async def enable(services): stockpile_svc = StockpileService(services) await stockpile_svc.file_svc.add_special_payload( 'mission.go', stockpile_svc.dynamically_compile) await stockpile_svc.data_svc.load_data(directory='plugins/stockpile/data') c2_configs = await stockpile_svc.load_c2_config( directory='plugins/stockpile/data/contact') await stockpile_svc.contact_svc.register(HTTP(services, c2_configs['HTTP'])) await stockpile_svc.contact_svc.register(GIST(services, c2_configs['GIST'])) await stockpile_svc.data_svc.store( Obfuscator( name='plain-text', description= 'Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text')) await stockpile_svc.data_svc.store( Obfuscator(name='base64', description='Obfuscates commands in base64', module='plugins.stockpile.app.obfuscators.base64_basic')) await stockpile_svc.data_svc.store( Obfuscator( name='base64jumble', description= 'Obfuscates commands in base64, then adds characters to evade base64 detection. ' 'Disclaimer: this may cause duplicate links to run.', module='plugins.stockpile.app.obfuscators.base64_jumble'))
async def enable(services): stockpile_svc = StockpileService(services) services.get('app_svc').application.router.add_route( 'GET', '/plugin/stockpile/gui', stockpile_svc.splash) await services.get('file_svc').add_special_payload( '.donut', 'plugins.stockpile.app.donut.donut_handler') await stockpile_svc.data_svc.store( Obfuscator( name='plain-text', description= 'Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text')) await stockpile_svc.data_svc.store( Obfuscator(name='base64', description='Obfuscates commands in base64', module='plugins.stockpile.app.obfuscators.base64_basic')) await stockpile_svc.data_svc.store( Obfuscator( name='base64jumble', description= 'Obfuscates commands in base64, then adds characters to evade base64 detection. ' 'Disclaimer: this may cause duplicate links to run.', module='plugins.stockpile.app.obfuscators.base64_jumble')) await stockpile_svc.data_svc.store( Obfuscator( name='caesar cipher', description= 'Obfuscates commands through a caesar cipher algorithm, which uses a randomly selected ' 'shift value.', module='plugins.stockpile.app.obfuscators.caesar_cipher')) await stockpile_svc.data_svc.store( Obfuscator( name='base64noPadding', description='Obfuscates commands in base64, then removes padding', module='plugins.stockpile.app.obfuscators.base64_no_padding'))
def test_base64_basic(self): o = Obfuscator(name='base64basic', module='plugins.stockpile.app.obfuscators.base64_basic') mod = o.load(self.dummy_agent) obfuscated_command = mod.run(self.dummy_link) self.assertEqual('eval "$(echo %s | base64 --decode)"' % self.command, obfuscated_command)
def test_base64_jumble(self): o = Obfuscator( name='base64jumble', module='plugins.stockpile.app.obfuscators.base64_jumble') mod = o.load(self.dummy_agent) obfuscated_command = mod.run(self.dummy_link) actual_cmd = obfuscated_command.split()[2] self.assertEqual(len(self.command) + 1, len(actual_cmd))
def setup_planning_test(loop, ability, agent, operation, data_svc, init_base_world): tability = ability(ability_id='123', executor='sh', platform='darwin', test=BaseWorld.encode_string('mkdir test'), cleanup=BaseWorld.encode_string('rm -rf test'), variations=[]) tagent = agent(sleep_min=1, sleep_max=2, watchdog=0, executors=['sh'], platform='darwin') tsource = Source(id='123', name='test', facts=[], adjustments=[]) toperation = operation(name='test1', agents=tagent, adversary='hunter', source=tsource) loop.run_until_complete(data_svc.store(tability)) loop.run_until_complete( data_svc.store( Obfuscator( name='plain-text', description= 'Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text'))) yield (tability, tagent, toperation)
def setup_planning_test(loop, executor, ability, agent, operation, data_svc, event_svc, init_base_world): texecutor = executor(name='sh', platform='darwin', command='mkdir test', cleanup='rm -rf test') tability = ability(ability_id='123', executors=[texecutor], repeatable=True, buckets=['test'], name='test1') tagent = agent(sleep_min=1, sleep_max=2, watchdog=0, executors=['sh'], platform='darwin', server='http://127.0.0.1:8000') tsource = Source(id='123', name='test', facts=[], adjustments=[]) toperation = operation(name='test1', agents=[tagent], adversary=Adversary(name='test', description='test', atomic_ordering=[], adversary_id='XYZ'), source=tsource) cexecutor = executor(name='sh', platform='darwin', command=test_string, cleanup='whoami') cability = ability(ability_id='321', executors=[cexecutor], singleton=True, name='test2') loop.run_until_complete(data_svc.store(tability)) loop.run_until_complete(data_svc.store(cability)) loop.run_until_complete(data_svc.store( Obfuscator(name='plain-text', description='Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text') )) yield tability, tagent, toperation, cability
