From d5f48656490044e3a4223a2ebe170caf03d83b7e Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Mon, 21 Oct 2024 16:46:39 +0200 Subject: [PATCH 01/18] Add ansible role for updating kali cert --- provisioning/ansible/attacker_playbook.yml | 1 + .../roles/kali_update_cert/tasks/main.yml | 20 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 provisioning/ansible/roles/kali_update_cert/tasks/main.yml diff --git a/provisioning/ansible/attacker_playbook.yml b/provisioning/ansible/attacker_playbook.yml index 39e727b..6eb166a 100755 --- a/provisioning/ansible/attacker_playbook.yml +++ b/provisioning/ansible/attacker_playbook.yml @@ -21,6 +21,7 @@ roles: + - kali_update_cert - ntp_kali - ftp - external_mail_handler diff --git a/provisioning/ansible/roles/kali_update_cert/tasks/main.yml b/provisioning/ansible/roles/kali_update_cert/tasks/main.yml new file mode 100644 index 0000000..8a9e27b --- /dev/null +++ b/provisioning/ansible/roles/kali_update_cert/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- name: Download the Kali archive keyring package + get_url: + url: http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2024.1_all.deb + dest: /tmp/kali-archive-keyring_2024.1_all.deb + +- name: Install the Kali archive keyring package + ansible.builtin.shell: dpkg -i /tmp/kali-archive-keyring_2024.1_all.deb + become: yes + +- name: Remove the downloaded keyring package + file: + path: /tmp/kali-archive-keyring_2024.1_all.deb + state: absent + +- name: Update apt package list + apt: + update_cache: yes + become: yes \ No newline at end of file From b377d92868ae20127cdeb3f843ba72cc6859ae85 Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Wed, 23 Oct 2024 17:00:35 +0200 Subject: [PATCH 02/18] Remove input call --- .../files/external_mail_handler.py | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/provisioning/ansible/roles/external_mail_handler/files/external_mail_handler.py b/provisioning/ansible/roles/external_mail_handler/files/external_mail_handler.py index 3137f44..eec5199 100644 --- a/provisioning/ansible/roles/external_mail_handler/files/external_mail_handler.py +++ b/provisioning/ansible/roles/external_mail_handler/files/external_mail_handler.py @@ -33,7 +33,7 @@ def setup_logging(): logging.Formatter.converter = time.localtime logging.Formatter.default_time_format = "%Y-%m-%dT%H:%M:%S" is_dst = time.daylight and time.localtime().tm_isdst > 0 - gmt_offset_secs = - (time.altzone if is_dst else time.timezone) + gmt_offset_secs = -(time.altzone if is_dst else time.timezone) gmt_offset_string = "{0:+03d}:00".format(gmt_offset_secs // 3600) log_handler = WatchedFileHandler(filename="/var/log/breach/external_mail_handler.log") logging.basicConfig( @@ -59,7 +59,7 @@ async def handle_DATA(self, server, session, envelope): self.modify_text(mail) self.send_mail(mail) # A return message is mandatory - return '250 OK' + return "250 OK" @staticmethod def swap_sender_receiver(mail): @@ -84,19 +84,17 @@ class Responder: def __init__(self): self.smtp_out = Server("172.18.0.2", 25) self.smtp_in = Server("0.0.0.0", 25) - self.controller: Controller|None = None + self.controller: Controller | None = None def run(self): - logger.info("Starting Mail Responder listening at " + - str(self.smtp_in.server_ip) + - ":" + str(self.smtp_in.server_port)) - logger.info("Sending responses to " + - str(self.smtp_out.server_ip) + - ":" + str(self.smtp_out.server_port)) + logger.info( + "Starting Mail Responder listening at " + str(self.smtp_in.server_ip) + ":" + str(self.smtp_in.server_port) + ) + logger.info("Sending responses to " + str(self.smtp_out.server_ip) + ":" + str(self.smtp_out.server_port)) self.init_controller() self.controller.start() # detaches from current thread - input('SMTP server running. Press Return to stop server and exit.') - self.controller.stop() + while True: + time.sleep(1) def init_controller(self): handler = CustomHandler(self.smtp_out) @@ -146,4 +144,4 @@ def __init__(self, server_ip=None, server_port=None): if __name__ == "__main__": setup_logging() responder = Responder() - responder.run() \ No newline at end of file + responder.run() From d27733f2fcdb46d4ce2b59a2b586c449e28ae1f3 Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Wed, 23 Oct 2024 17:00:55 +0200 Subject: [PATCH 03/18] Install requirements --- .../roles/external_mail_handler/tasks/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/provisioning/ansible/roles/external_mail_handler/tasks/main.yml b/provisioning/ansible/roles/external_mail_handler/tasks/main.yml index 6e0c251..dcedeb2 100644 --- a/provisioning/ansible/roles/external_mail_handler/tasks/main.yml +++ b/provisioning/ansible/roles/external_mail_handler/tasks/main.yml @@ -4,6 +4,24 @@ # Additionally, creates a logrotate config file for logs # +- name: Upgrade binutils + apt: + name: binutils + state: latest + update_cache: yes + +- name: Install Python3 + apt: + name: python3-full=3.12.6-1 + update_cache: yes + state: present + +- name: Install aiosmtpd (requirement) globally + apt: + name: python3-aiosmtpd + update_cache: yes + state: present + - name: "Create script directory {{ script_dir }}" file: path: "{{ script_dir }}" From 390ff204aa204d702a33a27f90f82a3bb49687ed Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Wed, 23 Oct 2024 17:05:14 +0200 Subject: [PATCH 04/18] Update attacker apt certificates and DNS --- provisioning/ansible/attacker_playbook.yml | 1 - .../roles/kali_update_cert/tasks/main.yml | 20 ------------------- provisioning/packer/attacker.json | 9 ++++----- .../packer/post_install/attacker_setup.sh | 16 +++++++++++---- 4 files changed, 16 insertions(+), 30 deletions(-) delete mode 100644 provisioning/ansible/roles/kali_update_cert/tasks/main.yml diff --git a/provisioning/ansible/attacker_playbook.yml b/provisioning/ansible/attacker_playbook.yml index 6eb166a..39e727b 100755 --- a/provisioning/ansible/attacker_playbook.yml +++ b/provisioning/ansible/attacker_playbook.yml @@ -21,7 +21,6 @@ roles: - - kali_update_cert - ntp_kali - ftp - external_mail_handler diff --git a/provisioning/ansible/roles/kali_update_cert/tasks/main.yml b/provisioning/ansible/roles/kali_update_cert/tasks/main.yml deleted file mode 100644 index 8a9e27b..0000000 --- a/provisioning/ansible/roles/kali_update_cert/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -- name: Download the Kali archive keyring package - get_url: - url: http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2024.1_all.deb - dest: /tmp/kali-archive-keyring_2024.1_all.deb - -- name: Install the Kali archive keyring package - ansible.builtin.shell: dpkg -i /tmp/kali-archive-keyring_2024.1_all.deb - become: yes - -- name: Remove the downloaded keyring package - file: - path: /tmp/kali-archive-keyring_2024.1_all.deb - state: absent - -- name: Update apt package list - apt: - update_cache: yes - become: yes \ No newline at end of file diff --git a/provisioning/packer/attacker.json b/provisioning/packer/attacker.json index 6c1e168..553f209 100644 --- a/provisioning/packer/attacker.json +++ b/provisioning/packer/attacker.json @@ -8,7 +8,8 @@ "initrd=/install.amd/initrd.gz ", "auto-install/enable=true ", "debconf/priority=critical ", - "preseed/url=http://{{user `host_ip_addr`}}:{{.HTTPPort}}/attacker_preseed.cfg ", "", + "preseed/url=http://{{user `host_ip_addr`}}:{{.HTTPPort}}/attacker_preseed.cfg ", + "", "netcfg/choose_interface=enp0s8 ", "netcfg/disable_autoconfig=true ", "netcfg/get_ipaddress=192.168.56.31 ", @@ -104,7 +105,7 @@ "-i", "../ansible/hosts" ], - "pause_before": "5m", + "pause_before": "2m", "playbook_file": "../ansible/attacker_playbook.yml", "type": "ansible" } @@ -117,6 +118,4 @@ "vm_output": "./exports/attacker", "vm_hostonlyif": "{{env `HOSTONLYIF`}}" } -} - - +} \ No newline at end of file diff --git a/provisioning/packer/post_install/attacker_setup.sh b/provisioning/packer/post_install/attacker_setup.sh index 576f28c..eab3023 100644 --- a/provisioning/packer/post_install/attacker_setup.sh +++ b/provisioning/packer/post_install/attacker_setup.sh @@ -1,11 +1,19 @@ #!