def cli(): parser = argparse.ArgumentParser(description='Haystack generator utility.') parser.add_argument('config_file', type=str, help='path to the config file') parser.add_argument('--guest', type=str, help='name of the guest virtual machine', nargs='?', default='guest-{}'.format(int(time.time()))) parser.add_argument( '--seed', type=int, help='initial seed to use for random number generation', nargs='?', default=None) args = parser.parse_args() logger_core = create_logger('haystack_core', logging.ERROR) logger_generator = create_logger('haystack_generator', logging.DEBUG) # Create virtual machine. macs_in_use = [] guests = [] guest_listener = GuestListener(guests, logger_core) virtual_machine_monitor = Vmm(macs_in_use, guests, logger_core) guest = virtual_machine_monitor.create_guest(guest_name=args.guest, platform="windows") # Waiting to connect to guest. logger_generator.info("[~] Trying to connect to guest.") while guest.state != "connected": logger_generator.debug(".") time.sleep(1) logger_generator.info('[+] Connected to %s', guest.guestname) # Load and parse config file. generator = Generator(guest, args.config_file, logger_generator, seed=args.seed) # Execute action suite. generator.execute() # Shutdown the generator before closing the VM. generator.shutdown() # Shutdown virtual machine but keep the disk. guest.shutdown('keep')
def create_vm(logger): #virtual_machine_monitor1 = Vmm(logger, linux_template='linux_template') macsInUse = [] guests = [] guestListener = GuestListener(guests, logger) virtual_machine_monitor1 = Vmm(macsInUse, guests, logger) guest = virtual_machine_monitor1.create_guest(guest_name="w-guest01", platform="windows") logger.debug("Try connecting to guest") while guest.state != "connected": logger.debug(".") time.sleep(1) logger.debug(guest.guestname + " is connected!") return guest
def main(): """ Test Script for hystck with HelloBot. :return: no return value """ try: # create logger logger = create_logger('hystckManager', logging.DEBUG) # program code logger.info( "This is a sample script for using the ZeusBot simulation!" + '\n') # create GuestListener macs_in_use = [] guests = [] guest_listener = GuestListener(guests, logger) # create all control instances virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger) # instanciate each vm initiator = virtual_machine_monitor1.create_guest( guest_name="windows-guest01", platform="windows") target = virtual_machine_monitor1.create_guest( guest_name="windows-guest02", platform="windows") # wait for dhcp initiator.wait_for_dhcp() target.wait_for_dhcp() # run nmap portscan r1 = Nmap.guest_nmap_tcp_syn_scan(initiator, target) r1.wait() # run ncrack on ssh port r2 = Ncrack.crack_guests( initiator, target, service="ssh", user_list=["root", "admin", "user", "vm"], password_list=["root", "password", "vm", "admin", "user"]) r2.wait() # cleanup virtual_machine_monitor1.clear() print "simulation has ended!" sys.exit(0) ######## CLEANUP ############# ERROR HANDLING except KeyboardInterrupt as k: logger.debug(k) logger.debug("KeyboardInterrupt") logger.debug(k) logger.debug(virtual_machine_monitor1) raw_input("Press Enter to continue...") virtual_machine_monitor1.clear() logger.debug("cleanup here") try: virtual_machine_monitor1.clear() except NameError: logger.debug("well, host1 was not defined!") exit(0) except Exception as e: logger.debug("main gets the error: " + str(e)) logger.debug("cleanup here") raw_input("Press Enter to continue...") try: virtual_machine_monitor1.clear() subprocess.call(["/etc/init.d/libvirt-bin", "restart"]) except NameError: logger.debug("well, host1 was not defined!") sys.exit(1)
