oxbrbtx/PrimAITE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#2689 Updated documentation and docustrings following PR comments.

Browse Source
This commit is contained in:
Archer Bowen
2024-08-15 17:47:33 +01:00
parent 7d086ec35e
commit e5be392ea8
7 changed files with 75 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/source/simulation_components/system/applications/c2_suite.rst
View File

@@ -7,14 +7,13 @@
Command and Control Application Suite
#####################################
Comprising of two applications, the command and control (C2) suites intends to introduce
Comprising of two applications, the Command and Control (C2) suites intends to introduce
malicious network architecture and begin to further the realism of red agents within primAITE.
Overview:
=========
These two new classes intend to Red Agents a cyber realistic way of leveraging the capabilities of the ``Terminal`` application.
Whilst introducing both more opportunities for the blue agent to notice and subvert Red Agents during an episode.
These two new classes give red agents a cyber realistic way of leveraging the capabilities of the ``Terminal`` application whilst introducing more opportunities for the blue agent to notice and subvert a red agent during an episode.
For a more in-depth look at the command and control applications then please refer to the ``C2-E2E-Notebook``.
@@ -23,7 +22,7 @@ For a more in-depth look at the command and control applications then please ref
The C2 Server application is intended to represent the malicious infrastructure already under the control of an adversary.
The C2 Server is configured to listen and await ``keep alive`` traffic from a c2 beacon. Once received the C2 Server is able to send and receive c2 commands.
The C2 Server is configured to listen and await ``keep alive`` traffic from a C2 beacon. Once received the C2 Server is able to send and receive C2 commands.
Currently, the C2 Server offers three commands:
@@ -88,7 +87,7 @@ Implementation
==============
Both applications inherit from an abstract C2 which handles the keep alive functionality and main logic.
However, each host implements it's receive methods individually.
However, each host implements it's own receive methods.
- The ``C2 Beacon`` is responsible for the following logic:
- Establishes and confirms connection to the C2 Server via sending ``C2Payload.KEEP_ALIVE``.
@@ -275,11 +274,11 @@ This must be a valid integer i.e ``10``. Defaults to ``5``.
The protocol that the C2 Beacon will use to communicate to the C2 Server with.
Currently only ``tcp`` and ``udp`` are valid masquerade protocol options.
Currently only ``TCP`` and ``UDP`` are valid masquerade protocol options.
It's worth noting that this may be useful option to bypass ACL rules.
This must be a string i.e ``udp``. Defaults to ``tcp``.
This must be a string i.e *UDP*. Defaults to ``TCP``.
*Please refer to the ``IPProtocol`` class for further reference.*

2
src/primaite/game/agent/actions.py
View File

@@ -1143,7 +1143,7 @@ class RansomwareLaunchC2ServerAction(AbstractAction):
node_name = self.manager.get_node_name_by_idx(node_id)
if node_name is None:
return ["do_nothing"]
# Not options needed for this action.
# This action currently doesn't require any further configuration options.
return ["network", "node", node_name, "application", "C2Server", "ransomware_launch"]

