From 7c8ed923df3c02338dfbf826fd6fd9a23dac502e Mon Sep 17 00:00:00 2001 From: heqnx Date: Sun, 25 May 2025 11:50:46 +0300 Subject: moved unorganized playbooks into old folder --- attackbox/ansible.cfg | 3 - attackbox/handlers/main.yaml | 26 ----- attackbox/inventory.ini | 2 - attackbox/playbook.yaml | 16 --- attackbox/tasks/apt_packages.yaml | 5 - attackbox/tasks/chrome_install.yaml | 24 ----- attackbox/tasks/generate_readme.yaml | 7 -- attackbox/tasks/github_repos.yaml | 15 --- attackbox/tasks/go_tools.yaml | 6 -- attackbox/tasks/golang_install.yaml | 33 ------- attackbox/tasks/harden.yaml | 157 ------------------------------ attackbox/tasks/tor_install.yaml | 47 --------- attackbox/templates/jail.local.j2 | 46 --------- attackbox/templates/readme.txt.j2 | 20 ---- attackbox/templates/torrc.j2 | 30 ------ attackbox/vars/packages.yaml | 81 --------------- old/attackbox/ansible.cfg | 3 + old/attackbox/handlers/main.yaml | 49 ++++++++++ old/attackbox/inventory.yaml | 14 +++ old/attackbox/playbook.yaml | 16 +++ old/attackbox/tasks/apt_packages.yaml | 5 + old/attackbox/tasks/chrome_install.yaml | 24 +++++ old/attackbox/tasks/generate_readme.yaml | 7 ++ old/attackbox/tasks/github_repos.yaml | 15 +++ old/attackbox/tasks/go_tools.yaml | 6 ++ old/attackbox/tasks/golang_install.yaml | 33 +++++++ old/attackbox/tasks/harden.yaml | 144 +++++++++++++++++++++++++++ old/attackbox/tasks/tor_install.yaml | 47 +++++++++ old/attackbox/templates/index.html.j2 | 0 old/attackbox/templates/jail.local.j2 | 46 +++++++++ old/attackbox/templates/nginx.conf.j2 | 57 +++++++++++ old/attackbox/templates/readme.txt.j2 | 20 ++++ old/attackbox/templates/sslh.cfg.j2 | 15 +++ old/attackbox/templates/sslh.j2 | 3 + old/attackbox/templates/torrc.j2 | 30 ++++++ old/attackbox/vars/packages.yaml | 81 +++++++++++++++ old/sliver-c2/ansible.cfg | 3 + old/sliver-c2/handlers/main.yaml | 70 +++++++++++++ old/sliver-c2/inventory.yaml | 15 +++ old/sliver-c2/playbook.yaml | 16 +++ old/sliver-c2/tasks/apt_packages.yaml | 5 + old/sliver-c2/tasks/golang_install.yaml | 33 +++++++ old/sliver-c2/tasks/harden.yaml | 144 +++++++++++++++++++++++++++ old/sliver-c2/tasks/sliver_configure.yaml | 40 ++++++++ old/sliver-c2/tasks/sliver_install.yaml | 35 +++++++ old/sliver-c2/tasks/sliver_systemd.yaml | 10 ++ old/sliver-c2/tasks/ssh_nginx_setup.yaml | 76 +++++++++++++++ old/sliver-c2/templates/index.html.j2 | 0 old/sliver-c2/templates/jail.local.j2 | 46 +++++++++ old/sliver-c2/templates/nginx.conf.j2 | 57 +++++++++++ old/sliver-c2/templates/server.json.j2 | 18 ++++ old/sliver-c2/templates/sliver.service.j2 | 15 +++ old/sliver-c2/templates/sslh.j2 | 3 + old/sliver-c2/vars/packages.yaml | 21 ++++ old/sliver-c2/vars/sliver.yaml | 7 ++ sliver-c2/ansible.cfg | 3 - sliver-c2/handlers/main.yaml | 30 ------ sliver-c2/inventory.ini | 2 - sliver-c2/playbook.yaml | 15 --- sliver-c2/tasks/apt_packages.yaml | 5 - sliver-c2/tasks/golang_install.yaml | 33 ------- sliver-c2/tasks/harden.yaml | 157 ------------------------------ sliver-c2/tasks/sliver_configure.yaml | 40 -------- sliver-c2/tasks/sliver_install.yaml | 35 ------- sliver-c2/tasks/sliver_systemd.yaml | 10 -- sliver-c2/templates/jail.local.j2 | 46 --------- sliver-c2/templates/server.json.j2 | 18 ---- sliver-c2/templates/sliver.service.j2 | 15 --- sliver-c2/vars/packages.yaml | 21 ---- sliver-c2/vars/sliver.yaml | 7 -- 70 files changed, 1229 insertions(+), 955 deletions(-) delete mode 100644 attackbox/ansible.cfg delete mode 100644 attackbox/handlers/main.yaml delete mode 100644 attackbox/inventory.ini delete mode 100644 attackbox/playbook.yaml delete mode 100644 attackbox/tasks/apt_packages.yaml delete mode 100644 attackbox/tasks/chrome_install.yaml delete mode 100644 attackbox/tasks/generate_readme.yaml delete mode 100644 attackbox/tasks/github_repos.yaml delete mode 100644 attackbox/tasks/go_tools.yaml delete mode 100644 attackbox/tasks/golang_install.yaml delete mode 100644 attackbox/tasks/harden.yaml delete mode 100644 attackbox/tasks/tor_install.yaml delete mode 100644 attackbox/templates/jail.local.j2 delete mode 100644 attackbox/templates/readme.txt.j2 delete mode 100644 attackbox/templates/torrc.j2 delete mode 100644 attackbox/vars/packages.yaml create mode 100644 old/attackbox/ansible.cfg create mode 100644 old/attackbox/handlers/main.yaml create mode 100644 old/attackbox/inventory.yaml create mode 100644 old/attackbox/playbook.yaml create mode 100644 old/attackbox/tasks/apt_packages.yaml create mode 100644 old/attackbox/tasks/chrome_install.yaml create mode 100644 old/attackbox/tasks/generate_readme.yaml create mode 100644 old/attackbox/tasks/github_repos.yaml create mode 100644 old/attackbox/tasks/go_tools.yaml create mode 100644 old/attackbox/tasks/golang_install.yaml create mode 100644 old/attackbox/tasks/harden.yaml create mode 100644 old/attackbox/tasks/tor_install.yaml create mode 100644 old/attackbox/templates/index.html.j2 create mode 100644 old/attackbox/templates/jail.local.j2 create mode 100644 old/attackbox/templates/nginx.conf.j2 create mode 100644 old/attackbox/templates/readme.txt.j2 create mode 100644 old/attackbox/templates/sslh.cfg.j2 create mode 100644 old/attackbox/templates/sslh.j2 create mode 100644 old/attackbox/templates/torrc.j2 create mode 100644 old/attackbox/vars/packages.yaml create mode 100644 old/sliver-c2/ansible.cfg create mode 100644 old/sliver-c2/handlers/main.yaml create mode 100644 old/sliver-c2/inventory.yaml create mode 100644 old/sliver-c2/playbook.yaml create mode 100644 old/sliver-c2/tasks/apt_packages.yaml create mode 100644 old/sliver-c2/tasks/golang_install.yaml create mode 100644 old/sliver-c2/tasks/harden.yaml create mode 100644 old/sliver-c2/tasks/sliver_configure.yaml create mode 100644 old/sliver-c2/tasks/sliver_install.yaml create mode 100644 old/sliver-c2/tasks/sliver_systemd.yaml create mode 100644 old/sliver-c2/tasks/ssh_nginx_setup.yaml create mode 100644 old/sliver-c2/templates/index.html.j2 create mode 100644 old/sliver-c2/templates/jail.local.j2 create mode 100644 old/sliver-c2/templates/nginx.conf.j2 create mode 100644 old/sliver-c2/templates/server.json.j2 create mode 100644 old/sliver-c2/templates/sliver.service.j2 create mode 100644 old/sliver-c2/templates/sslh.j2 create mode 100644 old/sliver-c2/vars/packages.yaml create mode 100644 old/sliver-c2/vars/sliver.yaml delete mode 100644 sliver-c2/ansible.cfg delete mode 100644 sliver-c2/handlers/main.yaml delete mode 100644 sliver-c2/inventory.ini delete mode 100644 sliver-c2/playbook.yaml delete mode 100644 sliver-c2/tasks/apt_packages.yaml delete mode 100644 sliver-c2/tasks/golang_install.yaml delete mode 100644 sliver-c2/tasks/harden.yaml delete mode 100644 sliver-c2/tasks/sliver_configure.yaml delete mode 100644 sliver-c2/tasks/sliver_install.yaml delete mode 100644 sliver-c2/tasks/sliver_systemd.yaml delete mode 100644 sliver-c2/templates/jail.local.j2 delete mode 100644 sliver-c2/templates/server.json.j2 delete mode 100644 sliver-c2/templates/sliver.service.j2 delete mode 100644 sliver-c2/vars/packages.yaml delete mode 100644 sliver-c2/vars/sliver.yaml diff --git a/attackbox/ansible.cfg b/attackbox/ansible.cfg deleted file mode 100644 index 8395bb7..0000000 --- a/attackbox/ansible.cfg +++ /dev/null @@ -1,3 +0,0 @@ -[ssh_connection] -;scp_if_ssh = true -transfer_method = scp diff --git a/attackbox/handlers/main.yaml b/attackbox/handlers/main.yaml deleted file mode 100644 index dfb2e24..0000000 --- a/attackbox/handlers/main.yaml +++ /dev/null @@ -1,26 +0,0 @@ -- name: update grub - command: update-grub - -- name: reload fail2ban - command: fail2ban-client reload - -- name: restart ssh - systemd: - name: ssh - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' - -- name: restart fail2ban - systemd: - name: fail2ban - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' - -- name: restart tor - systemd: - name: tor - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' diff --git a/attackbox/inventory.ini b/attackbox/inventory.ini deleted file mode 100644 index 7053718..0000000 --- a/attackbox/inventory.ini +++ /dev/null @@ -1,2 +0,0 @@ -[servers] -server01 ansible_host=10.11.12.13 ansible_user=root ansible_ssh_private_key_file=id_rsa diff --git a/attackbox/playbook.yaml b/attackbox/playbook.yaml deleted file mode 100644 index dbd436c..0000000 --- a/attackbox/playbook.yaml +++ /dev/null @@ -1,16 +0,0 @@ -- name: attackbox setup - hosts: servers - become: true - vars_files: - - vars/packages.yaml - tasks: - - import_tasks: tasks/apt_packages.yaml - - import_tasks: tasks/harden.yaml - - import_tasks: tasks/golang_install.yaml - - import_tasks: tasks/chrome_install.yaml - - import_tasks: tasks/tor_install.yaml - - import_tasks: tasks/go_tools.yaml - - import_tasks: tasks/github_repos.yaml - #- import_tasks: tasks/generate_readme.yaml - handlers: - - import_tasks: handlers/main.yaml diff --git a/attackbox/tasks/apt_packages.yaml b/attackbox/tasks/apt_packages.yaml deleted file mode 100644 index 4ed8331..0000000 --- a/attackbox/tasks/apt_packages.