예제 #1
0
def cli():
    parser = argparse.ArgumentParser(description='Haystack generator utility.')
    parser.add_argument('config_file',
                        type=str,
                        help='path to the config file')
    parser.add_argument('--guest',
                        type=str,
                        help='name of the guest virtual machine',
                        nargs='?',
                        default='guest-{}'.format(int(time.time())))
    parser.add_argument(
        '--seed',
        type=int,
        help='initial seed to use for random number generation',
        nargs='?',
        default=None)

    args = parser.parse_args()

    logger_core = create_logger('haystack_core', logging.ERROR)
    logger_generator = create_logger('haystack_generator', logging.DEBUG)

    # Create virtual machine.
    macs_in_use = []
    guests = []

    guest_listener = GuestListener(guests, logger_core)
    virtual_machine_monitor = Vmm(macs_in_use, guests, logger_core)
    guest = virtual_machine_monitor.create_guest(guest_name=args.guest,
                                                 platform="windows")

    # Waiting to connect to guest.
    logger_generator.info("[~] Trying to connect to guest.")

    while guest.state != "connected":
        logger_generator.debug(".")
        time.sleep(1)

    logger_generator.info('[+] Connected to %s', guest.guestname)

    # Load and parse config file.
    generator = Generator(guest,
                          args.config_file,
                          logger_generator,
                          seed=args.seed)

    # Execute action suite.
    generator.execute()

    # Shutdown the generator before closing the VM.
    generator.shutdown()

    # Shutdown virtual machine but keep the disk.
    guest.shutdown('keep')
예제 #2
0
def create_vm(logger):
    #virtual_machine_monitor1 = Vmm(logger, linux_template='linux_template')
    macsInUse = []
    guests = []
    guestListener = GuestListener(guests, logger)
    virtual_machine_monitor1 = Vmm(macsInUse, guests, logger)
    guest = virtual_machine_monitor1.create_guest(guest_name="w-guest01", platform="windows")

    logger.debug("Try connecting to guest")

    while guest.state != "connected":
        logger.debug(".")
        time.sleep(1)

    logger.debug(guest.guestname + " is connected!")

    return guest
예제 #3
0
파일: generator.py 프로젝트: dasec/hystck 
def main():
    # Parse command line arguments.
    parser = argparse.ArgumentParser(description='Haystack generator utility.')
    parser.add_argument('config_file',
                        type=str,
                        help='path to the config file')
    parser.add_argument('--guest',
                        type=str,
                        help='name of the guest virtual machine',
                        nargs='?',
                        default='guest-{}'.format(int(time.time())))
    parser.add_argument(
        '--seed',
        type=int,
        help='initial seed to use for random number generation',
        nargs='?',
        default=None)
    parser.add_argument('--parallel',
                        type=int,
                        help='amount of virtual machines running parallel',
                        nargs='?',
                        default=1)
    parser.add_argument('--store',
                        type=bool,
                        help='store the virtual machine disk after shutdown',
                        nargs='?',
                        default=False)

    args = parser.parse_args()

    # Create virtual machine.
    macs_in_use = []
    guests = []
    threads = []

    guest_listener = GuestListener(guests, logger_core)
    virtual_machine_monitor = Vmm(macs_in_use, guests, logger_core)
    for index in range(0, args.parallel):
        thread = threading.Thread(target=start_guest,
                                  args=(index, virtual_machine_monitor, args))
        thread.start()
        threads.append(thread)

    for thread in threads:
        thread.join()
예제 #4
0
def main():
    """
    Test Script for hystck with HelloBot.

