diff --git a/AIDojoCoordinator/scenarios/scenario_configuration.py b/AIDojoCoordinator/scenarios/scenario_configuration.py index d8fedb80..7e0577d3 100644 --- a/AIDojoCoordinator/scenarios/scenario_configuration.py +++ b/AIDojoCoordinator/scenarios/scenario_configuration.py @@ -760,5 +760,5 @@ ) ] -configuration_objects = [smb_server, db_server, web_server, other_server_1, other_server_2, client_1, client_2, - client_3, client_4, client_5, router1, internet, outside_node, *connections, *exploits] \ No newline at end of file +# configuration_objects = [smb_server, db_server, web_server, other_server_1, other_server_2, client_1, client_2, +# client_3, client_4, client_5, router1, internet, outside_node, *connections, *exploits] \ No newline at end of file diff --git a/AIDojoCoordinator/scenarios/tiny_scenario_configuration.py b/AIDojoCoordinator/scenarios/tiny_scenario_configuration.py index afc3af09..b630560f 100644 --- a/AIDojoCoordinator/scenarios/tiny_scenario_configuration.py +++ b/AIDojoCoordinator/scenarios/tiny_scenario_configuration.py @@ -1,122 +1,308 @@ +# This file defines the hosts and their characteristics, the services they run, the users they have and their security levels, the data they have, and in the router/FW all the rules of which host can access what import cyst.api.configuration as cyst_cfg +from cyst.api.configuration.network.elements import RouteConfig +from cyst.api.logic.access import AuthenticationProviderType, AuthenticationTokenType, AuthenticationTokenSecurity +from cyst.api.configuration import ExploitConfig, VulnerableServiceConfig +from cyst.api.logic.exploit import ExploitLocality, ExploitCategory +# -------------------------------------------------------- +# This is a tiny scenario configuration for a network security environment. +# It contains 1 client in separate local networks and 1 remote C&C server. +# The scenario is a smaller version of the scenario1, which is used for testing purposes. -target = cyst_cfg.NodeConfig( +''' -------------------------------------------------------------------------------------------------------------------- +A template for local password authentication. +''' +local_password_auth = cyst_cfg.AuthenticationProviderConfig( + provider_type=AuthenticationProviderType.LOCAL, + token_type=AuthenticationTokenType.PASSWORD, + token_security=AuthenticationTokenSecurity.SEALED, + timeout=30 +) + +''' -------------------------------------------------------------------------------------------------------------------- +Server 1: +- SMB/File sharing (It is vulnerable to some remote exploit) +- Remote Desktop +- Can go to router and internet + +- the only windows server. It does not connect to the AD +- access schemes for remote desktop and file sharing are kept separate, but can be integrated into one if needed +- Service types should be derived from nmap services https://svn.nmap.org/nmap/nmap-services +''' +smb_server = cyst_cfg.NodeConfig( active_services=[], passive_services=[ cyst_cfg.PassiveServiceConfig( - name="bash", - owner="root", - version="8.1.0", + name="microsoft-ds", + owner="Local system", + version="10.0.19041", + local=False, + private_data=[ + cyst_cfg.DataConfig( + owner="User1", + description="DataFromServer1" + ), + cyst_cfg.DataConfig( + owner="User2", + description="Data2FromServer1" + ), + cyst_cfg.DataConfig( + owner="User1", + description="Data3FromServer1" + ) + ], access_level=cyst_cfg.AccessLevel.LIMITED, - local=True, + authentication_providers=[], + access_schemes=[ + cyst_cfg.AccessSchemeConfig( + authentication_providers=["windows login"], + authorization_domain=cyst_cfg.AuthorizationDomainConfig( + type=cyst_cfg.AuthorizationDomainType.LOCAL, + authorizations=[ + cyst_cfg.AuthorizationConfig("User1", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("User2", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("User3", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("User4", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("User5", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("Administrator", cyst_cfg.AccessLevel.ELEVATED) + ] + ) + ) + ] ), cyst_cfg.PassiveServiceConfig( - name="lighttpd", - owner="www", - version="1.4.62", - access_level=cyst_cfg.AccessLevel.LIMITED, + name="ms-wbt-server", + owner="Local system", + version="10.0.19041", local=False, + access_level=cyst_cfg.AccessLevel.ELEVATED, + parameters=[ + (cyst_cfg.ServiceParameter.ENABLE_SESSION, True), + (cyst_cfg.ServiceParameter.SESSION_ACCESS_LEVEL, cyst_cfg.AccessLevel.LIMITED) + ], + authentication_providers=[], + access_schemes=[ + cyst_cfg.AccessSchemeConfig( + authentication_providers=["windows login"], + authorization_domain=cyst_cfg.AuthorizationDomainConfig( + type=cyst_cfg.AuthorizationDomainType.LOCAL, + authorizations=[ + cyst_cfg.AuthorizationConfig("User1", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("User2", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("User3", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("User4", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("User5", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("Administrator", cyst_cfg.AccessLevel.ELEVATED) + ] + ) + ) + ] + ), + cyst_cfg.PassiveServiceConfig( + name="windows login", + owner="Administrator", + version="10.0.19041", + local=True, + access_level=cyst_cfg.AccessLevel.ELEVATED, + authentication_providers=[local_password_auth("windows login")] + ), + cyst_cfg.PassiveServiceConfig( + name="powershell", + owner="Local system", + version="10.0.19041", + local=True, + access_level=cyst_cfg.AccessLevel.LIMITED ) ], - shell="bash", traffic_processors=[], - interfaces=[], - name="target" + interfaces=[cyst_cfg.InterfaceConfig(cyst_cfg.IPAddress("192.168.1.2"), cyst_cfg.IPNetwork("192.168.1.0/24"))], + shell="powershell", + id="smb_server" ) -attacker_service = cyst_cfg.ActiveServiceConfig( - type="netsecenv_agent", - name="attacker", - owner="attacker", - access_level=cyst_cfg.AccessLevel.LIMITED, - ref="attacker_service" -) -attacker = cyst_cfg.NodeConfig( - active_services=[attacker_service()], - passive_services=[], - interfaces=[], - shell="", - traffic_processors=[], - name="attacker_node" -) +''' -------------------------------------------------------------------------------------------------------------------- +Client 1 -attacker2 = cyst_cfg.NodeConfig( - active_services=[attacker_service()], - passive_services=[], - interfaces=[], - shell="", +- Remote Desktop +- Accounts +-- Local admin +-- User1 +- Can go to server 1, 2, 3, router and internet +- Has the attacker +''' +client_1 = cyst_cfg.NodeConfig( + active_services=[ + cyst_cfg.ActiveServiceConfig( + type="scripted_actor", + name="attacker", + owner="attacker", + access_level=cyst_cfg.AccessLevel.LIMITED, + id="attacker_service" + ) + ], + passive_services=[ + cyst_cfg.PassiveServiceConfig( + name="ms-wbt-server", + owner="Local system", + version="10.0.19041", + local=False, + access_level=cyst_cfg.AccessLevel.ELEVATED, + parameters=[ + (cyst_cfg.ServiceParameter.ENABLE_SESSION, True), + (cyst_cfg.ServiceParameter.SESSION_ACCESS_LEVEL, cyst_cfg.AccessLevel.LIMITED) + ], + authentication_providers=[local_password_auth("client_1_windows_login")], + access_schemes=[ + cyst_cfg.AccessSchemeConfig( + authentication_providers=["client_1_windows_login"], + authorization_domain=cyst_cfg.AuthorizationDomainConfig( + type=cyst_cfg.AuthorizationDomainType.LOCAL, + authorizations=[ + cyst_cfg.AuthorizationConfig("User1", cyst_cfg.AccessLevel.LIMITED), + cyst_cfg.AuthorizationConfig("Administrator", cyst_cfg.AccessLevel.ELEVATED) + ] + ) + ) + ] + ), + cyst_cfg.PassiveServiceConfig( + name="powershell", + owner="Local system", + version="10.0.19041", + local=True, + access_level=cyst_cfg.AccessLevel.LIMITED + ), + cyst_cfg.PassiveServiceConfig( + name="can_attack_start_here", + owner="Local system", + version="1", + local=True, + access_level=cyst_cfg.AccessLevel.LIMITED + ) + ], traffic_processors=[], - name="attacker_node_2" + interfaces=[cyst_cfg.InterfaceConfig(cyst_cfg.IPAddress("192.168.2.2"), cyst_cfg.IPNetwork("192.168.2.0/24"))], + shell="powershell", + id="client_1" ) -router = cyst_cfg.RouterConfig( +''' -------------------------------------------------------------------------------------------------------------------- +Routers + +- Has a defender +- SSH (Nope, the routers do not work as normal PCs. But the defender will be ready and will be possible to control it) +''' +router1 = cyst_cfg.RouterConfig( interfaces=[ - cyst_cfg.InterfaceConfig( - ip=cyst_cfg.IPAddress("192.168.0.1"), - net=cyst_cfg.IPNetwork("192.168.0.1/24"), - index=0 - ), - cyst_cfg.InterfaceConfig( - ip=cyst_cfg.IPAddress("192.168.0.1"), - net=cyst_cfg.IPNetwork("192.168.0.1/24"), - index=1 - ), - cyst_cfg.InterfaceConfig( - ip=cyst_cfg.IPAddress("192.168.0.1"), - net=cyst_cfg.IPNetwork("192.168.0.1/24"), - index=2 - ) + cyst_cfg.InterfaceConfig(cyst_cfg.IPAddress("192.168.1.1"), cyst_cfg.IPNetwork("192.168.1.0/24"), index=2), + cyst_cfg.InterfaceConfig(cyst_cfg.IPAddress("192.168.2.1"), cyst_cfg.IPNetwork("192.168.2.0/24"), index=3), + ], + routing_table=[ + # Push everything not-infrastructure to the internet + RouteConfig(cyst_cfg.IPNetwork("0.0.0.0/0"), 10) ], + # Firewall FORWARD policy specifies inter-network routes that are enabled + # Firewall INPUT policy specifies who can connect directly to the router. In this scenario, everyone can. traffic_processors=[ cyst_cfg.FirewallConfig( - default_policy=cyst_cfg.FirewallPolicy.ALLOW, - chains=[ - cyst_cfg.FirewallChainConfig( - type=cyst_cfg.FirewallChainType.FORWARD, - policy=cyst_cfg.FirewallPolicy.ALLOW, - rules=[] - ) - ] + default_policy=cyst_cfg.FirewallPolicy.DENY, + chains=[ + cyst_cfg.FirewallChainConfig( + type=cyst_cfg.FirewallChainType.INPUT, + policy=cyst_cfg.FirewallPolicy.DENY, + rules=[ + cyst_cfg.FirewallRule(cyst_cfg.IPNetwork("192.168.1.0/24"), cyst_cfg.IPNetwork("192.168.1.1/32"), "*", cyst_cfg.FirewallPolicy.ALLOW), + cyst_cfg.FirewallRule(cyst_cfg.IPNetwork("192.168.2.0/24"), cyst_cfg.IPNetwork("192.168.2.1/32"), "*", cyst_cfg.FirewallPolicy.ALLOW) + ] + ), + cyst_cfg.FirewallChainConfig( + type=cyst_cfg.FirewallChainType.FORWARD, + policy=cyst_cfg.FirewallPolicy.DENY, + rules=[ + # Client 1 can go to server 1, 2, 3 + cyst_cfg.FirewallRule(cyst_cfg.IPNetwork("192.168.2.2/32"), cyst_cfg.IPNetwork("192.168.1.2/32"), "*", cyst_cfg.FirewallPolicy.ALLOW), + ] + ) + ] ) ], - id="router" + id="router1" ) -exploit1 = cyst_cfg.ExploitConfig( - services=[ - cyst_cfg.VulnerableServiceConfig( - service="lighttpd", - min_version="1.4.62", - max_version="1.4.62" - ) +''' -------------------------------------------------------------------------------------------------------------------- +Internet + +- Represented as a router outside the scenario network 192.168.0.0/16 +''' +internet = cyst_cfg.RouterConfig( + interfaces=[ + cyst_cfg.InterfaceConfig(cyst_cfg.IPAddress("213.47.23.193"), cyst_cfg.IPNetwork("213.47.23.192/26"), index=0) + ], + routing_table=[ + RouteConfig(cyst_cfg.IPNetwork("192.168.0.0/16"), 0) ], - locality=cyst_cfg.ExploitLocality.REMOTE, - category=cyst_cfg.ExploitCategory.CODE_EXECUTION, - id="http_exploit" + traffic_processors=[], + id="internet" ) -connection1 = cyst_cfg.ConnectionConfig( - src_ref=target, - src_port=-1, - dst_ref=router, - dst_port=0 -) +''' -------------------------------------------------------------------------------------------------------------------- +Outside node -connection2 = cyst_cfg.ConnectionConfig( - src_ref=attacker, - src_port=-1, - dst_ref=router, - dst_port=1 +- A machine that sits in the internet, controlled by the attacker, used for data exfiltration. +''' +outside_node = cyst_cfg.NodeConfig( + active_services=[], + passive_services=[ + cyst_cfg.PassiveServiceConfig( + name="bash", + owner="root", + version="5.0.0", + local=True, + access_level=cyst_cfg.AccessLevel.LIMITED + ), + cyst_cfg.PassiveServiceConfig( + name="listener", + owner="attacker", + version="1.0.0", + local=False, + access_level=cyst_cfg.AccessLevel.ELEVATED + ) + ], + traffic_processors=[], + interfaces=[cyst_cfg.InterfaceConfig(cyst_cfg.IPAddress("213.47.23.195"), cyst_cfg.IPNetwork("213.47.23.192/26"))], + shell="bash", + id="outside_node" ) -connection3 = cyst_cfg.ConnectionConfig( - src_ref=attacker2, - src_port=-1, - dst_ref=router, - dst_port=2 -) +''' -------------------------------------------------------------------------------------------------------------------- +Connections +''' +connections = [ + cyst_cfg.ConnectionConfig("smb_server", 0, "router1", 0), + cyst_cfg.ConnectionConfig("client_1", 0, "router1", 1), + cyst_cfg.ConnectionConfig("internet", 0, "router1", 2), + cyst_cfg.ConnectionConfig("internet", 1, "outside_node", 0) +] +''' -------------------------------------------------------------------------------------------------------------------- +Exploits +- There exists only one for windows lanman server (SMB) and enables data exfiltration. Add others as needed... +''' +exploits = [ + ExploitConfig( + services=[ + VulnerableServiceConfig( + service="microsoft-ds", + min_version="10.0. 19041", + max_version="10.0.19041" + ) + ], + locality=ExploitLocality.REMOTE, + category=ExploitCategory.DATA_MANIPULATION, + id="smb_exploit" + ) +] -configuration_objects = [target, attacker_service, attacker, attacker2, router, exploit1, connection2, connection1, connection3] +configuration_objects = [smb_server, client_1, router1, internet, outside_node, *connections, *exploits] \ No newline at end of file