test: improve pytest coverage and test infrastructure

.gitignore

@@ -34,10 +34,13 @@ data/backup/*
 !data/backup/.gitkeep
 .tox/
 node_modules/
+plugins/*
 
 # coverage reports
 htmlcov/
 .coverage
 .coverage.*
 *,cover
 _*/
+plugins/*
+

conf/agents.yml

@@ -1,11 +1,12 @@
 bootstrap_abilities:
 - 43b3754c-def4-4699-a673-1d85648fda6a
+deployments:
+- 2f34977d-9558-4c12-abad-349716777c6b
+- 1837b43e-4fff-46b2-a604-a602f7540469
+- 0ab383be-b819-41bf-91b9-1bd4404d83bf
+- 356d1722-7784-40c4-822b-0cf864b0b36d
 implant_name: splunkd
 sleep_max: 60
 sleep_min: 30
 untrusted_timer: 90
 watchdog: 0
-deployments:
-  - 2f34977d-9558-4c12-abad-349716777c6b #54ndc47
-  - 356d1722-7784-40c4-822b-0cf864b0b36d #Manx
-  - 0ab383be-b819-41bf-91b9-1bd4404d83bf #Ragdoll

conf/default.yml

@@ -1,49 +1,46 @@
 ability_refresh: 60
-api_key_blue: BLUEADMIN123
-api_key_red: ADMIN123
+api_key_blue: ADMIN123
+api_key_red: GMQfwZSX_KlBTnxy4eM3RneD2Hw4xuxoypWzALkVvK8
 app.contact.dns.domain: mycaldera.caldera
 app.contact.dns.socket: 0.0.0.0:8853
+app.contact.ftp.host: 0.0.0.0
+app.contact.ftp.port: 2222
+app.contact.ftp.pword: caldera
+app.contact.ftp.server.dir: ftp_dir
+app.contact.ftp.user: caldera_user
 app.contact.gist: API_KEY
 app.contact.html: /weather
 app.contact.http: http://0.0.0.0:8888
 app.contact.slack.api_key: SLACK_TOKEN
 app.contact.slack.bot_id: SLACK_BOT_ID
 app.contact.slack.channel_id: SLACK_CHANNEL_ID
+app.contact.tcp: 0.0.0.0:7010
 app.contact.tunnel.ssh.host_key_file: REPLACE_WITH_KEY_FILE_PATH
 app.contact.tunnel.ssh.host_key_passphrase: REPLACE_WITH_KEY_FILE_PASSPHRASE
 app.contact.tunnel.ssh.socket: 0.0.0.0:8022
 app.contact.tunnel.ssh.user_name: sandcat
 app.contact.tunnel.ssh.user_password: s4ndc4t!
-app.contact.ftp.host: 0.0.0.0
-app.contact.ftp.port: 2222
-app.contact.ftp.pword: caldera
-app.contact.ftp.server.dir: ftp_dir
-app.contact.ftp.user: caldera_user
-app.contact.tcp: 0.0.0.0:7010
 app.contact.udp: 0.0.0.0:7011
 app.contact.websocket: 0.0.0.0:7012
-objects.planners.default: atomic
-crypt_salt: REPLACE_WITH_RANDOM_VALUE
-encryption_key: ADMIN123
+auth.login.handler.module: default
+crypt_salt: 6-RzX6yUK6jWinrWMQ4eifneLTYOCPA_ibBMObK_XXg
+encryption_key: OGya-CCywKXCahDkCz9RBEacBMhDc4NkBp8lRvgZz28
 exfil_dir: /tmp/caldera
-reachable_host_traits:
-- remote.host.fqdn
-- remote.host.ip
 host: 0.0.0.0
+objects.planners.default: atomic
 plugins:
-- access
-- atomic
-- compass
-- debrief
+- automation
 - fieldmanual
 - manx
-- response
+- range
 - sandcat
 - stockpile
-- training
+- mcp
 port: 8888
+reachable_host_traits:
+- remote.host.fqdn
+- remote.host.ip
 reports_dir: /tmp
-auth.login.handler.module: default
 requirements:
   go:
     command: go version
@@ -56,7 +53,7 @@ requirements:
     version: 3.9.0
 users:
   blue:
-    blue: admin
+    blue: uNS1xZTuuVoiJ3UaHCNEotZtmL5937eRnmHideZILtg
   red:
     admin: admin
-    red: admin
+    red: LmJMqvas46BEc9dUo_Gg9uKLh9lFFRer2mtKmXsjxQk

