Merge pull request #2284 from guardicore/2216-relay-bb-tests

2216 relay bb tests
This commit is contained in:
Mike Salvatore 2022-09-14 06:56:42 -04:00 committed by GitHub
commit e56d4c0ac7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 145 additions and 6 deletions

View File

@ -11,6 +11,7 @@ GCP_TEST_MACHINE_LIST = {
"tunneling-10", "tunneling-10",
"tunneling-11", "tunneling-11",
"tunneling-12", "tunneling-12",
"tunneling-13",
"zerologon-25", "zerologon-25",
], ],
"europe-west1-b": [ "europe-west1-b": [
@ -52,7 +53,6 @@ DEPTH_3_A = {
"tunneling-9", "tunneling-9",
"tunneling-10", "tunneling-10",
"tunneling-11", "tunneling-11",
"tunneling-12",
"mimikatz-15", "mimikatz-15",
], ],
"europe-west1-b": [ "europe-west1-b": [
@ -63,6 +63,16 @@ DEPTH_3_A = {
], ],
} }
DEPTH_4_A = {
"europe-west1-b": [
"tunneling-9",
"tunneling-10",
"tunneling-12",
"tunneling-13",
],
}
POWERSHELL_EXPLOITER_REUSE = { POWERSHELL_EXPLOITER_REUSE = {
"europe-west1-b": [ "europe-west1-b": [
"powershell-3-46", "powershell-3-46",
@ -88,6 +98,7 @@ GCP_SINGLE_TEST_LIST = {
"test_depth_2_a": DEPTH_2_A, "test_depth_2_a": DEPTH_2_A,
"test_depth_1_a": DEPTH_1_A, "test_depth_1_a": DEPTH_1_A,
"test_depth_3_a": DEPTH_3_A, "test_depth_3_a": DEPTH_3_A,
"test_depth_4_a": DEPTH_4_A,
"test_powershell_exploiter_credentials_reuse": POWERSHELL_EXPLOITER_REUSE, "test_powershell_exploiter_credentials_reuse": POWERSHELL_EXPLOITER_REUSE,
"test_zerologon_exploiter": ZEROLOGON, "test_zerologon_exploiter": ZEROLOGON,
"test_wmi_and_mimikatz_exploiters": WMI_AND_MIMIKATZ, "test_wmi_and_mimikatz_exploiters": WMI_AND_MIMIKATZ,

View File

@ -18,6 +18,7 @@ from envs.monkey_zoo.blackbox.test_configurations import (
wmi_mimikatz_test_configuration, wmi_mimikatz_test_configuration,
zerologon_test_configuration, zerologon_test_configuration,
) )
from envs.monkey_zoo.blackbox.test_configurations.depth_4_a import depth_4_a_test_configuration
from envs.monkey_zoo.blackbox.test_configurations.test_configuration import TestConfiguration from envs.monkey_zoo.blackbox.test_configurations.test_configuration import TestConfiguration
from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
from envs.monkey_zoo.blackbox.utils.gcp_machine_handlers import ( from envs.monkey_zoo.blackbox.utils.gcp_machine_handlers import (
@ -123,6 +124,11 @@ class TestMonkeyBlackbox:
island_client, depth_3_a_test_configuration, "Depth3A test suite" island_client, depth_3_a_test_configuration, "Depth3A test suite"
) )
def test_depth_4_a(self, island_client):
TestMonkeyBlackbox.run_exploitation_test(
island_client, depth_4_a_test_configuration, "Depth4A test suite"
)
# Not grouped because can only be ran on windows # Not grouped because can only be ran on windows
@pytest.mark.skip_powershell_reuse @pytest.mark.skip_powershell_reuse
def test_powershell_exploiter_credentials_reuse(self, island_client): def test_powershell_exploiter_credentials_reuse(self, island_client):

View File

@ -16,7 +16,7 @@ from .utils import (
# Tests: # Tests:
# Powershell (10.2.3.45, 10.2.3.46, 10.2.3.47, 10.2.3.48) # Powershell (10.2.3.45, 10.2.3.46, 10.2.3.47, 10.2.3.48)
# Tunneling (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.12, 10.2.0.11) # Tunneling through grandparent agent (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.11)
# WMI pass the hash (10.2.2.15) # WMI pass the hash (10.2.2.15)
@ -38,7 +38,6 @@ def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration:
"10.2.3.47", "10.2.3.47",
"10.2.3.48", "10.2.3.48",
"10.2.1.10", "10.2.1.10",
"10.2.0.12",
"10.2.0.11", "10.2.0.11",
"10.2.2.15", "10.2.2.15",
] ]
@ -62,7 +61,6 @@ CREDENTIALS = (
Credentials(None, Password("Passw0rd!")), Credentials(None, Password("Passw0rd!")),
Credentials(None, Password("3Q=(Ge(+&w]*")), Credentials(None, Password("3Q=(Ge(+&w]*")),
Credentials(None, Password("`))jU7L(w}")), Credentials(None, Password("`))jU7L(w}")),
Credentials(None, Password("t67TC5ZDmz")),
Credentials(None, NTHash("d0f0132b308a0c4e5d1029cc06f48692")), Credentials(None, NTHash("d0f0132b308a0c4e5d1029cc06f48692")),
Credentials(None, NTHash("5da0889ea2081aa79f6852294cba4a5e")), Credentials(None, NTHash("5da0889ea2081aa79f6852294cba4a5e")),
Credentials(None, NTHash("50c9987a6bf1ac59398df9f911122c9b")), Credentials(None, NTHash("50c9987a6bf1ac59398df9f911122c9b")),

