|
|
|
@ -11,14 +11,14 @@ caldera:
|
|
|
|
attackers:
|
|
|
|
attackers:
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# Configuration for the first attacker. One should normally be enough
|
|
|
|
# Configuration for the first attacker. One should normally be enough
|
|
|
|
attacker:
|
|
|
|
- name: attacker
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# Defining VM controller settings for this machine
|
|
|
|
# Defining VM controller settings for this machine
|
|
|
|
vm_controller:
|
|
|
|
vm_controller:
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# Type of the VM controller, Options are "vagrant"
|
|
|
|
# Type of the VM controller, Options are "vagrant"
|
|
|
|
type: vagrant
|
|
|
|
vm_type: vagrant
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# # path where the vagrantfile is in
|
|
|
|
# # path where the vagrantfile is in
|
|
|
|
vagrantfilepath: systems
|
|
|
|
vagrantfilepath: systems
|
|
|
|
@ -27,6 +27,8 @@ attackers:
|
|
|
|
# Name of machine in Vagrantfile
|
|
|
|
# Name of machine in Vagrantfile
|
|
|
|
vm_name: attacker
|
|
|
|
vm_name: attacker
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
nicknames:
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# machinepath is a path where the machine specific files and logs are stored. Relative to the Vagrantfile path
|
|
|
|
# machinepath is a path where the machine specific files and logs are stored. Relative to the Vagrantfile path
|
|
|
|
# and will be mounted internally as /vagrant/<name>
|
|
|
|
# and will be mounted internally as /vagrant/<name>
|
|
|
|
@ -45,10 +47,10 @@ attackers:
|
|
|
|
# List of targets
|
|
|
|
# List of targets
|
|
|
|
targets:
|
|
|
|
targets:
|
|
|
|
|
|
|
|
|
|
|
|
target2:
|
|
|
|
- name: target2
|
|
|
|
#root: systems/target1
|
|
|
|
#root: systems/target1
|
|
|
|
vm_controller:
|
|
|
|
vm_controller:
|
|
|
|
type: vagrant
|
|
|
|
vm_type: vagrant
|
|
|
|
vagrantfilepath: systems
|
|
|
|
vagrantfilepath: systems
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
###
|
|
|
|
@ -100,22 +102,6 @@ targets:
|
|
|
|
- weak_user_passwords
|
|
|
|
- weak_user_passwords
|
|
|
|
- rdp_config_vul
|
|
|
|
- rdp_config_vul
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# General sensor config config
|
|
|
|
|
|
|
|
sensors:
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# Windows IDP plugin configuration
|
|
|
|
|
|
|
|
windows_idp:
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# Name of the dll to use. Must match AV version
|
|
|
|
|
|
|
|
# dll_name: aswidptestdll.dll
|
|
|
|
|
|
|
|
dll_name: aswidptestdll.dll_21_1_B
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# Folder where the IDP tool is located
|
|
|
|
|
|
|
|
idp_tool_folder: C:\\capture
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# General attack config
|
|
|
|
# General attack config
|
|
|
|
attacks:
|
|
|
|
attacks:
|
|
|
|
@ -123,18 +109,14 @@ attacks:
|
|
|
|
# configure the seconds the system idles between the attacks. Makes it slower. But attack and defense logs will be simpler to match
|
|
|
|
# configure the seconds the system idles between the attacks. Makes it slower. But attack and defense logs will be simpler to match
|
|
|
|
nap_time: 5
|
|
|
|
nap_time: 5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# Configuration for caldera
|
|
|
|
|
|
|
|
caldera_conf:
|
|
|
|
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# The obfuscator to use between the implant and the server. Not all obfuscators are supported by all implants. Existing obfuscators:
|
|
|
|
# The obfuscator to use between the implant and the server. Not all obfuscators are supported by all implants. Existing obfuscators:
|
|
|
|
# plain-text, base64, base64jumble, caesar, base64noPadding, steganography
|
|
|
|
# plain-text, base64, base64jumble, caesar, base64noPadding, steganography
|
|
|
|
obfuscator: plain-text
|
|
|
|
caldera_obfuscator: plain-text
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# Jitter settings for the implant. it is min/max seconds. The first number has to be smaller. Default is 4/8
|
|
|
|
# Jitter settings for the implant. it is min/max seconds. The first number has to be smaller. Default is 4/8
|
|
|
|
jitter: 4/8
|
|
|
|
caldera_jitter: 4/8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -149,6 +131,16 @@ plugin_based_attacks:
|
|
|
|
windows:
|
|
|
|
windows:
|
|
|
|
- fin7_1
|
|
|
|
- fin7_1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# A list of caldera attacks to run against the targets.
|
|
|
|
|
|
|
|
caldera_attacks:
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# Linux specific attacks. A list of caldera ability IDs
|
|
|
|
|
|
|
|
linux:
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# Windows specific attacks. A list of caldera ability IDs
|
|
|
|
|
|
|
|
windows:
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# Configuration for the plugin based attack tools
|
|
|
|
# Configuration for the plugin based attack tools
|
|
|
|
attack_conf:
|
|
|
|
attack_conf:
|
|
|
|
@ -170,6 +162,21 @@ attack_conf:
|
|
|
|
nmap:
|
|
|
|
nmap:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# General sensor config config
|
|
|
|
|
|
|
|
sensor_conf:
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# Windows IDP plugin configuration
|
|
|
|
|
|
|
|
windows_idp:
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# Name of the dll to use. Must match AV version
|
|
|
|
|
|
|
|
# dll_name: aswidptestdll.dll
|
|
|
|
|
|
|
|
dll_name: aswidptestdll.dll_21_1_B
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
|
|
|
# Folder where the IDP tool is located
|
|
|
|
|
|
|
|
idp_tool_folder: C:\\capture
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
###
|
|
|
|
# Settings for the results being harvested
|
|
|
|
# Settings for the results being harvested
|
|
|
|
results:
|
|
|
|
results:
|
|
|
|
|
Thorsten Sick
3 years ago