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- name: install apt packages - apt: - name: "{{ apt_packages }}" - state: present - update_cache: yes diff --git a/attackbox/tasks/chrome_install.yaml b/attackbox/tasks/chrome_install.yaml deleted file mode 100644 index 4b9bf4f..0000000 --- a/attackbox/tasks/chrome_install.yaml +++ /dev/null @@ -1,24 +0,0 @@ -- name: remove old google signing key - file: - path: /etc/apt/trusted.gpg.d/google-signing-key.gpg - state: absent - -- name: download and install google signing key - shell: | - curl -sSL https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /etc/apt/trusted.gpg.d/google-signing-key.gpg - -- name: add google chrome repo - copy: - dest: /etc/apt/sources.list.d/google-chrome.list - content: | - deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/google-signing-key.gpg] https://dl.google.com/linux/chrome/deb stable main - -- name: update apt cache - apt: - update_cache: yes - -- name: install google chrome - apt: - name: google-chrome-stable - state: present - diff --git a/attackbox/tasks/generate_readme.yaml b/attackbox/tasks/generate_readme.yaml deleted file mode 100644 index 691d08b..0000000 --- a/attackbox/tasks/generate_readme.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- name: generate ~/README.txt on the target server - ansible.builtin.template: - src: templates/readme.txt.j2 - dest: "{{ ansible_env.HOME }}/README.txt" - owner: "{{ ansible_user | default('root') }}" - group: "{{ ansible_user | default('root') }}" - mode: '0644' diff --git a/attackbox/tasks/github_repos.yaml b/attackbox/tasks/github_repos.yaml deleted file mode 100644 index 042ea6c..0000000 --- a/attackbox/tasks/github_repos.yaml +++ /dev/null @@ -1,15 +0,0 @@ -- name: ensure /opt/tools exists - ansible.builtin.file: - path: /opt/tools - state: directory - owner: root - group: root - mode: '0755' - -- name: clone github repos into /opt/tools - ansible.builtin.git: - repo: "{{ item }}" - dest: "/opt/tools/{{ item | basename | regex_replace('\\.git$', '') }}" - update: yes - force: yes - loop: "{{ github_repos }}" diff --git a/attackbox/tasks/go_tools.yaml b/attackbox/tasks/go_tools.yaml deleted file mode 100644 index 18c0346..0000000 --- a/attackbox/tasks/go_tools.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- name: install go tools - ansible.builtin.command: - cmd: "/usr/local/go/bin/go install -trimpath -v {{ item }}" - environment: - GOBIN: /usr/local/bin - loop: "{{ go_tools }}" diff --git a/attackbox/tasks/golang_install.yaml b/attackbox/tasks/golang_install.yaml deleted file mode 100644 index e67d508..0000000 --- a/attackbox/tasks/golang_install.yaml +++ /dev/null @@ -1,33 +0,0 @@ -- name: download and extract golang - block: - - name: get latest golang version - shell: | - curl -sSL https://golang.org/dl/ | awk -F '"' '/dl\/.*linux-amd64.*tar.gz/{print $(NF-1)}' | awk -F '/' '{print $3}' | head -1 - register: latest_golang - changed_when: false - - - name: download golang - get_url: - url: "https://golang.org/dl/{{ latest_golang.stdout }}" - dest: /tmp/golang.tar.gz - - - name: extract golang to /usr/local - unarchive: - src: /tmp/golang.tar.gz - dest: /usr/local - remote_src: yes - - - name: remove tarball - file: - path: /tmp/golang.tar.gz - state: absent - - - name: set system-wide go environment variables - copy: - dest: /etc/profile.d/go_env.sh - content: | - export GOPATH=/root/go - export PATH=$PATH:/usr/local/go/bin:$GOPATH:$GOPATH/bin - owner: root - group: root - mode: '0644' diff --git a/attackbox/tasks/harden.yaml b/attackbox/tasks/harden.yaml deleted file mode 100644 index 75f21bb..0000000 --- a/attackbox/tasks/harden.yaml +++ /dev/null @@ -1,157 +0,0 @@ -- name: fail if system is not debian/ubuntu - ansible.builtin.assert: - that: "'debian' in ansible_facts.os_family.lower() or 'ubuntu' in ansible_facts.distribution.lower()" - fail_msg: "this playbook supports only debian-based systems" - -- name: remove snap and snapd - apt: - name: - - snap - - snapd - state: absent - purge: true - -- name: clean apt cache - apt: - autoclean: yes - -- name: clear /etc/issue and /etc/motd - copy: - content: "" - dest: "{{ item }}" - loop: - - /etc/issue - - /etc/motd - -- name: check if /etc/update-motd.d directory exists - stat: - path: /etc/update-motd.d - register: motd_dir - -- name: find files in /etc/update-motd.d - find: - paths: /etc/update-motd.d - file_type: file - register: motd_files - when: motd_dir.stat.exists - -- name: remove execute permissions from all files in /etc/update-motd.d - file: - path: "{{ item.path }}" - mode: u-x,g-x,o-x - loop: "{{ motd_files.files }}" - when: motd_dir.stat.exists - -- name: enforce root-only cron/at - file: - path: "{{ item }}" - state: touch - owner: root - group: root - mode: '0600' - loop: - - /etc/cron.allow - - /etc/at.allow - -- name: remove deny files for cron and at - file: - path: "{{ item }}" - state: absent - loop: - - /etc/cron.deny - - /etc/at.deny - -- name: backup sshd_config - copy: - src: /etc/ssh/sshd_config - dest: "/etc/ssh/sshd_config.bak_{{ ansible_date_time.iso8601_basic }}" - remote_src: yes - -- name: harden sshd_config - copy: - dest: /etc/ssh/sshd_config - content: | - Port 22 - Banner /etc/issue - UsePAM yes - Protocol 2 - Subsystem sftp /usr/lib/openssh/sftp-server - LogLevel verbose - PrintMotd no - AcceptEnv LANG LC_* - MaxSessions 5 - StrictModes yes - Compression no - MaxAuthTries 3 - IgnoreRhosts yes - PrintLastLog yes - AddressFamily inet - X11Forwarding no - PermitRootLogin yes - AllowTcpForwarding no - ClientAliveInterval 1200 - AllowAgentForwarding no - PermitEmptyPasswords no - ClientAliveCountMax 0 - GSSAPIAuthentication no - KerberosAuthentication no - IgnoreUserKnownHosts yes - PermitUserEnvironment no - ChallengeResponseAuthentication no - MACs hmac-sha2-512,hmac-sha2-256 - Ciphers aes128-ctr,aes192-ctr,aes256-ctr - -- name: regenerate SSH host keys - shell: | - rm -f /etc/ssh/ssh_host_*key* - ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" - ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" - args: - creates: /etc/ssh/ssh_host_ed25519_key - notify: restart ssh - -- name: enable unattended-upgrades - shell: dpkg-reconfigure --priority=low unattended-upgrades - args: - creates: /etc/apt/apt.conf.d/50unattended-upgrades - -- name: enable unattended-upgrades service - systemd: - name: unattended-upgrades - enabled: true - state: started - -- name: disable ipv6 in grub - lineinfile: - path: /etc/default/grub - regexp: '^GRUB_CMDLINE_LINUX=' - line: 'GRUB_CMDLINE_LINUX="ipv6.disable=1"' - notify: update grub - -- name: allow ssh port and enable ufw - ufw: - rule: allow - port: 22 - proto: tcp - -- name: enable ufw - ufw: - state: enabled - policy: deny - -- name: deploy custom fail2ban jail.local - template: - src: templates/jail.local.j2 - dest: /etc/fail2ban/jail.local - owner: root - group: root - mode: '0644' - notify: - - restart fail2ban - - reload fail2ban - -- name: enable and start fail2ban - systemd: - name: fail2ban - enabled: true - state: started diff --git a/attackbox/tasks/tor_install.yaml b/attackbox/tasks/tor_install.yaml deleted file mode 100644 index 54f8384..0000000 --- a/attackbox/tasks/tor_install.yaml +++ /dev/null @@ -1,47 +0,0 @@ -- name: install tor and required packages - apt: - name: - - tor - - tor-geoipdb - - torsocks - - proxychains - state: present - update_cache: yes - -- name: check if /etc/tor/torrc exists - stat: - path: /etc/tor/torrc - register: torrc_stat - -- name: back up /etc/tor/torrc - copy: - src: /etc/tor/torrc - dest: /etc/tor/torrc.bak - remote_src: yes - force: no - when: - - torrc_stat.stat.exists - -- name: deploy custom tor configuration - template: - src: templates/torrc.j2 - dest: /etc/tor/torrc - owner: debian-tor - group: debian-tor - mode: '0644' - notify: restart tor - -- name: check if tor is routing traffic correctly - command: curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip - register: tor_check - changed_when: false - -- name: print tor check json response - debug: - msg: "tor check response: {{ tor_check.stdout }}" - -- name: verify tor is active - fail: - msg: "tor is not routing traffic correctly: istor is {{ tor_check.stdout | from_json | json_query('IsTor') }}" - when: - - tor_check.stdout | from_json | json_query('IsTor') != true diff --git a/attackbox/templates/jail.local.j2 b/attackbox/templates/jail.local.j2 deleted file mode 100644 index dd548df..0000000 --- a/attackbox/templates/jail.local.j2 +++ /dev/null @@ -1,46 +0,0 @@ -[INCLUDES] -#before = paths-distro.conf -before = paths-debian.conf - -[DEFAULT] -#ignoreself = true -#ignoreip = 127.0.0.1/8 ::1 -ignorecommand = -bantime = 1h -findtime = 10m -maxretry = 3 -maxmatches = %(maxretry)s -backend = auto -usedns = warn -logencoding = auto -enabled = false -mode = normal -filter = %(__name__)s[mode=%(mode)s] -destemail = root@localhost -sender = root@ -mta = sendmail -protocol = tcp -chain = -port = 0:65535 -fail2ban_agent = Fail2Ban/%(fail2ban_version)s -banaction = iptables-multiport -banaction_allports = iptables-allports -action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mw = %(action_)s - %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mwl = %(action_)s - %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] -action_xarf = %(action_)s - xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] -action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] - %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] -action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] -action_abuseipdb = abuseipdb -action = %(action_)s - -[sshd] -mode = aggressive -enabled = true -port = ssh -logpath = %(sshd_log)s -backend = %(sshd_backend)s diff --git a/attackbox/templates/readme.txt.j2 b/attackbox/templates/readme.txt.j2 deleted file mode 100644 index 46ea8dc..0000000 --- a/attackbox/templates/readme.txt.j2 +++ /dev/null @@ -1,20 +0,0 @@ -- [ generated on: {{ ansible_date_time.date }} {{ ansible_date_time.time }} - --- [ tools - ---- [ github repos cloned to /opt/tools -{% for repo in github_repos %} -- {{ repo }} -{% endfor %} - ---- [ go tools installed -{% for tool in go_tools %} -- {{ tool }} -{% endfor %} - --- [ package manager - ---- [ apt packages installed -{% for pkg in apt_packages %} -- {{ pkg }} -{% endfor %} diff --git a/attackbox/templates/torrc.j2 b/attackbox/templates/torrc.j2 deleted file mode 100644 index b12f93c..0000000 --- a/attackbox/templates/torrc.j2 +++ /dev/null @@ -1,30 +0,0 @@ -Log notice file /var/log/tor/notices.log -Log info file /var/log/tor/info.log -Log warn file /var/log/tor/warn.log -SafeLogging 1 - -RunAsDaemon 1 - -DataDirectory /var/lib/tor - -UseEntryGuards 1 - -ExitRelay 0 - -ExcludeNodes {us},{gb},{ca},{nz},{au},{dk},{fr},{nl},{no},{de},{be},{it},{es},{se},{cn},{ru},{ir} -StrictNodes 1 - -SOCKSPort 127.0.0.1:9050 - -DNSPort 127.0.0.1:5353 -TransPort 9040 -VirtualAddrNetworkIPv4 10.192.0.0/10 -AutomapHostsOnResolve 1 - -HardwareAccel 1 -Sandbox 1 -NoExec 1 -KeepAlivePeriod 60 -ClientRejectInternalAddresses 1 -NewCircuitPeriod 30 -MaxCircuitDirtiness 600 diff --git a/attackbox/vars/packages.yaml b/attackbox/vars/packages.yaml deleted file mode 100644 index fc96103..0000000 --- a/attackbox/vars/packages.yaml +++ /dev/null @@ -1,81 +0,0 @@ -github_repos: - - https://github.com/danielmiessler/SecLists.git - - https://github.com/tomnomnom/gf.git - - https://github.com/1ndianl33t/Gf-Patterns.git - -go_tools: - - github.com/projectdiscovery/uncover/cmd/uncover@latest - - github.com/projectdiscovery/katana/cmd/katana@latest - - github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest - - github.com/projectdiscovery/cloudlist/cmd/cloudlist@latest - - github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest - - github.com/projectdiscovery/cdncheck/cmd/cdncheck@latest - - github.com/projectdiscovery/mapcidr/cmd/mapcidr@latest - - github.com/projectdiscovery/shuffledns/cmd/shuffledns@latest - - github.com/projectdiscovery/asnmap/cmd/asnmap@latest - - github.com/projectdiscovery/naabu/v2/cmd/naabu@latest - - github.com/projectdiscovery/chaos-client/cmd/chaos@latest - - github.com/projectdiscovery/tldfinder/cmd/tldfinder@latest - - github.com/projectdiscovery/httpx/cmd/httpx@latest - - github.com/projectdiscovery/tlsx/cmd/tlsx@latest - - github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest - - github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest - - github.com/projectdiscovery/wappalyzergo/cmd/update-fingerprints@latest - - github.com/projectdiscovery/useragent/cmd/ua@latest - - github.com/projectdiscovery/notify/cmd/notify@latest - - github.com/projectdiscovery/tunnelx@latest - - github.com/projectdiscovery/urlfinder/cmd/urlfinder@latest - - github.com/projectdiscovery/cvemap/cmd/cvemap@latest - - github.com/projectdiscovery/alterx/cmd/alterx@latest - - github.com/projectdiscovery/proxify/cmd/proxify@latest - - github.com/projectdiscovery/dnsx/cmd/dnsx@latest - - github.com/projectdiscovery/openrisk@latest - - github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver@latest - - github.com/projectdiscovery/network-fingerprint@latest - - - github.com/BishopFox/cloudfox@latest - - github.com/BishopFox/jsluice/cmd/jsluice@latest - - - github.com/tomnomnom/gf@latest - - github.com/tomnomnom/waybackurls@latest - - github.com/tomnomnom/assetfinder@latest - - github.com/tomnomnom/meg@latest - - github.com/tomnomnom/anew@latest - - github.com/tomnomnom/unfurl@latest - - github.com/tomnomnom/qsreplace@latest - - github.com/tomnomnom/comb@latest - - - github.com/hakluke/hakrawler@latest - - github.com/hakluke/hakrevdns@latest - - github.com/hakluke/haklistgen@latest - - github.com/hakluke/hakoriginfinder@latest - - github.com/hakluke/hakcheckurl@latest - - github.com/hakluke/haktrails@latest - - github.com/hakluke/haktldextract@latest - - github.com/hakluke/hakip2host@latest - - github.com/hakluke/hakurlencode@latest - - - github.com/rverton/webanalyze/...@latest - - github.com/samirettali/dumpcn@latest - - github.com/ffuf/ffuf/v2@latest - - github.com/OJ/gobuster/v3@latest - - github.com/sensepost/gowitness@latest - - github.com/lc/gau/v2/cmd/gau@latest - -apt_packages: - - git - - gcc - - musl - - libpcap-dev - - musl-dev - - curl - - wget - - gpg - - openssl - - python3 - - python3-pip - - nmap - - unattended-upgrades - - ufw - - tmux - - fail2ban diff --git a/old/attackbox/ansible.cfg b/old/attackbox/ansible.cfg new file mode 100644 index 0000000..8395bb7 --- /dev/null +++ b/old/attackbox/ansible.cfg @@ -0,0 +1,3 @@ +[ssh_connection] +;scp_if_ssh = true +transfer_method = scp diff --git a/old/attackbox/handlers/main.yaml b/old/attackbox/handlers/main.yaml new file mode 100644 index 0000000..d0c15e9 --- /dev/null +++ b/old/attackbox/handlers/main.yaml @@ -0,0 +1,49 @@ +- name: update grub + command: update-grub + +- name: reload fail2ban + command: fail2ban-client reload + +- name: enable ufw + ufw: + state: enabled + policy: deny + +- name: restart ufw + systemd: + name: ufw + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: reload systemd + command: systemctl daemon-reload + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart ssh + systemd: + name: ssh + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: enable unattended-upgrades service + systemd: + name: unattended-upgrades + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart fail2ban + systemd: + name: fail2ban + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart tor + systemd: + name: tor + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' diff --git a/old/attackbox/inventory.yaml b/old/attackbox/inventory.yaml new file mode 100644 index 0000000..0c2cbad --- /dev/null +++ b/old/attackbox/inventory.yaml @@ -0,0 +1,14 @@ +all: + hosts: + server01: + ansible_host: 10.11.12.13 + ansible_user: root + ansible_ssh_private_key_file: id_rsa + # ssh + nginx multiplexing with sslh + #public_sslh_port: 443 + #internal_nginx_port: 8080 + #internal_sshd_port: 22 + children: + servers: + hosts: + server01: {} diff --git a/old/attackbox/playbook.yaml b/old/attackbox/playbook.yaml new file mode 100644 index 0000000..dbd436c --- /dev/null +++ b/old/attackbox/playbook.yaml @@ -0,0 +1,16 @@ +- name: attackbox setup + hosts: servers + become: true + vars_files: + - vars/packages.yaml + tasks: + - import_tasks: tasks/apt_packages.yaml + - import_tasks: tasks/harden.yaml + - import_tasks: tasks/golang_install.yaml + - import_tasks: tasks/chrome_install.yaml + - import_tasks: tasks/tor_install.yaml + - import_tasks: tasks/go_tools.yaml + - import_tasks: tasks/github_repos.yaml + #- import_tasks: tasks/generate_readme.yaml + handlers: + - import_tasks: handlers/main.yaml diff --git a/old/attackbox/tasks/apt_packages.yaml b/old/attackbox/tasks/apt_packages.yaml new file mode 100644 index 0000000..4ed8331 --- /dev/null +++ b/old/attackbox/tasks/apt_packages.yaml @@ -0,0 +1,5 @@ +- name: install apt packages + apt: + name: "{{ apt_packages }}" + state: present + update_cache: yes diff --git a/old/attackbox/tasks/chrome_install.yaml b/old/attackbox/tasks/chrome_install.yaml new file mode 100644 index 0000000..4b9bf4f --- /dev/null +++ b/old/attackbox/tasks/chrome_install.yaml @@ -0,0 +1,24 @@ +- name: remove old google signing key + file: + path: /etc/apt/trusted.gpg.d/google-signing-key.gpg + state: absent + +- name: download and install google signing