Spencer/Kybus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: Spencer:dev
Branches Tags
Spencer:master Spencer:dev
...
pull from: Spencer:master
Branches Tags
Spencer:master Spencer:dev

11 Commits
dev ... master

Author SHA1 Message Date
Pin
849890ff6d updating role README 2023-02-13 21:11:49 -05:00
Pin
9bb27995fc updating sudo 1.9.5p1 role 2023-02-13 21:11:17 -05:00
Pin
92daed5215 updated CuteNews role 2023-02-13 21:07:51 -05:00
Pin
3dd6a8aa73 updated exim role -- still testing 2023-02-13 21:00:24 -05:00
Pin
4d5049b6e8 added role README 2023-02-13 20:37:49 -05:00
Pin
35ecf2a1dd updated vsftpd role 2023-02-13 20:29:27 -05:00
Pin
2d38054540 updating test role 2023-02-13 20:13:06 -05:00
Pin
d1de2d1450 CuteNews CVE additions 2023-02-08 21:33:33 -05:00
Pin
e901e374a8 docs and name changes 2022-12-18 22:08:58 -05:00
Pin
4da71c9291 test role kybus.yml 2022-12-07 20:51:02 -05:00
Pin
abb0a4a5fe adding sample kybus file 2022-12-07 20:25:26 -05:00
36 changed files with 286 additions and 230 deletions
Expand all files Collapse all files

37
README.md
View File

@@ -1,6 +1,6 @@
# Kybus
Kybus is a repository
Kybus is a repository which aims to provide a vulnerable environment for blue team members to safely experiment with a selected CVE.
## Requirements
@@ -21,14 +21,41 @@ All versions mentioned above are only what was used during testing, other versio
## Getting Started
Running `setup.sh` will ensure requisites are installed and download needed VM images.
The Kybus container image will also be generated during this process
Running `setup.sh` will ensure prerequisites are installed, and download needed VM images.
The Kybus container image will also be generated during this process.
## Initial Run
When running Kybus for the first time a VM will be created with the name `kybus_kybus`.
Since all setup and tear down is conducted within a temporary container, this will be the only indication left on the system once Kybus is run.
If you run `docker ps` during the run of Kybus, you will see a `kybus:latest` image running; running `docker ps -a` post run will not show anything since the `--rm` flag is passed when creating the container.
## Writing a Plugin
Initial plugin structure can be generated using `ansible-galaxy role init {plugin name}`.
Plugin names are suggested to be the relavent CVE record; however, certain plugins exist as helpers and may deviate.
Once the plugin is created
Once the plugin is created everything follows a standard [ansible role](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html) structure.
The only additional information which needs to be added into the structure is a `meta/kybus.yml` configuration file.
This file defines the appropriate image to be used with the role.
The image name should be exactly as it appears once downloaded in the `download` folder.
An example can be seen below:
```yaml
---
image: {image name with extension}
...
```
If this is still unclean please reference a role which is already complete.
## Completed Roles
Below is a list of completed roles along with there current state of testing:
- CVE-2011-2523
- CVE-2021-3156
- CVE-2020-5558 -- VALIDATION
##

34
run.sh → kybus
View File

@@ -10,6 +10,25 @@ source ./_libs/libbase.sh
# shellcheck disable=SC1091
source ./kybus.conf
function helpKybus {
cat <<EOF
------
Kybus - Automated Vulnerability Deployment
Author: Spencer
------
--cve -c Select the CVE to deploy
--list-roles Display a list of available roles to deploy
--destroy Destroys any Kybus environment previously deployed
By default running a new role will destroy any prior
--help -h Displays this message
EOF
}
function initKybus {
StatusEcho "Cleaning up old Environment"
rm -f .kybusenv >/dev/null
@@ -59,6 +78,12 @@ function findCVE {
}
function ArgParse {
# Exit if no args are passed
if (( $# == 0 )); then
helpKybus
exit 1
fi
while (("${#}")); do
case "${1}" in
--cve | -c)
@@ -69,7 +94,8 @@ function ArgParse {
;;
--help | -h)
shift
WarningEcho "Not implemented"
helpKybus
exit 0
;;
--list-roles)
shift
@@ -81,12 +107,14 @@ function ArgParse {
exit 0
;;
--destroy)
terraform destroy -auto-approve
exit 0
terraform destroy -auto-approve || echo "Destory is currently run locally and an error occured"
shift
exit 0
;;
*)
shift
helpKybus
exit 0
;;
esac
done