def obfuscator(loop, data_svc): loop.run_until_complete(data_svc.store( Obfuscator(name='plain-text', description='Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text') ) )
def test_obfuscator(loop, api_v2_client): obfuscator = Obfuscator(name='test', description='a test obfuscator', module='testmodule') loop.run_until_complete( BaseService.get_service('data_svc').store(obfuscator)) return obfuscator
def setup_rest_svc_test(loop, data_svc): BaseWorld.apply_config(name='main', config={ 'app.contact.http': '0.0.0.0', 'plugins': ['sandcat', 'stockpile'], 'crypt_salt': 'BLAH', 'api_key': 'ADMIN123', 'encryption_key': 'ADMIN123', 'exfil_dir': '/tmp' }) loop.run_until_complete( data_svc.store( Ability(ability_id='123', test=BaseWorld.encode_string('curl #{app.contact.http}'), variations=[], executor='psh', platform='windows'))) adversary = Adversary(adversary_id='123', name='test', description='test', atomic_ordering=[]) loop.run_until_complete(data_svc.store(adversary)) agent = Agent(paw='123', sleep_min=2, sleep_max=8, watchdog=0, executors=['pwsh', 'psh'], platform='windows') loop.run_until_complete(data_svc.store(agent)) loop.run_until_complete( data_svc.store( Planner(planner_id='123', name='test', module='test', params=dict()))) source = Source(id='123', name='test', facts=[], adjustments=[]) loop.run_until_complete(data_svc.store(source)) loop.run_until_complete( data_svc.store( Operation(name='test', agents=[agent], adversary=adversary, id='123', source=source))) loop.run_until_complete( data_svc.store( Obfuscator( name='plain-text', description= 'Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text')))
async def enable(services): stockpile_svc = StockpileService(services) services.get('app_svc').application.router.add_route( 'GET', '/plugin/stockpile/gui', stockpile_svc.splash) await stockpile_svc.data_svc.store( Obfuscator( name='plain-text', description= 'Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text')) await stockpile_svc.data_svc.store( Obfuscator(name='base64', description='Obfuscates commands in base64', module='plugins.stockpile.app.obfuscators.base64_basic')) await stockpile_svc.data_svc.store( Obfuscator( name='base64jumble', description= 'Obfuscates commands in base64, then adds characters to evade base64 detection. ' 'Disclaimer: this may cause duplicate links to run.', module='plugins.stockpile.app.obfuscators.base64_jumble'))
def setup_rest_svc_test(loop, data_svc): BaseWorld.apply_config(name='main', config={'app.contact.http': '0.0.0.0', 'plugins': ['sandcat', 'stockpile'], 'crypt_salt': 'BLAH', 'api_key': 'ADMIN123', 'encryption_key': 'ADMIN123', 'exfil_dir': '/tmp'}) loop.run_until_complete(data_svc.store( Ability(ability_id='123', name='testA', executors=[ Executor(name='psh', platform='windows', command='curl #{app.contact.http}') ]) )) loop.run_until_complete(data_svc.store( Ability(ability_id='456', name='testB', executors=[ Executor(name='sh', platform='linux', command='whoami') ]) )) loop.run_until_complete(data_svc.store( Ability(ability_id='789', name='testC', executors=[ Executor(name='sh', platform='linux', command='hostname') ]) )) adversary = Adversary(adversary_id='123', name='test', description='test', atomic_ordering=[]) loop.run_until_complete(data_svc.store(adversary)) agent = Agent(paw='123', sleep_min=2, sleep_max=8, watchdog=0, executors=['pwsh', 'psh'], platform='windows') loop.run_until_complete(data_svc.store(agent)) loop.run_until_complete(data_svc.store( Objective(id='495a9828-cab1-44dd-a0ca-66e58177d8cc', name='default', goals=[Goal()]) )) loop.run_until_complete(data_svc.store( Planner(planner_id='123', name='test', module='test', params=dict()) )) source = Source(id='123', name='test', facts=[], adjustments=[]) loop.run_until_complete(data_svc.store(source)) loop.run_until_complete(data_svc.store( Operation(name='test', agents=[agent], adversary=adversary, id='123', source=source) )) loop.run_until_complete(data_svc.store( Obfuscator(name='plain-text', description='Does no obfuscation to any command, instead running it in plain text', module='plugins.stockpile.app.obfuscators.plain_text') ))
def test_plain_text(self): o = Obfuscator(name='plain-text', module='plugins.stockpile.app.obfuscators.plain_text') mod = o.load(self.dummy_agent) obfuscated_command = mod.run(self.dummy_link) self.assertEqual('whoami', obfuscated_command)