Example #1
0
async def enable(services):
    stockpile_svc = StockpileService(services)
    await stockpile_svc.file_svc.add_special_payload(
        'mission.go', stockpile_svc.dynamically_compile)
    await stockpile_svc.data_svc.load_data(directory='plugins/stockpile/data')
    c2_configs = await stockpile_svc.load_c2_config(
        directory='plugins/stockpile/data/contact')
    await stockpile_svc.contact_svc.register(HTTP(services,
                                                  c2_configs['HTTP']))
    await stockpile_svc.contact_svc.register(GIST(services,
                                                  c2_configs['GIST']))
    await stockpile_svc.data_svc.store(
        Obfuscator(
            name='plain-text',
            description=
            'Does no obfuscation to any command, instead running it in plain text',
            module='plugins.stockpile.app.obfuscators.plain_text'))
    await stockpile_svc.data_svc.store(
        Obfuscator(name='base64',
                   description='Obfuscates commands in base64',
                   module='plugins.stockpile.app.obfuscators.base64_basic'))
    await stockpile_svc.data_svc.store(
        Obfuscator(
            name='base64jumble',
            description=
            'Obfuscates commands in base64, then adds characters to evade base64 detection. '
            'Disclaimer: this may cause duplicate links to run.',
            module='plugins.stockpile.app.obfuscators.base64_jumble'))
Example #2
0
async def enable(services):
    stockpile_svc = StockpileService(services)
    services.get('app_svc').application.router.add_route(
        'GET', '/plugin/stockpile/gui', stockpile_svc.splash)
    await services.get('file_svc').add_special_payload(
        '.donut', 'plugins.stockpile.app.donut.donut_handler')
    await stockpile_svc.data_svc.store(
        Obfuscator(
            name='plain-text',
            description=
            'Does no obfuscation to any command, instead running it in plain text',
            module='plugins.stockpile.app.obfuscators.plain_text'))
    await stockpile_svc.data_svc.store(
        Obfuscator(name='base64',
                   description='Obfuscates commands in base64',
                   module='plugins.stockpile.app.obfuscators.base64_basic'))
    await stockpile_svc.data_svc.store(
        Obfuscator(
            name='base64jumble',
            description=
            'Obfuscates commands in base64, then adds characters to evade base64 detection. '
            'Disclaimer: this may cause duplicate links to run.',
            module='plugins.stockpile.app.obfuscators.base64_jumble'))
    await stockpile_svc.data_svc.store(
        Obfuscator(
            name='caesar cipher',
            description=
            'Obfuscates commands through a caesar cipher algorithm, which uses a randomly selected '
            'shift value.',
            module='plugins.stockpile.app.obfuscators.caesar_cipher'))
    await stockpile_svc.data_svc.store(
        Obfuscator(
            name='base64noPadding',
            description='Obfuscates commands in base64, then removes padding',
            module='plugins.stockpile.app.obfuscators.base64_no_padding'))
Example #3
0
 def test_base64_basic(self):
     o = Obfuscator(name='base64basic',
                    module='plugins.stockpile.app.obfuscators.base64_basic')
     mod = o.load(self.dummy_agent)
     obfuscated_command = mod.run(self.dummy_link)
     self.assertEqual('eval "$(echo %s | base64 --decode)"' % self.command,
                      obfuscated_command)
Example #4
0
 def test_base64_jumble(self):
     o = Obfuscator(
         name='base64jumble',
         module='plugins.stockpile.app.obfuscators.base64_jumble')
     mod = o.load(self.dummy_agent)
     obfuscated_command = mod.run(self.dummy_link)
     actual_cmd = obfuscated_command.split()[2]
     self.assertEqual(len(self.command) + 1, len(actual_cmd))
Example #5
0
def setup_planning_test(loop, ability, agent, operation, data_svc,
                        init_base_world):
    tability = ability(ability_id='123',
                       executor='sh',
                       platform='darwin',
                       test=BaseWorld.encode_string('mkdir test'),
                       cleanup=BaseWorld.encode_string('rm -rf test'),
                       variations=[])
    tagent = agent(sleep_min=1,
                   sleep_max=2,
                   watchdog=0,
                   executors=['sh'],
                   platform='darwin')
    tsource = Source(id='123', name='test', facts=[], adjustments=[])
    toperation = operation(name='test1',
                           agents=tagent,
                           adversary='hunter',
                           source=tsource)