key + shell: | + curl -sSL https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /etc/apt/trusted.gpg.d/google-signing-key.gpg + +- name: add google chrome repo + copy: + dest: /etc/apt/sources.list.d/google-chrome.list + content: | + deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/google-signing-key.gpg] https://dl.google.com/linux/chrome/deb stable main + +- name: update apt cache + apt: + update_cache: yes + +- name: install google chrome + apt: + name: google-chrome-stable + state: present + diff --git a/old/attackbox/tasks/generate_readme.yaml b/old/attackbox/tasks/generate_readme.yaml new file mode 100644 index 0000000..691d08b --- /dev/null +++ b/old/attackbox/tasks/generate_readme.yaml @@ -0,0 +1,7 @@ +- name: generate ~/README.txt on the target server + ansible.builtin.template: + src: templates/readme.txt.j2 + dest: "{{ ansible_env.HOME }}/README.txt" + owner: "{{ ansible_user | default('root') }}" + group: "{{ ansible_user | default('root') }}" + mode: '0644' diff --git a/old/attackbox/tasks/github_repos.yaml b/old/attackbox/tasks/github_repos.yaml new file mode 100644 index 0000000..042ea6c --- /dev/null +++ b/old/attackbox/tasks/github_repos.yaml @@ -0,0 +1,15 @@ +- name: ensure /opt/tools exists + ansible.builtin.file: + path: /opt/tools + state: directory + owner: root + group: root + mode: '0755' + +- name: clone github repos into /opt/tools + ansible.builtin.git: + repo: "{{ item }}" + dest: "/opt/tools/{{ item | basename | regex_replace('\\.git$', '') }}" + update: yes + force: yes + loop: "{{ github_repos }}" diff --git a/old/attackbox/tasks/go_tools.yaml b/old/attackbox/tasks/go_tools.yaml new file mode 100644 index 0000000..18c0346 --- /dev/null +++ b/old/attackbox/tasks/go_tools.yaml @@ -0,0 +1,6 @@ +- name: install go tools + ansible.builtin.command: + cmd: "/usr/local/go/bin/go install -trimpath -v {{ item }}" + environment: + GOBIN: /usr/local/bin + loop: "{{ go_tools }}" diff --git a/old/attackbox/tasks/golang_install.yaml b/old/attackbox/tasks/golang_install.yaml new file mode 100644 index 0000000..e67d508 --- /dev/null +++ b/old/attackbox/tasks/golang_install.yaml @@ -0,0 +1,33 @@ +- name: download and extract golang + block: + - name: get latest golang version + shell: | + curl -sSL https://golang.org/dl/ | awk -F '"' '/dl\/.*linux-amd64.*tar.gz/{print $(NF-1)}' | awk -F '/' '{print $3}' | head -1 + register: latest_golang + changed_when: false + + - name: download golang + get_url: + url: "https://golang.org/dl/{{ latest_golang.stdout }}" + dest: /tmp/golang.tar.gz + + - name: extract golang to /usr/local + unarchive: + src: /tmp/golang.tar.gz + dest: /usr/local + remote_src: yes + + - name: remove tarball + file: + path: /tmp/golang.tar.gz + state: absent + + - name: set system-wide go environment variables + copy: + dest: /etc/profile.d/go_env.sh + content: | + export GOPATH=/root/go + export PATH=$PATH:/usr/local/go/bin:$GOPATH:$GOPATH/bin + owner: root + group: root + mode: '0644' diff --git a/old/attackbox/tasks/harden.yaml b/old/attackbox/tasks/harden.yaml new file mode 100644 index 0000000..ad2b950 --- /dev/null +++ b/old/attackbox/tasks/harden.yaml @@ -0,0 +1,144 @@ +- name: fail if system is not debian/ubuntu + ansible.builtin.assert: + that: "'debian' in ansible_facts.os_family.lower() or 'ubuntu' in ansible_facts.distribution.lower()" + fail_msg: "this playbook supports only debian-based systems" + +- name: remove snap and snapd + apt: + name: + - snap + - snapd + state: absent + purge: true + +- name: clean apt cache + apt: + autoclean: yes + +- name: clear /etc/issue and /etc/motd + copy: + content: "" + dest: "{{ item }}" + loop: + - /etc/issue + - /etc/motd + +- name: check if /etc/update-motd.d directory exists + stat: + path: /etc/update-motd.d + register: motd_dir + +- name: find files in /etc/update-motd.d + find: + paths: /etc/update-motd.d + file_type: file + register: motd_files + when: motd_dir.stat.exists + +- name: remove execute permissions from all files in /etc/update-motd.d + file: + path: "{{ item.path }}" + mode: u-x,g-x,o-x + loop: "{{ motd_files.files }}" + when: motd_dir.stat.exists + +- name: enforce root-only cron/at + file: + path: "{{ item }}" + state: touch + owner: root + group: root + mode: '0600' + loop: + - /etc/cron.allow + - /etc/at.allow + +- name: remove deny files for cron and at + file: + path: "{{ item }}" + state: absent + loop: + - /etc/cron.deny + - /etc/at.deny + +- name: backup sshd_config + copy: + src: /etc/ssh/sshd_config + dest: "/etc/ssh/sshd_config.bak_{{ ansible_date_time.iso8601_basic }}" + remote_src: yes + +- name: harden sshd_config + copy: + dest: /etc/ssh/sshd_config + content: | + Port 22 + Banner /etc/issue + UsePAM yes + Protocol 2 + Subsystem sftp /usr/lib/openssh/sftp-server + LogLevel verbose + PrintMotd no + AcceptEnv LANG LC_* + MaxSessions 5 + StrictModes yes + Compression no + MaxAuthTries 3 + IgnoreRhosts yes + PrintLastLog yes + AddressFamily inet + X11Forwarding no + PermitRootLogin yes + AllowTcpForwarding no + ClientAliveInterval 1200 + AllowAgentForwarding no + PermitEmptyPasswords no + ClientAliveCountMax 0 + GSSAPIAuthentication no + KerberosAuthentication no + IgnoreUserKnownHosts yes + PermitUserEnvironment no + ChallengeResponseAuthentication no + MACs hmac-sha2-512,hmac-sha2-256 + Ciphers aes128-ctr,aes192-ctr,aes256-ctr + +- name: regenerate SSH host keys + shell: | + rm -f /etc/ssh/ssh_host_*key* + ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" + ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" + args: + creates: /etc/ssh/ssh_host_ed25519_key + notify: restart ssh + +- name: enable unattended-upgrades + shell: dpkg-reconfigure --priority=low unattended-upgrades + args: + creates: /etc/apt/apt.conf.d/50unattended-upgrades + notify: restart unattended-upgrades + +- name: disable ipv6 in grub + lineinfile: + path: /etc/default/grub + regexp: '^GRUB_CMDLINE_LINUX=' + line: 'GRUB_CMDLINE_LINUX="ipv6.disable=1"' + notify: update grub + +- name: allow ssh port and enable ufw + ufw: + rule: allow + port: 22 + proto: tcp + notify: + - enable ufw + - restart ufw + +- name: deploy custom fail2ban jail.local + template: + src: templates/jail.local.j2 + dest: /etc/fail2ban/jail.local + owner: root + group: root + mode: '0644' + notify: + - restart fail2ban + - reload fail2ban diff --git a/old/attackbox/tasks/tor_install.yaml b/old/attackbox/tasks/tor_install.yaml new file mode 100644 index 0000000..54f8384 --- /dev/null +++ b/old/attackbox/tasks/tor_install.yaml @@ -0,0 +1,47 @@ +- name: install tor and required packages + apt: + name: + - tor + - tor-geoipdb + - torsocks + - proxychains + state: present + update_cache: yes + +- name: check if /etc/tor/torrc exists + stat: + path: /etc/tor/torrc + register: torrc_stat + +- name: back up /etc/tor/torrc + copy: + src: /etc/tor/torrc + dest: /etc/tor/torrc.bak + remote_src: yes + force: no + when: + - torrc_stat.stat.exists + +- name: deploy custom tor configuration + template: + src: templates/torrc.j2 + dest: /etc/tor/torrc + owner: debian-tor + group: debian-tor + mode: '0644' + notify: restart tor + +- name: check if tor is routing traffic correctly + command: curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip + register: tor_check + changed_when: false + +- name: print tor check json response + debug: + msg: "tor check response: {{ tor_check.stdout }}" + +- name: verify tor is active + fail: + msg: "tor is not routing traffic correctly: istor is {{ tor_check.stdout | from_json | json_query('IsTor') }}" + when: + - tor_check.stdout | from_json | json_query('IsTor') != true diff --git a/old/attackbox/templates/index.html.j2 b/old/attackbox/templates/index.html.j2 new file mode 100644 index 0000000..e69de29 diff --git a/old/attackbox/templates/jail.local.j2 b/old/attackbox/templates/jail.local.j2 new file mode 100644 index 0000000..dd548df --- /dev/null +++ b/old/attackbox/templates/jail.local.j2 @@ -0,0 +1,46 @@ +[INCLUDES] +#before = paths-distro.conf +before = paths-debian.conf + +[DEFAULT] +#ignoreself = true +#ignoreip = 127.0.0.1/8 ::1 +ignorecommand = +bantime = 1h +findtime = 10m +maxretry = 3 +maxmatches = %(maxretry)s +backend = auto +usedns = warn +logencoding = auto +enabled = false +mode = normal +filter = %(__name__)s[mode=%(mode)s] +destemail = root@localhost +sender = root@ +mta = sendmail +protocol = tcp +chain = +port = 0:65535 +fail2ban_agent = Fail2Ban/%(fail2ban_version)s +banaction = iptables-multiport +banaction_allports = iptables-allports +action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mw = %(action_)s + %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mwl = %(action_)s + %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] +action_xarf = %(action_)s + xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] +action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] + %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] +action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] +action_abuseipdb = abuseipdb +action = %(action_)s + +[sshd] +mode = aggressive +enabled = true +port = ssh +logpath = %(sshd_log)s +backend = %(sshd_backend)s diff --git a/old/attackbox/templates/nginx.conf.j2 b/old/attackbox/templates/nginx.conf.j2 new file mode 100644 index 0000000..a735338 --- /dev/null +++ b/old/attackbox/templates/nginx.conf.j2 @@ -0,0 +1,57 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_tokens off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log warn; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + server { + listen 127.0.0.1:{{ internal_nginx_port }} ssl default_server; + server_name _; + + root /var/www/html; + index index.html; + + ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + location / { + try_files $uri $uri/ =404; + } + + location ~ /\.