#!/usr/bin/env python3 """ A class to control a whole experiment. From setting up the machines to running the attacks """ import glob import os import subprocess import time import zipfile from datetime import datetime from app.attack_log import AttackLog from app.config import ExperimentConfig from app.interface_sfx import CommandlineColors from caldera_control import CalderaControl from machine_control import Machine # TODO: Multi threading at least when starting machines class Experiment(): """ Class handling experiments """ def __init__(self, configfile): """ @param configfile: Path to the configfile to load """ self.attacker_1 = None self.experiment_control = ExperimentConfig(configfile) self.attack_logger = AttackLog() self.__start_attacker() self.starttime = datetime.now().strftime("%Y_%m_%d___%H_%M_%S") self.lootdir = os.path.join(self.experiment_control.loot_dir(), self.starttime) os.makedirs(self.lootdir) self.targets = [] # start target machines for target_conf in self.experiment_control.targets(): if not target_conf.is_active(): continue tname = target_conf.vmname() print(f"{CommandlineColors.OKBLUE}preparing target {tname} ....{CommandlineColors.ENDC}") target_1 = Machine(target_conf) target_1.set_caldera_server(self.attacker_1.getip()) try: if not target_conf.use_existing_machine(): target_1.destroy() except subprocess.CalledProcessError: # Maybe the machine just does not exist yet pass target_1.install_caldera_service() target_1.up() # TODO prime sensors here needs_reboot = target_1.prime_sensors() if needs_reboot: target_1.reboot() print(f"{CommandlineColors.OKGREEN}Target is up: {tname} {CommandlineColors.ENDC}") target_1.start_caldera_client() print(f"{CommandlineColors.OKGREEN}Initial start of caldera client: {tname} {CommandlineColors.ENDC}") self.targets.append(target_1) # TODO: Install vulnerabilities by plugin print(f"{CommandlineColors.OKBLUE}Contacting caldera agents on all targets ....{CommandlineColors.ENDC}") time.sleep(20) # Wait until all targets are registered as Caldera targets for target_1 in self.targets: caldera_url = "http://" + self.attacker_1.getip() + ":8888" caldera_control = CalderaControl(caldera_url, config=self.experiment_control) running_agents = [i["paw"] for i in caldera_control.list_agents()] while target_1.get_paw() not in running_agents: print(f"Connecting to caldera {caldera_url}, running agents are: {running_agents}") print(f"Missing agent: {target_1.get_paw()} ...") target_1.start_caldera_client() print(f"Restarted caldera agent: {target_1.get_paw()} ...") time.sleep(120) # Was 30, but maybe there are timing issues running_agents = [i["paw"] for i in caldera_control.list_agents()] print(f"{CommandlineColors.OKGREEN}Caldera agents reached{CommandlineColors.ENDC}") # Install vulnerabilities for a_target in self.targets: print(f"Installing vulnerabilities on {a_target.get_paw()}") a_target.install_vulnerabilities() a_target.start_vulnerabilities() # Install sensor plugins for a_target in self.targets: print(f"Installing sensors on {a_target.get_paw()}") a_target.install_sensors() a_target.start_sensors() # Attack them print(f"{CommandlineColors.OKBLUE}Running Caldera attacks{CommandlineColors.ENDC}") for target_1 in self.targets: # Run caldera attacks caldera_attacks = self.experiment_control.get_caldera_attacks(target_1.get_os()) if caldera_attacks: for attack in caldera_attacks: # TODO: Work with snapshots # TODO: If we have several targets in the same group, it is nonsense to attack each one separately. Make this smarter print(f"Attacking machine with PAW: {target_1.get_paw()}") caldera_control = CalderaControl("http://" + self.attacker_1.getip() + ":8888", config=self.experiment_control) caldera_control.attack(self.attack_logger, target_1.get_paw(), attack, target_1.get_group()) time.sleep(self.experiment_control.get_nap_time()) print(f"{CommandlineColors.OKGREEN}Finished Caldera attacks{CommandlineColors.ENDC}") # Run Kali attacks print(f"{CommandlineColors.OKBLUE}Running Kali attacks{CommandlineColors.ENDC}") for target_1 in self.targets: kali_attacks = self.experiment_control.get_kali_attacks(target_1.get_os()) for attack in kali_attacks: # TODO: Work with snapshots print(f"Attacking machine with PAW: {target_1.get_paw()} with attack: {attack}") self.attacker_1.kali_attack(attack, target_1.getip(), self.experiment_control) time.sleep(self.experiment_control.get_nap_time()) print(f"{CommandlineColors.OKGREEN}Finished Kali attacks{CommandlineColors.ENDC}") # Stop sensor plugins # Collect data for a_target in self.targets: a_target.stop_sensors() a_target.collect_sensors(self.lootdir) # Uninstall vulnerabilities for a_target in self.targets: print(f"Uninstalling vulnerabilities on {a_target.get_paw()}") a_target.stop_vulnerabilities() # TODO: Zip result dir # Stop target machines for target_1 in self.targets: target_1.halt() self.__stop_attacker() self.attack_logger.write_json(os.path.join(self.lootdir, "attack.json")) self.zip_loot() def zip_loot(self): """ Zip the loot together """ filename = os.path.join(self.lootdir, self.starttime + ".zip") globs = ["/**/*.json", "/**/*.proto", "/*/**/*.zip", ] print(f"Creating zip file {filename}") with zipfile.ZipFile(filename, "w") as zfh: for a_glob in globs: a_glob = self.lootdir + a_glob for a_file in glob.iglob(a_glob, recursive=True): if a_file != filename: print(a_file) zfh.write(a_file) @staticmethod def __get_results_files(root): """ Yields a list of potential result files @param root: Root dir of the machine to collect data from """ # TODO: Properly implement. Get proper root parameter total = [os.path.join(root, "logstash", "filebeat.json")] for a_file in total: if os.path.exists(a_file): yield a_file def __clean_result_files(self, root): """ Deletes result files @param root: Root dir of the machine to collect data from """ # TODO: Properly implement. Get proper root parameter for a_file in self.__get_results_files(root): os.remove(a_file) def __collect_loot(self, root): """ Collect results into loot dir @param root: Root dir of the machine to collect data from """ try: os.makedirs(os.path.abspath(self.experiment_control.loot_dir())) except FileExistsError: pass for a_file in self.__get_results_files(root): print("Copy {} {}".format(a_file, os.path.abspath(self.experiment_control.loot_dir()))) def __start_attacker(self): """ Start the attacking VM """ # Preparing attacker self.attacker_1 = Machine(self.experiment_control.attacker(0).raw_config) if not self.experiment_control.attacker(0).use_existing_machine(): try: self.attacker_1.destroy() except subprocess.CalledProcessError: # Machine does not exist pass self.attacker_1.create(reboot=False) self.attacker_1.up() self.attacker_1.install_caldera_server(cleanup=False) else: self.attacker_1.up() self.attacker_1.install_caldera_server(cleanup=False) self.attacker_1.start_caldera_server() self.attacker_1.set_attack_logger(self.attack_logger) def __stop_attacker(self): """ Stop the attacking VM """ self.attacker_1.halt()