    loop.run_until_complete(data_svc.store(tability))

    loop.run_until_complete(
        data_svc.store(
            Obfuscator(
                name='plain-text',
                description=
                'Does no obfuscation to any command, instead running it in plain text',
                module='plugins.stockpile.app.obfuscators.plain_text')))

    yield (tability, tagent, toperation)
Example #6
0
def setup_planning_test(loop, executor, ability, agent, operation, data_svc, event_svc, init_base_world):
    texecutor = executor(name='sh', platform='darwin', command='mkdir test', cleanup='rm -rf test')
    tability = ability(ability_id='123', executors=[texecutor], repeatable=True, buckets=['test'], name='test1')
    tagent = agent(sleep_min=1, sleep_max=2, watchdog=0, executors=['sh'], platform='darwin',
                   server='http://127.0.0.1:8000')
    tsource = Source(id='123', name='test', facts=[], adjustments=[])
    toperation = operation(name='test1', agents=[tagent],
                           adversary=Adversary(name='test', description='test',
                                               atomic_ordering=[],
                                               adversary_id='XYZ'),
                           source=tsource)

    cexecutor = executor(name='sh', platform='darwin', command=test_string, cleanup='whoami')
    cability = ability(ability_id='321', executors=[cexecutor], singleton=True, name='test2')

    loop.run_until_complete(data_svc.store(tability))
    loop.run_until_complete(data_svc.store(cability))

    loop.run_until_complete(data_svc.store(
        Obfuscator(name='plain-text',
                   description='Does no obfuscation to any command, instead running it in plain text',
                   module='plugins.stockpile.app.obfuscators.plain_text')
    ))

    yield tability, tagent, toperation, cability
Example #7
0
def obfuscator(loop, data_svc):
    loop.run_until_complete(data_svc.store(
        Obfuscator(name='plain-text',
                   description='Does no obfuscation to any command, instead running it in plain text',
                   module='plugins.stockpile.app.obfuscators.plain_text')
        )
    )
def test_obfuscator(loop, api_v2_client):
    obfuscator = Obfuscator(name='test',
                            description='a test obfuscator',
                            module='testmodule')
    loop.run_until_complete(
        BaseService.get_service('data_svc').store(obfuscator))
    return obfuscator
Example #9
0
def setup_rest_svc_test(loop, data_svc):
    BaseWorld.apply_config(name='main',
                           config={
                               'app.contact.http': '0.0.0.0',
                               'plugins': ['sandcat', 'stockpile'],
                               'crypt_salt': 'BLAH',
                               'api_key': 'ADMIN123',
                               'encryption_key': 'ADMIN123',
                               'exfil_dir': '/tmp'
                           })
    loop.run_until_complete(
        data_svc.store(
            Ability(ability_id='123',
                    test=BaseWorld.encode_string('curl #{app.contact.http}'),
                    variations=[],
                    executor='psh',
                    platform='windows')))
    adversary = Adversary(adversary_id='123',
                          name='test',
                          description='test',
                          atomic_ordering=[])
    loop.run_until_complete(data_svc.store(adversary))

    agent = Agent(paw='123',
                  sleep_min=2,
                  sleep_max=8,
                  watchdog=0,
                  executors=['pwsh', 'psh'],
                  platform='windows')
    loop.run_until_complete(data_svc.store(agent))

    loop.run_until_complete(
        data_svc.store(
            Planner(planner_id='123',
                    name='test',
                    module='test',
                    params=dict())))