(?!well-known) { + deny all; + } + } +} diff --git a/old/attackbox/templates/readme.txt.j2 b/old/attackbox/templates/readme.txt.j2 new file mode 100644 index 0000000..46ea8dc --- /dev/null +++ b/old/attackbox/templates/readme.txt.j2 @@ -0,0 +1,20 @@ +- [ generated on: {{ ansible_date_time.date }} {{ ansible_date_time.time }} + +-- [ tools + +--- [ github repos cloned to /opt/tools +{% for repo in github_repos %} +- {{ repo }} +{% endfor %} + +--- [ go tools installed +{% for tool in go_tools %} +- {{ tool }} +{% endfor %} + +-- [ package manager + +--- [ apt packages installed +{% for pkg in apt_packages %} +- {{ pkg }} +{% endfor %} diff --git a/old/attackbox/templates/sslh.cfg.j2 b/old/attackbox/templates/sslh.cfg.j2 new file mode 100644 index 0000000..7020ed8 --- /dev/null +++ b/old/attackbox/templates/sslh.cfg.j2 @@ -0,0 +1,15 @@ +verbose: true +foreground: false +inetd: false + +listen: + host: "0.0.0.0" + port: {{ sslh_listen_port }} + +protocols: + ssh: + host: "127.0.0.1" + port: {{ ssh_port }} + http: + host: "127.0.0.1" + port: {{ nginx_port }} diff --git a/old/attackbox/templates/sslh.j2 b/old/attackbox/templates/sslh.j2 new file mode 100644 index 0000000..8820a74 --- /dev/null +++ b/old/attackbox/templates/sslh.j2 @@ -0,0 +1,3 @@ +RUN=yes +DAEMON=/usr/sbin/sslh +DAEMON_OPTS="--user sslh --listen 0.0.0.0:{{ public_sslh_port }} --ssh 127.0.0.1:{{ internal_sshd_port }} --http 127.0.0.1:{{ internal_nginx_port }}" diff --git a/old/attackbox/templates/torrc.j2 b/old/attackbox/templates/torrc.j2 new file mode 100644 index 0000000..b12f93c --- /dev/null +++ b/old/attackbox/templates/torrc.j2 @@ -0,0 +1,30 @@ +Log notice file /var/log/tor/notices.log +Log info file /var/log/tor/info.log +Log warn file /var/log/tor/warn.log +SafeLogging 1 + +RunAsDaemon 1 + +DataDirectory /var/lib/tor + +UseEntryGuards 1 + +ExitRelay 0 + +ExcludeNodes {us},{gb},{ca},{nz},{au},{dk},{fr},{nl},{no},{de},{be},{it},{es},{se},{cn},{ru},{ir} +StrictNodes 1 + +SOCKSPort 127.0.0.1:9050 + +DNSPort 127.0.0.1:5353 +TransPort 9040 +VirtualAddrNetworkIPv4 10.192.0.0/10 +AutomapHostsOnResolve 1 + +HardwareAccel 1 +Sandbox 1 +NoExec 1 +KeepAlivePeriod 60 +ClientRejectInternalAddresses 1 +NewCircuitPeriod 30 +MaxCircuitDirtiness 600 diff --git a/old/attackbox/vars/packages.yaml b/old/attackbox/vars/packages.yaml new file mode 100644 index 0000000..fc96103 --- /dev/null +++ b/old/attackbox/vars/packages.yaml @@ -0,0 +1,81 @@ +github_repos: + - https://github.com/danielmiessler/SecLists.git + - https://github.com/tomnomnom/gf.git + - https://github.com/1ndianl33t/Gf-Patterns.git + +go_tools: + - github.com/projectdiscovery/uncover/cmd/uncover@latest + - github.com/projectdiscovery/katana/cmd/katana@latest + - github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest + - github.com/projectdiscovery/cloudlist/cmd/cloudlist@latest + - github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest + - github.com/projectdiscovery/cdncheck/cmd/cdncheck@latest + - github.com/projectdiscovery/mapcidr/cmd/mapcidr@latest + - github.com/projectdiscovery/shuffledns/cmd/shuffledns@latest + - github.com/projectdiscovery/asnmap/cmd/asnmap@latest + - github.com/projectdiscovery/naabu/v2/cmd/naabu@latest + - github.com/projectdiscovery/chaos-client/cmd/chaos@latest + - github.com/projectdiscovery/tldfinder/cmd/tldfinder@latest + - github.com/projectdiscovery/httpx/cmd/httpx@latest + - github.com/projectdiscovery/tlsx/cmd/tlsx@latest + - github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest + - github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest + - github.com/projectdiscovery/wappalyzergo/cmd/update-fingerprints@latest + - github.com/projectdiscovery/useragent/cmd/ua@latest + - github.com/projectdiscovery/notify/cmd/notify@latest + - github.com/projectdiscovery/tunnelx@latest + - github.com/projectdiscovery/urlfinder/cmd/urlfinder@latest + - github.com/projectdiscovery/cvemap/cmd/cvemap@latest + - github.com/projectdiscovery/alterx/cmd/alterx@latest + - github.com/projectdiscovery/proxify/cmd/proxify@latest + - github.com/projectdiscovery/dnsx/cmd/dnsx@latest + - github.com/projectdiscovery/openrisk@latest + - github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver@latest + - github.com/projectdiscovery/network-fingerprint@latest + + - github.com/BishopFox/cloudfox@latest + - github.com/BishopFox/jsluice/cmd/jsluice@latest + + - github.com/tomnomnom/gf@latest + - github.com/tomnomnom/waybackurls@latest + - github.com/tomnomnom/assetfinder@latest + - github.com/tomnomnom/meg@latest + - github.com/tomnomnom/anew@latest + - github.com/tomnomnom/unfurl@latest + - github.com/tomnomnom/qsreplace@latest + - github.com/tomnomnom/comb@latest + + - github.com/hakluke/hakrawler@latest + - github.com/hakluke/hakrevdns@latest + - github.com/hakluke/haklistgen@latest + - github.com/hakluke/hakoriginfinder@latest + - github.com/hakluke/hakcheckurl@latest + - github.com/hakluke/haktrails@latest + - github.com/hakluke/haktldextract@latest + - github.com/hakluke/hakip2host@latest + - github.com/hakluke/hakurlencode@latest + + - github.com/rverton/webanalyze/...@latest + - github.com/samirettali/dumpcn@latest + - github.com/ffuf/ffuf/v2@latest + - github.com/OJ/gobuster/v3@latest + - github.com/sensepost/gowitness@latest + - github.com/lc/gau/v2/cmd/gau@latest + +apt_packages: + - git + - gcc + - musl + - libpcap-dev + - musl-dev + - curl + - wget + - gpg + - openssl + - python3 + - python3-pip + - nmap + - unattended-upgrades + - ufw + - tmux + - fail2ban diff --git a/old/sliver-c2/ansible.cfg b/old/sliver-c2/ansible.cfg new file mode 100644 index 0000000..8395bb7 --- /dev/null +++ b/old/sliver-c2/ansible.cfg @@ -0,0 +1,3 @@ +[ssh_connection] +;scp_if_ssh = true +transfer_method = scp diff --git a/old/sliver-c2/handlers/main.yaml b/old/sliver-c2/handlers/main.yaml new file mode 100644 index 0000000..38b1dd4 --- /dev/null +++ b/old/sliver-c2/handlers/main.yaml @@ -0,0 +1,70 @@ +- name: update grub + command: update-grub + +- name: reload fail2ban + command: fail2ban-client reload + +- name: enable ufw + ufw: + state: enabled + policy: deny + +- name: restart ufw + systemd: + name: ufw + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: reload systemd + command: systemctl daemon-reload + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart ssh + systemd: + name: ssh + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: enable unattended-upgrades service + systemd: + name: unattended-upgrades + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart ufw + systemd: + name: ufw + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart fail2ban + systemd: + name: fail2ban + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: sliver systemd handler + systemd: + name: sliver + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart nginx + systemd: + name: nginx + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart sslh + systemd: + name: sslh + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' diff --git a/old/sliver-c2/inventory.yaml b/old/sliver-c2/inventory.yaml new file mode 100644 index 0000000..a330281 --- /dev/null +++ b/old/sliver-c2/inventory.yaml @@ -0,0 +1,15 @@ +all: + hosts: + server01: + ansible_host: 192.168.133.34 + ansible_user: root + ansible_ssh_private_key_file: id_rsa + sliver_server: 127.0.0.1 + # ssh + nginx multiplexing with sslh + #public_sslh_port: 443 + #internal_nginx_port: 8080 + #internal_sshd_port: 22 + children: + servers: + hosts: + server01: {} diff --git a/old/sliver-c2/playbook.yaml b/old/sliver-c2/playbook.yaml new file mode 100644 index 0000000..a6629da --- /dev/null +++ b/old/sliver-c2/playbook.yaml @@ -0,0 +1,16 @@ +- name: sliver setup + hosts: servers + become: true + vars_files: + - vars/packages.yaml + - vars/sliver.yaml + tasks: + - import_tasks: tasks/ssh_nginx_setup.yaml + - import_tasks: tasks/apt_packages.yaml + #- import_tasks: tasks/golang_install.yaml + #- import_tasks: tasks/harden.yaml + #- import_tasks: tasks/sliver_install.yaml + #- import_tasks: tasks/sliver_systemd.yaml + #- import_tasks: tasks/sliver_configure.yaml + handlers: + - import_tasks: handlers/main.yaml diff --git a/old/sliver-c2/tasks/apt_packages.yaml b/old/sliver-c2/tasks/apt_packages.yaml new file mode 100644 index 0000000..3f600c2 --- /dev/null +++ b/old/sliver-c2/tasks/apt_packages.yaml @@ -0,0 +1,5 @@ +- name: install apt packages + apt: + name: "{{ apt_packages }}" + state: present + update_cache: true diff --git a/old/sliver-c2/tasks/golang_install.yaml b/old/sliver-c2/tasks/golang_install.yaml new file mode 100644 index 0000000..e67d508 --- /dev/null +++ b/old/sliver-c2/tasks/golang_install.yaml @@ -0,0 +1,33 @@ +- name: download and extract golang + block: + - name: get latest golang version + shell: | + curl -sSL https://golang.org/dl/ | awk -F '"' '/dl\/.