    :return: no return value
    """
    try:
        # create logger
        logger = create_logger('hystckManager', logging.DEBUG)

        # program code
        logger.info(
            "This is a sample script for using the ZeusBot simulation!" + '\n')

        # create GuestListener
        macs_in_use = []
        guests = []
        guest_listener = GuestListener(guests, logger)

        # create all control instances
        virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger)

        # instanciate each vm
        initiator = virtual_machine_monitor1.create_guest(
            guest_name="windows-guest01", platform="windows")
        target = virtual_machine_monitor1.create_guest(
            guest_name="windows-guest02", platform="windows")

        # wait for dhcp
        initiator.wait_for_dhcp()
        target.wait_for_dhcp()

        # run nmap portscan
        r1 = Nmap.guest_nmap_tcp_syn_scan(initiator, target)
        r1.wait()

        # run ncrack on ssh port
        r2 = Ncrack.crack_guests(
            initiator,
            target,
            service="ssh",
            user_list=["root", "admin", "user", "vm"],
            password_list=["root", "password", "vm", "admin", "user"])
        r2.wait()

        # cleanup
        virtual_machine_monitor1.clear()
        print "simulation has ended!"
        sys.exit(0)

    ######## CLEANUP ############# ERROR HANDLING
    except KeyboardInterrupt as k:
        logger.debug(k)
        logger.debug("KeyboardInterrupt")
        logger.debug(k)
        logger.debug(virtual_machine_monitor1)
        raw_input("Press Enter to continue...")
        virtual_machine_monitor1.clear()
        logger.debug("cleanup here")
        try:
            virtual_machine_monitor1.clear()
        except NameError:
            logger.debug("well, host1 was not defined!")

        exit(0)

    except Exception as e:
        logger.debug("main gets the error: " + str(e))
        logger.debug("cleanup here")
        raw_input("Press Enter to continue...")
        try:
            virtual_machine_monitor1.clear()
            subprocess.call(["/etc/init.d/libvirt-bin", "restart"])
        except NameError:
            logger.debug("well, host1 was not defined!")
        sys.exit(1)
예제 #5
0
파일: zeus-master.py 프로젝트: dasec/hystck 
def main():
    """
    Test Script for hystck with HelloBot.

    :return: no return value
    """
    try:
        # create logger
        logger = create_logger('hystckManager', logging.DEBUG)

        # program code
        logger.info("This is a sample script for using the ZeusBot simulation!" + '\n')

        # create GuestListener
        macs_in_use = []
        guests = []
        guest_listener = GuestListener(guests, logger)

        # create all control instances
        virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger)
        bmon = BotMonitorBase()
        sm = SimulationManager(bmon)

        # setup groups
        bmon.group_manager.setup_group('zeus_bot', 'zeus-bot.py')
        bmon.group_manager.setup_group('zeus_cnc', 'zeus-cnc.py')

        # instanciate each vm
        cnc = virtual_machine_monitor1.create_guest(guest_name="windows-guest01", platform="windows")
        bot1 = virtual_machine_monitor1.create_guest(guest_name="windows-guest02", platform="windows")
        bot2 = virtual_machine_monitor1.create_guest(guest_name="windows-guest03", platform="windows")
        bot3 = virtual_machine_monitor1.create_guest(guest_name="windows-guest04", platform="windows")

        # wait for dhcp
        cnc.wait_for_dhcp()
        bot1.wait_for_dhcp()
        bot2.wait_for_dhcp()
        bot3.wait_for_dhcp()

        # if you want to enable the rc4 cypher, disable for plaintext messages (intended for debugging)
        enable_crypto = True
        encryption_key = "secret key"

        # setup the cnc ip for clients and a botnet name, simulate the bot's embedded config
        bmon.globals["cnc_host"] = str(cnc.ip_internet)  # always needed
        bmon.globals["botnet_name"] = "samplebotnet"  # if not set, 'default' will be used
        # bmon.globals["url_config"] = "/config.bin"
        # bmon.globals["url_compip"] = "/ip.php"
        # bmon.globals["url_server"] = "/gate.php"
        # bmon.globals["url_loader"] = "/bot.exe"
        if enable_crypto:
            bmon.globals["encryption_key"] = encryption_key
        else:
            encryption_key = None