/usr/bin/env bash -# Enable root account, set password and reboot touch /tmp/runasroot.sh -echo "wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-keyring.asc" > /tmp/runasroot.sh -echo "apt update" >> /tmp/runasroot.sh -echo "apt install kali-root-login" >> /tmp/runasroot.sh +# Set up DNS +# echo "apt-get purge resolvconf -y" >> /tmp/runasroot.sh +echo "echo 'nameserver 172.18.0.1' > /etc/resolv.conf" > /tmp/runasroot.sh +echo "apt-get install -y systemd-resolved" >> /tmp/runasroot.sh + +# Update certificates +echo "wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2024.1_all.deb -O /tmp/kali-archive-keyring_2024.1_all.deb" >> /tmp/runasroot.sh +echo "dpkg -i /tmp/kali-archive-keyring_2024.1_all.deb" >> /tmp/runasroot.sh +echo "apt-get update" >> /tmp/runasroot.sh + +# Enable root account, set password and reboot +echo "apt-get install -y kali-root-login" >> /tmp/runasroot.sh echo "echo 'root:breach' | chpasswd" >> /tmp/runasroot.sh echo "reboot" >> /tmp/runasroot.sh From 41dcb3ed483df126ee5d446ee2208a3364345943 Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Wed, 23 Oct 2024 17:05:38 +0200 Subject: [PATCH 05/18] Update attacker apt certificates and DNS --- provisioning/packer/http/attacker_preseed.cfg | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/provisioning/packer/http/attacker_preseed.cfg b/provisioning/packer/http/attacker_preseed.cfg index 1840804..d4cb9e6 100644 --- a/provisioning/packer/http/attacker_preseed.cfg +++ b/provisioning/packer/http/attacker_preseed.cfg @@ -455,6 +455,5 @@ d-i preseed/late_command string \ in-target sh -c "systemctl start systemd-networkd"; \ in-target sh -c "systemctl start systemd-resolved"; \ in-target sh -c "systemctl enable ssh.service"; \ - in-target sh -c "ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf"; \ + in-target sh -c "echo 'nameserver 172.18.0.1' > /etc/resolv.conf"; \ in-target sh -c "echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list" - From a7f1df7d376b9a87d71bb595e77b85ac85dd7c1e Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Wed, 23 Oct 2024 17:06:05 +0200 Subject: [PATCH 06/18] Update IPFire version --- provisioning/packer/internetrouter.json | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/provisioning/packer/internetrouter.json b/provisioning/packer/internetrouter.json index 2d26d27..d7d6f4f 100644 --- a/provisioning/packer/internetrouter.json +++ b/provisioning/packer/internetrouter.json @@ -16,9 +16,9 @@ "vm_name": "Internet Router", "guest_additions_mode": "disable", "headless": "true", - "iso_checksum": "sha256:7793981fbe39cb1fa3cb2f89dd1472751d502823b2fc333449171af1bc225f8f", + "iso_checksum": "sha256:831ee9a6197e0f351fa477b81aab510df6874e7f0e6d16fe1683768b60ff9dc0", "iso_urls": [ - "https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core141/ipfire-2.25.x86_64-full-core141.iso" + "https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core157/ipfire-2.25.x86_64-full-core157.iso" ], "ssh_host": "{{user `ssh_host_addr`}}", "ssh_password": "breach", @@ -58,8 +58,8 @@ "internetrouter", "localdomain", "breachbreach", - "breachbreach", - "", + "breachbreach", + "", "", "", "", @@ -82,7 +82,7 @@ "", "", "", - "", + "", "", "rootbreach", "iptables -I INPUT -p tcp --dport 444 -j ACCEPT", @@ -98,7 +98,6 @@ "/etc/init.d/sshd restart", "" ], - "export_opts": [ "--manifest", "--vsys", @@ -111,9 +110,7 @@ "output_directory": "{{user `vm_output`}}", "keep_registered": "true", "skip_export": "true", - "shutdown_command": "echo 'packer' | shutdown -h -P now", - "vboxmanage_post": [ [ "modifyvm", @@ -145,5 +142,4 @@ "type": "ansible" } ] -} - +} \ No newline at end of file From 83ed0da81b2c9df87631433783fd26b12cb12c48 Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Wed, 23 Oct 2024 17:11:41 +0200 Subject: [PATCH 07/18] Fix unit tests --- .../files/test_external_mail_handler.