Merge pull request #46 from l50/master

Ansible Integration and Various Fixes
master-of-servers · Feb 16, 2020 · 2f115b2 · 2f115b2
2 parents 527c510 + 851f4f1
commit 2f115b2
Show file tree

Hide file tree

Showing 30 changed files with 1,207 additions and 152 deletions.
diff --git a/.gitignore b/.gitignore
@@ -16,6 +16,7 @@ knife.rb
 /mose
 chef-linux
 puppet-linux
+ansible-linux
 
 # Application-generated folders
 payloads/

diff --git a/EXAMPLES.md b/EXAMPLES.md
@@ -26,28 +26,23 @@ If you want to clean up after you're done, run the payload again with the `-c` o
 ## Instructions to upload and run a file
 This will allow you to specify a script or a binary that will be run on all target agents.
 
-1. Put the file that you want to run in the `payloads` directory. For example:
-```
-echo 'echo test' > payloads/notevil.sh
-```
-
-2. Run MOSE with the following options: 
+1. Run MOSE with the following options: 
 ```
 ./mose -fu <name of file> -t <target CM>
 ```
 For example:
 ```
-./mose -fu ${PWD}/payloads/notevil.sh -t puppet
+./mose -fu /tmp/notevil.sh -t puppet
 ```
 
-3. On the target, download the payload that is being served (assuming you opted to have MOSE serve it for you) and give it execute permissions.
+2. On the target, download the payload that is being served (assuming you opted to have MOSE serve it for you) and give it execute permissions.
 
-4. Extract the payload:
+3. Extract the payload:
 ```
 tar -vxf files.tar
 ```
 
-5. Run the payload:
+4. Run the payload:
 ```
 ./<cm target>-<cm os>
 ```

diff --git a/Makefile b/Makefile
@@ -16,19 +16,25 @@ fmt: ## gofmt and goimports all go files
 	find . -name '*.go' -not -wholename './vendor/*' | while read -r file; do gofmt -w -s "$$file"; goimports -w "$$file"; done
 
 lint: ## Run all the linters
-	gometalinter --vendor --disable-all \
+	golangci-lint run \
+		--no-config \
+		--issues-exit-code=0 \
+		--timeout=30m \
+		--disable-all \
 		--enable=deadcode \
-		--enable=ineffassign \
-		--enable=staticcheck \
-		--enable=gofmt \
-		--enable=goimports \
-		--enable=dupl \
-		--enable=misspell \
+		--enable=gocyclo \
+		--enable=golint \
+		--enable=varcheck \
+		--enable=structcheck \
+		--enable=maligned \
 		--enable=errcheck \
-		--enable=vet \
-		--enable=vetshadow \
-		--deadline=10m \
-		./...
+		--enable=dupl \
+		--enable=ineffassign \
+		--enable=interfacer \
+		--enable=unconvert \
+		--enable=goconst \
+		--enable=gosec \
+		--enable=megacheck 
 	markdownfmt -w README.md
 
 test:

diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@
 Under the terms of Contract DE-NA0003525 with NTESS, 
 the U.S. Government retains certain rights in this software
 
-MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies to leverage them to compromise environments. CM tools, such as [Puppet](https://puppet.com/) and [Chef](https://www.chef.io/), are used to provision systems in a uniform manner based on their function in a network. Upon successfully compromising a CM server, an attacker can use these tools to run commands on any and all systems that are in the CM server’s inventory. However, if the attacker does not have experience with these types of tools, there can be a very time-consuming learning curve. MOSE allows an operator to specify what they want to run without having to get bogged down in the details of how to write code specific to a proprietary CM tool. It also automatically incorporates the desired commands into existing code on the system, removing that burden from the user. MOSE allows the operator to choose which assets they want to target within the scope of the server’s inventory, whether this is a subset of clients or all clients. This is useful for targeting specific assets such as web servers, or choosing to take over all of the systems in the CM server’s inventory.
+MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies to leverage them to compromise environments. CM tools, such as [Puppet](https://puppet.com/), [Chef](https://www.chef.io/) and [Ansible](https://www.ansible.com/), are used to provision systems in a uniform manner based on their function in a network. Upon successfully compromising a CM server, an attacker can use these tools to run commands on any and all systems that are in the CM server’s inventory. However, if the attacker does not have experience with these types of tools, there can be a very time-consuming learning curve. MOSE allows an operator to specify what they want to run without having to get bogged down in the details of how to write code specific to a proprietary CM tool. It also automatically incorporates the desired commands into existing code on the system, removing that burden from the user. MOSE allows the operator to choose which assets they want to target within the scope of the server’s inventory, whether this is a subset of clients or all clients. This is useful for targeting specific assets such as web servers or choosing to take over all of the systems in the CM server’s inventory.
 
