From ddc9acd03a2765725e7e33a4fbedf26316278041 Mon Sep 17 00:00:00 2001 From: Archer Bowen Date: Fri, 9 Aug 2024 11:04:12 +0100 Subject: [PATCH] #2689 Fix notebook blue agent actions not functioning correctly. --- .../Command-&-Control-E2E-Demonstration.ipynb | 62 ++++++++++++++----- .../red_applications/c2/abstract_c2.py | 6 +- .../system/red_applications/test_c2_suite.py | 6 ++ 3 files changed, 54 insertions(+), 20 deletions(-) diff --git a/src/primaite/notebooks/Command-&-Control-E2E-Demonstration.ipynb b/src/primaite/notebooks/Command-&-Control-E2E-Demonstration.ipynb index 3cdb3324..e41b6e08 100644 --- a/src/primaite/notebooks/Command-&-Control-E2E-Demonstration.ipynb +++ b/src/primaite/notebooks/Command-&-Control-E2E-Demonstration.ipynb @@ -83,6 +83,8 @@ " ip_list:\n", " - 192.168.1.21\n", " - 192.168.1.14\n", + " wildcard_list:\n", + " - 0.0.0.1\n", " action_map:\n", " 0:\n", " action: DONOTHING\n", @@ -469,7 +471,8 @@ " dest_port_id: 2\n", " protocol_id: 1\n", " source_wildcard_id: 0\n", - " dest_wildcard_id: 0\n", + " dest_wildcard_id: 0 \n", + "\n", "\n", " options:\n", " nodes:\n", @@ -496,7 +499,6 @@ " - 192.168.1.12\n", " wildcard_list:\n", " - 0.0.0.1\n", - "\n", " reward_function:\n", " reward_components:\n", " - type: DUMMY\n", @@ -728,7 +730,7 @@ " c2_beacon.configure(c2_server_ip_address=\"192.168.10.21\")\n", " c2_beacon.establish()\n", "\n", - " return given_env, c2_server, c2_beacon" + " return given_env, c2_server, c2_beacon, client_1, web_server" ] }, { @@ -757,7 +759,7 @@ "source": [ "# Setting up the C2 Suite using the c2_setup method & capturing the OBS impacts\n", "\n", - "blue_env, c2_server, c2_beacon = c2_setup(blue_env=blue_env)\n", + "blue_env, c2_server, c2_beacon, client_1, web_server = c2_setup(given_env=blue_env)\n", "pre_blue_action_obs, _, _, _, _ = blue_env.step(0)" ] }, @@ -852,7 +854,7 @@ "source": [ "# Setting up the C2 Suite using the c2_setup method & capturing the OBS impacts\n", "\n", - "blue_env, c2_server, c2_beacon = c2_setup(blue_env=blue_env)\n", + "blue_env, c2_server, c2_beacon, client_1, web_server = c2_setup(given_env=blue_env)\n", "pre_blue_action_obs, _, _, _, _ = blue_env.step(0)" ] }, @@ -942,7 +944,7 @@ "source": [ "# Setting up the C2 Suite using the c2_setup method & capturing the OBS impacts\n", "\n", - "blue_env, c2_server, c2_beacon = c2_setup(blue_env=blue_env)\n", + "blue_env, c2_server, c2_beacon, client_1, web_server = c2_setup(given_env=blue_env)\n", "pre_blue_action_obs, _, _, _, _ = blue_env.step(0)" ] }, @@ -980,15 +982,6 @@ "router_1.acl.show()" ] }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "display_obs_diffs(default_obs, c2_ransomware_obs, env.game.step_counter)" - ] - }, { "cell_type": "markdown", "metadata": {}, @@ -1002,8 +995,10 @@ "metadata": {}, "outputs": [], "source": [ - "# Waiting for the ransomware to finish installing and then launching the RansomwareScript.\n", "blue_env.step(0)\n", + "\n", + "# Attempting to install and execute the ransomware script\n", + "c2_server._send_command(C2Command.TERMINAL, command_options=ransomware_install_command)\n", "c2_server._send_command(C2Command.RANSOMWARE_LAUNCH, command_options={})" ] }, @@ -1015,6 +1010,41 @@ "source": [ "router_1.acl.show()" ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Because of the ACL rule the C2 beacon never received the ransomware installation and execute commands from the C2 server:" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "web_server.software_manager.show()" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "database_server: Server = blue_env.game.simulation.network.get_node_by_hostname(\"database_server\")\n", + "database_server.software_manager.file_system.show(full=True)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "display_obs_diffs(pre_blue_action_obs, post_blue_action_obs, blue_env.game.step_counter)" + ] } ], "metadata": { diff --git a/src/primaite/simulator/system/applications/red_applications/c2/abstract_c2.py b/src/primaite/simulator/system/applications/red_applications/c2/abstract_c2.py index 9158d80f..47944633 100644 --- a/src/primaite/simulator/system/applications/red_applications/c2/abstract_c2.py +++ b/src/primaite/simulator/system/applications/red_applications/c2/abstract_c2.py @@ -90,7 +90,8 @@ class AbstractC2(Application, identifier="AbstractC2"): # TODO: Update this post application/services requiring to listen to multiple ports def __init__(self, **kwargs): """Initialise the C2 applications to by default listen for HTTP traffic.""" - kwargs["port"] = Port.HTTP # TODO: Update this post application/services requiring to listen to multiple ports + kwargs["listen_on_ports"] = {Port.HTTP, Port.FTP, Port.DNS} + kwargs["port"] = Port.HTTP kwargs["protocol"] = IPProtocol.TCP super().__init__(**kwargs) @@ -241,9 +242,6 @@ class AbstractC2(Application, identifier="AbstractC2"): ) return False - # TODO: Validation on Ports (E.g only allow HTTP, FTP etc) - # Potentially compare to IPProtocol & Port children? Depends on how listening on multiple ports is implemented. - # Setting the Ports self.current_masquerade_port = payload.masquerade_port self.current_masquerade_protocol = payload.masquerade_protocol diff --git a/tests/integration_tests/system/red_applications/test_c2_suite.py b/tests/integration_tests/system/red_applications/test_c2_suite.py index 9d66f3c1..9b799ff5 100644 --- a/tests/integration_tests/system/red_applications/test_c2_suite.py +++ b/tests/integration_tests/system/red_applications/test_c2_suite.py @@ -102,6 +102,12 @@ def test_c2_suite_setup_receive(basic_network): assert c2_server.c2_connection_active is True assert c2_server.c2_remote_connection == IPv4Address("192.168.255.2") + for i in range(50): + network.apply_timestep(i) + + assert c2_beacon.c2_connection_active is True + assert c2_server.c2_connection_active is True + def test_c2_suite_keep_alive_inactivity(basic_network): """Tests that C2 Beacon disconnects from the C2 Server after inactivity."""