*linux-amd64.*tar.gz/{print $(NF-1)}' | awk -F '/' '{print $3}' | head -1 + register: latest_golang + changed_when: false + + - name: download golang + get_url: + url: "https://golang.org/dl/{{ latest_golang.stdout }}" + dest: /tmp/golang.tar.gz + + - name: extract golang to /usr/local + unarchive: + src: /tmp/golang.tar.gz + dest: /usr/local + remote_src: yes + + - name: remove tarball + file: + path: /tmp/golang.tar.gz + state: absent + + - name: set system-wide go environment variables + copy: + dest: /etc/profile.d/go_env.sh + content: | + export GOPATH=/root/go + export PATH=$PATH:/usr/local/go/bin:$GOPATH:$GOPATH/bin + owner: root + group: root + mode: '0644' diff --git a/old/sliver-c2/tasks/harden.yaml b/old/sliver-c2/tasks/harden.yaml new file mode 100644 index 0000000..ec09ea2 --- /dev/null +++ b/old/sliver-c2/tasks/harden.yaml @@ -0,0 +1,144 @@ +- name: fail if system is not debian/ubuntu + ansible.builtin.assert: + that: "'debian' in ansible_facts.os_family.lower() or 'ubuntu' in ansible_facts.distribution.lower()" + fail_msg: "this playbook supports only debian-based systems" + +- name: remove snap and snapd + apt: + name: + - snap + - snapd + state: absent + purge: true + +- name: clean apt cache + apt: + autoclean: true + +- name: clear /etc/issue and /etc/motd + copy: + content: "" + dest: "{{ item }}" + loop: + - /etc/issue + - /etc/motd + +- name: check if /etc/update-motd.d directory exists + stat: + path: /etc/update-motd.d + register: motd_dir + +- name: find files in /etc/update-motd.d + find: + paths: /etc/update-motd.d + file_type: file + register: motd_files + when: motd_dir.stat.exists + +- name: remove execute permissions from all files in /etc/update-motd.d + file: + path: "{{ item.path }}" + mode: u-x,g-x,o-x + loop: "{{ motd_files.files }}" + when: motd_dir.stat.exists + +- name: enforce root-only cron/at + file: + path: "{{ item }}" + state: touch + owner: root + group: root + mode: '0600' + loop: + - /etc/cron.allow + - /etc/at.allow + +- name: remove deny files for cron and at + file: + path: "{{ item }}" + state: absent + loop: + - /etc/cron.deny + - /etc/at.deny + +- name: backup sshd_config + copy: + src: /etc/ssh/sshd_config + dest: "/etc/ssh/sshd_config.bak_{{ ansible_date_time.iso8601_basic }}" + remote_src: yes + +- name: harden sshd_config + copy: + dest: /etc/ssh/sshd_config + content: | + Port 22 + Banner /etc/issue + UsePAM yes + Protocol 2 + Subsystem sftp /usr/lib/openssh/sftp-server + LogLevel verbose + PrintMotd no + AcceptEnv LANG LC_* + MaxSessions 5 + StrictModes yes + Compression no + MaxAuthTries 3 + IgnoreRhosts yes + PrintLastLog yes + AddressFamily inet + X11Forwarding no + PermitRootLogin yes + AllowTcpForwarding no + ClientAliveInterval 1200 + AllowAgentForwarding no + PermitEmptyPasswords no + ClientAliveCountMax 0 + GSSAPIAuthentication no + KerberosAuthentication no + IgnoreUserKnownHosts yes + PermitUserEnvironment no + ChallengeResponseAuthentication no + MACs hmac-sha2-512,hmac-sha2-256 + Ciphers aes128-ctr,aes192-ctr,aes256-ctr + +- name: regenerate SSH host keys + shell: | + rm -f /etc/ssh/ssh_host_*key* + ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" + ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" + args: + creates: /etc/ssh/ssh_host_ed25519_key + notify: restart ssh + +- name: enable unattended-upgrades + shell: dpkg-reconfigure --priority=low unattended-upgrades + args: + creates: /etc/apt/apt.conf.d/50unattended-upgrades + notify: restart unattended-upgrades + +- name: disable ipv6 in grub + lineinfile: + path: /etc/default/grub + regexp: '^GRUB_CMDLINE_LINUX=' + line: 'GRUB_CMDLINE_LINUX="ipv6.disable=1"' + notify: update grub + +- name: allow ssh port and enable ufw + ufw: + rule: allow + port: 22 + proto: tcp + notify: + - reload ufw + - restart ufw + +- name: deploy custom fail2ban jail.local + template: + src: templates/jail.local.j2 + dest: /etc/fail2ban/jail.local + owner: root + group: root + mode: '0644' + notify: + - restart fail2ban + - reload fail2ban diff --git a/old/sliver-c2/tasks/sliver_configure.yaml b/old/sliver-c2/tasks/sliver_configure.yaml new file mode 100644 index 0000000..bf4797e --- /dev/null +++ b/old/sliver-c2/tasks/sliver_configure.yaml @@ -0,0 +1,40 @@ +- name: ensure .sliver config directory exists + file: + path: "{{ install_path }}/.sliver/configs" + state: directory + owner: root + group: root + mode: '0700' + +- name: deploy custom server.json config + template: + src: server.json.j2 + dest: "{{ install_path }}/.sliver/configs/server.json" + owner: root + group: root + mode: '0600' + force: true + +- name: ensure sliver client config directory exists + file: + path: "{{ install_path }}/.sliver-client/configs" + state: directory + owner: root + group: root + mode: '0700' + +- name: generate sliver operator profiles + loop: "{{ sliver_operators }}" + loop_control: + loop_var: operator + command: /opt/sliver/sliver-server operator --name {{ operator }} --lhost {{ sliver_server }} --save /root/.sliver-client/configs + notify: sliver systemd handler + +- name: fix permissions for .sliver-client directory + file: + path: /root/.sliver-client + state: directory + recurse: true + owner: root + group: root + diff --git a/old/sliver-c2/tasks/sliver_install.yaml b/old/sliver-c2/tasks/sliver_install.yaml new file mode 100644 index 0000000..3f0e029 --- /dev/null +++ b/old/sliver-c2/tasks/sliver_install.yaml @@ -0,0 +1,35 @@ +- name: import sliver gpg key + shell: | + gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4449039C + +- name: get latest sliver-server binary URL + shell: | + curl -sSLf https://api.github.com/repos/BishopFox/sliver/releases/latest \ + | grep -i browser_download_url \ + | grep -i sliver-server_linux \ + | grep -v sig \ + | head -1 \ + | cut -d '"' -f 4 + register: sliver_url + changed_when: false + +- name: create sliver directory + file: + path: "{{ install_path }}" + state: directory + mode: '0755' + +- name: download sliver-server binary + get_url: + url: "{{ sliver_url.stdout }}" + dest: "{{ install_path }}/sliver-server" + mode: '0755' + +- name: symlink sliver binaries + file: + src: "{{ install_path }}/{{ item }}" + dest: "/usr/local/bin/{{ item }}" + state: link + force: true + loop: + - sliver-server diff --git a/old/sliver-c2/tasks/sliver_systemd.yaml b/old/sliver-c2/tasks/sliver_systemd.yaml new file mode 100644 index 0000000..3b29f0f --- /dev/null +++ b/old/sliver-c2/tasks/sliver_systemd.yaml @@ -0,0 +1,10 @@ +- name: copy sliver systemd service template + template: + src: sliver.service.j2 + dest: /etc/systemd/system/sliver.service + owner: root + group: root + mode: '0600' + notify: + - reload systemd + - sliver systemd handler diff --git a/old/sliver-c2/tasks/ssh_nginx_setup.yaml b/old/sliver-c2/tasks/ssh_nginx_setup.yaml new file mode 100644 index 0000000..beb0910 --- /dev/null +++ b/old/sliver-c2/tasks/ssh_nginx_setup.yaml @@ -0,0 +1,76 @@ +- block: + - name: install required packages + apt: + name: + - openssl + - nginx + - sslh + - ufw + state: present + update_cache: true + + - name: deploy index.html + template: + src: index.html.j2 + dest: /var/www/html/index.html + owner: www-data + group: www-data + mode: '0644' + + - name: ensure /var/www/html directory permissions + file: + path: /var/www/html + state: directory + owner: www-data + group: www-data + mode: '0755' + + - name: generate self-signed ssl certificate + command: > + openssl req -x509 -nodes -days 365 -newkey rsa:2048 + -keyout /etc/ssl/private/nginx-selfsigned.key + -out /etc/ssl/certs/nginx-selfsigned.crt + -subj "/CN=localhost" + args: + creates: /etc/ssl/certs/nginx-selfsigned.crt + + - name: deploy nginx.conf + template: + src: nginx.conf.j2 + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: '0644' + notify: