From 97c5277062d2a77ddb6b4dd38fdb1463ce4e3157 Mon Sep 17 00:00:00 2001 From: Thorsten Sick Date: Thu, 11 Nov 2021 12:32:45 +0100 Subject: [PATCH] Fixed all existing yaml config files --- app/config_verifier.py | 1 + .../FIN7/local_experiment_config.yaml | 59 +++++++++++-------- template.yaml | 51 ++++++++-------- 3 files changed, 58 insertions(+), 53 deletions(-) diff --git a/app/config_verifier.py b/app/config_verifier.py index edc3b26..1292892 100644 --- a/app/config_verifier.py +++ b/app/config_verifier.py @@ -54,6 +54,7 @@ class Attacker: machinepath: str os: OSEnum use_existing_machine: bool = False + playground: Optional[str] = None def has_key(self, keyname): if keyname in self.__dict__.keys(): diff --git a/plugins/default/adversary_emulations/FIN7/local_experiment_config.yaml b/plugins/default/adversary_emulations/FIN7/local_experiment_config.yaml index 051ce6e..8ddff78 100644 --- a/plugins/default/adversary_emulations/FIN7/local_experiment_config.yaml +++ b/plugins/default/adversary_emulations/FIN7/local_experiment_config.yaml @@ -11,14 +11,14 @@ caldera: attackers: ### # Configuration for the first attacker. One should normally be enough - attacker: + - name: attacker ### # Defining VM controller settings for this machine vm_controller: ### # Type of the VM controller, Options are "vagrant" - type: vagrant + vm_type: vagrant ### # # path where the vagrantfile is in vagrantfilepath: systems @@ -27,6 +27,8 @@ attackers: # Name of machine in Vagrantfile vm_name: attacker + nicknames: + ### # machinepath is a path where the machine specific files and logs are stored. Relative to the Vagrantfile path # and will be mounted internally as /vagrant/ @@ -45,10 +47,10 @@ attackers: # List of targets targets: - target2: + - name: target2 #root: systems/target1 vm_controller: - type: vagrant + vm_type: vagrant vagrantfilepath: systems ### @@ -100,22 +102,6 @@ targets: - weak_user_passwords - rdp_config_vul - -### -# General sensor config config -sensors: - ### - # Windows IDP plugin configuration - windows_idp: - ### - # Name of the dll to use. Must match AV version - # dll_name: aswidptestdll.dll - dll_name: aswidptestdll.dll_21_1_B - - ### - # Folder where the IDP tool is located - idp_tool_folder: C:\\capture - ### # General attack config attacks: @@ -123,18 +109,14 @@ attacks: # configure the seconds the system idles between the attacks. Makes it slower. But attack and defense logs will be simpler to match nap_time: 5 - -### -# Configuration for caldera -caldera_conf: ### # The obfuscator to use between the implant and the server. Not all obfuscators are supported by all implants. Existing obfuscators: # plain-text, base64, base64jumble, caesar, base64noPadding, steganography - obfuscator: plain-text + caldera_obfuscator: plain-text ### # Jitter settings for the implant. it is min/max seconds. The first number has to be smaller. Default is 4/8 - jitter: 4/8 + caldera_jitter: 4/8 @@ -149,6 +131,16 @@ plugin_based_attacks: windows: - fin7_1 +### +# A list of caldera attacks to run against the targets. +caldera_attacks: + ### + # Linux specific attacks. A list of caldera ability IDs + linux: + ### + # Windows specific attacks. A list of caldera ability IDs + windows: + ### # Configuration for the plugin based attack tools attack_conf: @@ -170,6 +162,21 @@ attack_conf: nmap: +### +# General sensor config config +sensor_conf: + ### + # Windows IDP plugin configuration + windows_idp: + ### + # Name of the dll to use. Must match AV version + # dll_name: aswidptestdll.dll + dll_name: aswidptestdll.dll_21_1_B + + ### + # Folder where the IDP tool is located + idp_tool_folder: C:\\capture + ### # Settings for the results being harvested results: diff --git a/template.yaml b/template.yaml index 5e1cf4c..e63344e 100644 --- a/template.yaml +++ b/template.yaml @@ -11,14 +11,14 @@ caldera: attackers: ### # Configuration for the first attacker. One should normally be enough - attacker: + - name: attacker ### # Defining VM controller settings for this machine vm_controller: ### # Type of the VM controller, Options are "vagrant" - type: vagrant + vm_type: vagrant ### # # path where the vagrantfile is in vagrantfilepath: systems @@ -51,9 +51,9 @@ attackers: targets: ### # Specific target - target1: + - name: target1 vm_controller: - type: vagrant + vm_type: vagrant vagrantfilepath: systems ### @@ -87,10 +87,10 @@ targets: sensors: # - linux_idp - target2: + - name: target2 #root: systems/target1 vm_controller: - type: vagrant + vm_type: vagrant vagrantfilepath: systems ### @@ -152,9 +152,9 @@ targets: # Ubuntu 20.10 (Groovy) - target3: + - name: target3 vm_controller: - type: vagrant + vm_type: vagrant vagrantfilepath: systems ### @@ -193,20 +193,6 @@ targets: - sshd_config_vul - weak_user_passwords -### -# General sensor config config -sensors: - ### - # Windows IDP plugin configuration - windows_idp: - ### - # Name of the dll to use. Must match AV version - dll_name: aswidptestdll.dll - - ### - # Folder where the IDP tool is located - idp_tool_folder: C:\\capture - ### # General attack config attacks: @@ -214,17 +200,14 @@ attacks: # configure the seconds the system idles between the attacks. Makes it slower. But attack and defense logs will be simpler to match nap_time: 5 -### -# Configuration for caldera -caldera_conf: ### # The obfuscator to use between the implant and the server. Not all obfuscators are supported by all implants. Existing obfuscators: # plain-text, base64, base64jumble, caesar, base64noPadding, steganography - obfuscator: plain-text + caldera_obfuscator: plain-text ### # Jitter settings for the implant. it is min/max seconds. The first number has to be smaller. Default is 4/8 - jitter: 4/8 + caldera_jitter: 4/8 ### # A list of caldera attacks to run against the targets. @@ -272,6 +255,20 @@ attack_conf: pwdfile: passwords.txt nmap: +### +# General sensor config config +sensor_conf: + ### + # Windows IDP plugin configuration + windows_idp: + ### + # Name of the dll to use. Must match AV version + dll_name: aswidptestdll.dll + + ### + # Folder where the IDP tool is located + idp_tool_folder: C:\\capture + ### # Settings for the results being harvested