forked from p15670423/monkey
Merge pull request #2284 from guardicore/2216-relay-bb-tests
2216 relay bb tests
This commit is contained in:
commit
e56d4c0ac7
|
@ -11,6 +11,7 @@ GCP_TEST_MACHINE_LIST = {
|
||||||
"tunneling-10",
|
"tunneling-10",
|
||||||
"tunneling-11",
|
"tunneling-11",
|
||||||
"tunneling-12",
|
"tunneling-12",
|
||||||
|
"tunneling-13",
|
||||||
"zerologon-25",
|
"zerologon-25",
|
||||||
],
|
],
|
||||||
"europe-west1-b": [
|
"europe-west1-b": [
|
||||||
|
@ -52,7 +53,6 @@ DEPTH_3_A = {
|
||||||
"tunneling-9",
|
"tunneling-9",
|
||||||
"tunneling-10",
|
"tunneling-10",
|
||||||
"tunneling-11",
|
"tunneling-11",
|
||||||
"tunneling-12",
|
|
||||||
"mimikatz-15",
|
"mimikatz-15",
|
||||||
],
|
],
|
||||||
"europe-west1-b": [
|
"europe-west1-b": [
|
||||||
|
@ -63,6 +63,16 @@ DEPTH_3_A = {
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DEPTH_4_A = {
|
||||||
|
"europe-west1-b": [
|
||||||
|
"tunneling-9",
|
||||||
|
"tunneling-10",
|
||||||
|
"tunneling-12",
|
||||||
|
"tunneling-13",
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
POWERSHELL_EXPLOITER_REUSE = {
|
POWERSHELL_EXPLOITER_REUSE = {
|
||||||
"europe-west1-b": [
|
"europe-west1-b": [
|
||||||
"powershell-3-46",
|
"powershell-3-46",
|
||||||
|
@ -88,6 +98,7 @@ GCP_SINGLE_TEST_LIST = {
|
||||||
"test_depth_2_a": DEPTH_2_A,
|
"test_depth_2_a": DEPTH_2_A,
|
||||||
"test_depth_1_a": DEPTH_1_A,
|
"test_depth_1_a": DEPTH_1_A,
|
||||||
"test_depth_3_a": DEPTH_3_A,
|
"test_depth_3_a": DEPTH_3_A,
|
||||||
|
"test_depth_4_a": DEPTH_4_A,
|
||||||
"test_powershell_exploiter_credentials_reuse": POWERSHELL_EXPLOITER_REUSE,
|
"test_powershell_exploiter_credentials_reuse": POWERSHELL_EXPLOITER_REUSE,
|
||||||
"test_zerologon_exploiter": ZEROLOGON,
|
"test_zerologon_exploiter": ZEROLOGON,
|
||||||
"test_wmi_and_mimikatz_exploiters": WMI_AND_MIMIKATZ,
|
"test_wmi_and_mimikatz_exploiters": WMI_AND_MIMIKATZ,
|
||||||
|
|
|
@ -18,6 +18,7 @@ from envs.monkey_zoo.blackbox.test_configurations import (
|
||||||
wmi_mimikatz_test_configuration,
|
wmi_mimikatz_test_configuration,
|
||||||
zerologon_test_configuration,
|
zerologon_test_configuration,
|
||||||
)
|
)
|
||||||
|
from envs.monkey_zoo.blackbox.test_configurations.depth_4_a import depth_4_a_test_configuration
|
||||||
from envs.monkey_zoo.blackbox.test_configurations.test_configuration import TestConfiguration
|
from envs.monkey_zoo.blackbox.test_configurations.test_configuration import TestConfiguration
|
||||||
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
|
||||||
from envs.monkey_zoo.blackbox.utils.gcp_machine_handlers import (
|
from envs.monkey_zoo.blackbox.utils.gcp_machine_handlers import (
|
||||||
|
@ -123,6 +124,11 @@ class TestMonkeyBlackbox:
|
||||||
island_client, depth_3_a_test_configuration, "Depth3A test suite"
|
island_client, depth_3_a_test_configuration, "Depth3A test suite"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_depth_4_a(self, island_client):
|
||||||
|
TestMonkeyBlackbox.run_exploitation_test(
|
||||||
|
island_client, depth_4_a_test_configuration, "Depth4A test suite"
|
||||||
|
)
|
||||||
|
|
||||||
# Not grouped because can only be ran on windows
|
# Not grouped because can only be ran on windows
|
||||||
@pytest.mark.skip_powershell_reuse
|
@pytest.mark.skip_powershell_reuse
|
||||||
def test_powershell_exploiter_credentials_reuse(self, island_client):
|
def test_powershell_exploiter_credentials_reuse(self, island_client):
|
||||||
|
|
|
@ -16,7 +16,7 @@ from .utils import (
|
||||||
|
|
||||||
# Tests:
|
# Tests:
|
||||||
# Powershell (10.2.3.45, 10.2.3.46, 10.2.3.47, 10.2.3.48)
|
# Powershell (10.2.3.45, 10.2.3.46, 10.2.3.47, 10.2.3.48)
|
||||||
# Tunneling (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.12, 10.2.0.11)
|
# Tunneling through grandparent agent (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.11)
|
||||||
# WMI pass the hash (10.2.2.15)
|
# WMI pass the hash (10.2.2.15)
|
||||||
|
|
||||||
|
|
||||||
|
@ -38,7 +38,6 @@ def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration:
|
||||||
"10.2.3.47",
|
"10.2.3.47",
|
||||||
"10.2.3.48",
|
"10.2.3.48",
|
||||||
"10.2.1.10",
|
"10.2.1.10",
|
||||||
"10.2.0.12",
|
|
||||||
"10.2.0.11",
|
"10.2.0.11",
|
||||||
"10.2.2.15",
|
"10.2.2.15",
|
||||||
]
|
]
|