View File

@ -0,0 +1,65 @@
import dataclasses
from common.agent_configuration import AgentConfiguration, PluginConfiguration
from common.credentials import Credentials, Password, Username
from .noop import noop_test_configuration
from .utils import (
add_exploiters,
add_subnets,
add_tcp_ports,
replace_agent_configuration,
replace_propagation_credentials,
set_keep_tunnel_open_time,
set_maximum_depth,
)
# Tests:
# Tunneling (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.12, 10.2.0.13)
def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration:
brute_force = [
PluginConfiguration(name="SSHExploiter", options={}),
PluginConfiguration(name="WmiExploiter", options={"smb_download_timeout": 30}),
]
return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[])
def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration:
subnets = [
"10.2.2.9",
"10.2.1.10",
"10.2.0.12",
"10.2.2.13",
]
return add_subnets(agent_configuration, subnets)
def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration:
ports = [22, 135, 5985, 5986]
return add_tcp_ports(agent_configuration, ports)
test_agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 4)
test_agent_configuration = set_keep_tunnel_open_time(test_agent_configuration, 20)
test_agent_configuration = _add_exploiters(test_agent_configuration)
test_agent_configuration = _add_subnets(test_agent_configuration)
test_agent_configuration = _add_tcp_ports(test_agent_configuration)
CREDENTIALS = (
Credentials(Username("m0nk3y"), None),
Credentials(None, Password("3Q=(Ge(+&w]*")),
Credentials(None, Password("`))jU7L(w}")),
Credentials(None, Password("prM2qsroTI")),
Credentials(None, Password("t67TC5ZDmz")),
)
depth_4_a_test_configuration = dataclasses.replace(noop_test_configuration)
replace_agent_configuration(
test_configuration=depth_4_a_test_configuration, agent_configuration=test_agent_configuration
)
replace_propagation_credentials(
test_configuration=depth_4_a_test_configuration, propagation_credentials=CREDENTIALS
)

View File

@ -303,7 +303,7 @@ Update all requirements using deployment script:<br>
</tr> </tr>
<tr class="even"> <tr class="even">
<td>Root password:</td> <td>Root password:</td>
<td>3Q=(Ge(+&amp;w]*</td> <td>3Q=(Ge(+&w]*</td>
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td>Servers config:</td> <td>Servers config:</td>
@ -343,7 +343,10 @@ Update all requirements using deployment script:<br>
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td>Servers config:</td> <td>Servers config:</td>
<td>Default</td> <td>Contains firewall rules to block everything from 10.2.1.10 except ssh.
This prevents tunneling communication, but allows ssh exploitation.
Contains firewall rules to allow everything from 10.2.1.9 except ssh.
This prevents ssh exploitation, but allows tunneling.</td>
</tr> </tr>
<tr class="even"> <tr class="even">
<td>Notes:</td> <td>Notes:</td>
@ -384,6 +387,38 @@ Update all requirements using deployment script:<br>
</tbody> </tbody>
</table> </table>
<table>
<thead>
<tr class="header">
<th><p><span id="_Toc536021463" class="anchor"></span>Nr. <strong>13</strong> Tunneling M5</p>
<p>(10.2.0.13)</p></th>
<th>(Exploitable)</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td>OS:</td>
<td><strong>Ubuntu 18 x64</strong></td>
</tr>
<tr class="odd">
<td>Default services port:</td>
<td>22</td>
</tr>
<tr class="even">
<td>Root password:</td>
<td>prM2qsroTI</td>
</tr>
<tr class="odd">
<td>Servers config:</td>
<td>Configured to disable traffic from/to 10.2.0.10 and 10.2.0.11(via ufw and iptables)</td>
</tr>
<tr class="even">
<td>Notes:</td>
<td>Accessible only through Nr.12</td>
</tr>
</tbody>
</table>
<table> <table>
<thead> <thead>
<tr class="header"> <tr class="header">

Binary file not shown.

