From 191be9b049b2f02400f329f4a8790978cc361115 Mon Sep 17 00:00:00 2001 From: Thorsten Sick Date: Wed, 28 Apr 2021 08:03:07 +0200 Subject: [PATCH] Added bug with partial attack configs (kali or caldera) in yaml file --- app/config.py | 10 ++- tests/data/attacks_half.yaml | 147 +++++++++++++++++++++++++++++++++++ tests/test_config.py | 16 ++++ 3 files changed, 171 insertions(+), 2 deletions(-) create mode 100644 tests/data/attacks_half.yaml diff --git a/app/config.py b/app/config.py index 7106274..b9ec369 100644 --- a/app/config.py +++ b/app/config.py @@ -219,7 +219,10 @@ class ExperimentConfig(): return [] if for_os not in self.raw_config["kali_attacks"]: return [] - return self.raw_config["kali_attacks"][for_os] + res = self.raw_config["kali_attacks"][for_os] + if res is None: + return [] + return res def get_caldera_attacks(self, for_os): """ Get the configured caldera attacks to run for a specific OS @@ -231,7 +234,10 @@ class ExperimentConfig(): return [] if for_os not in self.raw_config["caldera_attacks"]: return [] - return self.raw_config["caldera_attacks"][for_os] + res = self.raw_config["caldera_attacks"][for_os] + if res is None: + return [] + return res def get_nap_time(self): """ Returns the attackers nap time between attack steps """ diff --git a/tests/data/attacks_half.yaml b/tests/data/attacks_half.yaml new file mode 100644 index 0000000..1155c50 --- /dev/null +++ b/tests/data/attacks_half.yaml @@ -0,0 +1,147 @@ + +### +# Caldera configuration +caldera: + ### + # API key for caldera. See caldera configuration. Default is ADMIN123 + apikey: ADMIN123 + +### +# Attacks configuration +attackers: + ### + # Configuration for the first attacker. One should normally be enough + attacker: + + ### + # Defining VM controller settings for this machine + vm_controller: + ### + # Type of the VM controller, Options are "vagrant" + type: vagrant + ### + # # path where the vagrantfile is in + vagrantfilepath: systems + + ### + # Name of machine in Vagrantfile + vm_name: attacker + + ### + # machinepath is a path where the machine specific files and logs are stored. Relative to the Vagrantfile path + # and will be mounted internally as /vagrant/ + # If machinepoath is not set PurpleDome will try "vm_name" + machinepath: attacker1 + + ### + # OS of the VM guest. Options are so far "windows", "linux" + os: linux + + ### + # Do not destroy/create the machine: Set this to "yes". + use_existing_machine: yes + +### +# List of targets +targets: + ### + # Specific target + target1: + vm_controller: + type: vagrant + vagrantfilepath: systems + + vm_name: target1 + os: linux + ### + # Targets need a unique PAW name for caldera + paw: target1 + ### + # Targets need to be in a group for caldera + group: red + + machinepath: target1 + # Do not destroy/create the machine: Set this to "yes". + use_existing_machine: yes + + target2: + #root: systems/target1 + vm_controller: + type: vagrant + vagrantfilepath: systems + + vm_name: target2 + os: windows + paw: target2w + group: red + + machinepath: target2w + + # Do not destroy/create the machine: Set this to "yes". + use_existing_machine: yes + ### + # Optional setting to activate force when halting the machine. Windows guests sometime get stuck + halt_needs_force: yes + + ### + # If SSH without vagrant support is used (Windows !) we need a user name (uppercase) + ssh_user: PURPLEDOME + + ### + # For non-vagrant ssh connections a ssh keyfile stored in the machinepath is required. + ssh_keyfile: id_rsa.3 + +### +# A list of caldera attacks to run against the targets. +caldera_attacks: + ### + # Linux specific attacks. A list of caldera ability IDs + linux: + - "bd527b63-9f9e-46e0-9816-b8434d2b8989" + ### + # Windows specific attacks. A list of caldera ability IDs + windows: + #- "bd527b63-9f9e-46e0-9816-b8434d2b8989" + #- "foo" + #- "bar" + + + +## A bug in production was triggered by this half config. Adding a unit test +### +# Kali tool based attacks. Will result in kali commandline tools to be called. Currently supported are: "hydra" +kali_attacks: + ### + # Linux specific attacks, a list + linux: + - hydra + ### + # Windows specific attacks, a list + windows: +# - hydra + +### +# Configuration for the kali attack tools +kali_conf: + ### + # Hydra configuration + hydra: + ### + # A list of protocols to brute force against. Supported: "ssh" + protocols: + - ssh + #- ftp + #- ftps + ### + # A file containing potential user names + userfile: users.txt + ### + # A file containing potential passwords + pwdfile: passwords.txt + +### +# Settings for the results being harvested +results: + ### + # The directory the loot will be in + loot_dir: loot diff --git a/tests/test_config.py b/tests/test_config.py index f1ae05f..492edb5 100644 --- a/tests/test_config.py +++ b/tests/test_config.py @@ -592,6 +592,22 @@ class TestExperimentConfig(unittest.TestCase): self.assertEqual(ex.get_caldera_attacks("linux"), []) + def test_kali_attacks_half(self): + """ kali attacks entry partially missing from config """ + + ex = ExperimentConfig("tests/data/attacks_half.yaml") + + self.assertEqual(ex.get_kali_attacks("linux"), ["hydra"]) + self.assertEqual(ex.get_kali_attacks("windows"), []) + + def test_caldera_attacks_half(self): + """ caldera attacks entry partially missing from config """ + + ex = ExperimentConfig("tests/data/attacks_half.yaml") + + self.assertEqual(ex.get_caldera_attacks("linux"), ["bd527b63-9f9e-46e0-9816-b8434d2b8989"]) + self.assertEqual(ex.get_caldera_attacks("windows"), []) + def test_caldera_attacks_empty(self): """ zero entries in caldera attacks list """