Fixing Caldera for Linux targets

pull/3/head
Thorsten Sick 4 years ago
parent 1f4a302ce5
commit 3bcb7ea1f9

@ -31,6 +31,11 @@ class Experiment():
self.experiment_control = ExperimentConfig(configfile)
self.attack_logger = AttackLog()
self.__start_attacker()
caldera_url = "http://" + self.attacker_1.getip() + ":8888"
caldera_control = CalderaControl(caldera_url, config=self.experiment_control)
# Deleting all currently registered Caldera gents
print(caldera_control.kill_all_agents())
print(caldera_control.delete_all_agents())
self.starttime = datetime.now().strftime("%Y_%m_%d___%H_%M_%S")
self.lootdir = os.path.join(self.experiment_control.loot_dir(), self.starttime)
@ -55,34 +60,12 @@ class Experiment():
pass
target_1.install_caldera_service()
target_1.up()
# TODO prime sensors here
needs_reboot = target_1.prime_sensors()
if needs_reboot:
target_1.reboot()
print(f"{CommandlineColors.OKGREEN}Target is up: {tname} {CommandlineColors.ENDC}")
target_1.start_caldera_client()
print(f"{CommandlineColors.OKGREEN}Initial start of caldera client: {tname} {CommandlineColors.ENDC}")
self.targets.append(target_1)
# TODO: Install vulnerabilities by plugin
print(f"{CommandlineColors.OKBLUE}Contacting caldera agents on all targets ....{CommandlineColors.ENDC}")
time.sleep(20)
# Wait until all targets are registered as Caldera targets
for target_1 in self.targets:
caldera_url = "http://" + self.attacker_1.getip() + ":8888"
caldera_control = CalderaControl(caldera_url, config=self.experiment_control)
running_agents = [i["paw"] for i in caldera_control.list_agents()]
while target_1.get_paw() not in running_agents:
print(f"Connecting to caldera {caldera_url}, running agents are: {running_agents}")
print(f"Missing agent: {target_1.get_paw()} ...")
target_1.start_caldera_client()
print(f"Restarted caldera agent: {target_1.get_paw()} ...")
time.sleep(120) # Was 30, but maybe there are timing issues
running_agents = [i["paw"] for i in caldera_control.list_agents()]
print(f"{CommandlineColors.OKGREEN}Caldera agents reached{CommandlineColors.ENDC}")
# Install vulnerabilities
for a_target in self.targets:
print(f"Installing vulnerabilities on {a_target.get_paw()}")
@ -95,6 +78,26 @@ class Experiment():
a_target.install_sensors()
a_target.start_sensors()
# First start of caldera implants
for target_1 in self.targets:
target_1.start_caldera_client()
print(f"{CommandlineColors.OKGREEN}Initial start of caldera client: {tname} {CommandlineColors.ENDC}")
time.sleep(20) # Wait for all the clients to contact the caldera server
print(f"{CommandlineColors.OKBLUE}Contacting caldera agents on all targets ....{CommandlineColors.ENDC}")
# Wait until all targets are registered as Caldera targets
for target_1 in self.targets:
running_agents = caldera_control.list_paws_of_running_agents()
print(f"Agents currently running: {running_agents}")
while target_1.get_paw() not in running_agents:
print(f"Connecting to caldera {caldera_url}, running agents are: {running_agents}")
print(f"Missing agent: {target_1.get_paw()} ...")
target_1.start_caldera_client()
print(f"Restarted caldera agent: {target_1.get_paw()} ...")
time.sleep(120) # Was 30, but maybe there are timing issues
running_agents = caldera_control.list_paws_of_running_agents()
print(f"{CommandlineColors.OKGREEN}Caldera agents reached{CommandlineColors.ENDC}")
# Attack them
print(f"{CommandlineColors.OKBLUE}Running Caldera attacks{CommandlineColors.ENDC}")
for target_1 in self.targets:
@ -104,10 +107,10 @@ class Experiment():
for attack in caldera_attacks:
# TODO: Work with snapshots
# TODO: If we have several targets in the same group, it is nonsense to attack each one separately. Make this smarter
print(f"Attacking machine with PAW: {target_1.get_paw()}")
print(f"Attacking machine with PAW: {target_1.get_paw()} with {attack}")
caldera_control = CalderaControl("http://" + self.attacker_1.getip() + ":8888", config=self.experiment_control)
caldera_control.attack(self.attack_logger, target_1.get_paw(), attack, target_1.get_group())
caldera_control.attack(attack_logger=self.attack_logger, paw=target_1.get_paw(), ability_id=attack, group=target_1.get_group())
time.sleep(self.experiment_control.get_nap_time())
print(f"{CommandlineColors.OKGREEN}Finished Caldera attacks{CommandlineColors.ENDC}")
@ -136,13 +139,11 @@ class Experiment():
print(f"Uninstalling vulnerabilities on {a_target.get_paw()}")
a_target.stop_vulnerabilities()
# TODO: Zip result dir
# Stop target machines
for target_1 in self.targets:
target_1.halt()
self.__stop_attacker()
self.attack_logger.write_json(os.path.join(self.lootdir, "attack.json"))
self.zip_loot()

@ -442,8 +442,8 @@ class Machine():
playground = self.vm_manager.get_playground()
if self.get_os() == "linux":
cmd = f"""chmod +x caldera_agent.sh; nohup bash {playground}/caldera_agent.sh start &
"""
# cmd = f"""chmod +x caldera_agent.sh; nohup bash {playground}/caldera_agent.sh start &"""
cmd = f"""cd {playground}; chmod +x caldera_agent.sh; nohup bash ./caldera_agent.sh"""
elif self.get_os() == "windows":
if playground:
playground = playground + "\\" # Workaround for Windows: Can not set target dir for fabric-put in Windows. Only default (none=user) dir available.

@ -233,7 +233,7 @@ class TestMachineControl(unittest.TestCase):
m.set_caldera_server("http://www.test.test")
with patch.object(m.vm_manager, "get_playground", return_value="/vagrant/target3"):
cmd = m.create_start_caldera_client_cmd()
self.assertEqual(cmd.strip(), "chmod +x caldera_agent.sh; nohup bash /vagrant/target3/caldera_agent.sh start &".strip())
self.assertEqual(cmd.strip(), "cd /vagrant/target3; chmod +x caldera_agent.sh; nohup bash ./caldera_agent.sh".strip())
# Create caldera start command and verify it (windows)
def test_get_windows_caldera_start_cmd(self):

Loading…
Cancel
Save