From 37f998f4203c84b3ef96e82103e12c5045cdea6e Mon Sep 17 00:00:00 2001 From: Jamie Scott Date: Tue, 13 Feb 2024 17:55:45 -0500 Subject: [PATCH] Update to Vue (#172) * add vue ui * fix color styles * Update README.md (#173) * case change --------- Co-authored-by: Michael Kouremetis --- app/flags/advanced/flag_2.py | 2 +- app/flags/adversaries/flag_1.py | 2 +- app/flags/developers/flag_2.py | 2 +- app/training_api.py | 5 + gui/views/training.vue | 531 ++++++++++++++++++++++++ hook.py | 5 +- package.json | 2 +- solution_guides/AdvancedFlag2.md | 4 +- solution_guides/AgentsFlag0.md | 4 +- solution_guides/AgentsFlag1.md | 4 +- solution_guides/AgentsFlag5.md | 4 +- solution_guides/AgentsFlag6.md | 2 +- solution_guides/PluginsManxFlag0.md | 2 +- solution_guides/PluginsManxFlag1.md | 2 +- solution_guides/PluginsResponseFlag0.md | 6 +- solution_guides/PluginsResponseFlag1.md | 4 +- 16 files changed, 559 insertions(+), 22 deletions(-) create mode 100644 gui/views/training.vue diff --git a/app/flags/advanced/flag_2.py b/app/flags/advanced/flag_2.py index ce24d52..167ca5a 100644 --- a/app/flags/advanced/flag_2.py +++ b/app/flags/advanced/flag_2.py @@ -5,7 +5,7 @@ class AdvancedFlag2(Flag): name = 'Add new user' challenge = 'Add new red-team user credentials, using "test" as both the username and password.' extra_info = ( - 'During an adversary emulation operation, multiple users may need access to the CALDERA server.\n' + 'During an adversary emulation operation, multiple users may need access to the Caldera server.\n' 'This flag requires making direct changes to the configuration file at conf/local.yml. Make sure the server is ' 'turned off before editing this file, or else changes will be overwritten.' ) diff --git a/app/flags/adversaries/flag_1.py b/app/flags/adversaries/flag_1.py index 1088684..6069fa8 100644 --- a/app/flags/adversaries/flag_1.py +++ b/app/flags/adversaries/flag_1.py @@ -6,7 +6,7 @@ class AdversariesFlag1(Flag): challenge = 'Add the Nosy Neighbor adversary to the Certifiable adversary and save it' extra_info = """A TTP is often connected to a series of other TTPs to form an attack. For example, an adversary may have a procedure for locating all PDF files on a host. This may be followed by a procedure to exfiltrate all the - found files. In CALDERA, this chain of TTPs being used is considered an adversary.""" + found files. In Caldera, this chain of TTPs being used is considered an adversary.""" async def verify(self, services): for a in await services.get('data_svc').locate('adversaries', dict(name='Certifiable')): diff --git a/app/flags/developers/flag_2.py b/app/flags/developers/flag_2.py index d839c9b..cc7e48c 100644 --- a/app/flags/developers/flag_2.py +++ b/app/flags/developers/flag_2.py @@ -3,7 +3,7 @@ class DevelopersFlag2(Flag): name = 'Bypass authentication' - challenge = 'Ensure that logging in to CALDERA is not required if the browser address is 127.0.0.1' + challenge = 'Ensure that logging in to Caldera is not required if the browser address is 127.0.0.1' extra_info = '' async def verify(self, services): diff --git a/app/training_api.py b/app/training_api.py index 2512852..d2fdd79 100644 --- a/app/training_api.py +++ b/app/training_api.py @@ -81,6 +81,11 @@ async def retrieve_flags(self, request): logging.error(e) return web.json_response(dict(badges=[b.display for b in badges])) + async def retrieve_certs(self, request): + access = dict(access=tuple(await self.auth_svc.get_permissions(request))) + certifications = await self.data_svc.locate('certifications', match=access) + return web.json_response(dict(certificates=[cert.display for cert in certifications])) + async def reset_flag(self, request): """ Allows cert takers to reset the latest flag if something went wrong with running the automatic operation. diff --git a/gui/views/training.vue b/gui/views/training.vue new file mode 100644 index 0000000..83480fd --- /dev/null +++ b/gui/views/training.vue @@ -0,0 +1,531 @@ + + + + + diff --git a/hook.py b/hook.py index d809b33..362aee1 100644 --- a/hook.py +++ b/hook.py @@ -10,7 +10,7 @@ from plugins.training.app.training_api import TrainingApi name = 'Training' -description = 'A certification course to become a CALDERA SME' +description = 'A certification course to become a Caldera SME' address = '/plugin/training/gui' @@ -21,8 +21,9 @@ async def enable(services): training_api = TrainingApi(services) app = services.get('app_svc').application - app.router.add_static('/training', 'plugins/training/static/', append_version=True) + app.router.add_static('/plugin/training/assets', 'plugins/training/static/', append_version=True) app.router.add_route('GET', '/plugin/training/gui', training_api.splash) + app.router.add_route('GET', '/plugin/training/certs', training_api.retrieve_certs) app.router.add_route('POST', '/plugin/training/flags', training_api.retrieve_flags) app.router.add_route('POST', '/plugin/training/reset_flag', training_api.reset_flag) diff --git a/package.json b/package.json index ad03a09..3473f97 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "caldera-training", - "description": "CALDERA training plugin", + "description": "Caldera training plugin", "devDependencies": { "eslint": "^7.20.0", "eslint-config-airbnb-base": "^14.2.1", diff --git a/solution_guides/AdvancedFlag2.md b/solution_guides/AdvancedFlag2.md index 6f231cf..9e10acc 100644 --- a/solution_guides/AdvancedFlag2.md +++ b/solution_guides/AdvancedFlag2.md @@ -1,5 +1,5 @@ -1. Terminate the CALDERA server. -1. Edit the `conf/local.yml` file in your preferred text editor. If this file does not exist, ensure the CALDERA server is not run with the `--insecure` flag and run and terminate the server again. +1. Terminate the Caldera server. +1. Edit the `conf/local.yml` file in your preferred text editor. If this file does not exist, ensure the Caldera server is not run with the `--insecure` flag and run and terminate the server again. 1. Add the following entry to the `users > red` section: `test: test`. 1. Re-run the server. Ensure the `--fresh` flag is not used. 1. Task completed. \ No newline at end of file diff --git a/solution_guides/AgentsFlag0.md b/solution_guides/AgentsFlag0.md index 9758aca..4b5f335 100644 --- a/solution_guides/AgentsFlag0.md +++ b/solution_guides/AgentsFlag0.md @@ -4,8 +4,8 @@ 1. Under Platform, choose your Operating System: Linux, Windows, or Darwin (MacOS). 1. Set `app.contact.http` value to `http://localhost:8888`. 1. In the `sh` text area click the `Copy` button to copy the displayed shell command to your clipboard. This command will instruct the agent to communicate over a HTTP channel. -1. Outside of CALDERA, open a terminal window with a shell. +1. Outside of Caldera, open a terminal window with a shell. 1. Paste the copied command into the shell and execute it. -1. Go back to CALDERA and close the agent options window. +1. Go back to Caldera and close the agent options window. 1. Wait for the agent to appear in the `Agents` table. 1. Task completed. \ No newline at end of file diff --git a/solution_guides/AgentsFlag1.md b/solution_guides/AgentsFlag1.md index 6427440..7325c8f 100644 --- a/solution_guides/AgentsFlag1.md +++ b/solution_guides/AgentsFlag1.md @@ -2,10 +2,10 @@ 1. Press the button `+Deploy an agent`. 1. Choose `Sandcat` agent. 1. Under Platform, choose the remote host's Operating System: Linux, Windows, or Darwin (MacOS). -1. Update the `app.contact.http` value to specify an IP address of the CALDERA server that is reachable from the remote system (e.g. `10.0.2.2`). Keep the port value unchanged. +1. Update the `app.contact.http` value to specify an IP address of the Caldera server that is reachable from the remote system (e.g. `10.0.2.2`). Keep the port value unchanged. 1. In the `sh` text area click the `Copy` button to copy the displayed shell command to your clipboard. This command will instruct the agent to communicate over a HTTP channel. 1. On the remote system, open a terminal with a shell. 1. Paste the copied command into the shell and execute it. -1. Go back to CALDERA and close the agent options window. +1. Go back to Caldera and close the agent options window. 1. Wait for the agent to appear in the `Agents` table. 1. Task completed. \ No newline at end of file diff --git a/solution_guides/AgentsFlag5.md b/solution_guides/AgentsFlag5.md index b8b977c..2ec45e8 100644 --- a/solution_guides/AgentsFlag5.md +++ b/solution_guides/AgentsFlag5.md @@ -1,10 +1,10 @@ -1. Open a shell in a terminal outside of CALDERA. +1. Open a shell in a terminal outside of Caldera. 1. In that shell, navigate to your caldera folder: `cd /path/to/caldera`. 1. Run `grep -R 'command: whoami' plugins/stockpile/data/abilities` at look for matching files. 1. Open `plugins/stockpile/data/abilities/discovery/c0da588f-79f0-4263-8998-7496b1a40596.yml`. in a text editor and confirm that it runs `whoami` as a command. 1. Copy the `name` portion of the yml ability file to your clipboard: (it should say `Identify active user`). -1. In CALDERA browser window, select `CAMPAIGNS > agents`. +1. In Caldera browser window, select `CAMPAIGNS > agents`. 1. Press the `Configuration` button to open `Agent Configuration` window. 1. Click the `+` next to Bootstrap Abilities. 1. Text search box opens below. diff --git a/solution_guides/AgentsFlag6.md b/solution_guides/AgentsFlag6.md index f561e26..fd82c9c 100644 --- a/solution_guides/AgentsFlag6.md +++ b/solution_guides/AgentsFlag6.md @@ -5,7 +5,7 @@ 1. Update the `app.contact.http` value to specify `localhost` (keep the port). For example: `http://localhost:8888`. This is for downloading the agent binary. 1. Update the `app.contact.tcp` value to specify `localhost` (keep the port). For example: `localhost:7010`. This is for the agent-C2 communication channel. 