restart nginx + + - name: deploy sslh config file + template: + src: sslh.j2 + dest: /etc/default/sslh + owner: root + group: root + mode: '0644' + notify: restart sslh + + - name: allow ssh port and enable ufw + ufw: + rule: allow + port: "{{ internal_sshd_port }}" + proto: tcp + notify: + - enable ufw + - restart ufw + + - name: allow http port and enable ufw + ufw: + rule: allow + port: "{{ public_sslh_port }}" + proto: tcp + notify: + - enable ufw + - restart ufw + + when: + - public_sslh_port is defined + - internal_nginx_port is defined + - internal_sshd_port is defined diff --git a/old/sliver-c2/templates/index.html.j2 b/old/sliver-c2/templates/index.html.j2 new file mode 100644 index 0000000..e69de29 diff --git a/old/sliver-c2/templates/jail.local.j2 b/old/sliver-c2/templates/jail.local.j2 new file mode 100644 index 0000000..dd548df --- /dev/null +++ b/old/sliver-c2/templates/jail.local.j2 @@ -0,0 +1,46 @@ +[INCLUDES] +#before = paths-distro.conf +before = paths-debian.conf + +[DEFAULT] +#ignoreself = true +#ignoreip = 127.0.0.1/8 ::1 +ignorecommand = +bantime = 1h +findtime = 10m +maxretry = 3 +maxmatches = %(maxretry)s +backend = auto +usedns = warn +logencoding = auto +enabled = false +mode = normal +filter = %(__name__)s[mode=%(mode)s] +destemail = root@localhost +sender = root@ +mta = sendmail +protocol = tcp +chain = +port = 0:65535 +fail2ban_agent = Fail2Ban/%(fail2ban_version)s +banaction = iptables-multiport +banaction_allports = iptables-allports +action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mw = %(action_)s + %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mwl = %(action_)s + %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] +action_xarf = %(action_)s + xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] +action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] + %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] +action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] +action_abuseipdb = abuseipdb +action = %(action_)s + +[sshd] +mode = aggressive +enabled = true +port = ssh +logpath = %(sshd_log)s +backend = %(sshd_backend)s diff --git a/old/sliver-c2/templates/nginx.conf.j2 b/old/sliver-c2/templates/nginx.conf.j2 new file mode 100644 index 0000000..a735338 --- /dev/null +++ b/old/sliver-c2/templates/nginx.conf.j2 @@ -0,0 +1,57 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_tokens off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log warn; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + server { + listen 127.0.0.1:{{ internal_nginx_port }} ssl default_server; + server_name _; + + root /var/www/html; + index index.html; + + ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + location / { + try_files $uri $uri/ =404; + } + + location ~ /\.(?!well-known) { + deny all; + } + } +} diff --git a/old/sliver-c2/templates/server.json.j2 b/old/sliver-c2/templates/server.json.j2 new file mode 100644 index 0000000..9c59062 --- /dev/null +++ b/old/sliver-c2/templates/server.json.j2 @@ -0,0 +1,18 @@ +{ + "daemon_mode": false, + "daemon": { + "host": "{{ sliver_server }}", + "port": 31337 + }, + "logs": { + "level": 4, + "grpc_unary_payloads": false, + "grpc_stream_payloads": false, + "tls_key_logger": false + }, + "jobs": { + "multiplayer": null + }, + "watch_tower": null, + "go_proxy": "" +} diff --git a/old/sliver-c2/templates/sliver.service.j2 b/old/sliver-c2/templates/sliver.service.j2 new file mode 100644 index 0000000..c45687d --- /dev/null +++ b/old/sliver-c2/templates/sliver.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=Sliver +After=network.target +StartLimitIntervalSec=0 + +[Service] +Type=simple +Restart=on-failure +RestartSec=3 +User=root +Environment=SLIVER_ROOT_DIR={{ install_path }}/.sliver +ExecStart={{ install_path }}/sliver-server daemon + +[Install] +WantedBy=multi-user.target diff --git a/old/sliver-c2/templates/sslh.j2 b/old/sliver-c2/templates/sslh.j2 new file mode 100644 index 0000000..8820a74 --- /dev/null +++ b/old/sliver-c2/templates/sslh.j2 @@ -0,0 +1,3 @@ +RUN=yes +DAEMON=/usr/sbin/sslh +DAEMON_OPTS="--user sslh --listen 0.0.0.0:{{ public_sslh_port }} --ssh 127.0.0.1:{{ internal_sshd_port }} --http 127.0.0.1:{{ internal_nginx_port }}" diff --git a/old/sliver-c2/vars/packages.yaml b/old/sliver-c2/vars/packages.yaml new file mode 100644 index 0000000..d670cca --- /dev/null +++ b/old/sliver-c2/vars/packages.yaml @@ -0,0 +1,21 @@ +apt_packages: + - binutils-mingw-w64 + - build-essential + - curl + - fail2ban + - gcc + - git + - g++-mingw-w64 + - gpg + - libpcap-dev + - mingw-w64 + - musl + - musl-dev + - nmap + - openssl + - python3 + - python3-pip + - tmux + - ufw + - unattended-upgrades + - wget diff --git a/old/sliver-c2/vars/sliver.yaml b/old/sliver-c2/vars/sliver.yaml new file mode 100644 index 0000000..5ef0e6c --- /dev/null +++ b/old/sliver-c2/vars/sliver.yaml @@ -0,0 +1,7 @@ +install_path: /opt/sliver +sliver_operators: + - operator01 + - operator02 + - operator03 + - operator04 + - operator05 diff --git a/sliver-c2/ansible.cfg b/sliver-c2/ansible.cfg deleted file mode 100644 index 8395bb7..0000000 --- a/sliver-c2/ansible.cfg +++ /dev/null @@ -1,3 +0,0 @@ -[ssh_connection] -;scp_if_ssh = true -transfer_method = scp diff --git a/sliver-c2/handlers/main.yaml b/sliver-c2/handlers/main.yaml deleted file mode 100644 index 0987034..0000000 --- a/sliver-c2/handlers/main.yaml +++ /dev/null @@ -1,30 +0,0 @@ -- name: update grub - command: update-grub - -- name: reload fail2ban - command: fail2ban-client reload - -- name: reload systemd - command: systemctl daemon-reload - when: ansible_facts['service_mgr'] == 'systemd' - -- name: restart ssh - systemd: - name: ssh - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' - -- name: restart fail2ban - systemd: - name: fail2ban - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' - -- name: sliver systemd handler - systemd: - name: sliver - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' diff --git a/sliver-c2/inventory.ini b/sliver-c2/inventory.ini deleted file mode 100644 index 7babd5e..0000000 --- a/sliver-c2/inventory.ini +++ /dev/null @@ -1,2 +0,0 @@ -[servers] -server01 ansible_host=10.11.12.13 ansible_user=root ansible_ssh_private_key_file=id_rsa sliver_server=127.0.0.1 diff --git a/sliver-c2/playbook.yaml b/sliver-c2/playbook.yaml deleted file mode 100644 index 2447e16..0000000 --- a/sliver-c2/playbook.yaml +++ /dev/null @@ -1,15 +0,0 @@ -- name: sliver setup - hosts: servers - become: true - vars_files: - - vars/packages.yaml - - vars/sliver.yaml - tasks: - - import_tasks: tasks/apt_packages.yaml - - import_tasks: tasks/golang_install.yaml - - import_tasks: tasks/harden.yaml - - import_tasks: tasks/sliver_install.yaml - - import_tasks: tasks/sliver_systemd.yaml - - import_tasks: tasks/sliver_configure.yaml - handlers: - - import_tasks: handlers/main.yaml diff --git a/sliver-c2/tasks/apt_packages.yaml b/sliver-c2/tasks/apt_packages.yaml deleted file mode 100644 index 3f600c2..0000000 --- a/sliver-c2/tasks/apt_packages.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- name: install apt packages - apt: - name: "{{ apt_packages }}" - state: present - update_cache: true diff --git a/sliver-c2/tasks/golang_install.yaml b/sliver-c2/tasks/golang_install.yaml deleted file mode 100644 index e67d508..0000000 --- a/sliver-c2/tasks/golang_install.yaml +++ /dev/null @@ -1,33 +0,0 @@ -- name: download and extract golang - block: - - name: get latest golang version - shell: | - curl -sSL https://golang.org/dl/ | awk -F '"' '/dl\/.*linux-amd64.