7
kybus.conf Normal file
View File

@@ -0,0 +1,7 @@
VM_DISK_SIZE=
VM_RAM_SIZE=
SSH_DEFAULT_USER=
SSH_KEY_FILE=
SSH_PUB_KEY=

15
roles/CVE-2011-2523/README.md
View File

@@ -1,22 +1,22 @@
Role Name
=========
A brief description of the role goes here.
This role installs a vulnerable version of vsftpd, version 2.3.4.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
N/A
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
N/A
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
N/A
Example Playbook
----------------
@@ -25,14 +25,15 @@ Including an example of how to use your role (for instance, with variables passe
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
- CVE-2011-2523
License
-------
BSD
Unlicense
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
PinStraw

2
roles/CVE-2011-2523/defaults/main.yml
View File

@@ -1,2 +0,0 @@
---
# defaults file for CVE-2011-2523

46
roles/CVE-2011-2523/meta/main.yml
View File

@@ -1,52 +1,22 @@
galaxy_info:
author: Spencer
description: your role description
company: your company (optional)
author: Pin
description: Installing VSFTPD 2.3.4
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: Unlicense
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
platforms:
- name: Ubuntu
versions:
- 20
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

7
roles/CVE-2011-2523/tasks/main.yml
View File

@@ -1,4 +1,8 @@
---
- name: Update package cache
apt:
update_cache: yes
- name: Install build deps
ansible.builtin.package:
name:
@@ -22,8 +26,9 @@
- name: Unarchive VSFTPD
ansible.builtin.unarchive:
src: vsftpd-2.3.4.tar.gz
src: https://file.pinfosec.dev/files/vuln/vsftpd-2.3.4.tar.gz
dest: /tmp/vsftpd_build
remote_src: "true"
- name: Create install reqs
ansible.builtin.file:

2
roles/CVE-2011-2523/vars/main.yml
View File

@@ -1,2 +0,0 @@
---
# vars file for CVE-2011-2523

15
roles/CVE-2019-10149/README.md
View File

@@ -1,22 +1,22 @@
Role Name
=========
A brief description of the role goes here.
A role to install exim 4.90
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
N/A
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
N/A
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
N/A
Example Playbook
----------------
@@ -25,14 +25,15 @@ Including an example of how to use your role (for instance, with variables passe
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
- CVE-2019-10149
License
-------
BSD
Unlicense
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
PinStraw

2
roles/CVE-2019-10149/defaults/main.yml
View File

@@ -1,2 +0,0 @@
---
# defaults file for CVE-2019-10149

2
roles/CVE-2019-10149/handlers/main.yml
View File

@@ -1,2 +0,0 @@
---
# handlers file for CVE-2019-10149

46
roles/CVE-2019-10149/meta/main.yml
View File

@@ -1,52 +1,22 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: Pin
description: Installing exim 4.90
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: Unlicense
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
platforms:
- name: Ubuntu
versions:
- 20
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

2
roles/CVE-2019-10149/vars/main.yml
View File

@@ -1,2 +0,0 @@
---
# vars file for CVE-2019-10149

39
roles/CVE-2020-5558/README.md Normal file
View File

@@ -0,0 +1,39 @@
Role Name
=========
Installs CuteNews version 2.3.4
Requirements
------------
N/A
Role Variables
--------------
N/A
Dependencies
------------
N/A
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- CVE-2020-5558
License
-------
Unlicense
Author Information
------------------
PinStraw

23
roles/CVE-2020-5558/files/default Normal file
View File

@@ -0,0 +1,23 @@
server {
listen 80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
}

4
roles/CVE-2020-5558/meta/kybus.yml Normal file
View File

@@ -0,0 +1,4 @@
---
image: ubuntu-20.04-server-cloudimg-amd64.img
holding: bad var
...

17
roles/CVE-2020-5558/meta/main.yml Normal file
View File

@@ -0,0 +1,17 @@
galaxy_info:
author: Pin
description: Installing CuteNews 2.1.2
license: Unlicense
min_ansible_version: 2.1
platforms:
- name: Ubuntu
versions:
- 20
galaxy_tags: []
dependencies: []

41
roles/CVE-2020-5558/tasks/main.yml Normal file
View File

@@ -0,0 +1,41 @@
---
- name: Wait for automatic system updates
shell: "while fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done;"
- name: Update package cache
apt:
update_cache: yes
- name: Install Deps
package:
name:
- nginx
- php7.4-common
- php7.4-fpm
- unzip
- name: Setup Nginx
copy:
src: default
dest: /etc/nginx/sites-available/default
owner: root
group: root
mode: "0644"
- name: Install CuteNews
unarchive:
src: https://cutephp.com/cutenews/cutenews.2.1.2.zip
dest: /var/www/
remote_src: yes
- name: Move CuteNews
shell: |
rm -r /var/www/html
mv /var/www/CuteNews /var/www/html
chown -R www-data:www-data /var/www/html
- name: Restart nginx
service:
name: nginx
state: restarted
...

