Merge pull request #20 from Fortiphyd/qol-updates

QoL updates

Author: djformby

attacker/Dockerfile

@@ -44,13 +44,48 @@ COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
 COPY default.xml /etc/xdg/xfce4/panel/default.xml
 
+COPY index.html /opt/noVNC/index.html
+
+
 # Entrypoint script that sets password and starts the desktop session
 COPY start.sh /usr/local/bin/start.sh
 RUN chmod +x /usr/local/bin/start.sh
 
+# allow passwordless sudo
+RUN echo "kali ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/kali \
+ && chmod 440 /etc/sudoers.d/kali
+
+RUN sed -i 's/^#*autologin-user=.*/autologin-user=kali/' /etc/lightdm/lightdm.conf || true \
+ && sed -i 's/^#*autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf || true
+
+
+# Disable XDG autostart entries that cause blank/lock in VNC/Xvfb
+RUN for f in xfce4-screensaver.desktop xfce4-power-manager.desktop light-locker.desktop; do \
+      if [ -f "/etc/xdg/autostart/$f" ]; then \
+        sed -i '/^Hidden=/d' "/etc/xdg/autostart/$f" && \
+        printf '\nHidden=true\n' >> "/etc/xdg/autostart/$f"; \
+      fi; \
+    done
+
+
+
+RUN mv /usr/bin/xflock4 /usr/bin/xflock4.real && \
+    printf '#!/bin/sh\nexit 0\n' > /usr/bin/xflock4 && \
+    chmod +x /usr/bin/xflock4
+
+RUN if [ -f /usr/bin/xfce4-screensaver-command ] && [ ! -f /usr/bin/xfce4-screensaver-command.real ]; then \
+      mv /usr/bin/xfce4-screensaver-command /usr/bin/xfce4-screensaver-command.real; \
+    fi && \
+    printf '#!/bin/sh\nexit 0\n' > /usr/bin/xfce4-screensaver-command && \
+    chmod +x /usr/bin/xfce4-screensaver-command
+
+COPY xfce-no-lock.sh /usr/local/bin/xfce-no-lock.sh
+RUN chmod +x /usr/local/bin/xfce-no-lock.sh
+
+
 EXPOSE ${NOVNC_PORT} ${VNC_PORT}
 
 USER root
 
 ENTRYPOINT ["/usr/local/bin/start.sh"]
-CMD ["supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"]
+CMD ["supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"]

attacker/index.html

@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="refresh" content="0; url=vnc.html?autoconnect=1">
+  </head>
+</html>

attacker/xfce-no-lock.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+LOG=/tmp/xfce-no-lock.log
+echo "[$(date)] started" >> "$LOG"
+
+until pgrep -u kali xfce4-session >/dev/null 2>&1; do
+  sleep 0.5
+done
+
+export DISPLAY=:1
+export XAUTHORITY=/home/kali/.Xauthority
+set +e
+
+xfconf-query -c xfce4-session -p /general/LockScreen  -t bool -s false --create
+xfconf-query -c xfce4-session -p /shutdown/LockScreen -t bool -s false --create
+
+echo "[$(date)] completed" >> "$LOG"

attacker/xfce4-screensaver.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<channel name="xfce4-screensaver" version="1.0">
+    <property name="lock-enabled" type="bool" value="false"/>
+    <property name="idle-activation-enabled" type="bool" value="false"/>
+    <property name="lock-delay" type="int" value="0"/>
+</channel>

attacker/xfce4-session.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<channel name="xfce4-session" version="1.0">
+    <property name="general" type="empty">
+        <property name="LockScreen" type="bool" value="false"/>
+        <property name="FailsafeSessionName" type="string" value="Failsafe"/>
+        <property name="LockCommand" type="string" value=""/>
+    </property>
+    <property name="sessions" type="empty">
+        <property name="Failsafe" type="empty">
+            <property name="IsFailsafe" type="bool" value="true"/>
+            <property name="Count" type="int" value="5"/>
+            <property name="Client0_Command" type="array">
+                <value type="string" value="xfwm4"/>
+            </property>
+            <property name="Client0_Priority" type="int" value="15"/>
+            <property name="Client0_PerScreen" type="bool" value="false"/>
+            <property name="Client1_Command" type="array">
+                <value type="string" value="xfsettingsd"/>
+            </property>
+            <property name="Client1_Priority" type="int" value="20"/>
+            <property name="Client1_PerScreen" type="bool" value="false"/>
+            <property name="Client2_Command" type="array">
+                <value type="string" value="xfce4-panel"/>
+            </property>
+            <property name="Client2_Priority" type="int" value="25"/>
+            <property name="Client2_PerScreen" type="bool" value="false"/>
+            <property name="Client3_Command" type="array">
+                <value type="string" value="Thunar"/>
+                <value type="string" value="--daemon"/>
+            </property>
+            <property name="Client3_Priority" type="int" value="30"/>
+            <property name="Client3_PerScreen" type="bool" value="false"/>
+            <property name="Client4_Command" type="array">
+                <value type="string" value="xfdesktop"/>
+            </property>
+            <property name="Client4_Priority" type="int" value="35"/>
+            <property name="Client4_PerScreen" type="bool" value="false"/>
+        </property>
+    </property>
+    <property name="shutdown" type="empty">
+        <property name="LockScreen" type="bool" value="true"/>
+    </property>
+</channel>

docker-compose.yml

@@ -93,6 +93,9 @@ services:
       a-grfics-admin:  # gets random bridge IP (e.g., 172.18.x.x)
       c-dmz-net:
         ipv4_address: 192.168.90.6
+    sysctls:
+      net.ipv4.conf.default.arp_announce: 2
+      net.ipv4.conf.all.arp_announce: 2
 
   router:
     image: fortiphyd/grfics-router

workstation/Dockerfile

@@ -85,11 +85,16 @@ Categories=Development;\n" \
     chmod +x /home/${USERNAME}/Desktop/OpenPLC.desktop && \
     chown ${USERNAME}:${USERNAME} /home/${USERNAME}/Desktop/OpenPLC.desktop
 
+    
 
 COPY places.sqlite /home/engineer/.mozilla/firefox/ztc0wi0n.default-release/places.sqlite
 RUN chown engineer /home/engineer/.mozilla/firefox/ztc0wi0n.default-release/places.sqlite
 RUN chown -R engineer:engineer /home/engineer 
 
+
+COPY index.html /opt/noVNC/index.html
+
+
 EXPOSE ${NOVNC_PORT} ${VNC_PORT}
 
 USER root

workstation/index.html

@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="refresh" content="0; url=vnc.html?autoconnect=1">
+  </head>
+</html>