mirror of https://github.com/avast/PurpleDome
Cleanup and adding a starter pack (hello_world, license, readme)
parent
cacaa1e221
commit
e7a3c3596f
@ -0,0 +1,21 @@
|
|||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright (c) 2021 Avast Software
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
||||||
|
of the Software, and to permit persons to whom the Software is furnished to do
|
||||||
|
so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.UT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
@ -0,0 +1,168 @@
|
|||||||
|
# A basic example config file running just one Caldera and one kali attack vs an Ubuntu target.
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
###
|
||||||
|
# Caldera configuration
|
||||||
|
caldera:
|
||||||
|
###
|
||||||
|
# API key for caldera. See caldera configuration. Default is ADMIN123
|
||||||
|
apikey: ADMIN123
|
||||||
|
|
||||||
|
###
|
||||||
|
# Attacks configuration
|
||||||
|
attackers:
|
||||||
|
###
|
||||||
|
# Configuration for the first attacker. One should normally be enough
|
||||||
|
- name: attacker
|
||||||
|
|
||||||
|
###
|
||||||
|
# Defining VM controller settings for this machine
|
||||||
|
vm_controller:
|
||||||
|
###
|
||||||
|
# Type of the VM controller, Options are "vagrant"
|
||||||
|
vm_type: vagrant
|
||||||
|
###
|
||||||
|
# # path where the vagrantfile is in
|
||||||
|
vagrantfilepath: systems
|
||||||
|
|
||||||
|
###
|
||||||
|
# Name of machine in Vagrantfile
|
||||||
|
vm_name: attacker
|
||||||
|
|
||||||
|
nicknames:
|
||||||
|
|
||||||
|
###
|
||||||
|
# machinepath is a path where the machine specific files and logs are stored. Relative to the Vagrantfile path
|
||||||
|
# and will be mounted internally as /vagrant/<name>
|
||||||
|
# If machinepath is not set PurpleDome will try "vm_name"
|
||||||
|
machinepath: attacker1
|
||||||
|
|
||||||
|
###
|
||||||
|
# OS of the VM guest. Options are so far "windows", "linux"
|
||||||
|
os: linux
|
||||||
|
|
||||||
|
###
|
||||||
|
# Do not destroy/create the machine: Set this to "yes".
|
||||||
|
use_existing_machine: yes
|
||||||
|
|
||||||
|
###
|
||||||
|
# List of targets
|
||||||
|
targets:
|
||||||
|
# Ubuntu 20.10 (Groovy)
|
||||||
|
- name: target3
|
||||||
|
vm_controller:
|
||||||
|
vm_type: vagrant
|
||||||
|
vagrantfilepath: systems
|
||||||
|
|
||||||
|
###
|
||||||
|
# simple switch if targets is used in attack simulation. Default is true. If set to false the machine will not be started
|
||||||
|
active: yes
|
||||||
|
|
||||||
|
vm_name: target3
|
||||||
|
|
||||||
|
nicknames:
|
||||||
|
|
||||||
|
os: linux
|
||||||
|
###
|
||||||
|
# Targets need a unique PAW name for caldera
|
||||||
|
paw: target3
|
||||||
|
###
|
||||||
|
# Targets need to be in a group for caldera
|
||||||
|
group: red_linux
|
||||||
|
|
||||||
|
machinepath: target3
|
||||||
|
# Do not destroy/create the machine: Set this to "yes".
|
||||||
|
use_existing_machine: no
|
||||||
|
|
||||||
|
###
|
||||||
|
# The folder all the implants will be installed into
|
||||||
|
playground: /home/vagrant
|
||||||
|
|
||||||
|
# Sensors to run on this machine
|
||||||
|
sensors:
|
||||||
|
# - linux_idp # it had issues. Fix them
|
||||||
|
- linux_filebeat
|
||||||
|
|
||||||
|
vulnerabilities:
|
||||||
|
- sshd_config_vul
|
||||||
|
- weak_user_passwords
|
||||||
|
|
||||||
|
###
|
||||||
|
# General sensor config config
|
||||||
|
sensor_conf:
|
||||||
|
|
||||||
|
###
|
||||||
|
# General attack config
|
||||||
|
attacks:
|
||||||
|
###
|
||||||
|
# configure the seconds the system idles between the attacks. Makes it slower. But attack and defense logs will be simpler to match
|
||||||
|
nap_time: 5
|
||||||
|
|
||||||
|
###
|
||||||
|
# The obfuscator to use between the implant and the server. Not all obfuscators are supported by all implants. Existing obfuscators:
|
||||||
|
# plain-text, base64, base64jumble, caesar, base64noPadding, steganography
|
||||||
|
caldera_obfuscator: plain-text
|
||||||
|
|
||||||
|
###
|
||||||
|
# Jitter settings for the implant. it is min/max seconds. The first number has to be smaller. Default is 4/8
|
||||||
|
caldera_jitter: 4/8
|
||||||
|
|
||||||
|
|
||||||
|
###
|
||||||
|
# A list of caldera attacks to run against the targets.
|
||||||
|
caldera_attacks:
|
||||||
|
###
|
||||||
|
# Linux specific attacks. A list of caldera ability IDs
|
||||||
|
linux:
|
||||||
|
# Name: Current User
|
||||||
|
# Technique name: System Owner/User Discovery
|
||||||
|
# Tactic: discovery
|
||||||
|
# Description: Obtain user from current session
|
||||||
|
# ID: T1033
|
||||||
|
- "bd527b63-9f9e-46e0-9816-b8434d2b8989"
|
||||||
|
|
||||||
|
|
||||||
|
###
|
||||||
|
# Windows specific attacks. A list of caldera ability IDs
|
||||||
|
windows:
|
||||||
|
|
||||||
|
|
||||||
|
###
|
||||||
|
# Plugin based attacks. Will result in plugins being called
|
||||||
|
plugin_based_attacks:
|
||||||
|
###
|
||||||
|
# Linux specific attacks, a list
|
||||||
|
linux:
|
||||||
|
- hydra
|
||||||
|
|
||||||
|
###
|
||||||
|
# Windows specific attacks, a list
|
||||||
|
windows:
|
||||||
|
|
||||||
|
###
|
||||||
|
# Configuration for the plugin based attack tools
|
||||||
|
attack_conf:
|
||||||
|
###
|
||||||
|
# Hydra configuration
|
||||||
|
hydra:
|
||||||
|
###
|
||||||
|
# A list of protocols to brute force against. Supported: "ssh"
|
||||||
|
protocols:
|
||||||
|
- ssh
|
||||||
|
|
||||||
|
###
|
||||||
|
# A file containing potential user names
|
||||||
|
userfile: users.txt
|
||||||
|
###
|
||||||
|
# A file containing potential passwords
|
||||||
|
pwdfile: passwords.txt
|
||||||
|
nmap:
|
||||||
|
|
||||||
|
|
||||||
|
###
|
||||||
|
# Settings for the results being harvested
|
||||||
|
results:
|
||||||
|
###
|
||||||
|
# The directory the loot will be in
|
||||||
|
loot_dir: loot
|
Loading…
Reference in New Issue