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py b/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py index 4225d5f..91c80ad 100644 --- a/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py +++ b/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py @@ -83,7 +83,7 @@ async def test_handler(self, handler: CustomHandler): envelope.peer = "127.0.0.1" envelope.mail_to = mail.sender envelope.rcpt_to = [mail.receiver] - envelope.data = mail.to_mime_text().as_string().encode('utf-8') + envelope.data = mail.to_mime_text().as_string().encode("utf-8") await handler.handle_DATA(None, None, envelope) assert handler.swap_sender_receiver.called assert handler.send_mail.called @@ -102,8 +102,9 @@ def test_run(self, responder: Responder): responder.controller.start = Mock() responder.controller.stop = Mock() - with patch("builtins.input", return_value=""): - responder.run() + with patch("time.sleep", side_effect=[None, KeyboardInterrupt]): + with pytest.raises(KeyboardInterrupt): + responder.run() assert responder.init_controller.called assert responder.controller.start.called assert responder.controller.stop.called From c25918c472a467fde2a87dbfc2a343ec0816d2cf Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Wed, 23 Oct 2024 17:18:40 +0200 Subject: [PATCH 08/18] Fix unit tests --- .../files/test_external_mail_handler.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py b/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py index 91c80ad..5a93821 100644 --- a/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py +++ b/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py @@ -98,16 +98,19 @@ def test_init_controller(self, responder: Responder): def test_run(self, responder: Responder): responder.init_controller = Mock() - responder.controller = Mock() # Mock the controller object itself + responder.controller = Mock() responder.controller.start = Mock() responder.controller.stop = Mock() - with patch("time.sleep", side_effect=[None, KeyboardInterrupt]): - with pytest.raises(KeyboardInterrupt): + with patch("time.sleep", side_effect=[KeyboardInterrupt]): + try: responder.run() + except KeyboardInterrupt: + pass # Allow the KeyboardInterrupt to break the loop + assert responder.init_controller.called assert responder.controller.start.called - assert responder.controller.stop.called + assert not responder.controller.stop.called @pytest.fixture() From afa40c0fda4f6988dd9385bad849832ab57583ad Mon Sep 17 00:00:00 2001 From: Maspital Date: Thu, 24 Oct 2024 07:07:50 +0200 Subject: [PATCH 09/18] Upgrade companyrouter IPFire version --- provisioning/packer/companyrouter.json | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/provisioning/packer/companyrouter.json b/provisioning/packer/companyrouter.json index 72b2aec..403be04 100644 --- a/provisioning/packer/companyrouter.json +++ b/provisioning/packer/companyrouter.json @@ -16,10 +16,10 @@ "guest_os_type": "Linux_64", "vm_name": "Company Router", "guest_additions_mode": "disable", - "headless": "true", - "iso_checksum": "sha256:7793981fbe39cb1fa3cb2f89dd1472751d502823b2fc333449171af1bc225f8f", + "headless": "true", + "iso_checksum": "sha256:831ee9a6197e0f351fa477b81aab510df6874e7f0e6d16fe1683768b60ff9dc0", "iso_urls": [ - "https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core141/ipfire-2.25.x86_64-full-core141.iso" + "https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core157/ipfire-2.25.x86_64-full-core157.iso" ], "ssh_host": "{{user `ssh_host_addr`}}", "ssh_password": "breach", @@ -163,5 +163,4 @@ "type": "ansible" } ] -} - +} \ No newline at end of file From 62355e528a67fa224a0af132e448e6144c2a86cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20B=C3=B6nninghausen?= Date: Thu, 24 Oct 2024 09:24:57 +0200 Subject: [PATCH 10/18] Update boot command to work with new core version --- provisioning/packer/companyrouter.json | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/provisioning/packer/companyrouter.json b/provisioning/packer/companyrouter.json index 403be04..1379044 100644 --- a/provisioning/packer/companyrouter.json +++ b/provisioning/packer/companyrouter.json @@ -91,11 +91,10 @@ "0", "", "172.18.0.2", - "0", - "", - "", + "0", "172.18.0.1", "", + "", "", "172.16.1.1", "172.16.255.254", From 4b9b3908f19c6254e831c074fe81756ebae4af0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20B=C3=B6nninghausen?