oxbrbtx/PrimAITE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#2689 Updated c2 tests significantly and improved quality of debug logging.

Browse Source
This commit is contained in:
Archer Bowen
2024-08-12 10:47:56 +01:00
parent 53433ce7b6
commit ce3805cd15
5 changed files with 281 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
tests/integration_tests/system/red_applications/test_c2_suite_integration.py
View File

@@ -10,7 +10,7 @@ from primaite.simulator.file_system.file_system_item_abc import FileSystemItemHe
from primaite.simulator.network.container import Network
from primaite.simulator.network.hardware.nodes.host.computer import Computer
from primaite.simulator.network.hardware.nodes.host.server import Server
from primaite.simulator.network.hardware.nodes.network.router import ACLAction, Router
from primaite.simulator.network.hardware.nodes.network.router import AccessControlList, ACLAction, Router
from primaite.simulator.network.hardware.nodes.network.switch import Switch
from primaite.simulator.network.transmission.network_layer import IPProtocol
from primaite.simulator.network.transmission.transport_layer import Port
@@ -209,6 +209,8 @@ def test_c2_suite_acl_block(basic_network):
network: Network = basic_network
network, computer_a, c2_server, computer_b, c2_beacon = setup_c2(network)
computer_b.software_manager.install(software_class=RansomwareScript)
ransomware_config = {"server_ip_address": "192.168.0.2"}
router: Router = network.get_node_by_hostname("router")
@@ -275,3 +277,189 @@ def test_c2_suite_terminal_command_file_creation(basic_network):
assert computer_c.software_manager.file_system.access_file(folder_name="test_folder", file_name="test_file") == True
assert c2_beacon.remote_terminal_session is not None
def test_c2_suite_acl_bypass(basic_network):
"""Tests that C2 Beacon can be reconfigured to connect C2 Server to bypass blocking ACL rules.
1. This Test first configures a router to block HTTP traffic and asserts the following:
1. C2 Beacon and C2 Server are unable to maintain connection
2. Traffic is confirmed to be blocked by the ACL rule.
2. Next the C2 Beacon is re-configured to use FTP which is permitted by the ACL and asserts the following;
1. The C2 Beacon and C2 Server re-establish connection
2. The ACL rule has not prevent any further traffic.
3. A test file create command is sent & it's output confirmed
3. The ACL is then re-configured to block FTP traffic and asserts the following:
1. C2 Beacon and C2 Server are unable to maintain connection
2. Traffic is confirmed to be blocked by the ACL rule.
4. Next the C2 Beacon is re-configured to use HTTP which is permitted by the ACL and asserts the following;
1. The C2 Beacon and C2 Server re-establish connection
2. The ACL rule has not prevent any further traffic.
3. A test file create command is sent & it's output confirmed
"""
network: Network = basic_network
network, computer_a, c2_server, computer_b, c2_beacon = setup_c2(network)
router: Router = network.get_node_by_hostname("router")
################ Confirm Default Setup #########################
# Permitting all HTTP & FTP traffic
router.acl.add_rule(action=ACLAction.PERMIT, src_port=Port.HTTP, dst_port=Port.HTTP, position=0)
router.acl.add_rule(action=ACLAction.PERMIT, src_port=Port.FTP, dst_port=Port.FTP, position=1)
c2_beacon.apply_timestep(0)