        # allocate vms to groups
        bmon.group_manager.add_bot_to_group('zeus_cnc', cnc)
        bmon.group_manager.add_bot_to_group('zeus_bot', bot1)
        bmon.group_manager.add_bot_to_group('zeus_bot', bot2)
        bmon.group_manager.add_bot_to_group('zeus_bot', bot3)

        # begin listening for incoming connections
        bmon.start()

        # upload zeus server files after verifying that cnc is running

        sm.wait_for_bot(cnc)  # wait till bot is ready
        cnc_bot = bmon.group_manager.get_single_bot(cnc)

        # load plaintext config.bin and send it to cnc bot
        with open('config.bin', 'rb') as f:
            c = f.read()
            ZeusCnC.push_file_to_server(cnc_bot, 'config.bin', c, encryption_key)

        # generate a command to send to all clients
        z = ZeusPacketGenerator()
        z.add_command_info("sethomepage http://example.com")
        cmd = str(z.generate_message(encryption_key))  # if encryption is enabled, cmd will already be encrypted
        ZeusCnC.push_file_to_server(cnc_bot, 'gate.php', cmd)  # no need for an additional cypher round

        # wait till the simulation is ready
        sm.wait_for_bots(4)

        # let the bots create control traffic till key press
        raw_input("press enter to exit")

        # close all connections
        bmon.stop()
        virtual_machine_monitor1.clear()
        print "simulation has ended!"
        sys.exit(0)

    ######## CLEANUP ############# ERROR HANDLING
    except KeyboardInterrupt as k:
        logger.debug(k)
        logger.debug("KeyboardInterrupt")
        logger.debug(k)
        logger.debug(virtual_machine_monitor1)
        raw_input("Press Enter to continue...")
        bmon.stop()
        virtual_machine_monitor1.clear()
        logger.debug("cleanup here")
        try:
            virtual_machine_monitor1.clear()
        except NameError:
            logger.debug("well, host1 was not defined!")

        exit(0)

    except Exception as e:
        logger.debug("main gets the error: " + str(e))
        logger.debug("cleanup here")
        raw_input("Press Enter to continue...")
        try:
            bmon.stop()
            virtual_machine_monitor1.clear()
            subprocess.call(["/etc/init.d/libvirt-bin", "restart"])
        except NameError:
            logger.debug("well, host1 was not defined!")
        sys.exit(1)
예제 #6
0
import xml.etree.ElementTree as ET

from hystck.core.vmm import Vmm
from hystck.utility.logger_helper import create_logger
from hystck.core.vmm import GuestListener

import mailbox
import email.utils
import os

# Instanciate VMM and a VM
logger = create_logger('hystckManager', logging.DEBUG)
macsInUse = []
guests = []
guestListener = GuestListener(guests, logger)
virtual_machine_monitor1 = Vmm(macsInUse, guests, logger)
guest = virtual_machine_monitor1.create_guest(guest_name="tbtest",
                                              platform="windows")

# Wait for the VM to connect to the VMM
guest.waitTillAgentIsConnected()

# Create a mailer object
mail = guest.application("mailClientThunderbird", {})
# Important set a password used by the mail service, it will be saved inside thunderbird
mail.set_session_password("hystckMail")
while mail.is_busy:
    time.sleep(1)
# Prepare a new Profile; assume the profile folders don't exist; these options assume a insecure mail server without SSL/TLS using an unencrypted password exchange

#[email protected] / hystckMail / Theo Tester
예제 #7
0
def main():
    """
    Test Script for hystck with HelloBot.