def main(): """ Test Script for hystck with HelloBot. :return: no return value """ try: # create logger logger = create_logger('hystckManager', logging.DEBUG) # program code logger.info("This is a sample script for using the ZeusBot simulation!" + '\n') # create GuestListener macs_in_use = [] guests = [] guest_listener = GuestListener(guests, logger) # create all control instances virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger) bmon = BotMonitorBase() sm = SimulationManager(bmon) # setup groups bmon.group_manager.setup_group('zeus_bot', 'zeus-bot.py') bmon.group_manager.setup_group('zeus_cnc', 'zeus-cnc.py') # instanciate each vm cnc = virtual_machine_monitor1.create_guest(guest_name="windows-guest01", platform="windows") bot1 = virtual_machine_monitor1.create_guest(guest_name="windows-guest02", platform="windows") bot2 = virtual_machine_monitor1.create_guest(guest_name="windows-guest03", platform="windows") bot3 = virtual_machine_monitor1.create_guest(guest_name="windows-guest04", platform="windows") # wait for dhcp cnc.wait_for_dhcp() bot1.wait_for_dhcp() bot2.wait_for_dhcp() bot3.wait_for_dhcp() # if you want to enable the rc4 cypher, disable for plaintext messages (intended for debugging) enable_crypto = True encryption_key = "secret key" # setup the cnc ip for clients and a botnet name, simulate the bot's embedded config bmon.globals["cnc_host"] = str(cnc.ip_internet) # always needed bmon.globals["botnet_name"] = "samplebotnet" # if not set, 'default' will be used # bmon.globals["url_config"] = "/config.bin" # bmon.globals["url_compip"] = "/ip.php" # bmon.globals["url_server"] = "/gate.php" # bmon.globals["url_loader"] = "/bot.exe" if enable_crypto: bmon.globals["encryption_key"] = encryption_key else: encryption_key = None # allocate vms to groups bmon.group_manager.add_bot_to_group('zeus_cnc', cnc) bmon.group_manager.add_bot_to_group('zeus_bot', bot1) bmon.group_manager.add_bot_to_group('zeus_bot', bot2) bmon.group_manager.add_bot_to_group('zeus_bot', bot3) # begin listening for incoming connections bmon.start() # upload zeus server files after verifying that cnc is running sm.wait_for_bot(cnc) # wait till bot is ready cnc_bot = bmon.group_manager.get_single_bot(cnc) # load plaintext config.bin and send it to cnc bot with open('config.bin', 'rb') as f: c = f.read() ZeusCnC.push_file_to_server(cnc_bot, 'config.bin', c, encryption_key) # generate a command to send to all clients z = ZeusPacketGenerator() z.add_command_info("sethomepage http://example.com") cmd = str(z.generate_message(encryption_key)) # if encryption is enabled, cmd will already be encrypted ZeusCnC.push_file_to_server(cnc_bot, 'gate.php', cmd) # no need for an additional cypher round # wait till the simulation is ready sm.wait_for_bots(4) # let the bots create control traffic till key press raw_input("press enter to exit") # close all connections bmon.stop() virtual_machine_monitor1.clear() print "simulation has ended!" sys.exit(0) ######## CLEANUP ############# ERROR HANDLING except KeyboardInterrupt as k: logger.debug(k) logger.debug("KeyboardInterrupt") logger.debug(k) logger.debug(virtual_machine_monitor1) raw_input("Press Enter to continue...") bmon.stop() virtual_machine_monitor1.clear() logger.debug("cleanup here") try: virtual_machine_monitor1.clear() except NameError: logger.debug("well, host1 was not defined!") exit(0) except Exception as e: logger.debug("main gets the error: " + str(e)) logger.debug("cleanup here") raw_input("Press Enter to continue...") try: bmon.stop() virtual_machine_monitor1.clear() subprocess.call(["/etc/init.d/libvirt-bin", "restart"]) except NameError: logger.debug("well, host1 was not defined!") sys.exit(1)