 ## MOSE + Puppet
 ![](docs/images/mose_and_puppet.gif)
@@ -69,7 +69,7 @@ Usage of ./mose [options]:
 ### TLS Certificates
 **You should generate and use a TLS certificate signed by a trusted Certificate Authority**
 
-A self-signed certificate and key are provided for you, although you really shouldn't use them. This key and certificate are widely distributed, so you can not expect privacy if you do choose to use them. They can be found in the  `data` directory.
+A self-signed certificate and key are provided for you, although you really shouldn't use them. This key and certificate are widely distributed, so you can not expect privacy if you do choose to use them. They can be found in the `data` directory.
 
 ### Examples
 You can find some examples of how to run MOSE in [EXAMPLES.md](EXAMPLES.md).
@@ -78,6 +78,8 @@ You can find some examples of how to run MOSE in [EXAMPLES.md](EXAMPLES.md).
 Test labs that can be run with MOSE are at these locations:
  - https://github.com/master-of-servers/puppet-test-lab
  - https://github.com/master-of-servers/chef-test-lab
+ - https://github.com/master-of-servers/ansible-test-lab
+ - https://github.com/master-of-servers/salt-test-lab
 
 ### Credits
 The following resources were used to help motivate the creation of this project:

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -61,7 +61,7 @@ steps:
     # Enroll agent with puppet master
     docker exec -i basic-puppetagent /bin/bash -c "puppet agent -t --waitforcert=120"
     docker ps
-  displayName: 'Build and configure puppet test environment'
+  displayName: 'Build and configure the puppet test environment'
   workingDirectory: "$(modulePath)"
 
 - script: | 
@@ -75,29 +75,29 @@ steps:
 
     # Ensure that MOSE is working properly by running cat on the file it created
     docker exec -i basic-puppetagent /bin/bash -c "cat /tmp/test.txt"
-  displayName: 'Run MOSE generated payload on puppet test environment'
+  displayName: 'Run MOSE generated payload on the puppet test environment'
   workingDirectory: "$(modulePath)"
 
 - script: |
     echo 'echo testing file upload > /tmp/file_upload_test.txt' > payloads/notevil.sh
     export GO111MODULE=on
-    ./mose -fu ${PWD}/payloads/notevil.sh -t puppet -f ${PWD}/payloads/puppet-linux
+    ./mose -fu payloads/notevil.sh -t puppet -f payloads/puppet-linux
   displayName: 'Generate a puppet payload to test file upload'
   workingDirectory: "$(modulePath)"
 
 - script: | 
     # Copy MOSE payload to puppet master
-    docker cp $(modulePath)/payloads/files.tar basic-puppetmaster:/files.tar
+    docker cp $(modulePath)/payloads/puppet-linux.tar basic-puppetmaster:/puppet-linux.tar
     
     # Run MOSE against the puppet master
-    docker exec -i basic-puppetmaster /bin/bash -c "tar -xvf files.tar"
+    docker exec -i basic-puppetmaster /bin/bash -c "tar -xvf puppet-linux.tar"
     docker exec -i basic-puppetmaster /bin/bash -c "echo 'Y' | /puppet-linux"
     # Run puppet agent -t to enact the changes made by MOSE
     docker exec -i basic-puppetagent /bin/bash -c "puppet agent -t"
     