= Date: Fri, 25 Oct 2024 15:43:28 +0200 Subject: [PATCH 11/18] Use default python installation --- .../ansible/roles/external_mail_handler/tasks/main.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/provisioning/ansible/roles/external_mail_handler/tasks/main.yml b/provisioning/ansible/roles/external_mail_handler/tasks/main.yml index dcedeb2..28bb4c6 100644 --- a/provisioning/ansible/roles/external_mail_handler/tasks/main.yml +++ b/provisioning/ansible/roles/external_mail_handler/tasks/main.yml @@ -9,12 +9,6 @@ name: binutils state: latest update_cache: yes - -- name: Install Python3 - apt: - name: python3-full=3.12.6-1 - update_cache: yes - state: present - name: Install aiosmtpd (requirement) globally apt: From d480a4820997cec7ab438ac8557f41026326cb67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20B=C3=B6nninghausen?= Date: Fri, 25 Oct 2024 15:44:05 +0200 Subject: [PATCH 12/18] Set quad8 as DNS server for internetrouter --- provisioning/packer/internetrouter.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/provisioning/packer/internetrouter.json b/provisioning/packer/internetrouter.json index d7d6f4f..1632e2b 100644 --- a/provisioning/packer/internetrouter.json +++ b/provisioning/packer/internetrouter.json @@ -96,6 +96,8 @@ "sed -i 's/Port 22/Port 222/g' /etc/ssh/sshd_config", "/etc/rc.d/init.d/sshd restart", "/etc/init.d/sshd restart", + "echo '3,8.8.8.8,,enabled,' > /var/ipfire/dns/servers", + "/etc/init.d/unbound restart", "" ], "export_opts": [ From 891000a78bbc5b2ffb8a7fa529200ba7e081d457 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20B=C3=B6nninghausen?= Date: Fri, 25 Oct 2024 15:45:53 +0200 Subject: [PATCH 13/18] Downgrade IPFire version --- provisioning/packer/companyrouter.json | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/provisioning/packer/companyrouter.json b/provisioning/packer/companyrouter.json index 1379044..5f168ce 100644 --- a/provisioning/packer/companyrouter.json +++ b/provisioning/packer/companyrouter.json @@ -17,9 +17,9 @@ "vm_name": "Company Router", "guest_additions_mode": "disable", "headless": "true", - "iso_checksum": "sha256:831ee9a6197e0f351fa477b81aab510df6874e7f0e6d16fe1683768b60ff9dc0", + "iso_checksum": "sha256:7793981fbe39cb1fa3cb2f89dd1472751d502823b2fc333449171af1bc225f8f", "iso_urls": [ - "https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core157/ipfire-2.25.x86_64-full-core157.iso" + "https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core141/ipfire-2.25.x86_64-full-core141.iso" ], "ssh_host": "{{user `ssh_host_addr`}}", "ssh_password": "breach", @@ -91,9 +91,10 @@ "0", "", "172.18.0.2", - "0", - "172.18.0.1", + "0", "", + "", + "172.18.0.1", "", "", "172.16.1.1", From 0986a77586e3f509c3c8ff027b9a4ab4427a16ec Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Mon, 28 Oct 2024 16:35:30 +0100 Subject: [PATCH 14/18] Fix incorrect variable name --- .../roles/external_mail_handler/files/external_mail_handler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provisioning/ansible/roles/external_mail_handler/files/external_mail_handler.py b/provisioning/ansible/roles/external_mail_handler/files/external_mail_handler.py index eec5199..ea44769 100644 --- a/provisioning/ansible/roles/external_mail_handler/files/external_mail_handler.py +++ b/provisioning/ansible/roles/external_mail_handler/files/external_mail_handler.py @@ -53,7 +53,7 @@ def __init__(self, smtp_out): async def handle_DATA(self, server, session, envelope): # peer, mail_from, mail_to, rcpt_tos and data are now all encapsulated in 'envelope' # keep in mind that envelope.data contains raw bytes which first have to be decoded - mail = mime_string_to_text_mail(envelope.data.decode("utf-8")) + mail = mime_string_to_text_mail(envelope.content.decode("utf-8")) logger.info("Received mail from " + str(mail.sender) + " addressed to " + str(mail.receiver)) self.swap_sender_receiver(mail) self.modify_text(mail) From febfeed4b732207240b4c53954b646a52155e166 Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Mon, 28 Oct 2024 16:35:48 +0100 Subject: [PATCH 15/18] Remove superfluous code --- provisioning/packer/post_install/attacker_setup.