mirror of https://github.com/avast/PurpleDome
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.4 KiB
Python
44 lines
1.4 KiB
Python
#!/usr/bin/env python3
|
|
|
|
# Some users are created (with weak passwords) and sshd is set to allow password-based access
|
|
|
|
from plugins.base.vulnerability_plugin import VulnerabilityPlugin
|
|
|
|
|
|
class VulnerabilityOk(VulnerabilityPlugin):
|
|
|
|
# Boilerplate
|
|
name = "missing_start"
|
|
description = "Adding users with weak passwords"
|
|
ttp = "T1110"
|
|
references = ["https://attack.mitre.org/techniques/T1110/"]
|
|
|
|
required_files = [] # Files shipped with the plugin which are needed by the machine. Will be copied to the share
|
|
|
|
def __init__(self):
|
|
super().__init__()
|
|
self.plugin_path = __file__
|
|
|
|
def stop(self):
|
|
|
|
if self.machine_plugin.config.os() == "linux":
|
|
for user in self.conf["linux"]:
|
|
# Remove user
|
|
cmd = f"sudo userdel -r {user['name']}"
|
|
self.run_cmd(cmd)
|
|
|
|
elif self.machine_plugin.config.os() == "windows":
|
|
for user in self.conf["windows"]:
|
|
# net user username /delete
|
|
cmd = f"net user {user['name']} /delete"
|
|
self.run_cmd(cmd)
|
|
|
|
# Remove the new users to RDP (just in case we want to test RDP)
|
|
for user in self.conf["windows"]:
|
|
# net user username /delete
|
|
cmd = f""""NET LOCALGROUP "Remote Desktop Users" {user['name']} /DELETE"""
|
|
self.run_cmd(cmd)
|
|
|
|
else:
|
|
raise NotImplementedError
|