82
src/primaite/notebooks/Command-&-Control-E2E-Demonstration.ipynb
View File

@@ -38,7 +38,7 @@
"\n",
"This notebook uses the same network setup as UC2. Please refer to the main [UC2-E2E-Demo notebook for further reference](./Data-Manipulation-E2E-Demonstration.ipynb).\n",
"\n",
"However, this notebook will replaces with the red agent used in UC2 with a custom proxy red agent built for this notebook."
"However, this notebook replaces the red agent used in UC2 with a custom proxy red agent built for this notebook."
]
},
{
@@ -188,11 +188,10 @@
"source": [
"## **Notebook Setup** | Network Prerequisites\n",
"\n",
"Before the Red Agent is able to perform any C2 specific actions, the C2 Server needs to be installed and run before the episode begins.\n",
"Before the Red Agent is able to perform any C2 specific actions, the C2 Server needs to be installed and run before the Red Agent can perform any C2 specific action.\n",
"This is because in higher fidelity environments (and the real-world) a C2 server would not be accessible by a private network blue agent and the C2 Server would already be in place before the an adversary (Red Agent) starts.\n",
"\n",
"This is because higher fidelity environments (and the real-world) a C2 server would not be accessible by private network blue agent and the C2 Server would already be in place before the an adversary (Red Agent) before the narrative of the use case.\n",
"\n",
"The cells below installs and runs the C2 Server on the client_1 directly via the simulation API."
"The cells below install and runs the C2 Server on client_1 directly via the simulation API."
]
},
{
@@ -214,9 +213,9 @@
"source": [
"## **Command and Control** | C2 Beacon Actions\n",
"\n",
"Before any C2 Server commands is able to accept any commands, it must first establish connection with a C2 beacon.\n",
"Before a C2 Server can accept any commands it must first establish connection with a C2 Beacon.\n",
"\n",
"A red agent is able to install, configure and establish a C2 beacon at any point of an episode. The code cells below demonstrate what actions and option parameters are needed to perform this."
"A red agent is able to install, configure and establish a C2 beacon at any point in an episode. The code cells below demonstrate the actions and option parameters that are needed to perform this."
]
},
{
@@ -225,7 +224,7 @@
"source": [
"### **Command and Control** | C2 Beacon Actions | NODE_APPLICATION_INSTALL\n",
"\n",
"The custom proxy red agent defined at the start of this notebook has been configured to install the C2 Beacon as action ``1`` on it's action map. \n",
"The custom proxy red agent defined at the start of this notebook has been configured to install the C2 Beacon as action ``1`` in it's action map. \n",
"\n",
"The below yaml snippet shows all the relevant agent options for this action:\n",
"\n",
@@ -268,9 +267,9 @@
"source": [
"### **Command and Control** | C2 Beacon Actions | CONFIGURE_C2_BEACON \n",
"\n",
"The custom proxy red agent defined at the start of this notebook can configure the C2 Beacon via action ``2`` on it's action map. \n",
"The custom proxy red agent defined at the start of this notebook can configure the C2 Beacon via action ``2`` in it's action map. \n",
"\n",
"The below yaml snippet shows all the relevant agent options for this action:\n",
"The yaml snippet below shows all the relevant agent options for this action:\n",
"\n",
"```yaml\n",
" action_space:\n",
@@ -315,9 +314,9 @@
"source": [
"### **Command and Control** | C2 Beacon Actions | NODE_APPLICATION_EXECUTE\n",
"\n",
"The final action is ``NODE_APPLICATION_EXECUTE`` which is used to establish connection for the C2 application. This action can be called by the Red Agent via action ``3`` on it's action map. \n",
"The final action is ``NODE_APPLICATION_EXECUTE`` which is used to establish a connection for the C2 application. This action can be called by the Red Agent via action ``3`` in it's action map. \n",
"\n",
"The below yaml snippet shows all the relevant agent options for this action:\n",
"The yaml snippet below shows all the relevant agent options for this action:\n",
"\n",
"```yaml\n",
" action_space:\n",
@@ -370,7 +369,7 @@
"Once the C2 suite has been successfully established, the C2 Server based actions become available to the Red Agent. \n",
"\n",
"\n",
"This next section will demonstrate the different actions that become available to a red agent after establishing C2 connection:"
"This next section will demonstrate the different actions that become available to a red agent after establishing a C2 connection:"
]
},
{
@@ -379,15 +378,15 @@
"source": [
"### **Command and Control** | C2 Server Actions | C2_SERVER_TERMINAL_COMMAND\n",
"\n",
"The C2 Server's terminal action is indexed at ``4`` on the custom red agent action map. \n",
"The C2 Server's terminal action: ``C2_SERVER_TERMINAL_COMMAND`` is indexed at ``4`` in it's action map. \n",
"\n",
"This action leverages the terminal service that is installed by default on all nodes to grant red agents a lot more configurability. If you're unfamiliar with terminals then it's recommended that you refer to the ``Terminal Processing`` notebook.\n",
"\n",
"It's worth noting that an additional benefit that a red agent has when using terminal via the C2 Server is that you can execute multiple commands in one action. \n",
"It's worth noting that an additional benefit a red agent has when using the terminal service via the C2 Server is that you can execute multiple commands in one action. \n",