from hystck.core.vmm import Vmm from hystck.utility.logger_helper import create_logger from hystck.core.vmm import GuestListener import mailbox import email.utils import os # Instanciate VMM and a VM logger = create_logger('hystckManager', logging.DEBUG) macsInUse = [] guests = [] guestListener = GuestListener(guests, logger) virtual_machine_monitor1 = Vmm(macsInUse, guests, logger) guest = virtual_machine_monitor1.create_guest(guest_name="tbtest", platform="windows") # Wait for the VM to connect to the VMM guest.waitTillAgentIsConnected() # Create a mailer object mail = guest.application("mailClientThunderbird", {}) # Important set a password used by the mail service, it will be saved inside thunderbird mail.set_session_password("hystckMail") while mail.is_busy: time.sleep(1) # Prepare a new Profile; assume the profile folders don't exist; these options assume a insecure mail server without SSL/TLS using an unencrypted password exchange #[email protected] / hystckMail / Theo Tester mail.add_pop3_account("pop3.web.de", "smtp.web.de", "*****@*****.**", "theo.11111", "Theo Tester", "Example", 2, 3, 2, 3)
def main(): """ Test Script for hystck with HelloBot. :return: no return value """ try: # create logger logger = create_logger('hystckManager', logging.DEBUG) # program code logger.info("This is a sample script for testing the HelloBot Sample" + '\n') # create GuestListener macs_in_use = [] guests = [] guest_listener = GuestListener(guests, logger) # create all control instances virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger) bmon = BotMonitorBase() sm = SimulationManager(bmon) # setup groups bmon.group_manager.setup_group('hello_bot', 'hello-bot.py') bmon.group_manager.setup_group('hello_cnc', 'hello-cnc.py') bmon.group_manager.setup_group('hello_bm', 'hello-bm.py') # instantiate each vm cnc = virtual_machine_monitor1.create_guest(guest_name="windows-guest01", platform="windows") bmast = virtual_machine_monitor1.create_guest(guest_name="windows-guest02", platform="windows") bot1 = virtual_machine_monitor1.create_guest(guest_name="windows-guest03", platform="windows") bot2 = virtual_machine_monitor1.create_guest(guest_name="windows-guest04", platform="windows") bot3 = virtual_machine_monitor1.create_guest(guest_name="windows-guest04", platform="windows") # wait for dhcp cnc.wait_for_dhcp() bmast.wait_for_dhcp() bot1.wait_for_dhcp() bot2.wait_for_dhcp() bot3.wait_for_dhcp() # setup some variables, for demonstration purposes bmon.globals["cnc"] = str(cnc.ip_internet) bmon.globals["bmast"] = str(bmast.ip_internet) # allocate vms to groups bmon.group_manager.add_bot_to_group('hello_cnc', cnc) bmon.group_manager.add_bot_to_group('hello_bm', bmast) bmon.group_manager.add_bot_to_group('hello_bot', bot1) bmon.group_manager.add_bot_to_group('hello_bot', bot2) bmon.group_manager.add_bot_to_group('hello_bot', bot3) # begin listening for incomming connections bmon.start() # wait till the simulation is ready sm.wait_for_bots(5) # actions for i in range(0, 10): print "round " + str(i) bl = bmon.group_manager.get_bots_by_group_name("hello_bm") for b in bl: print b.ip_address + " is placing an order" msg = "hello: " + str(i) order = { 'cnc_target': str(cnc.ip_internet), 'cnc_target_port:': HELLO_PORT, 'command': 'send', 'bot_target': "192.168.110.1", # this is the hypervisor 'msg': msg } b.place_order(order) sleep(5) bl = bmon.group_manager.get_bots_by_group_name("hello_bot") for b in bl: print b.ip_address + " is pulling orders" b.pull_orders(str(cnc.ip_internet), HELLO_PORT) sleep(5) for b in bl: print b.ip_address + " is executing orders" b.execute_orders() sleep(5) raw_input("press enter to exit") # close all connections bmon.stop() virtual_machine_monitor1.clear() print "simulation has ended!" sys.exit(0) ######## CLEANUP ############# ERROR HANDLING except KeyboardInterrupt as k: logger.debug(k) logger.debug("KeyboardInterrupt") logger.debug(k) logger.debug(virtual_machine_monitor1) raw_input("Press Enter to continue...") bmon.stop() virtual_machine_monitor1.clear() logger.debug("cleanup here") try: virtual_machine_monitor1.clear() except NameError: logger.debug("well, host1 was not defined!") exit(0) except Exception as e: logger.debug("main gets the error: " + str(e)) logger.debug("cleanup here") raw_input("Press Enter to continue...") try: bmon.stop() virtual_machine_monitor1.clear() subprocess.call(["/etc/init.d/libvirt-bin", "restart"]) except NameError: logger.debug("well, host1 was not defined!") sys.exit(1)
