Merge pull request #22 from fkie-cad/dev

Merge dev into main
fkie-cad · Dec 10, 2021 · c19281a · c19281a
2 parents 590f23c + f93b418
commit c19281a
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 13 deletions.
diff --git a/provisioning/ansible/attacker_playbook.yml b/provisioning/ansible/attacker_playbook.yml
@@ -31,3 +31,4 @@
     - spearphishing
     - generate_malware
     - ssh_config
+    - dosfstools
diff --git a/provisioning/ansible/roles/dosfstools/tasks/main.yml b/provisioning/ansible/roles/dosfstools/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+
+# dosfstools provide the mkfs.fat command, which is used by infect_flashdrive_exe
+- name: Install dosfstools
+  apt:
+    name: dosfstools
+    update_cache: yes
+    state: present
diff --git a/provisioning/packer/companyrouter.json b/provisioning/packer/companyrouter.json
@@ -9,6 +9,7 @@
   },
   "builders": [
     {
+      "memory": "1536",
       "name": "Company-Router (IP-Fire)",
       "type": "virtualbox-iso",
       "guest_os_type": "Linux_64",

diff --git a/provisioning/packer/logserver.json b/provisioning/packer/logserver.json
@@ -54,7 +54,7 @@
         "http://old-releases.ubuntu.com/releases/16.04.5/ubuntu-16.04.6-server-amd64.iso"
       ],
       "keep_registered": "true",
-      "memory": "4096",
+      "memory": "3072",
       "output_directory": "{{user `vm_output`}}",
       "pause_before_connecting": "1m",
       "shutdown_command": "echo 'packer' | sudo -S shutdown -P now",

diff --git a/src/attacks/attack_flashdrive_exe.py b/src/attacks/attack_flashdrive_exe.py
@@ -59,7 +59,7 @@ def _generate_image_commands(self):
         return [
             "rm -f {}".format(image),
             "dd if=/dev/zero of={} bs=1024 count=0 seek=$[1024*32]".format(image),
-            "mkfs.msdos {}".format(image),
+            "mkfs.fat {}".format(image),
             "mkdir {}".format(media),
             "mount -o loop {} {}".format(image, media),
             "mv /root/Bank-of-Nuthington.exe {}".format(media),

diff --git a/src/attacks/tests/test_attack_flashdrive_exe.py b/src/attacks/tests/test_attack_flashdrive_exe.py
@@ -43,7 +43,7 @@ def test_generate_image_commands(self, attack: FlashdriveEXEAttack):
         expected_image_commands = [
             "rm -f /root/evil_image_file.img",
             "dd if=/dev/zero of=/root/evil_image_file.img bs=1024 count=0 seek=$[1024*32]",
-            "mkfs.msdos /root/evil_image_file.img",
+            "mkfs.fat /root/evil_image_file.img",
             "mkdir /media/evil_image/",
             "mount -o loop /root/evil_image_file.img /media/evil_image/",
             "mv /root/Bank-of-Nuthington.exe /media/evil_image/",

diff --git a/src/systests/test_attacks.py b/src/systests/test_attacks.py
@@ -27,10 +27,10 @@
 from attacks.attack_download_malware_meterpreter import DownloadMalwareMeterpreterAttack
 from attacks.attack_email_exe import EmailEXEAttack
 from attacks.attack_execute_malware import ExecuteMalwareAttack
-from attacks.attack_flashdrive_exfiltration import FlashdriveExfiltrationAttack
 from attacks.attack_flashdrive_exe import FlashdriveEXEAttack
-from attacks.attack_kill_reverse_connection import KillReverseConnectionAttack
+from attacks.attack_flashdrive_exfiltration import FlashdriveExfiltrationAttack
 from attacks.attack_hashdump import HashdumpAttack
+from attacks.attack_kill_reverse_connection import KillReverseConnectionAttack
 from attacks.attack_mimikatz import MimikatzAttack
 from attacks.attack_set_autostart import SetAutostartAttack
 from attacks.attack_sqlmap import SQLMapAttack
@@ -74,17 +74,13 @@ class TestAttack:
         # Then a sequence of an infection attack and a c2 attack is run. As we currently have more
         # c2 than infection attacks, some infection attacks are run more than once.
         # The order within a category (infect or c2) does not matter, we use alphabetical here.
-
-        # FlashdriveEXEAttack() currently fails due to Windows being unable to open
-        # the inserted "flashdrive" (some kind of format error)
-
         KillReverseConnectionAttack(), EmailEXEAttack(), ChangeWallpaperAttack(),
-        KillReverseConnectionAttack(), EmailEXEAttack(), DownloadMalwareMeterpreterAttack(),
+        KillReverseConnectionAttack(), FlashdriveEXEAttack(), DownloadMalwareMeterpreterAttack(),
         KillReverseConnectionAttack(), EmailEXEAttack(), C2ExfiltrationAttack(),
-        KillReverseConnectionAttack(), EmailEXEAttack(), HashdumpAttack(),
+        KillReverseConnectionAttack(), FlashdriveEXEAttack(), HashdumpAttack(),
         KillReverseConnectionAttack(), EmailEXEAttack(), TakeScreenshotAttack(),
-        KillReverseConnectionAttack(), EmailEXEAttack(), MimikatzAttack()
-	]
+        KillReverseConnectionAttack(), FlashdriveEXEAttack(), MimikatzAttack()
+    ]
 
     @pytest.mark.parametrize("attack", attacks, ids=lambda a: type(a).__name__)
     def test_attack(self, attack, timeout_counter):