*tar.gz/{print $(NF-1)}' | awk -F '/' '{print $3}' | head -1 - register: latest_golang - changed_when: false - - - name: download golang - get_url: - url: "https://golang.org/dl/{{ latest_golang.stdout }}" - dest: /tmp/golang.tar.gz - - - name: extract golang to /usr/local - unarchive: - src: /tmp/golang.tar.gz - dest: /usr/local - remote_src: yes - - - name: remove tarball - file: - path: /tmp/golang.tar.gz - state: absent - - - name: set system-wide go environment variables - copy: - dest: /etc/profile.d/go_env.sh - content: | - export GOPATH=/root/go - export PATH=$PATH:/usr/local/go/bin:$GOPATH:$GOPATH/bin - owner: root - group: root - mode: '0644' diff --git a/sliver-c2/tasks/harden.yaml b/sliver-c2/tasks/harden.yaml deleted file mode 100644 index 7ac157c..0000000 --- a/sliver-c2/tasks/harden.yaml +++ /dev/null @@ -1,157 +0,0 @@ -- name: fail if system is not debian/ubuntu - ansible.builtin.assert: - that: "'debian' in ansible_facts.os_family.lower() or 'ubuntu' in ansible_facts.distribution.lower()" - fail_msg: "this playbook supports only debian-based systems" - -- name: remove snap and snapd - apt: - name: - - snap - - snapd - state: absent - purge: true - -- name: clean apt cache - apt: - autoclean: true - -- name: clear /etc/issue and /etc/motd - copy: - content: "" - dest: "{{ item }}" - loop: - - /etc/issue - - /etc/motd - -- name: check if /etc/update-motd.d directory exists - stat: - path: /etc/update-motd.d - register: motd_dir - -- name: find files in /etc/update-motd.d - find: - paths: /etc/update-motd.d - file_type: file - register: motd_files - when: motd_dir.stat.exists - -- name: remove execute permissions from all files in /etc/update-motd.d - file: - path: "{{ item.path }}" - mode: u-x,g-x,o-x - loop: "{{ motd_files.files }}" - when: motd_dir.stat.exists - -- name: enforce root-only cron/at - file: - path: "{{ item }}" - state: touch - owner: root - group: root - mode: '0600' - loop: - - /etc/cron.allow - - /etc/at.allow - -- name: remove deny files for cron and at - file: - path: "{{ item }}" - state: absent - loop: - - /etc/cron.deny - - /etc/at.deny - -- name: backup sshd_config - copy: - src: /etc/ssh/sshd_config - dest: "/etc/ssh/sshd_config.bak_{{ ansible_date_time.iso8601_basic }}" - remote_src: yes - -- name: harden sshd_config - copy: - dest: /etc/ssh/sshd_config - content: | - Port 22 - Banner /etc/issue - UsePAM yes - Protocol 2 - Subsystem sftp /usr/lib/openssh/sftp-server - LogLevel verbose - PrintMotd no - AcceptEnv LANG LC_* - MaxSessions 5 - StrictModes yes - Compression no - MaxAuthTries 3 - IgnoreRhosts yes - PrintLastLog yes - AddressFamily inet - X11Forwarding no - PermitRootLogin yes - AllowTcpForwarding no - ClientAliveInterval 1200 - AllowAgentForwarding no - PermitEmptyPasswords no - ClientAliveCountMax 0 - GSSAPIAuthentication no - KerberosAuthentication no - IgnoreUserKnownHosts yes - PermitUserEnvironment no - ChallengeResponseAuthentication no - MACs hmac-sha2-512,hmac-sha2-256 - Ciphers aes128-ctr,aes192-ctr,aes256-ctr - -- name: regenerate SSH host keys - shell: | - rm -f /etc/ssh/ssh_host_*key* - ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" - ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" - args: - creates: /etc/ssh/ssh_host_ed25519_key - notify: restart ssh - -- name: enable unattended-upgrades - shell: dpkg-reconfigure --priority=low unattended-upgrades - args: - creates: /etc/apt/apt.conf.d/50unattended-upgrades - -- name: enable unattended-upgrades service - systemd: - name: unattended-upgrades - enabled: true - state: started - -- name: disable ipv6 in grub - lineinfile: - path: /etc/default/grub - regexp: '^GRUB_CMDLINE_LINUX=' - line: 'GRUB_CMDLINE_LINUX="ipv6.disable=1"' - notify: update grub - -- name: allow ssh port and enable ufw - ufw: - rule: allow - port: 22 - proto: tcp - -- name: enable ufw - ufw: - state: enabled - policy: deny - -- name: deploy custom fail2ban jail.local - template: - src: templates/jail.local.j2 - dest: /etc/fail2ban/jail.local - owner: root - group: root - mode: '0644' - notify: - - restart fail2ban - - reload fail2ban - -- name: enable and start fail2ban - systemd: - name: fail2ban - enabled: true - state: started diff --git a/sliver-c2/tasks/sliver_configure.yaml b/sliver-c2/tasks/sliver_configure.yaml deleted file mode 100644 index bf4797e..0000000 --- a/sliver-c2/tasks/sliver_configure.yaml +++ /dev/null @@ -1,40 +0,0 @@ -- name: ensure .sliver config directory exists - file: - path: "{{ install_path }}/.sliver/configs" - state: directory - owner: root - group: root - mode: '0700' - -- name: deploy custom server.json config - template: - src: server.json.j2 - dest: "{{ install_path }}/.sliver/configs/server.json" - owner: root - group: root - mode: '0600' - force: true - -- name: ensure sliver client config directory exists - file: - path: "{{ install_path }}/.sliver-client/configs" - state: directory - owner: root - group: root - mode: '0700' - -- name: generate sliver operator profiles - loop: "{{ sliver_operators }}" - loop_control: - loop_var: operator - command: /opt/sliver/sliver-server operator --name {{ operator }} --lhost {{ sliver_server }} --save /root/.sliver-client/configs - notify: sliver systemd handler - -- name: fix permissions for .sliver-client directory - file: - path: /root/.sliver-client - state: directory - recurse: true - owner: root - group: root - diff --git a/sliver-c2/tasks/sliver_install.yaml b/sliver-c2/tasks/sliver_install.yaml deleted file mode 100644 index 3f0e029..0000000 --- a/sliver-c2/tasks/sliver_install.yaml +++ /dev/null @@ -1,35 +0,0 @@ -- name: import sliver gpg key - shell: | - gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4449039C - -- name: get latest sliver-server binary URL - shell: | - curl -sSLf https://api.github.com/repos/BishopFox/sliver/releases/latest \ - | grep -i browser_download_url \ - | grep -i sliver-server_linux \ - | grep -v sig \ - | head -1 \ - | cut -d '"' -f 4 - register: sliver_url - changed_when: false - -- name: create sliver directory - file: - path: "{{ install_path }}" - state: directory - mode: '0755' - -- name: download sliver-server binary - get_url: - url: "{{ sliver_url.stdout }}" - dest: "{{ install_path }}/sliver-server" - mode: '0755' - -- name: symlink sliver binaries - file: - src: "{{ install_path }}/{{ item }}" - dest: "/usr/local/bin/{{ item }}" - state: link - force: true - loop: - - sliver-server diff --git a/sliver-c2/tasks/sliver_systemd.yaml b/sliver-c2/tasks/sliver_systemd.yaml deleted file mode 100644 index 3b29f0f..0000000 --- a/sliver-c2/tasks/sliver_systemd.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- name: copy sliver systemd service template - template: - src: sliver.service.j2 - dest: /etc/systemd/system/sliver.service - owner: root - group: root - mode: '0600' - notify: - - reload systemd - - sliver systemd handler diff --git a/sliver-c2/templates/jail.local.j2 b/sliver-c2/templates/jail.local.j2 deleted file mode 100644 index dd548df..0000000 --- a/sliver-c2/templates/jail.local.j2 +++ /dev/null @@ -1,46 +0,0 @@ -[INCLUDES] -#before = paths-distro.conf -before = paths-debian.conf - -[DEFAULT] -#ignoreself = true -#ignoreip = 127.0.0.1/8 ::1 -ignorecommand = -bantime = 1h -findtime = 10m -maxretry = 3 -maxmatches = %(maxretry)s -backend = auto -usedns = warn -logencoding = auto -enabled = false -mode = normal -filter = %(__name__)s[mode=%(mode)s] -destemail = root@localhost -sender = root@ -mta = sendmail -protocol = tcp -chain = -port = 0:65535 -fail2ban_agent = Fail2Ban/%(fail2ban_version)s -banaction = iptables-multiport -banaction_allports = iptables-allports -action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mw = %(action_)s - %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mwl = %(action_)s - %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] -action_xarf = %(action_)s - xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] -action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] - %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] -action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] -action_abuseipdb = abuseipdb -action = %(action_)s - -[sshd] -mode = aggressive -enabled = true -port = ssh -logpath = %(sshd_log)s -backend = %(sshd_backend)s diff --git a/sliver-c2/templates/server.json.j2 b/sliver-c2/templates/server.json.j2 deleted file mode 100644 index 9c59062..0000000 --- a/sliver-c2/templates/server.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "daemon_mode": false, - "daemon": { - "host": "{{ sliver_server }}", - "port": 31337 - }, - "logs": { - "level": 4, - "grpc_unary_payloads": false, - "grpc_stream_payloads": false, - "tls_key_logger": false - }, - "jobs": { - "multiplayer": null - }, - "watch_tower": null, - "go_proxy": "" -} diff --git a/sliver-c2/templates/sliver.service.j2 b/sliver-c2/templates/sliver.service.j2 deleted file mode 100644 index c45687d..0000000 --- a/sliver-c2/templates/sliver.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Sliver -After=network.target -StartLimitIntervalSec=0 - -[Service] -Type=simple -Restart=on-failure -RestartSec=3 -User=root -Environment=SLIVER_ROOT_DIR={{ install_path }}/.sliver -ExecStart={{ install_path }}/sliver-server daemon - -[Install] -WantedBy=multi-user.target diff --git a/sliver-c2/vars/packages.yaml b/sliver-c2/vars/packages.yaml deleted file mode 100644 index d670cca..0000000 --- a/sliver-c2/vars/packages.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apt_packages: - - binutils-mingw-w64 - - build-essential - - curl - - fail2ban - - gcc - - git - - g++-mingw-w64 - - gpg - - libpcap-dev - - mingw-w64 - - musl - - musl-dev - - nmap - - openssl - - python3 - - python3-pip - - tmux - - ufw - - unattended-upgrades - - wget diff --git a/sliver-c2/vars/sliver.yaml b/sliver-c2/vars/sliver.yaml deleted file mode 100644 index 5ef0e6c..0000000 --- a/sliver-c2/vars/sliver.yaml +++ /dev/null @@ -1,7 +0,0 @@ -install_path: /opt/sliver -sliver_operators: - - operator01 - - operator02 - - operator03 - - operator04 - - operator05 -- cgit v1.2.3