conf/payloads.yml

@@ -1,3 +1,83 @@
-special_payloads: {}
-standard_payloads: {}
-extensions: {}
+extensions:
+  .donut: plugins.stockpile.app.donut.donut_handler
+special_payloads:
+  minidump.go:
+    description: LSASS memory dump script
+    function: dynamically_compile
+    id: 734a5566-6e92-4d39-a37d-59f88ed906e2
+    service: stockpile_svc
+  mission.go:
+    description: Unknown
+    function: dynamically_compile
+    id: f9403e41-7b9a-416b-95eb-138cf1519668
+    service: stockpile_svc
+standard_payloads:
+  Akagi64.exe:
+    description: UACME compiled binary
+    id: dcb15ae4-52fb-4aed-be23-aae69b84f5ce
+  Bypass-UAC.ps1:
+    description: Invokes bypass UAC from empire scripts
+    id: 7700675a-c8f1-4634-b006-3486014535f4
+  Emulate-Administrator-Tasks.ps1:
+    description: Script to randomly perform common administrator tasks
+    id: af7f232a-6636-46f9-a10b-148b55c3277b
+  HostingCLRx64.dll:
+    description: Hosting DLL for a windows C# CLR (for use with execute-assembly)
+    id: c7841398-8728-494b-9b0c-9fe5fe2524de
+  Invoke-MemeKatz.ps1:
+    description: Random sets your desktop to a meme cat
+    id: b2dcf04d-517a-4eca-95f2-2c41bc783125
+  Invoke-ReflectivePEInjection.ps1.xored:
+    description: Invoke reflective PE injection script
+    id: 37e61603-fb0a-48c4-ae9b-f6542c6b1221
+    xored: true
+  bookmark.scpt:
+    description: Unknown
+    id: c354cac4-ac7c-4512-8a52-5faf880883bf
+  debugger.dll:
+    description: DLL versions of the minidump.go binary for reflective injection
+    id: feaf09c6-6337-49dd-b301-7cf015cc7cd4
+  debugger.exe:
+    description: Modified cmd.exe with a Bit-flipped to maintain signature and change
+      hash
+    id: 33b38fbf-5897-4021-9f27-9ae3f3f24c12
+  invoke-mimi.ps1.xored:
+    description: Invoke katz script
+    id: c1e0dda5-1f10-4895-a963-261404bae5f8
+    xored: true
+  minidump.exe:
+    description: Compiled minidump.go binary for dumping LSASS memory
+    id: 61174873-e8f8-486d-9f9f-12884370dde7
+  powerview.ps1.xored:
+    description: Powerview script from empire
+    id: 14986e59-601d-4c52-9ec1-480090ab6550
+    xored: true
+  ragdoll.py:
+    description: HTML-based implant
+    id: 2e1834cb-a599-44a3-b5c8-f58df4ab51e6
+  reflect.ps1:
+    description: PE Reflect script
+    id: 89102904-1a41-443d-b2cd-1faf2529ae20
+  scanner.py:
+    description: Python port scanner
+    id: 4318470d-715b-4355-aa1c-11c489d4c10e
+  sshpass:
+    description: Automatically pass password to ssh
+    id: df945533-2200-451a-a1a9-801b35ae21a9
+  totallylegit.exe:
+    description: Compiled minidump.go binary for dumping LSASS memory
+    id: 98c0a4cf-6fc3-446e-9857-fe396a9eafee
+  transfer_suid.sh:
+    description: Script to look for executables to abuse elevation control mechanism
+      (setuid and setgid)
+    id: be9223eb-aa91-46e8-8c32-4fecccf1c7c7
+  wifi.ps1:
+    description: Wifi manipulation script
+    id: 28f9bf43-4f14-4965-9bd9-b70fd6993d8e
+    obfuscation_name:
+    - obfuscated_payload.ps1
+  wifi.sh:
+    description: Wifi manipulation script
+    id: 9f639067-370a-40ba-b7ac-6f1c15d5a158
+    obfuscation_name:
+    - obfuscated_payload.sh

data/planners/123.yml

@@ -0,0 +1,10 @@
+id: '123'
+name: 123test planner
+module: ''
+params: {}
+description: a test planner with updated description
+stopping_conditions: []
+ignore_enforcement_modules: []
+allow_repeatable_abilities: false
+plugin: planner
+planner_id: '123'