After

Width:  |  Height:  |  Size: 22 KiB

View File

@ -0,0 +1 @@
<mxfile host="app.diagrams.net" modified="2022-09-09T14:43:18.604Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" etag="hR7zJg_PJGBkx010pojR" version="20.3.0" type="device"><diagram id="UsVsRtHn_Xg_yxI8nRbj" name="Page-1">7VrbbuM2EP0aP9aQRN38uLHsTYEtGiAo0jwFjMSV2KVEg6J86deXtEhbF1eWW9tSsEHyYM6MJHLOOcPRZQLm6fYrg6vkNxohMrGMaDsBwcSyTNuyJvLfiHalxZvZpSFmOFJBR8Mz/hspo6GsBY5QXgvklBKOV3VjSLMMhbxmg4zRTT3sOyX1q65gjFqG5xCStvUFRzwprb5jHO2PCMeJvrJpKE8KdbAy5AmM6KZiAosJmDNKefkr3c4RkcnTeSmPW/6L9zAxhjLe5wAneCPB79/gSxC+PT4t053Jlr94am58pxeMIrF+NaSMJzSmGSSLo/WB0SKLkDyrIUbHmG+UroTRFMa/EOc7BSYsOBWmhKdEedszV4vJacFC1DFdzQDIYsQ74hTp5FoqF1B5+YpoijjbiQCGCOR4XccaKsrEhzh16BfG4K4SsKI443nlzE/SIAIU+w/QK+6bbgOhy+LFj3IGelRZytG0R/0CBqhFryEpVBp+zQnMohYx6rBvEszR8wru4doI7feEeI0YR9tOUJTXbyRDS25zlOFBbElFgvq4UzBWUnl5pvyPpRWrp1bMUWpFbwB9tdKIv41WZkMwQADPdn+q4/eDVzmYWo4eB9uqN9ip0e2pA0ZBHdCsFF43dc7E34Y6VqvM8kJ0LARnsaSVS0SeH96Z+BXzPXZNiykQF38nYvcec9om570rtuWOrWTrLvKj1GzQU3j2KIRnzxp4n6nZZ+Jv1N9YP0nR7ssdZ5Tc0TXgWlwIXsHzDIePThy8sMfiD7i0uG51hqgGjXTfFmJrEESNBqLGmWrQHX+bagA6tmFZjXruw+b0VPDeZUxPbDr33olte3Q78YDa+y9Ssy+R2jWr6f/Kst1Fb/MSep8I1vRuIzk4vb2h2Q2GbTIqfcVr1Xn1JsPpKYtx3BnarlPjCbhLw2n/JA1nXy64o+CC12w3/O725Ez8bbjjdNVvq3f9FkW6fddz7yLtNB6zHJ4ODFelnY/Vg7g9BTaOOzrPrOMNzjwNOBN/G4G5XQIDlwisvePfW2CePTqBea30trKU/0A8TFSS9pxCbLFGklplZg7vSWVABPPkkNJK+nLO6A80p4QyYcloJqX6HROiTRMLBEt/bov8PRD4jsgTzTHHNBO+EMmLCofMNQ6FlhsB75RzmlYCvhAcSweXmn+AanQ4Dy24YJCYjn4HbZTrWMk1p9tYvhqfrhGCqTUVgcX2ShW2+b5w1iYAsNv4a9v18fc/8b8j/qBZAMyh8Z994j+g/r2B4dfT+YT/LvD7DfiB4Q6Mf/tbkjb+14J3sfSXljkueKdp/rbBWbT/6uwaELuNN6rAakvcPtHhgdnUvxhkMTx+jVY23Mdv+sDiHw==</diagram></mxfile>

View File

@ -23,6 +23,10 @@ data "google_compute_image" "tunneling-12" {
name = "tunneling-12" name = "tunneling-12"
project = local.monkeyzoo_project project = local.monkeyzoo_project
} }
data "google_compute_image" "tunneling-13" {
name = "tunneling-13"
project = local.monkeyzoo_project
}
data "google_compute_image" "sshkeys-11" { data "google_compute_image" "sshkeys-11" {
name = "sshkeys-11" name = "sshkeys-11"
project = local.monkeyzoo_project project = local.monkeyzoo_project

View File

@ -127,6 +127,10 @@ resource "google_compute_instance_from_template" "tunneling-11" {
subnetwork="${local.resource_prefix}tunneling2-main" subnetwork="${local.resource_prefix}tunneling2-main"
network_ip="10.2.0.11" network_ip="10.2.0.11"
} }
network_interface{
subnetwork="${local.resource_prefix}tunneling-main"
network_ip="10.2.1.11"
}
} }
resource "google_compute_instance_from_template" "tunneling-12" { resource "google_compute_instance_from_template" "tunneling-12" {
@ -144,6 +148,21 @@ resource "google_compute_instance_from_template" "tunneling-12" {
} }
} }
resource "google_compute_instance_from_template" "tunneling-13" {
name = "${local.resource_prefix}tunneling-13"
source_instance_template = local.default_ubuntu
boot_disk{
initialize_params {
image = data.google_compute_image.tunneling-13.self_link
}
auto_delete = true
}
network_interface{
subnetwork="${local.resource_prefix}tunneling2-main"
network_ip="10.2.0.13"
}
}
resource "google_compute_instance_from_template" "sshkeys-11" { resource "google_compute_instance_from_template" "sshkeys-11" {
name = "${local.resource_prefix}sshkeys-11" name = "${local.resource_prefix}sshkeys-11"
source_instance_template = local.default_ubuntu source_instance_template = local.default_ubuntu