||||||
|
@ -62,7 +61,6 @@ CREDENTIALS = (
|
||||||
Credentials(None, Password("Passw0rd!")),
|
Credentials(None, Password("Passw0rd!")),
|
||||||
Credentials(None, Password("3Q=(Ge(+&w]*")),
|
Credentials(None, Password("3Q=(Ge(+&w]*")),
|
||||||
Credentials(None, Password("`))jU7L(w}")),
|
Credentials(None, Password("`))jU7L(w}")),
|
||||||
Credentials(None, Password("t67TC5ZDmz")),
|
|
||||||
Credentials(None, NTHash("d0f0132b308a0c4e5d1029cc06f48692")),
|
Credentials(None, NTHash("d0f0132b308a0c4e5d1029cc06f48692")),
|
||||||
Credentials(None, NTHash("5da0889ea2081aa79f6852294cba4a5e")),
|
Credentials(None, NTHash("5da0889ea2081aa79f6852294cba4a5e")),
|
||||||
Credentials(None, NTHash("50c9987a6bf1ac59398df9f911122c9b")),
|
Credentials(None, NTHash("50c9987a6bf1ac59398df9f911122c9b")),
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
import dataclasses
|
||||||
|
|
||||||
|
from common.agent_configuration import AgentConfiguration, PluginConfiguration
|
||||||
|
from common.credentials import Credentials, Password, Username
|
||||||
|
|
||||||
|
from .noop import noop_test_configuration
|
||||||
|
from .utils import (
|
||||||
|
add_exploiters,
|
||||||
|
add_subnets,
|
||||||
|
add_tcp_ports,
|
||||||
|
replace_agent_configuration,
|
||||||
|
replace_propagation_credentials,
|
||||||
|
set_keep_tunnel_open_time,
|
||||||
|
set_maximum_depth,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Tests:
|
||||||
|
# Tunneling (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.12, 10.2.0.13)
|
||||||
|
|
||||||
|
|
||||||
|
def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration:
|
||||||
|
brute_force = [
|
||||||
|
PluginConfiguration(name="SSHExploiter", options={}),
|
||||||
|
PluginConfiguration(name="WmiExploiter", options={"smb_download_timeout": 30}),
|
||||||
|
]
|
||||||
|
|
||||||
|
return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[])
|
||||||
|
|
||||||
|
|
||||||
|
def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration:
|
||||||
|
subnets = [
|
||||||
|
"10.2.2.9",
|
||||||
|
"10.2.1.10",
|
||||||
|
"10.2.0.12",
|
||||||
|
"10.2.2.13",
|
||||||
|
]
|
||||||
|
return add_subnets(agent_configuration, subnets)
|
||||||
|
|
||||||
|
|
||||||
|
def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration:
|
||||||
|
ports = [22, 135, 5985, 5986]
|
||||||
|
return add_tcp_ports(agent_configuration, ports)
|
||||||
|
|
||||||
|
|
||||||
|
test_agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 4)
|
||||||
|
test_agent_configuration = set_keep_tunnel_open_time(test_agent_configuration, 20)
|
||||||
|
test_agent_configuration = _add_exploiters(test_agent_configuration)
|
||||||
|
test_agent_configuration = _add_subnets(test_agent_configuration)
|
||||||
|
test_agent_configuration = _add_tcp_ports(test_agent_configuration)
|
||||||
|
|
||||||
|
CREDENTIALS = (
|
||||||
|
Credentials(Username("m0nk3y"), None),
|
||||||
|
Credentials(None, Password("3Q=(Ge(+&w]*")),
|
||||||
|
Credentials(None, Password("`))jU7L(w}")),
|
||||||
|
Credentials(None, Password("prM2qsroTI")),
|
||||||
|
Credentials(None, Password("t67TC5ZDmz")),
|
||||||
|
)
|
||||||
|
|
||||||
|
depth_4_a_test_configuration = dataclasses.replace(noop_test_configuration)
|
||||||
|
replace_agent_configuration(
|
||||||
|
test_configuration=depth_4_a_test_configuration, agent_configuration=test_agent_configuration
|
||||||
|
)
|
||||||
|
replace_propagation_credentials(
|
||||||
|
test_configuration=depth_4_a_test_configuration, propagation_credentials=CREDENTIALS
|
||||||
|
)
|
|
@ -303,7 +303,7 @@ Update all requirements using deployment script:<br>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="even">
|
<tr class="even">
|
||||||
<td>Root password:</td>
|
<td>Root password:</td>
|
||||||
<td>3Q=(Ge(+&w]*</td>
|
<td>3Q=(Ge(+&w]*</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="odd">
|
<tr class="odd">
|
||||||
<td>Server’s config:</td>
|
<td>Server’s config:</td>
|
||||||
|
@ -343,7 +343,10 @@ Update all requirements using deployment script:<br>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="odd">
|
<tr class="odd">
|
||||||
<td>Server’s config:</td>
|
<td>Server’s config:</td>
|
||||||
<td>Default</td>
|
<td>Contains firewall rules to block everything from 10.2.1.10 except ssh.