    source = Source(id='123', name='test', facts=[], adjustments=[])
    loop.run_until_complete(data_svc.store(source))

    loop.run_until_complete(
        data_svc.store(
            Operation(name='test',
                      agents=[agent],
                      adversary=adversary,
                      id='123',
                      source=source)))

    loop.run_until_complete(
        data_svc.store(
            Obfuscator(
                name='plain-text',
                description=
                'Does no obfuscation to any command, instead running it in plain text',
                module='plugins.stockpile.app.obfuscators.plain_text')))
Example #10
0
async def enable(services):
    stockpile_svc = StockpileService(services)
    services.get('app_svc').application.router.add_route(
        'GET', '/plugin/stockpile/gui', stockpile_svc.splash)
    await stockpile_svc.data_svc.store(
        Obfuscator(
            name='plain-text',
            description=
            'Does no obfuscation to any command, instead running it in plain text',
            module='plugins.stockpile.app.obfuscators.plain_text'))
    await stockpile_svc.data_svc.store(
        Obfuscator(name='base64',
                   description='Obfuscates commands in base64',
                   module='plugins.stockpile.app.obfuscators.base64_basic'))
    await stockpile_svc.data_svc.store(
        Obfuscator(
            name='base64jumble',
            description=
            'Obfuscates commands in base64, then adds characters to evade base64 detection. '
            'Disclaimer: this may cause duplicate links to run.',
            module='plugins.stockpile.app.obfuscators.base64_jumble'))
Example #11
0
def setup_rest_svc_test(loop, data_svc):
    BaseWorld.apply_config(name='main', config={'app.contact.http': '0.0.0.0',
                                                'plugins': ['sandcat', 'stockpile'],
                                                'crypt_salt': 'BLAH',
                                                'api_key': 'ADMIN123',
                                                'encryption_key': 'ADMIN123',
                                                'exfil_dir': '/tmp'})
    loop.run_until_complete(data_svc.store(
        Ability(ability_id='123', name='testA', executors=[
            Executor(name='psh', platform='windows', command='curl #{app.contact.http}')
        ])
    ))
    loop.run_until_complete(data_svc.store(
        Ability(ability_id='456', name='testB', executors=[
            Executor(name='sh', platform='linux', command='whoami')
        ])
    ))
    loop.run_until_complete(data_svc.store(
        Ability(ability_id='789', name='testC', executors=[
            Executor(name='sh', platform='linux', command='hostname')
        ])
    ))
    adversary = Adversary(adversary_id='123', name='test', description='test', atomic_ordering=[])
    loop.run_until_complete(data_svc.store(adversary))

    agent = Agent(paw='123', sleep_min=2, sleep_max=8, watchdog=0, executors=['pwsh', 'psh'], platform='windows')
    loop.run_until_complete(data_svc.store(agent))

    loop.run_until_complete(data_svc.store(
        Objective(id='495a9828-cab1-44dd-a0ca-66e58177d8cc', name='default', goals=[Goal()])
    ))

    loop.run_until_complete(data_svc.store(
        Planner(planner_id='123', name='test', module='test', params=dict())
    ))

    source = Source(id='123', name='test', facts=[], adjustments=[])
    loop.run_until_complete(data_svc.store(source))

    loop.run_until_complete(data_svc.store(
        Operation(name='test', agents=[agent], adversary=adversary, id='123', source=source)
    ))

    loop.run_until_complete(data_svc.store(
        Obfuscator(name='plain-text',
                   description='Does no obfuscation to any command, instead running it in plain text',
                   module='plugins.stockpile.app.obfuscators.plain_text')
    ))
Example #12
0
 def test_plain_text(self):
     o = Obfuscator(name='plain-text',
                    module='plugins.stockpile.app.obfuscators.plain_text')
     mod = o.load(self.dummy_agent)
     obfuscated_command = mod.run(self.dummy_link)
     self.assertEqual('whoami', obfuscated_command)