import logging import time from hystck.core.vmm import GuestListener from hystck.core.vmm import Vmm from hystck.utility.logger_helper import create_logger logger = create_logger('print_documents', logging.DEBUG) macs = [] guests = [] guest_listener = GuestListener(guests, logger) vmm = Vmm(macs, guests, logger) windows = vmm.create_guest(guest_name='windows_print', platform='windows') windows.waitTillAgentIsConnected() # Add printer windows.shellExec( 'rundll32 printui.dll,PrintUIEntry /if /b IPPTool-Printer /m "Generic / Text Only" /r "http://192.168.103.123:631/ipp/print/name"' ) time.sleep(3) windows.shellExec('rundll32 printui.dll,PrintUIEntry /y /n IPPTool-Printer') time.sleep(3) windows.shellExec( 'REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /t REG_DWORD /v LegacyDefaultPrinterMode /d 1 /f' ) time.sleep(5) # Print document windows.shellExec(
import os import config as cfg from hystck.core.vmm import Vmm from hystck.utility.logger_helper import create_logger from hystck.core.vmm import GuestListener imagename = cfg.imagename author = cfg.author hostplatform = cfg.hostplatform # Instanciate VMM and a VM logger = create_logger('hystckManager', logging.DEBUG) macsInUse = [] guests = [] guestListener = GuestListener(guests, logger) virtual_machine_monitor1 = Vmm(macsInUse, guests, logger) guest = virtual_machine_monitor1.create_guest(guest_name=imagename, platform=hostplatform) # Wait for the VM to connect to the VMM guest.waitTillAgentIsConnected() # copy files to smb Share guest.smbCopy(cfg.sourcePath, cfg.targetPath, cfg.username, cfg.password) # Cleanupha das #guest.cleanUp("") #guest.shutdown('keep')
def main(): """ Test Script for hystck. :return: no return value """ try: # create logger logger = create_logger('hystckManager', logging.DEBUG) # program code logger.info( "This is a sample script for using the MariposaBot simulation!" + '\n') # create GuestListener macs_in_use = [] guests = [] guest_listener = GuestListener(guests, logger) # create all control instances virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger) bmon = BotMonitorBase() sm = SimulationManager(bmon) # setup groups bmon.group_manager.setup_group('mariposa_bot', 'mariposa-bot.py') bmon.group_manager.setup_group('mariposa_cnc', 'mariposa-cnc.py') bmon.group_manager.setup_group('mariposa_bm', 'mariposa-bm.py') # instanciate each vm cnc = virtual_machine_monitor1.create_guest( guest_name="windows-guest01", platform="windows") bmast = virtual_machine_monitor1.create_guest( guest_name="windows-guest02", platform="windows") bot1 = virtual_machine_monitor1.create_guest( guest_name="windows-guest03", platform="windows") bot2 = virtual_machine_monitor1.create_guest( guest_name="windows-guest04", platform="windows") # wait for dhcp cnc.wait_for_dhcp() bmast.wait_for_dhcp() bot1.wait_for_dhcp() bot2.wait_for_dhcp() # setup variables, etc. cnc_host = str(cnc.ip_internet) cnc_port = MariposaProtocol.MARIPOSA_PORT1 bmon.globals["cnc"] = cnc_host # optional, default: MARIPOSA_HOST1 bmon.globals["port"] = cnc_port # optional, default: MARIPOSA_PORT1 bmon.globals["bm_ip"] = str(bmast.ip_internet) # needed # allocate vms to groups bmon.group_manager.add_bot_to_group('mariposa_cnc', cnc) bmon.group_manager.add_bot_to_group('mariposa_bm', bmast) bmon.group_manager.add_bot_to_group('mariposa_bot', bot1) bmon.group_manager.add_bot_to_group('mariposa_bot', bot2) # begin listening for incomming connections bmon.start() # wait till the simulation is ready sm.wait_for_bots(4) # wait till bots have completed the initialization phase time.sleep(2 * 60) time.sleep(30) # wait some more bl = bmon.group_manager.get_bots_by_group_name('mariposa_bm') for b in bl: print "sending order to: " + b.ip_address order = { 'cnc_target_host': cnc_host, 'cnc_target_port': cnc_port, 'command': 'enable_google', 