"\n",
"In this notebook, the ``C2_SERVER_TERMINAL_COMMAND`` is used to install a RansomwareScript application on the ``web_server`` node.\n",
"\n",
"The below yaml snippet shows all the relevant agent options for this action:\n",
"The yaml snippet below shows all the relevant agent options for this action:\n",
"\n",
"``` yaml\n",
" action_space:\n",
@@ -444,11 +443,11 @@
"source": [
"### **Command and Control** | C2 Server Actions | C2_SERVER_RANSOMWARE_CONFIGURE\n",
"\n",
"Another action that the C2 Server grants is the ability for a Red Agent to configure ransomware via the C2 Server. \n",
"Another action the C2 Server grants is the ability for a Red Agent to configure the RansomwareScript via the C2 Server rather than the note directly.\n",
"\n",
"This action is indexed as action ``5``.\n",
"\n",
"The below yaml snippet shows all the relevant agent options for this action:\n",
"The yaml snippet below shows all the relevant agent options for this action:\n",
"\n",
"``` yaml\n",
" action_space:\n",
@@ -500,11 +499,11 @@
"source": [
"### **Command and Control** | C2 Server Actions | C2_SERVER_DATA_EXFILTRATE\n",
"\n",
"The second to last action available is the ``C2_SERVER_DATA_EXFILTRATE`` which can be used to exfiltrate a target file on a remote node to the C2 Beacon & Server's host file system via the ``FTP`` services.\n",
"The second to last action available is the ``C2_SERVER_DATA_EXFILTRATE`` which is indexed as action ``6`` in the action map.\n",
"\n",
"This action is indexed as action ``6``..\n",
"This action can be used to exfiltrate a target file on a remote node to the C2 Beacon and the C2 Server's host file system via the ``FTP`` services.\n",
"\n",
"The below yaml snippet shows all the relevant agent options for this action\n",
"The below yaml snippet shows all the relevant agent options for this action:\n",
"\n",
"``` yaml\n",
" action_space:\n",
@@ -532,8 +531,7 @@
" username: \"admin\",\n",
" password: \"admin\"\n",
"\n",
"```\n",
"\n"
"```"
]
},
{
@@ -571,11 +569,11 @@
"source": [
"### **Command and Control** | C2 Server Actions | C2_SERVER_RANSOMWARE_LAUNCH\n",
"\n",
"Finally, to the ransomware configuration action, there is also the ``C2_SERVER_RANSOMWARE_LAUNCH`` which quite simply launches the ransomware script installed on the same node as the C2 beacon.\n",
"Finally, the last available action is for the C2_SERVER_RANSOMWARE_LAUNCH to start the ransomware script installed on the same node as the C2 beacon.\n",
"\n",
"This action is indexed as action ``7``.\n",
"\n",
"The below yaml snippet shows all the relevant agent options for this action\n",
"\"The yaml snippet below shows all the relevant agent options for this action:\n",
"\n",
"``` yaml\n",
" action_space:\n",
@@ -623,9 +621,9 @@
"source": [
"## **Command and Control** | Blue Agent Relevance\n",
"\n",
"The next section of the notebook will demonstrate the impact that the command and control suite has to the Blue Agent's observation space as well as some potential actions that can be used to prevent the attack from being successfully.\n",
"The next section of the notebook will demonstrate the impact the command and control suite has on the Blue Agent's observation space as well as some potential actions that can be used to prevent the attack from being successful.\n",
"\n",
"The code cell below re-creates the UC2 network and swaps out the previous custom red agent with a custom blue agent. \n"
"The code cell below recreates the UC2 network and swaps out the previous custom red agent with a custom blue agent. "
]
},
{
@@ -1072,7 +1070,7 @@
"metadata": {},
"outputs": [],
"source": [
"# This method is used to shorthand setting up the C2Server and the C2 Beacon.\n",
"# This method is used to simplify setting up the C2Server and the C2 Beacon.\n",
"def c2_setup(given_env: PrimaiteGymEnv):\n",
" client_1: Computer = given_env.game.simulation.network.get_node_by_hostname(\"client_1\")\n",
" web_server: Server = given_env.game.simulation.network.get_node_by_hostname(\"web_server\")\n",
@@ -1190,7 +1188,7 @@
"source": [
"#### Shutting down the node infected with a C2 Beacon.\n",
"\n",
"Another way a blue agent can prevent the C2 suite is via shutting down the C2 beacon's host node. Whilst not as effective as the previous option, dependant on situation (such as multiple malicious applications) or other scenarios it may be more timestep efficient for a blue agent to shut down a node directly."
"Another way a blue agent can prevent the C2 suite is by shutting down the C2 beacon's host node. Whilst not as effective as the previous option, dependant on the situation (such as multiple malicious applications) or other scenarios it may be more timestep efficient for a blue agent to shut down a node directly."
]
},
{
@@ -1218,7 +1216,7 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"The code cell below uses the custom blue agent defined at the start of this section perform NODE_SHUT_DOWN on the web server."
"The code cell below uses the custom blue agent defined at the start of this section perform a ``NODE_SHUT_DOWN`` action on the web server."
]
},
{
@@ -1235,7 +1233,7 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"Which we can see after the effects of after stepping another timestep and looking at the web_servers operating state & the OBS differences."
"Which we can see the effects of after another timestep and looking at the web_server's operating state & the OBS differences."