|
||||||
|
This prevents tunneling communication, but allows ssh exploitation.
|
||||||
|
Contains firewall rules to allow everything from 10.2.1.9 except ssh.
|
||||||
|
This prevents ssh exploitation, but allows tunneling.</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="even">
|
<tr class="even">
|
||||||
<td>Notes:</td>
|
<td>Notes:</td>
|
||||||
|
@ -384,6 +387,38 @@ Update all requirements using deployment script:<br>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
<table>
|
||||||
|
<thead>
|
||||||
|
<tr class="header">
|
||||||
|
<th><p><span id="_Toc536021463" class="anchor"></span>Nr. <strong>13</strong> Tunneling M5</p>
|
||||||
|
<p>(10.2.0.13)</p></th>
|
||||||
|
<th>(Exploitable)</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr class="odd">
|
||||||
|
<td>OS:</td>
|
||||||
|
<td><strong>Ubuntu 18 x64</strong></td>
|
||||||
|
</tr>
|
||||||
|
<tr class="odd">
|
||||||
|
<td>Default service’s port:</td>
|
||||||
|
<td>22</td>
|
||||||
|
</tr>
|
||||||
|
<tr class="even">
|
||||||
|
<td>Root password:</td>
|
||||||
|
<td>prM2qsroTI</td>
|
||||||
|
</tr>
|
||||||
|
<tr class="odd">
|
||||||
|
<td>Server’s config:</td>
|
||||||
|
<td>Configured to disable traffic from/to 10.2.0.10 and 10.2.0.11(via ufw and iptables)</td>
|
||||||
|
</tr>
|
||||||
|
<tr class="even">
|
||||||
|
<td>Notes:</td>
|
||||||
|
<td>Accessible only through Nr.12</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
|
||||||
<table>
|
<table>
|
||||||
<thead>
|
<thead>
|
||||||
<tr class="header">
|
<tr class="header">
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 22 KiB |
|
@ -0,0 +1 @@
|
||||||
|
<mxfile host="app.diagrams.net" modified="2022-09-09T14:43:18.604Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" etag="hR7zJg_PJGBkx010pojR" version="20.3.0" type="device"><diagram id="UsVsRtHn_Xg_yxI8nRbj" name="Page-1">7VrbbuM2EP0aP9aQRN38uLHsTYEtGiAo0jwFjMSV2KVEg6J86deXtEhbF1eWW9tSsEHyYM6MJHLOOcPRZQLm6fYrg6vkNxohMrGMaDsBwcSyTNuyJvLfiHalxZvZpSFmOFJBR8Mz/hspo6GsBY5QXgvklBKOV3VjSLMMhbxmg4zRTT3sOyX1q65gjFqG5xCStvUFRzwprb5jHO2PCMeJvrJpKE8KdbAy5AmM6KZiAosJmDNKefkr3c4RkcnTeSmPW/6L9zAxhjLe5wAneCPB79/gSxC+PT4t053Jlr94am58pxeMIrF+NaSMJzSmGSSLo/WB0SKLkDyrIUbHmG+UroTRFMa/EOc7BSYsOBWmhKdEedszV4vJacFC1DFdzQDIYsQ74hTp5FoqF1B5+YpoijjbiQCGCOR4XccaKsrEhzh16BfG4K4SsKI443nlzE/SIAIU+w/QK+6bbgOhy+LFj3IGelRZytG0R/0CBqhFryEpVBp+zQnMohYx6rBvEszR8wru4doI7feEeI0YR9tOUJTXbyRDS25zlOFBbElFgvq4UzBWUnl5pvyPpRWrp1bMUWpFbwB9tdKIv41WZkMwQADPdn+q4/eDVzmYWo4eB9uqN9ip0e2pA0ZBHdCsFF43dc7E34Y6VqvM8kJ0LARnsaSVS0SeH96Z+BXzPXZNiykQF38nYvcec9om570rtuWOrWTrLvKj1GzQU3j2KIRnzxp4n6nZZ+Jv1N9YP0nR7ssdZ5Tc0TXgWlwIXsHzDIePThy8sMfiD7i0uG51hqgGjXTfFmJrEESNBqLGmWrQHX+bagA6tmFZjXruw+b0VPDeZUxPbDr33olte3Q78YDa+y9Ssy+R2jWr6