    :return: no return value
    """
    try:
        # create logger
        logger = create_logger('hystckManager', logging.DEBUG)

        # program code
        logger.info("This is a sample script for testing the HelloBot Sample" + '\n')

        # create GuestListener
        macs_in_use = []
        guests = []
        guest_listener = GuestListener(guests, logger)

        # create all control instances
        virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger)
        bmon = BotMonitorBase()
        sm = SimulationManager(bmon)

        # setup groups
        bmon.group_manager.setup_group('hello_bot', 'hello-bot.py')
        bmon.group_manager.setup_group('hello_cnc', 'hello-cnc.py')
        bmon.group_manager.setup_group('hello_bm', 'hello-bm.py')

        # instantiate each vm
        cnc = virtual_machine_monitor1.create_guest(guest_name="windows-guest01", platform="windows")
        bmast = virtual_machine_monitor1.create_guest(guest_name="windows-guest02", platform="windows")
        bot1 = virtual_machine_monitor1.create_guest(guest_name="windows-guest03", platform="windows")
        bot2 = virtual_machine_monitor1.create_guest(guest_name="windows-guest04", platform="windows")
        bot3 = virtual_machine_monitor1.create_guest(guest_name="windows-guest04", platform="windows")

        # wait for dhcp
        cnc.wait_for_dhcp()
        bmast.wait_for_dhcp()
        bot1.wait_for_dhcp()
        bot2.wait_for_dhcp()
        bot3.wait_for_dhcp()

        # setup some variables, for demonstration purposes
        bmon.globals["cnc"] = str(cnc.ip_internet)
        bmon.globals["bmast"] = str(bmast.ip_internet)

        # allocate vms to groups
        bmon.group_manager.add_bot_to_group('hello_cnc', cnc)
        bmon.group_manager.add_bot_to_group('hello_bm', bmast)
        bmon.group_manager.add_bot_to_group('hello_bot', bot1)
        bmon.group_manager.add_bot_to_group('hello_bot', bot2)
        bmon.group_manager.add_bot_to_group('hello_bot', bot3)

        # begin listening for incomming connections
        bmon.start()

        # wait till the simulation is ready
        sm.wait_for_bots(5)

        # actions
        for i in range(0, 10):
            print "round " + str(i)
            bl = bmon.group_manager.get_bots_by_group_name("hello_bm")
            for b in bl:
                print b.ip_address + " is placing an order"
                msg = "hello: " + str(i)
                order = {
                    'cnc_target': str(cnc.ip_internet),
                    'cnc_target_port:': HELLO_PORT,
                    'command': 'send',
                    'bot_target': "192.168.110.1",  # this is the hypervisor
                    'msg': msg
                }
                b.place_order(order)
            sleep(5)
            bl = bmon.group_manager.get_bots_by_group_name("hello_bot")
            for b in bl:
                print b.ip_address + " is pulling orders"
                b.pull_orders(str(cnc.ip_internet), HELLO_PORT)
            sleep(5)
            for b in bl:
                print b.ip_address + " is executing orders"
                b.execute_orders()
            sleep(5)

        raw_input("press enter to exit")
        # close all connections
        bmon.stop()
        virtual_machine_monitor1.clear()
        print "simulation has ended!"
        sys.exit(0)

    ######## CLEANUP ############# ERROR HANDLING
    except KeyboardInterrupt as k:
        logger.debug(k)
        logger.debug("KeyboardInterrupt")
        logger.debug(k)
        logger.debug(virtual_machine_monitor1)
        raw_input("Press Enter to continue...")
        bmon.stop()
        virtual_machine_monitor1.clear()
        logger.debug("cleanup here")
        try:
            virtual_machine_monitor1.clear()
        except NameError:
            logger.debug("well, host1 was not defined!")

        exit(0)

    except Exception as e:
        logger.debug("main gets the error: " + str(e))
        logger.debug("cleanup here")
        raw_input("Press Enter to continue...")
        try:
            bmon.stop()
            virtual_machine_monitor1.clear()
            subprocess.call(["/etc/init.d/libvirt-bin", "restart"])
        except NameError:
            logger.debug("well, host1 was not defined!")
        sys.exit(1)
예제 #8
0
import logging
import time

from hystck.core.vmm import GuestListener
from hystck.core.vmm import Vmm
from hystck.utility.logger_helper import create_logger

logger = create_logger('print_documents', logging.DEBUG)
macs = []
guests = []
guest_listener = GuestListener(guests, logger)

vmm = Vmm(macs, guests, logger)
windows = vmm.create_guest(guest_name='windows_print', platform='windows')

windows.waitTillAgentIsConnected()