     # Ensure that MOSE is working properly by running cat on the file it created
     docker exec -i basic-puppetagent /bin/bash -c "cat /tmp/file_upload_test.txt"
-  displayName: 'Run MOSE generated file upload payload on puppet test environment'
+  displayName: 'Run MOSE generated file upload payload on the puppet test environment'
   workingDirectory: "$(modulePath)"
 # End Puppet
 
@@ -108,7 +108,7 @@ steps:
     sudo apt-get install -y expect
     export GO111MODULE=on
     expect scripts/test_chef_workstation.exp
-  displayName: 'Generate a chef payload for workstation in chef test environment'
+  displayName: 'Generate a chef payload for workstation in the chef test environment'
   workingDirectory: "$(modulePath)"
 
 - script: | 
@@ -120,7 +120,7 @@ steps:
     echo "Sleeping for 12 minutes (720 seconds) while waiting for the chef environment to finish building."
     sleep 720
     docker ps
-  displayName: 'Build and configure chef test environment'
+  displayName: 'Build and configure the chef test environment'
   workingDirectory: "$(modulePath)"
 
 - script: | 
@@ -142,7 +142,7 @@ steps:
     
     # Ensure that MOSE is working properly by running cat on the file it created
     docker exec -i basic-chef-agent-1 /bin/bash -c "cat /tmp/test.txt"
-  displayName: 'Run MOSE generated payload on workstation in chef test environment'
+  displayName: 'Run MOSE generated payload on workstation in the chef test environment'
   workingDirectory: "$(modulePath)"
 
 - script: |
@@ -154,22 +154,111 @@ steps:
 
 - script: | 
     # Copy MOSE payload to workstation
-    docker cp $(modulePath)/payloads/files.tar basic-chef-workstation:/files.tar
+    docker cp $(modulePath)/payloads/chef-linux.tar basic-chef-workstation:/chef-linux.tar
     
     # Run MOSE against the workstation
-    docker exec -i basic-chef-workstation /bin/bash -c "tar -xvf files.tar"
+    docker exec -i basic-chef-workstation /bin/bash -c "tar -xvf chef-linux.tar"
     docker exec -i basic-chef-workstation /bin/bash -c "echo 'n' | /chef-linux"
     # Run chef-client to enact the changes made by MOSE
     docker exec -i basic-chef-agent-1 /bin/bash -c "chef-client"
     
     # Ensure that MOSE is working properly by running cat on the file it created
     docker exec -i basic-chef-agent-1 /bin/bash -c "cat /tmp/file_upload_test.txt"
-  displayName: 'Run MOSE generated file upload payload on workstation in chef test environment'
+  displayName: 'Run MOSE generated file upload payload on workstation in the chef test environment'
   workingDirectory: "$(modulePath)"
 # End Chef
 