assert c2_beacon.keep_alive_inactivity == 1
# Keep Alive successfully sent and received upon the 2nd timestep.
c2_beacon.apply_timestep(1)
assert c2_beacon.keep_alive_inactivity == 0
assert c2_beacon.c2_connection_active == True
################ Denying HTTP Traffic #########################
# Now we add a HTTP blocking acl (Thus preventing a keep alive)
router.acl.add_rule(action=ACLAction.DENY, src_port=Port.HTTP, dst_port=Port.HTTP, position=0)
blocking_acl: AccessControlList = router.acl.acl[0]
# Asserts to show the C2 Suite is unable to maintain connection:
network.apply_timestep(2)
network.apply_timestep(3)
c2_packets_blocked = blocking_acl.match_count
assert c2_packets_blocked != 0
assert c2_beacon.c2_connection_active is False
# Stepping one more time to confirm that the C2 server drops its connection
network.apply_timestep(4)
assert c2_server.c2_connection_active is False
################ Configuring C2 to use FTP #####################
# Reconfiguring the c2 beacon to now use FTP
c2_beacon.configure(
c2_server_ip_address="192.168.0.2",
keep_alive_frequency=2,
masquerade_port=Port.FTP,
masquerade_protocol=IPProtocol.TCP,
)
c2_beacon.establish()
################ Confirming connection via FTP #####################
# Confirming we've re-established connection
assert c2_beacon.c2_connection_active is True
assert c2_server.c2_connection_active is True
# Confirming that we can send commands:
ftp_file_create_command = {
"commands": [
["file_system", "create", "folder", "test_folder"],
["file_system", "create", "file", "test_folder", "ftp_test_file", "True"],
],
"username": "admin",
"password": "admin",
"ip_address": None,
}
c2_server._send_command(C2Command.TERMINAL, command_options=ftp_file_create_command)
assert (
computer_b.software_manager.file_system.access_file(folder_name="test_folder", file_name="ftp_test_file")
== True
)
# Confirming we can maintain connection
# Stepping twenty timesteps in the network
i = 4 # We're already at the 4th timestep (starting at timestep 4)
for i in range(20):
network.apply_timestep(i)
# Confirming HTTP ACL ineffectiveness (C2 Bypass)
# Asserting that the ACL hasn't caught more traffic and the c2 connection is still active
assert c2_packets_blocked == blocking_acl.match_count
assert c2_server.c2_connection_active is True
assert c2_beacon.c2_connection_active is True
################ Denying FTP Traffic & Enable HTTP #########################
# Blocking FTP and re-permitting HTTP:
router.acl.add_rule(action=ACLAction.PERMIT, src_port=Port.HTTP, dst_port=Port.HTTP, position=0)
router.acl.add_rule(action=ACLAction.DENY, src_port=Port.FTP, dst_port=Port.FTP, position=1)
blocking_acl: AccessControlList = router.acl.acl[1]
# Asserts to show the C2 Suite is unable to maintain connection:
network.apply_timestep(25)
network.apply_timestep(26)
c2_packets_blocked = blocking_acl.match_count
assert c2_packets_blocked != 0
assert c2_beacon.c2_connection_active is False
# Stepping one more time to confirm that the C2 server drops its connection
network.apply_timestep(27)
assert c2_server.c2_connection_active is False
################ Configuring C2 to use HTTP #####################
# Reconfiguring the c2 beacon to now use HTTP Again
c2_beacon.configure(
c2_server_ip_address="192.168.0.2",
keep_alive_frequency=2,
masquerade_port=Port.HTTP,
masquerade_protocol=IPProtocol.TCP,
)
c2_beacon.establish()
################ Confirming connection via HTTP #####################
# Confirming we've re-established connection
assert c2_beacon.c2_connection_active is True
assert c2_server.c2_connection_active is True
# Confirming that we can send commands
http_file_create_command = {
"commands": [
["file_system", "create", "folder", "test_folder"],
["file_system", "create", "file", "test_folder", "http_test_file", "True"],
],
"username": "admin",
"password": "admin",
"ip_address": None,
}
c2_server._send_command(C2Command.TERMINAL, command_options=http_file_create_command)
assert (
computer_b.software_manager.file_system.access_file(folder_name="test_folder", file_name="http_test_file")
== True
)
assert c2_beacon.c2_connection_active is True
assert c2_server.c2_connection_active is True
# Confirming we can maintain connection
# Stepping twenty timesteps in the network
i = 28 # We're already at the 28th timestep
for i in range(20):
network.apply_timestep(i)
# Confirming FTP ACL ineffectiveness (C2 Bypass)
# Asserting that the ACL hasn't caught more traffic and the c2 connection is still active
assert c2_packets_blocked == blocking_acl.match_count
assert c2_server.c2_connection_active is True
assert c2_beacon.c2_connection_active is True