# Add printer
windows.shellExec(
    'rundll32 printui.dll,PrintUIEntry /if /b IPPTool-Printer /m "Generic / Text Only" /r "http://192.168.103.123:631/ipp/print/name"'
)
time.sleep(3)
windows.shellExec('rundll32 printui.dll,PrintUIEntry /y /n IPPTool-Printer')
time.sleep(3)
windows.shellExec(
    'REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /t REG_DWORD /v LegacyDefaultPrinterMode /d 1 /f'
)
time.sleep(5)

# Print document
windows.shellExec(
예제 #9
0
import os
import config as cfg

from hystck.core.vmm import Vmm
from hystck.utility.logger_helper import create_logger
from hystck.core.vmm import GuestListener

imagename = cfg.imagename
author = cfg.author
hostplatform = cfg.hostplatform

# Instanciate VMM and a VM
logger = create_logger('hystckManager', logging.DEBUG)
macsInUse = []
guests = []

guestListener = GuestListener(guests, logger)
virtual_machine_monitor1 = Vmm(macsInUse, guests, logger)
guest = virtual_machine_monitor1.create_guest(guest_name=imagename,
                                              platform=hostplatform)

# Wait for the VM to connect to the VMM
guest.waitTillAgentIsConnected()

# copy files to smb Share
guest.smbCopy(cfg.sourcePath, cfg.targetPath, cfg.username, cfg.password)

# Cleanupha das
#guest.cleanUp("")
#guest.shutdown('keep')
예제 #10
0
def main():
    """
    Test Script for hystck.

    :return: no return value
    """
    try:
        # create logger
        logger = create_logger('hystckManager', logging.DEBUG)

        # program code
        logger.info(
            "This is a sample script for using the MariposaBot simulation!" +
            '\n')

        # create GuestListener
        macs_in_use = []
        guests = []
        guest_listener = GuestListener(guests, logger)

        # create all control instances
        virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger)
        bmon = BotMonitorBase()
        sm = SimulationManager(bmon)

        # setup groups
        bmon.group_manager.setup_group('mariposa_bot', 'mariposa-bot.py')
        bmon.group_manager.setup_group('mariposa_cnc', 'mariposa-cnc.py')
        bmon.group_manager.setup_group('mariposa_bm', 'mariposa-bm.py')

        # instanciate each vm
        cnc = virtual_machine_monitor1.create_guest(
            guest_name="windows-guest01", platform="windows")
        bmast = virtual_machine_monitor1.create_guest(
            guest_name="windows-guest02", platform="windows")
        bot1 = virtual_machine_monitor1.create_guest(
            guest_name="windows-guest03", platform="windows")
        bot2 = virtual_machine_monitor1.create_guest(
            guest_name="windows-guest04", platform="windows")

        # wait for dhcp
        cnc.wait_for_dhcp()
        bmast.wait_for_dhcp()
        bot1.wait_for_dhcp()
        bot2.wait_for_dhcp()

        # setup variables, etc.
        cnc_host = str(cnc.ip_internet)
        cnc_port = MariposaProtocol.MARIPOSA_PORT1
        bmon.globals["cnc"] = cnc_host  # optional, default: MARIPOSA_HOST1
        bmon.globals["port"] = cnc_port  # optional, default: MARIPOSA_PORT1
        bmon.globals["bm_ip"] = str(bmast.ip_internet)  # needed

        # allocate vms to groups
        bmon.group_manager.add_bot_to_group('mariposa_cnc', cnc)
        bmon.group_manager.add_bot_to_group('mariposa_bm', bmast)
        bmon.group_manager.add_bot_to_group('mariposa_bot', bot1)
        bmon.group_manager.add_bot_to_group('mariposa_bot', bot2)