2
roles/CVE-2020-5558/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/CVE-2020-5558/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- CVE-2020-5558

15
roles/CVE-2021-3156/README.md
View File

@@ -1,22 +1,22 @@
Role Name
=========
A brief description of the role goes here.
Installing sudo 1.9.5p1
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
N/A
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
N/A
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
N/A
Example Playbook
----------------
@@ -25,14 +25,15 @@ Including an example of how to use your role (for instance, with variables passe
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
- CVE-2021-3156
License
-------
BSD
Unlicense
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
PinStraw

2
roles/CVE-2021-3156/defaults/main.yml
View File

@@ -1,2 +0,0 @@
---
# defaults file for CVE-2021-3156

2
roles/CVE-2021-3156/handlers/main.yml
View File

@@ -1,2 +0,0 @@
---
# handlers file for CVE-2021-3156

3
roles/CVE-2021-3156/meta/kybus.yml Normal file
View File

@@ -0,0 +1,3 @@
---
image: ubuntu-20.04-server-cloudimg-amd64.img
...

51
roles/CVE-2021-3156/meta/main.yml
View File

@@ -1,52 +1,17 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: Pin
description: Installing sudo 1.9.5p1
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: Unlicense
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
platforms:
- name: Ubuntu
versions:
- 20
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

2
roles/CVE-2021-3156/vars/main.yml
View File

@@ -1,2 +0,0 @@
---
# vars file for CVE-2021-3156

8
roles/README.md Normal file
View File

@@ -0,0 +1,8 @@
# CVE List
- CVE-2011-2523 : vsftpd 2.3.4
- CVE-2019-10149 : exim 4.90 (Not completed)
- CVE-2020-5558 : CuteNews 2.1.2
- CVE-2021-3156 : Sudo 1.9.5p1 (Not validated)
- testing : sample role used within Kybus

15
roles/test/README.md
View File

@@ -1,22 +1,22 @@
Role Name
=========
A brief description of the role goes here.
This role provides Kybus a simple way to publish an empty VM for testing.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
N/A
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
N/A
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
N/A
Example Playbook
----------------
@@ -25,14 +25,15 @@ Including an example of how to use your role (for instance, with variables passe
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
- testing
License
-------
BSD
Unlicense
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
PinStraw

2
roles/test/defaults/main.yml
View File

@@ -1,2 +0,0 @@
---
# defaults file for test

2
roles/test/handlers/main.yml
View File

@@ -1,2 +0,0 @@
---
# handlers file for test

3
roles/test/meta/kybus.yml Normal file
View File

@@ -0,0 +1,3 @@
---
image: ubuntu-20.04-server-cloudimg-amd64.img
...

48
roles/test/meta/main.yml
View File

@@ -1,52 +1,12 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: Pin
description: This role is an empty role to be used within Kybus
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license: Unlicense
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

3
roles/test/tasks/main.yml
View File

@@ -1,6 +1,5 @@
---
- name: Debug
- name: Do nothing
debug:
var: ansible
...
# tasks file for test

2
roles/test/vars/main.yml
View File

@@ -1,2 +0,0 @@
---
# vars file for test

0
setup.sh → setup
View File

10
src/main.py
View File

@@ -31,9 +31,7 @@ def createDownloadFolder():
return
#downloadImage("https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2")
#downloadImage("https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img")
#downloadImage("https://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64.img")
downloadImage("http://file.pinfosec.local/file/vm-images/CentOS-7-x86_64-GenericCloud.qcow2")
downloadImage("http://file.pinfosec.local/file/vm-images/jammy-server-cloudimg-amd64.img")
downloadImage("http://file.pinfosec.local/file/vm-images/ubuntu-20.04-server-cloudimg-amd64.img")
downloadImage("http://file.pinfosec.dev/files/vm-images/CentOS-7-x86_64-GenericCloud.qcow2")
downloadImage("http://file.pinfosec.dev/files/vm-images/jammy-server-cloudimg-amd64.img")
downloadImage("http://file.pinfosec.dev/files/vm-images/ubuntu-20.04-server-cloudimg-amd64.img")