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/provisioning/packer/post_install/attacker_setup.sh b/provisioning/packer/post_install/attacker_setup.sh index eab3023..3c5f406 100644 --- a/provisioning/packer/post_install/attacker_setup.sh +++ b/provisioning/packer/post_install/attacker_setup.sh @@ -5,7 +5,6 @@ touch /tmp/runasroot.sh # Set up DNS # echo "apt-get purge resolvconf -y" >> /tmp/runasroot.sh echo "echo 'nameserver 172.18.0.1' > /etc/resolv.conf" > /tmp/runasroot.sh -echo "apt-get install -y systemd-resolved" >> /tmp/runasroot.sh # Update certificates echo "wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2024.1_all.deb -O /tmp/kali-archive-keyring_2024.1_all.deb" >> /tmp/runasroot.sh From d98c0fbcf0d465225cc3540402603b9e2ba000aa Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Mon, 28 Oct 2024 16:47:14 +0100 Subject: [PATCH 16/18] Fix unit tests --- .../external_mail_handler/files/test_external_mail_handler.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py b/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py index 5a93821..fcea57f 100644 --- a/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py +++ b/provisioning/ansible/roles/external_mail_handler/files/test_external_mail_handler.py @@ -83,7 +83,7 @@ async def test_handler(self, handler: CustomHandler): envelope.peer = "127.0.0.1" envelope.mail_to = mail.sender envelope.rcpt_to = [mail.receiver] - envelope.data = mail.to_mime_text().as_string().encode("utf-8") + envelope.content = mail.to_mime_text().as_string().encode("utf-8") await handler.handle_DATA(None, None, envelope) assert handler.swap_sender_receiver.called assert handler.send_mail.called @@ -106,7 +106,7 @@ def test_run(self, responder: Responder): try: responder.run() except KeyboardInterrupt: - pass # Allow the KeyboardInterrupt to break the loop + pass assert responder.init_controller.called assert responder.controller.start.called From e93d89c2b4acbe853ad09577c6d339106c8a86fb Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Wed, 30 Oct 2024 08:01:26 +0100 Subject: [PATCH 17/18] Update Ubuntu version referenced in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7266ecc..af7cb5a 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ The numbers above are valid for small simulations with 1-3 clients. ## Installation -The installation instructions below were tested on a fresh Ubuntu 20.04 LTS system. +The installation instructions below were tested on a fresh Ubuntu 24.04 LTS system. Please adhere strictly to the instructions as different software versions might not work as expected. ```sh From 747f9a508638c4a86367d347e55c003e8154c0d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20B=C3=B6nninghausen?= Date: Thu, 31 Oct 2024 15:31:17 +0100 Subject: [PATCH 18/18] Pin binutils and python3-aiosmtpd versions --- .../ansible/roles/external_mail_handler/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/provisioning/ansible/roles/external_mail_handler/tasks/main.yml b/provisioning/ansible/roles/external_mail_handler/tasks/main.yml index 28bb4c6..4fb8577 100644 --- a/provisioning/ansible/roles/external_mail_handler/tasks/main.yml +++ b/provisioning/ansible/roles/external_mail_handler/tasks/main.yml @@ -4,15 +4,15 @@ # Additionally, creates a logrotate config file for logs # -- name: Upgrade binutils +- name: Ensure compatible version of binutils apt: - name: binutils - state: latest + name: binutils=2.43.1-5 + state: present update_cache: yes - name: Install aiosmtpd (requirement) globally apt: - name: python3-aiosmtpd + name: python3-aiosmtpd=1.4.6-1 update_cache: yes state: present