]
},
{
@@ -1264,7 +1262,7 @@
"outputs": [],
"source": [
"# Attempting to install the C2 RansomwareScript\n",
"ransomware_install_command = {\"commands\":[[\"software_manager\", \"application\", \"install\", \"RansomwareScript\"]],\n",
"ransomware_install_command = {\"commands\":[\"software_manager\", \"application\", \"install\", \"RansomwareScript\"],\n",
" \"username\": \"admin\",\n",
" \"password\": \"admin\"}\n",
"\n",
@@ -1280,7 +1278,7 @@
"\n",
"Another potential option a blue agent could take is by placing an ACL rule which blocks traffic between the C2 Server can C2 Beacon.\n",
"\n",
"It's worth noting the potential effectiveness of approach is also linked by the current green agent traffic on the network. The same applies for the previous example."
"It's worth noting the potential effectiveness of this approach is connected to the current green agent traffic on the network. For example, if there are multiple green agents using the C2 Beacon's host node then blocking all traffic would lead to a negative reward. The same applies for the previous example."
]
},
{
@@ -1325,7 +1323,7 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"Which we can see after the effects of after stepping another timestep and looking at router 1's ACLs and the OBS differences."
"Which we can see the effects of after another timestep and looking at router 1's ACLs and the OBS differences."
]
},
{
@@ -1454,9 +1452,9 @@
"\n",
"As with a majority of client and server based application configuration in primaite, the remote IP of server must be supplied.\n",
"\n",
"In the case of the C2 Beacon, the C2 Server's IP must be supplied before the C2 beacon will be able to perform any other actions (including ``APPLICATION EXECUTE``).\n",
"In the case of the C2 Beacon, the C2 Server's IP address must be supplied before the C2 beacon will be able to perform any other actions (including ``APPLICATION EXECUTE``).\n",
"\n",
"If the network contains multiple C2 Servers then it's also possible to switch to different C2 servers mid episode which is demonstrated in the below code cells."
"If the network contains multiple C2 Servers then it's also possible to switch to different C2 servers mid-episode which is demonstrated in the below code cells."
]
},
{
@@ -1546,7 +1544,7 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"After six timesteps the client_1 server will recognise the c2 beacon previous connection as dead and clear it's connections. (This is dependant o the ``Keep Alive Frequency`` setting.)"
"After six timesteps the client_1 server will recognise the C2 beacon's previous connection as dead and clear its connections. (This is dependant on the ``Keep Alive Frequency`` setting.)"
]
},
{
@@ -1569,7 +1567,7 @@
"\n",
"In order to confirm it's connection the C2 Beacon will send out a ``Keep Alive`` to the C2 Server and receive a keep alive back. \n",
"\n",
"By default, this occurs at a rate of 5 timesteps. However, this setting can be configured to be much more infrequent or as frequent as every timestep. \n",
"By default, this occurs every 5 timesteps. However, this setting can be configured to be much more infrequent or as frequent as every timestep. \n",
"\n",
"The next set of code cells below demonstrate the impact that this setting has on blue agent observation space."
]
@@ -1631,7 +1629,7 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"The code cell below goes through 10 timesteps and displays the differences between the default and the current timestep.\n",
"The code cell below executes 10 timesteps and displays the differences between the default and the current timestep.\n",
"\n",
"You will notice that the only two timesteps displayed observation space differences. This is due to the C2 Suite confirming their connection through sending ``Keep Alive`` traffic across the network every 5 timesteps."
]
@@ -1688,7 +1686,7 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"Additionally, the keep_alive_frequency can also be used to configure the C2 Beacon to confirm connection less frequently. \n",
"Lastly, the keep_alive_frequency can also be used to configure the C2 Beacon to confirm connection less frequently. \n",
"\n",
"The code cells below demonstrate the impacts of changing the frequency rate to ``7`` timesteps."
]
@@ -1713,9 +1711,9 @@
"source": [
"### **Command and Control** | Configurability | Masquerade Port & Masquerade Protocol\n",
"\n",
"The final configurable options are ``Masquerade Port`` & ``Masquerade Protocol``. These options can be used to control what networking IP Protocol and Port the C2 traffic is currently using.\n",
"The final configurable options are ``Masquerade Port`` & ``Masquerade Protocol``. These options can be used to control the networking IP Protocol and Port the C2 traffic is currently using.\n",
"\n",
"In the real world, Adversaries take defensive steps to reduce the chance that an installed C2 Beacon is discovered. One of the most commonly used methods is to masquerade c2 traffic as other commonly used networking protocols.\n",
"In the real world, adversaries take defensive steps to reduce the chance that an installed C2 Beacon is discovered. One of the most commonly used methods is to masquerade C2 traffic as other commonly used networking protocols.\n",
"\n",
"In primAITE, red agents can begin to simulate stealth behaviour by configuring C2 traffic to use different protocols mid episode or between episodes.\n",
"\n",

