First caldera based attack in FIN7 playbook

4 years ago · 725db17cf6
parent ebd9854413
commit 725db17cf6
3 changed files with 19 additions and 15 deletions
--- a/app/config.py
+++ b/app/config.py
@ -205,7 +205,7 @@ class ExperimentConfig():
        try:
            res = self.raw_config["kali_conf"][attack]
        except KeyError as exception:
-            raise ConfigurationError from exception
+            res = {}
        if res is None:
            res = {}

--- a/app/experimentcontrol.py
+++ b/app/experimentcontrol.py
@ -202,6 +202,7 @@ class Experiment():
            self.attack_logger.vprint(f"{CommandlineColors.OKBLUE}Running Kali plugin {name}{CommandlineColors.ENDC}", 2)
            plugin.process_config(self.experiment_config.kali_conf(plugin.get_config_section_name()))    # TODO: De-kalify
            plugin.set_attacker_machine(self.attacker_1)
+            plugin.set_caldera(self.caldera_control)

            # plugin.__set_logger__(self.attack_logger)
            plugin.__execute__([target])
--- a/plugins/default/adversary_emulations/FIN7/fin7_section1.py
+++ b/plugins/default/adversary_emulations/FIN7/fin7_section1.py
@ -50,7 +50,11 @@ class FIN7Plugin(AttackPlugin):
            f"{CommandlineColors.OKBLUE}Step 3: Target Assessment{CommandlineColors.ENDC}", 1)

        # WMI queries  https://attack.mitre.org/techniques/T1057/
-        # execute net view from spawned cmd https://attack.mitre.org/techniques/T1135/
+
+        # TODO execute net view from spawned cmd https://attack.mitre.org/techniques/T1135/
+
+        self.caldera_attack(self.targets[0], "deeac480-5c2a-42b5-90bb-41675ee53c7e", parameters={"remote.host.fqdn": self.targets[0].getip()})
+
        # check for sandbox https://attack.mitre.org/techniques/T1497/
        # query username https://attack.mitre.org/techniques/T1497/
        # query computername https://attack.mitre.org/techniques/T1082/
@ -175,16 +179,15 @@ class FIN7Plugin(AttackPlugin):
        @param targets: A list of targets
        """

-        # Set defaults if not present in config
-        playground = self.attacker_machine_plugin.get_playground()
-
-        # Generate command
-        cmd = f"cd {playground};"
-        cmd += "sudo apt -y install hydra;"
-        for t in targets:
-            for p in self.conf['protocols']:
-                cmd += f"hydra -L {self.conf['userfile']}  -P {self.conf['pwdfile']} {p}://{t};"
-
-        res = self.attacker_run_cmd(cmd) or ""
-
-        return res
+        self.step1()
+        self.step2()
+        self.step3()
+        self.step4()
+        self.step5()
+        self.step6()
+        self.step7()
+        self.step8()
+        self.step9()
+        self.step10()
+
+        return ""