f/Kst1Fb/MSep8I1vRuIzk4vb2h2Q2GbTIqfcVr1Xn1JsPpKYtx3BnarlPjCbhLw2n/JA1nXy64o+CC12w3/O725Ez8bbjjdNVvq3f9FkW6fddz7yLtNB6zHJ4ODFelnY/Vg7g9BTaOOzrPrOMNzjwNOBN/G4G5XQIDlwisvePfW2CePTqBea30trKU/0A8TFSS9pxCbLFGklplZg7vSWVABPPkkNJK+nLO6A80p4QyYcloJqX6HROiTRMLBEt/bov8PRD4jsgTzTHHNBO+EMmLCofMNQ6FlhsB75RzmlYCvhAcSweXmn+AanQ4Dy24YJCYjn4HbZTrWMk1p9tYvhqfrhGCqTUVgcX2ShW2+b5w1iYAsNv4a9v18fc/8b8j/qBZAMyh8Z994j+g/r2B4dfT+YT/LvD7DfiB4Q6Mf/tbkjb+14J3sfSXljkueKdp/rbBWbT/6uwaELuNN6rAakvcPtHhgdnUvxhkMTx+jVY23Mdv+sDiHw==</diagram></mxfile>
|
|
@ -23,6 +23,10 @@ data "google_compute_image" "tunneling-12" {
|
||||||
name = "tunneling-12"
|
name = "tunneling-12"
|
||||||
project = local.monkeyzoo_project
|
project = local.monkeyzoo_project
|
||||||
}
|
}
|
||||||
|
data "google_compute_image" "tunneling-13" {
|
||||||
|
name = "tunneling-13"
|
||||||
|
project = local.monkeyzoo_project
|
||||||
|
}
|
||||||
data "google_compute_image" "sshkeys-11" {
|
data "google_compute_image" "sshkeys-11" {
|
||||||
name = "sshkeys-11"
|
name = "sshkeys-11"
|
||||||
project = local.monkeyzoo_project
|
project = local.monkeyzoo_project
|
||||||
|
|
|
@ -127,6 +127,10 @@ resource "google_compute_instance_from_template" "tunneling-11" {
|
||||||
subnetwork="${local.resource_prefix}tunneling2-main"
|
subnetwork="${local.resource_prefix}tunneling2-main"
|
||||||
network_ip="10.2.0.11"
|
network_ip="10.2.0.11"
|
||||||
}
|
}
|
||||||
|
network_interface{
|
||||||
|
subnetwork="${local.resource_prefix}tunneling-main"
|
||||||
|
network_ip="10.2.1.11"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_instance_from_template" "tunneling-12" {
|
resource "google_compute_instance_from_template" "tunneling-12" {
|
||||||
|
@ -144,6 +148,21 @@ resource "google_compute_instance_from_template" "tunneling-12" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance_from_template" "tunneling-13" {
|
||||||
|
name = "${local.resource_prefix}tunneling-13"
|
||||||
|
source_instance_template = local.default_ubuntu
|
||||||
|
boot_disk{
|
||||||
|
initialize_params {
|
||||||
|
image = data.google_compute_image.tunneling-13.self_link
|
||||||
|
}
|
||||||
|
auto_delete = true
|
||||||
|
}
|
||||||
|
network_interface{
|
||||||
|
subnetwork="${local.resource_prefix}tunneling2-main"
|
||||||
|
network_ip="10.2.0.13"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
resource "google_compute_instance_from_template" "sshkeys-11" {
|
resource "google_compute_instance_from_template" "sshkeys-11" {
|
||||||
name = "${local.resource_prefix}sshkeys-11"
|
name = "${local.resource_prefix}sshkeys-11"
|
||||||
source_instance_template = local.default_ubuntu
|
source_instance_template = local.default_ubuntu
|
||||||
|
|
Loading…
Reference in New Issue