12
src/primaite/simulator/system/applications/red_applications/c2/__init__.py
View File

@@ -6,7 +6,7 @@ from pydantic import BaseModel, Field, field_validator, ValidationInfo
from primaite.interface.request import RequestFormat
class Command_Opts(BaseModel):
class CommandOpts(BaseModel):
"""A C2 Pydantic Schema acting as a base class for all C2 Commands."""
@field_validator("payload", "exfiltration_folder_name", "ip_address", mode="before", check_fields=False)
@@ -18,7 +18,7 @@ class Command_Opts(BaseModel):
return v
class Ransomware_Opts(Command_Opts):
class RansomwareOpts(CommandOpts):
"""A Pydantic Schema for the Ransomware Configuration command options."""
server_ip_address: str
@@ -28,7 +28,7 @@ class Ransomware_Opts(Command_Opts):
"""The malicious payload to be used to attack the target database."""
class Remote_Opts(Command_Opts):
class RemoteOpts(CommandOpts):
"""A base C2 Pydantic Schema for all C2 Commands that require a terminal connection."""
ip_address: Optional[str] = Field(default=None)
@@ -41,7 +41,7 @@ class Remote_Opts(Command_Opts):
"""A Password of a valid user account. Used to login into both remote and local hosts."""
class Exfil_Opts(Remote_Opts):
class ExfilOpts(RemoteOpts):
"""A Pydantic Schema for the C2 Data Exfiltration command options."""
target_ip_address: str
@@ -54,10 +54,10 @@ class Exfil_Opts(Remote_Opts):
"""The name of the remote folder which contains the target file."""
exfiltration_folder_name: str = Field(default="exfiltration_folder")
""""""
"""The name of C2 Suite folder used to store the target file. Defaults to ``exfiltration_folder``"""
class Terminal_Opts(Remote_Opts):
class TerminalOpts(RemoteOpts):
"""A Pydantic Schema for the C2 Terminal command options."""
commands: Union[list[RequestFormat], RequestFormat]

