Attack plugins will now get the full machine object for targets

pull/3/head
Thorsten Sick 3 years ago
parent c0598c577b
commit 04440bb1ab

@ -544,7 +544,8 @@ class CalderaControl():
if attack_logger:
attack_logger.start_caldera_attack(source=self.url,
paw=paw, group=group,
paw=paw,
group=group,
ability_id=ability_id,
ttp=self.get_ability(ability_id)[0]["technique_id"],
name=self.get_ability(ability_id)[0]["name"],

@ -204,7 +204,7 @@ class Experiment():
plugin.set_attacker_machine(self.attacker_1)
# plugin.__set_logger__(self.attack_logger)
plugin.__execute__([target.getip()])
plugin.__execute__([target])
def zip_loot(self):
""" Zip the loot together """

@ -3,6 +3,7 @@
from plugins.base.plugin_base import BasePlugin
from app.exceptions import PluginError
from app.calderacontrol import CalderaControl
import os
@ -27,6 +28,8 @@ class AttackPlugin(BasePlugin):
self.sysconf = {} # System configuration. common for all plugins
self.attacker_machine_plugin = None # The machine plugin referencing the attacker. The Kali machine should be the perfect candidate
self.target_machine_plugin = None # The machine plugin referencing the target
self.caldera = None # The Caldera connection object
self.targets = None
def copy_to_attacker_and_defender(self):
""" Copy attacker/defender specific files to the machines. Called by setup, do not call it yourself. template processing happens before """
@ -88,6 +91,25 @@ class AttackPlugin(BasePlugin):
self.attacker_machine_plugin = machine.vm_manager
def set_caldera(self, caldera: CalderaControl):
""" Set the caldera control to be used for caldera attacks
@param caldera: The caldera object to connect through
"""
self.caldera = caldera
def caldera_attack(self, target, ability_id):
""" Attack a single target using caldera
"""
self.caldera.attack(self.attack_logger,
paw=target.get_paw(),
ability_id=ability_id,
group=target.get_group(),
target_platform=target.get_os()
)
def get_attacker_playground(self):
""" Returns the attacker machine specific playground
@ -112,11 +134,13 @@ class AttackPlugin(BasePlugin):
@param targets: A list of targets, ip addresses will do
"""
self.targets = targets
ips = [tgt.getip() for tgt in targets]
self.setup()
self.attack_logger.start_kali_attack(self.attacker_machine_plugin.config.vmname(), targets, self.name, ttp=self.get_ttp())
self.attack_logger.start_kali_attack(self.attacker_machine_plugin.config.vmname(), ips, self.name, ttp=self.get_ttp())
res = self.run(targets)
self.teardown()
self.attack_logger.stop_kali_attack(self.attacker_machine_plugin.config.vmname(), targets, self.name, ttp=self.get_ttp())
self.attack_logger.stop_kali_attack(self.attacker_machine_plugin.config.vmname(), ips, self.name, ttp=self.get_ttp())
return res
def get_ttp(self):

@ -33,7 +33,7 @@ class HydraPlugin(AttackPlugin):
cmd += "sudo apt -y install hydra;"
for t in targets:
for p in self.conf['protocols']:
cmd += f"hydra -L {self.conf['userfile']} -P {self.conf['pwdfile']} {p}://{t};"
cmd += f"hydra -L {self.conf['userfile']} -P {self.conf['pwdfile']} {p}://{t.getip()};"
res = self.attacker_run_cmd(cmd) or ""

@ -7,7 +7,7 @@ from plugins.base.attack import AttackPlugin
# TODO All scan patterns need explicit logging into the attack log !
# TODO: Add config for subnet range for ping sweeps
# TODO: Add IP exclusion --exclude ip,ip,ip to not accidentially scan non-targets
# TODO: Add IP exclusion --exclude ip,ip,ip to not accidentialy scan non-targets
# TODO: host discovery Ping scan: -sn
# TODO: host discovery PE ICMP echo
# TODO: host discovery PP ICMP timestamp
@ -21,7 +21,6 @@ from plugins.base.attack import AttackPlugin
# TODO: --traceroute in addition to host discovery
# TODO: -R <ip> reverse DNS. Needs a DNS in the big picture. No idea if valuable
# TODO: host discovery reverse DNS resolution
# TODO OS identification
# TODO service discovery
# TODO stealth scans
# TODO firewall evasion
@ -83,7 +82,7 @@ class NmapPlugin(AttackPlugin):
cmd = f"cd {pg};"
for t in targets:
cmd += f"nmap {t};"
cmd += f"nmap {t.getip()};"
res += self.attacker_run_cmd(cmd) or ""

@ -29,7 +29,7 @@ class NmapSneakyPlugin(AttackPlugin):
pg = self.get_attacker_playground()
cmd = f"cd {pg};"
for t in targets:
cmd += f"sudo nmap -T1 -F -D RND:5 -f --randomize-hosts {t};"
cmd += f"sudo nmap -T1 -F -D RND:5 -f --randomize-hosts {t.getip()};"
res += self.attacker_run_cmd(cmd) or ""

@ -31,7 +31,7 @@ class NmapStresstestPlugin(AttackPlugin):
cmd = f"cd {pg};"
for t in targets:
cmd += f"nmap -T5 --min-parallelism 100 --max-scan-delay 1 {t};"
cmd += f"nmap -T5 --min-parallelism 100 --max-scan-delay 1 {t.getip()};"
res += self.attacker_run_cmd(cmd) or ""

Loading…
Cancel
Save