-# - script: |
-#    export GO111MODULE=on
-#    go test -count=1 -v -race ./...
-#   displayName: 'Run unit tests'
-#   workingDirectory: "$(modulePath)"
+# Ansible
+- script: |
+    export GO111MODULE=on
+    ./mose -c "touch /tmp/test.txt && echo test >> /tmp/test.txt" -t ansible -f $(modulePath)/payloads/ansible-linux
+  displayName: 'Generate an ansible payload'
+  workingDirectory: "$(modulePath)"
+
+- script: |
+    git clone https://github.com/master-of-servers/ansible-test-lab.git
+    cd ansible-test-lab && cd basic
+    bash files/create_ssh_key.sh
+    cp files/authorized_keys control/files
+    cp files/id_rsa control/files
+    cp files/id_rsa.pub control/files
+    cp files/authorized_keys managed/files
+    cp files/id_rsa managed/files
+    cp files/id_rsa.pub managed/files
+    docker-compose up -d --force-recreate --build
+    echo "Decrypting the vault file"
+    docker exec -i basic-control-node ansible-vault decrypt /root/.ansible/group_vars/vault
+    docker exec -i basic-control-node cat /root/.ansible/group_vars/vault
+    echo "Encrypting the vault file"
+    docker exec -i basic-control-node ansible-vault encrypt /root/.ansible/group_vars/vault
+    docker exec -i basic-control-node cat /root/.ansible/group_vars/vault
+    echo "Applying the hello playbook to the managed node"
+    docker exec -i basic-control-node bash -c "cd ~/.ansible && ansible-playbook site.yml"
+  displayName: 'Build and configure the ansible test environment'
+  workingDirectory: "$(modulePath)"
+
+- script: | 
+    # Copy MOSE payload to ansible control node
+    docker cp $(modulePath)/payloads/ansible-linux basic-control-node:/ansible-linux
+    docker cp scripts/test_ansible_cmd.exp basic-control-node:/
+
+    # Run MOSE against the control node
+    docker exec -i basic-control-node /bin/bash -c "apt-get update -y"
+    docker exec -i basic-control-node /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata"
+    docker exec -i basic-control-node /bin/bash -c "apt-get install -y expect"
+    docker exec -i basic-control-node /bin/bash -c "expect /test_ansible_cmd.exp"
+    
+    # Run ansible-cookbook to enact the changes made by MOSE
+    docker exec -i basic-control-node /bin/bash -c "ansible-playbook /root/.ansible/site.yml"
+
+    # Ensure that MOSE is working properly by running cat on the file it created
+    docker exec -i basic-managed-node /bin/bash -c "cat /tmp/test.txt"
+  displayName: 'Run MOSE generated payload on the ansible test environment'
+  workingDirectory: "$(modulePath)"
+
+- script: |
+    echo 'echo testing file upload > /tmp/file_upload_test.txt' > payloads/notevil.sh
+    export GO111MODULE=on
+    ./mose -fu payloads/notevil.sh -t ansible -f payloads/ansible-linux
+  displayName: 'Generate an ansible payload to test file upload'
+  workingDirectory: "$(modulePath)"
+
+- script: | 
+    # Copy MOSE payload to ansible control node
+    docker cp $(modulePath)/payloads/ansible-linux.tar basic-control-node:/ansible-linux.tar
+    # Copy MOSE payload to ansible control node
+    docker cp scripts/test_ansible_file_upload.exp basic-control-node:/
+
+    # Run MOSE against the control node
+    docker exec -i basic-control-node /bin/bash -c "tar -xvf /ansible-linux.tar"
+    docker exec -i basic-control-node /bin/bash -c "expect /test_ansible_file_upload.exp"
+    
+    # Run ansible-cookbook to enact the changes made by MOSE
+    docker exec -i basic-control-node /bin/bash -c "ansible-playbook /root/.ansible/site.yml"
+    
+    # Ensure that MOSE is working properly by running cat on the file it created
+    docker exec -i basic-managed-node /bin/bash -c "cat /tmp/test.txt"
+  displayName: 'Run MOSE generated file upload payload on the ansible test environment'
+  workingDirectory: "$(modulePath)"
+# End Ansible
+
+# Salt 
+- script: |
+    git clone https://github.com/master-of-servers/salt-test-lab.git
+    cd salt-test-lab && cd basic
+    docker-compose up -d --build
+    sleep 60
+    # Fix pillar issue
+    docker exec -it basic-salt-master /bin/bash -c "salt '*' saltutil.refresh_pillar"
+    # Enroll minion with salt master
+    docker exec -i basic-salt-master /bin/bash -c "salt '*' state.apply"
+    docker exec -i basic-salt-master /bin/bash  -c "salt '*' pillar.items"
+  displayName: 'Build and configure salt test environment'
+  workingDirectory: "$(modulePath)"
+# End Salt
+
+- script: |
+   export GO111MODULE=on
+   go test -count=1 -v -race ./...
+  displayName: 'Run unit tests'
+  workingDirectory: "$(modulePath)"