1. In the `sh` text area click the `Copy` button to copy the displayed shell command to your clipboard. This command will instruct the agent to communicate over a TCP channel. -1. On your local system and outside of CALDERA, open a shell in a terminal. +1. On your local system and outside of Caldera, open a shell in a terminal. 1. Paste the copied command and execute it. 1. Wait for the agent to appear in the `Agents` table. 1. Task completed. \ No newline at end of file diff --git a/solution_guides/PluginsManxFlag0.md b/solution_guides/PluginsManxFlag0.md index 06e04eb..311b071 100644 --- a/solution_guides/PluginsManxFlag0.md +++ b/solution_guides/PluginsManxFlag0.md @@ -7,7 +7,7 @@ 1. Update the `app.contact.tcp` value to specify an IP address of `127.0.0.1` (keep the port). This is for the agent communication channel. 1. In the `sh` text area labeled `A reverse-shell agent which communicates via the TCP contact`, click the `Copy` button to copy the displayed shell command to your clipboard. 1. Run two remote shell commands: - 1. On your local system and outside of CALDERA, open a shell in a terminal. + 1. On your local system and outside of Caldera, open a shell in a terminal. 1. Paste the copied command and execute it. 1. Wait for the agent to appear in the `Agents` table. 1. In the left-handside navigation, select `PLUGINS > manx` diff --git a/solution_guides/PluginsManxFlag1.md b/solution_guides/PluginsManxFlag1.md index e14bcce..78f7848 100644 --- a/solution_guides/PluginsManxFlag1.md +++ b/solution_guides/PluginsManxFlag1.md @@ -5,7 +5,7 @@ 1. Update the `app.contact.http` value to specify an IP address of `127.0.0.1` (keep the port). This is for downloading the agent binary. 1. Update the `app.contact.udp` value to specify an IP address of `127.0.0.1` (keep the port). This is for the agent-C2 communication channel. 1. In the `sh` text area labeled `Run against the UDP contact`, click the `Copy` button to copy the displayed shell command to your clipboard. -1. On your local system and outside of CALDERA, open a shell in a terminal. +1. On your local system and outside of Caldera, open a shell in a terminal. 1. Paste the copied command and execute it. 1. Wait for the agent to appear in the `Agents` table. 1. Task completed. diff --git a/solution_guides/PluginsResponseFlag0.md b/solution_guides/PluginsResponseFlag0.md index ce5cda0..1864106 100644 --- a/solution_guides/PluginsResponseFlag0.md +++ b/solution_guides/PluginsResponseFlag0.md @@ -1,12 +1,12 @@ -1. Log into CALDERA as a `blue` group user (by default, the username is `blue`). +1. Log into Caldera as a `blue` group user (by default, the username is `blue`). 1. In the left-handside navigation, select `CAMPAIGNS > agents`. 1. Press the button `+ Deploy an agent`. 1. Choose `Sandcat` agent. 1. Under Platform, choose Linux. -1. Update the `app.contact.http` value to specify an IP address of the CALDERA server that is reachable from the remote system (e.g. `10.0.2.2`). Keep the port value unchanged. +1. Update the `app.contact.http` value to specify an IP address of the Caldera server that is reachable from the remote system (e.g. `10.0.2.2`). Keep the port value unchanged. 1. In the `sh` text area click the `Copy` button to copy the displayed second shell command `Deploy as a blue-team agent instead of red` to your clipboard. This command will instruct the agent to communicate over a HTTP channel. 1. On the remote system, open a terminal with a shell. 1. Paste the copied command into the shell and execute it. -1. Go back to CALDERA and close the `Deploy an agent` window. +1. Go back to Caldera and close the `Deploy an agent` window. 1. Wait for the agent to appear in the `Agents` table. 1. Task completed. \ No newline at end of file diff --git a/solution_guides/PluginsResponseFlag1.md b/solution_guides/PluginsResponseFlag1.md index 027b564..b37230a 100644 --- a/solution_guides/PluginsResponseFlag1.md +++ b/solution_guides/PluginsResponseFlag1.md @@ -1,9 +1,9 @@ 1. Ensure that the blue agent from the previous flag is running on a remote system - and can communicate with the CALDERA server. + and can communicate with the Caldera server. 1. On your local system, open a shell in a terminal. 1. Using `netcat`, open a listening TCP socket on port 7011: `nc -l 7011` 1. On the remote system running the blue agent, connect to the netcat listener created in the previous step and leave it running: `nc 7011` (insert the correct IP address). -1. In CALDERA and logged in as the blue user, click on `CAMPAIGNS > operations`. +1. In Caldera and logged in as the blue user, click on `CAMPAIGNS > operations`. 1. In the `Operations` window, click the `+ Create Operation` button to open the `Start New Operation` menu. 1. Enter `Response Training` as the operation name. 1. Select the `Incident Responder` adversary from the `Adversary` dropdown.