        # begin listening for incomming connections
        bmon.start()

        # wait till the simulation is ready
        sm.wait_for_bots(4)

        # wait till bots have completed the initialization phase
        time.sleep(2 * 60)
        time.sleep(30)  # wait some more
        bl = bmon.group_manager.get_bots_by_group_name('mariposa_bm')
        for b in bl:
            print "sending order to: " + b.ip_address
            order = {
                'cnc_target_host': cnc_host,
                'cnc_target_port': cnc_port,
                'command': 'enable_google',
                'args': ''
            }
            b.place_order(order)
        time.sleep(5 * 60)
        bl = bmon.group_manager.get_bots_by_group_name('mariposa_bm')
        for b in bl:
            print "sending order to: " + b.ip_address
            order = {
                'cnc_target_host': cnc_host,
                'cnc_target_port': cnc_port,
                'command': 'download2',
                'args': ''
            }
            b.place_order(order)

        raw_input("press enter to exit")
        # close all connections
        bmon.stop()
        virtual_machine_monitor1.clear()
        print "simulation has ended!"
        sys.exit(0)

    ######## CLEANUP ############# ERROR HANDLING
    except KeyboardInterrupt as k:
        logger.debug(k)
        logger.debug("KeyboardInterrupt")
        logger.debug(k)
        logger.debug(virtual_machine_monitor1)
        raw_input("Press Enter to continue...")
        virtual_machine_monitor1.clear()
        logger.debug("cleanup here")
        try:
            virtual_machine_monitor1.clear()
        except NameError:
            logger.debug("well, host1 was not defined!")

        exit(0)

    except Exception as e:
        logger.debug("main gets the error: " + str(e))
        logger.debug("cleanup here")
        raw_input("Press Enter to continue...")
        try:
            virtual_machine_monitor1.clear()
            subprocess.call(["/etc/init.d/libvirt-bin", "restart"])
        except NameError:
            logger.debug("well, host1 was not defined!")
        sys.exit(1)
예제 #11
0
def main():
    """
    Test Script for hystck with DevControlClient.

    :return: no return value
    """
    try:
        # create logger
        logger = create_logger('hystckManager', logging.DEBUG)

        # program code
        logger.info(
            "This is a sample script for using the ZeusBot simulation!" + '\n')

        # create GuestListener
        macs_in_use = []
        guests = []
        guest_listener = GuestListener(guests, logger)

        # create all control instances
        virtual_machine_monitor1 = Vmm(macs_in_use, guests, logger)

        bot = virtual_machine_monitor1.create_guest(
            guest_name="windows-guest01", platform="windows")

        bot.wait_for_dhcp()

        # at this point userspace tools and drivers should have been started
        # generate the client object for the drivers

        bot_drv = DevControlClient()
        bot_drv.connect(bot)

        # this will call winver as a demonstration
        bot_drv.kb_send_special_key("ESC", lctrl=True)
        time.sleep(2)
        bot_drv.kb_send_text(
            "winver\n"
        )  # the function also supports other escape codes to like '\b' for backspace
        time.sleep(2)
        bot_drv.kb_send_special_key("ENTER")
        time.sleep(2)

        # shutdown
        bot_drv.close()
        virtual_machine_monitor1.clear()
        sys.exit(0)

    ######## CLEANUP ############# ERROR HANDLING
    except KeyboardInterrupt as k:
        logger.debug(k)
        logger.debug("KeyboardInterrupt")
        logger.debug(k)
        logger.debug(virtual_machine_monitor1)
        raw_input("Press Enter to continue...")
        virtual_machine_monitor1.clear()
        logger.debug("cleanup here")
        try:
            virtual_machine_monitor1.clear()
        except NameError:
            logger.debug("well, host1 was not defined!")

        exit(0)

    except Exception as e:
        logger.debug("main gets the error: " + str(e))
        logger.debug("cleanup here")
        raw_input("Press Enter to continue...")
        try:
            virtual_machine_monitor1.clear()
            subprocess.call(["/etc/init.d/libvirt-bin", "restart"])
        except NameError:
            logger.debug("well, host1 was not defined!")
        sys.exit(1)