'args': '' } b.place_order(order) time.sleep(5 * 60) bl = bmon.group_manager.get_bots_by_group_name('mariposa_bm') for b in bl: print "sending order to: " + b.ip_address order = { 'cnc_target_host': cnc_host, 'cnc_target_port': cnc_port, 'command': 'download2', 'args': '' } b.place_order(order) raw_input("press enter to exit") # close all connections bmon.stop() virtual_machine_monitor1.clear() print "simulation has ended!" sys.exit(0) ######## CLEANUP ############# ERROR HANDLING except KeyboardInterrupt as k: logger.debug(k) logger.debug("KeyboardInterrupt") logger.debug(k) logger.debug(virtual_machine_monitor1) raw_input("Press Enter to continue...") virtual_machine_monitor1.clear() logger.debug("cleanup here") try: virtual_machine_monitor1.clear() except NameError: logger.debug("well, host1 was not defined!") exit(0) except Exception as e: logger.debug("main gets the error: " + str(e)) logger.debug("cleanup here") raw_input("Press Enter to continue...") try: virtual_machine_monitor1.clear() subprocess.call(["/etc/init.d/libvirt-bin", "restart"]) except NameError: logger.debug("well, host1 was not defined!") sys.exit(1)
hostplatform = "windows" hashfile = generate_file_sh256("/var/lib/libvirt/images/" + hostplatform + "-template.qcow2") sc.Reporter.add("imagename", imagename) sc.Reporter.add("author", author) sc.Reporter.add("baseimage", hostplatform + "-template.qcow2") sc.Reporter.add("basehash", "sha256: " + hashfile) # Instanciate VMM and a VM logger = create_logger('hystckManager', logging.DEBUG) macsInUse = [] guests = [] guestListener = GuestListener(guests, logger) virtual_machine_monitor1 = Vmm(macsInUse, guests, logger) guest = virtual_machine_monitor1.create_guest(guest_name=imagename, platform="windows") # Wait for the VM to connect to the VMM guest.waitTillAgentIsConnected() # Scenario Implementation sc.browser() sc.veracrypt() sc.mail() # Cleanup guest.cleanUp("") guest.shutdown('keep') #md5 = "md5: " + hashlib.md5(file_as_bytes(open("/var/lib/libvirt/images/backing/" + imagename + ".qcow2", 'rb'))).hexdigest() sha256 = "sha256: " + generate_file_sh256("/var/lib/libvirt/images/backing/" +
def main(): """ Test Script for hystck with DevControlClient. :return: no return value """ try: # create logger logger = create_logger('hystckManager', logging.DEBUG) # program code logger.info( "This is a sample script for using the ZeusBot simulation!" + '\n') # create GuestListener macs_in_use = [] guests = [] guest_listener = GuestListener(guests, logger) # create all control instances virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger) bot = virtual_machine_monitor1.create_guest( guest_name="windows-guest01", platform="windows") bot.wait_for_dhcp() # at this point userspace tools and drivers should have been started # generate the client object for the drivers bot_drv = DevControlClient() bot_drv.connect(bot) # this will call winver as a demonstration bot_drv.kb_send_special_key("ESC", lctrl=True) time.sleep(2) bot_drv.kb_send_text( "winver\n" ) # the function also supports other escape codes to like '\b' for backspace time.sleep(2) bot_drv.kb_send_special_key("ENTER") time.sleep(2) # shutdown bot_drv.close() virtual_machine_monitor1.clear() sys.exit(0) ######## CLEANUP ############# ERROR HANDLING except KeyboardInterrupt as k: logger.debug(k) logger.debug("KeyboardInterrupt") logger.debug(k) logger.debug(virtual_machine_monitor1) raw_input("Press Enter to continue...") virtual_machine_monitor1.clear() logger.debug("cleanup here") try: virtual_machine_monitor1.clear() except NameError: logger.debug("well, host1 was not defined!") exit(0) except Exception as e: logger.debug("main gets the error: " + str(e)) logger.debug("cleanup here") raw_input("Press Enter to continue...") try: virtual_machine_monitor1.clear() subprocess.call(["/etc/init.d/libvirt-bin", "restart"]) except NameError: logger.debug("well, host1 was not defined!") sys.exit(1)