4
src/primaite/simulator/system/applications/red_applications/c2/abstract_c2.py
View File

@@ -277,8 +277,10 @@ class AbstractC2(Application, identifier="AbstractC2"):
"""Abstract Method: Used in C2 beacon to parse and handle commands received from the c2 server."""
pass
@abstractmethod
def _handle_keep_alive(self, payload: C2Packet, session_id: Optional[str]) -> bool:
"""Abstract Method: The C2 Server and the C2 Beacon handle the KEEP ALIVEs differently."""
"""Abstract Method: Each C2 suite handles ``C2Payload.KEEP_ALIVE`` differently."""
pass
# from_network_interface=from_network_interface
def receive(self, payload: any, session_id: Optional[str] = None, **kwargs) -> bool:

18
src/primaite/simulator/system/applications/red_applications/c2/c2_beacon.py
View File

@@ -11,7 +11,7 @@ from primaite.simulator.core import RequestManager, RequestType
from primaite.simulator.network.protocols.masquerade import C2Packet
from primaite.simulator.network.transmission.network_layer import IPProtocol
from primaite.simulator.network.transmission.transport_layer import Port
from primaite.simulator.system.applications.red_applications.c2 import Exfil_Opts, Ransomware_Opts, Terminal_Opts
from primaite.simulator.system.applications.red_applications.c2 import ExfilOpts, RansomwareOpts, TerminalOpts
from primaite.simulator.system.applications.red_applications.c2.abstract_c2 import AbstractC2, C2Command, C2Payload
from primaite.simulator.system.applications.red_applications.ransomware_script import RansomwareScript
from primaite.simulator.system.services.terminal.terminal import Terminal, TerminalClientConnection
@@ -30,7 +30,7 @@ class C2Beacon(AbstractC2, identifier="C2Beacon"):
Extends the Abstract C2 application to include the following:
1. Receiving commands from the C2 Server (Command input)
2. Leveraging the terminal application to execute requests (dependant on the command given)
2. Leveraging the terminal application to execute requests (dependent on the command given)
3. Sending the RequestResponse back to the C2 Server (Command output)
Please refer to the Command-&-Control notebook for an in-depth example of the C2 Suite.
@@ -156,7 +156,7 @@ class C2Beacon(AbstractC2, identifier="C2Beacon"):
:type c2_server_ip_address: IPv4Address
:param keep_alive_frequency: The frequency (timesteps) at which the C2 beacon will send keep alive(s).
:type keep_alive_frequency: Int
:param masquerade_protocol: The Protocol that C2 Traffic will masquerade as. Defaults as TCP.
:param masquerade_protocol: The Protocol that C2 Traffic will masquerade as. Defaults to TCP.
:type masquerade_protocol: Enum (IPProtocol)
:param masquerade_port: The Port that the C2 Traffic will masquerade as. Defaults to FTP.
:type masquerade_port: Enum (Port)
@@ -294,7 +294,7 @@ class C2Beacon(AbstractC2, identifier="C2Beacon"):
:return: Returns the Request Response returned by the Terminal execute method.
:rtype: Request Response
"""
command_opts = Ransomware_Opts.model_validate(payload.payload)
command_opts = RansomwareOpts.model_validate(payload.payload)
if self._host_ransomware_script is None:
return RequestResponse(
status="failure",
@@ -352,7 +352,7 @@ class C2Beacon(AbstractC2, identifier="C2Beacon"):
data={"Reason": "Cannot find any instances of both a FTP Server & Client. Are they installed?"},
)
command_opts = Exfil_Opts.model_validate(payload.payload)
command_opts = ExfilOpts.model_validate(payload.payload)
# Setting up the terminal session and the ftp server
if not self._set_terminal_session(
@@ -401,7 +401,7 @@ class C2Beacon(AbstractC2, identifier="C2Beacon"):
Attempts to exfiltrate a target file from a target using the parameters given.
Uses the current terminal_session to send a command to the
remote host's FTP Client passing the exfil_opts as command options.
remote host's FTP Client passing the ExfilOpts as command options.
This will instruct the FTP client to send the target file to the
dest_ip_address's destination folder.
@@ -411,8 +411,8 @@ class C2Beacon(AbstractC2, identifier="C2Beacon"):
2. The target has a functioning FTP Client Service.
:exfil_opts: A Pydantic model containing the require configuration options
:type exfil_opts: Exfil_Opts
:ExfilOpts: A Pydantic model containing the require configuration options
:type ExfilOpts: ExfilOpts
:return: Returns a tuple containing a success boolean and a Request Response..
:rtype: tuple[bool, RequestResponse
"""
@@ -473,7 +473,7 @@ class C2Beacon(AbstractC2, identifier="C2Beacon"):
:return: Returns the Request Response returned by the Terminal execute method.
:rtype: Request Response
"""
command_opts = Terminal_Opts.model_validate(payload.payload)
command_opts = TerminalOpts.model_validate(payload.payload)
if self._host_terminal is None:
return RequestResponse(

