: {"command": ["trap 'echo \"Successfully used trap command\"' INT && kill -2 $$ ;", "trap - INT"], "result": ["", true], "name": "Execute command when a particular signal is received", "hostname": "ubuntutest-VirtualBox", "ip": "127.0.1.1"}
2021-08-09 15:15:48,637 [5227:139715135133440:DEBUG] connectionpool._new_conn.959: Starting new HTTPS connection (1): 10.0.2.5:5000
2021-08-09 15:15:48,660 [5227:139715135133440:DEBUG] connectionpool._make_request.437: https://10.0.2.5:5000 "POST /api/telemetry HTTP/1.1" 200 499
2021-08-09 15:15:48,662 [5227:139715135133440:DEBUG] post_breach_handler.run_pba.37: Execution of Execute command when a particular signal is received finished
2021-08-09 15:15:48,662 [5227:139715905308416:INFO] post_breach_handler.execute_all_configured.24: All PBAs executed. Total 1 executed.
2021-08-09 15:16:07,749 [5227:139716058847040:INFO] monkey.cleanup.312: Monkey cleanup started
2021-08-09 15:16:07,749 [5227:139716058847040:DEBUG] base_telem._log_telem_sending.45: Sending state telemetry.
2021-08-09 15:16:07,749 [5227:139716058847040:DEBUG] base_telem._log_telem_sending.47: Telemetry contents: {"done": true, "version": "1.11.0+428\n"}
2021-08-09 15:16:07,750 [5227:139716058847040:DEBUG] connectionpool._new_conn.959: Starting new HTTPS connection (1): 10.0.2.5:5000
2021-08-09 15:16:07,774 [5227:139716058847040:DEBUG] connectionpool._make_request.437: https://10.0.2.5:5000 "POST /api/telemetry HTTP/1.1" 200 259
2021-08-09 15:16:07,777 [5227:139716058847040:DEBUG] connectionpool._new_conn.959: Starting new HTTPS connection (1): 10.0.2.5:5000
2021-08-09 15:16:07,800 [5227:139716058847040:DEBUG] connectionpool._make_request.437: https://10.0.2.5:5000 "POST /api/log HTTP/1.1" 200 157
2021-08-09 15:16:07,803 [5227:139716058847040:DEBUG] base_telem._log_telem_sending.45: Sending attack telemetry.
2021-08-09 15:16:07,803 [5227:139716058847040:DEBUG] base_telem._log_telem_sending.47: Telemetry contents: {"status": 2, "technique": "T1107", "path": "/tmp/monkey_dir"}
2021-08-09 15:16:07,804 [5227:139716058847040:DEBUG] connectionpool._new_conn.959: Starting new HTTPS connection (1): 10.0.2.5:5000
2021-08-09 15:16:07,823 [5227:139716058847040:DEBUG] connectionpool._make_request.437: https://10.0.2.5:5000 "POST /api/telemetry HTTP/1.1" 200 281
2021-08-09 15:16:07,825 [5227:139716058847040:DEBUG] base_telem._log_telem_sending.45: Sending attack telemetry.
2021-08-09 15:16:07,825 [5227:139716058847040:DEBUG] base_telem._log_telem_sending.47: Telemetry contents: {"status": 2, "technique": "T1107", "path": "/tmp/monkey"}
2021-08-09 15:16:07,826 [5227:139716058847040:DEBUG] connectionpool._new_conn.959: Starting new HTTPS connection (1): 10.0.2.5:5000
2021-08-09 15:16:07,845 [5227:139716058847040:DEBUG] connectionpool._make_request.437: https://10.0.2.5:5000 "POST /api/telemetry HTTP/1.1" 200 277
2021-08-09 15:16:07,848 [5227:139716058847040:INFO] monkey.cleanup.329: Monkey is shutting down

To Reproduce

Steps to reproduce the behavior:

  1. Run Monkey Island
  2. Configure Monkey to run just Trap PBA
  3. Check security report for PBA output

Expected behavior

Like on the Island machine it should show Successfully used trap command instead of (PBA execution produced no output).

Screenshots

If applicable, add screenshots to help explain your problem.

image

Machine version (please complete the following information):

  • OS: Linux

Tasks

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: MediumImpact: Mediumsp/5

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions