forked from intezer/MoP
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpuppet_rat.py
62 lines (52 loc) · 2.09 KB
/
puppet_rat.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/env python3.6
import os
import socket
import random
import logging
import stage_props.utils
config = stage_props.utils.parse_config(os.path.join(os.path.dirname(__file__), 'config.yaml'))
class PuppetRAT:
"""
MoP plugin base class.
"""
def __init__(self, client_ip: str, client_port: int) -> None:
self.client_ip = client_ip
self.client_port = client_port
self.pid = PuppetRAT._pid()
self.logger = self._logger()
self.conn = None
def _logger(self) -> logging.Logger:
logger = logging.getLogger(f'{self.__class__.__name__}_{self.client_ip}:{self.client_port}')
logger.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
console_handler = logging.StreamHandler()
console_handler.setLevel(logging.INFO)
console_handler.setFormatter(formatter)
logger.addHandler(console_handler)
client_folder = os.path.join('artifacts', f'{self.client_ip}_{self.client_port}')
PuppetRAT._mkdir(client_folder)
file_handler = logging.FileHandler(os.path.join(client_folder, 'client.log'))
file_handler.setFormatter(formatter)
logger.addHandler(file_handler)
logger.propagate = False
logger.debug('logging started!')
return logger
@staticmethod
def _mkdir(dir_):
try:
os.makedirs(dir_)
except OSError:
pass
def connect(self):
"""Default implementation for simple TCP socket. Override this method if required"""
self.conn = stage_props.utils.tcp_socket()
self.conn.connect((self.client_ip, self.client_port))
def register(self):
"""RAT's server registration. Please make sure to override this method"""
raise NotImplementedError()
def loop(self):
"""RAT's main loop. Please make sure to override this method"""
raise NotImplementedError()
@staticmethod
def _pid():
return random.randint(config['general']['random_rat_pid_min'], config['general']['random_rat_pid_max'])