20
src/primaite/simulator/system/applications/red_applications/c2/c2_server.py
View File

@@ -8,10 +8,10 @@ from primaite.interface.request import RequestFormat, RequestResponse
from primaite.simulator.core import RequestManager, RequestType
from primaite.simulator.network.protocols.masquerade import C2Packet
from primaite.simulator.system.applications.red_applications.c2 import (
Command_Opts,
Exfil_Opts,
Ransomware_Opts,
Terminal_Opts,
CommandOpts,
ExfilOpts,
RansomwareOpts,
TerminalOpts,
)
from primaite.simulator.system.applications.red_applications.c2.abstract_c2 import AbstractC2, C2Command, C2Payload
@@ -264,7 +264,7 @@ class C2Server(AbstractC2, identifier="C2Server"):
)
return self.current_command_output
def _command_setup(self, given_command: C2Command, command_options: dict) -> tuple[bool, Command_Opts]:
def _command_setup(self, given_command: C2Command, command_options: dict) -> tuple[bool, CommandOpts]:
"""
Performs any necessary C2 Server setup needed to perform certain commands.
@@ -289,13 +289,13 @@ class C2Server(AbstractC2, identifier="C2Server"):
:param command_options: The relevant command parameters.
:type command_options: Dict
:returns: Tuple containing a success bool if the setup was successful and the validated c2 opts.
:rtype: tuple[bool, Command_Opts]
:rtype: tuple[bool, CommandOpts]
"""
server_setup_success: bool = True
if given_command == C2Command.DATA_EXFILTRATION: # Data exfiltration setup
# Validating command options
command_options = Exfil_Opts.model_validate(command_options)
command_options = ExfilOpts.model_validate(command_options)
if self._host_ftp_server is None:
self.sys_log.warning(f"{self.name}: Unable to setup the FTP Server for data exfiltration")
server_setup_success = False
@@ -306,15 +306,15 @@ class C2Server(AbstractC2, identifier="C2Server"):
if given_command == C2Command.TERMINAL:
# Validating command options
command_options = Terminal_Opts.model_validate(command_options)
command_options = TerminalOpts.model_validate(command_options)
if given_command == C2Command.RANSOMWARE_CONFIGURE:
# Validating command options
command_options = Ransomware_Opts.model_validate(command_options)
command_options = RansomwareOpts.model_validate(command_options)
if given_command == C2Command.RANSOMWARE_LAUNCH:
# Validating command options
command_options = Command_Opts.model_validate(command_options)
command_options = CommandOpts.model_validate(command_options)
return [server_setup_success, command_options]