diff --git a/modules/services/unix/email/mailserver/manifests/install.pp b/modules/services/unix/email/mailserver/manifests/install.pp
index acd7b49d2..e63137a07 100644
--- a/modules/services/unix/email/mailserver/manifests/install.pp
+++ b/modules/services/unix/email/mailserver/manifests/install.pp
@@ -1,6 +1,8 @@
class mailserver::install {
- $secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
- $ip = $secgen_params['server_ip'][0]
+ # $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ # $ip = $secgen_parameters['server_ip'][0]
+ # TODO: read this from parameter
+ $ip = "accountingnow.com"
package { 'postfix':
ensure => installed,
diff --git a/modules/utilities/unix/email_clients/thunderbird/secgen_metadata.xml b/modules/utilities/unix/email_clients/thunderbird/secgen_metadata.xml
index 0ec6d8ecb..26d9c8c99 100644
--- a/modules/utilities/unix/email_clients/thunderbird/secgen_metadata.xml
+++ b/modules/utilities/unix/email_clients/thunderbird/secgen_metadata.xml
@@ -29,7 +29,4 @@
update
-
- desktop_environment
-
diff --git a/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/MailReader.class b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/MailReader.class
index 28328fd01..fbc05d487 100644
Binary files a/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/MailReader.class and b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/MailReader.class differ
diff --git a/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/MailReader.java b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/MailReader.java
index 99bccf0d3..e689fb117 100644
--- a/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/MailReader.java
+++ b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/MailReader.java
@@ -127,8 +127,9 @@ public class MailReader implements AutoCloseable {
public void sendEmail(Message prevMessage, ArrayList reasons) throws MessagingException {
// Step 3: Create a message
MimeMessage message = new MimeMessage(session);
- message.setFrom(new InternetAddress(username + "@worklink.vm"));
- message.setRecipients(Message.RecipientType.TO, "email@local.vm");
+ // Cliffe TODO: read domain name from preferences
+ message.setFrom(new InternetAddress(username + "@" + prevMessage.getRecipients(Message.RecipientType.TO)[0].toString().split("@")[1]));
+ message.setRecipients(Message.RecipientType.TO, "guest@localhost");
message.setSubject("RE: " + prevMessage.getSubject());
// message.setText();
// Create the message part
@@ -207,8 +208,10 @@ public class MailReader implements AutoCloseable {
// A filter to check whether message body has enough keywords
return m -> {
int counter = 0;
- for (String keyword : keywords)
+ for (String keyword : keywords) {
+ System.out.println("keyword " + keyword); // removing this line breaks things? when passing in a .split string?
if (getMessageBody(m).toLowerCase().contains(keyword.toLowerCase())) counter++;
+ }
return counter >= amount;
};
}
@@ -234,18 +237,25 @@ public class MailReader implements AutoCloseable {
String userConfigPath = System.getProperty("user.home") + "/.user.properties";
Properties userProps = new Properties();
userProps.load(new FileInputStream(userConfigPath));
- String server = userProps.getProperty("server");
- String user = userProps.getProperty("user");
- String pass = userProps.getProperty("pass");
- String trusted_sender = userProps.getProperty("trusted_sender");
- String senders_name = userProps.getProperty("senders_name");
- String recipients_name = userProps.getProperty("recipients_name");
- String relevant_keyword = userProps.getProperty("relevant_keyword");
- int num_keywords = Integer.parseInt(userProps.getProperty("num_keywords"));
- String accepted_file_extension = userProps.getProperty("accepted_file_extension");
- boolean reject_all = Boolean.parseBoolean(userProps.getProperty("reject_all"));
- boolean suspicious_of_file_name = Boolean.parseBoolean(userProps.getProperty("suspicious_of_file_name"));
+ String server = userProps.getProperty("server").trim();
+ String user = userProps.getProperty("user").trim();
+ String pass = userProps.getProperty("pass").trim();
+ String trusted_sender = userProps.getProperty("trusted_sender").trim();
+ String senders_name = userProps.getProperty("senders_name").trim();
+ String recipients_name = userProps.getProperty("recipients_name").trim();
+ String relevant_keyword = userProps.getProperty("relevant_keyword").trim();
+ int num_keywords = Integer.parseInt(userProps.getProperty("num_keywords").trim());
+ String accepted_file_extension = userProps.getProperty("accepted_file_extension").trim();
+ boolean reject_all = Boolean.parseBoolean(userProps.getProperty("reject_all".trim()));
+ boolean suspicious_of_file_name = Boolean.parseBoolean(userProps.getProperty("suspicious_of_file_name").trim());
System.out.println("Configured as " + user);
+ System.out.println("password " + pass);
+ System.out.println("trusted_sender " + trusted_sender);
+ System.out.println("senders_name " + senders_name);
+ System.out.println("recipients_name " + recipients_name);
+ System.out.println("relevant_keyword " + relevant_keyword);
+ System.out.println("num_keywords " + num_keywords);
+ System.out.println("accepted_file_extension " + accepted_file_extension);
// Try connecting to the mailserver
MailReader reader = new MailReader(server, user, pass);
@@ -256,29 +266,29 @@ public class MailReader implements AutoCloseable {
messageFilters.add(m -> false);
messageReasons.add("I think this is a phishing email");
} else {
- if(trusted_sender != "") {
+ if(trusted_sender != null && !trusted_sender.isBlank()) {
// Message sender
messageFilters.add(m -> getSender(m).startsWith(trusted_sender));
messageReasons.add("I don't trust the sender");
}
- if(senders_name != "") {
+ if(senders_name != null && !senders_name.isBlank()) {
// Message body contains sender name (either first or last name at least once)
- messageFilters.add(containsKeywords(senders_name.split("|"), 1));
+ messageFilters.add(containsKeywords(senders_name.split("\\|", -1), 1)); //new String[] { "jed", "jd" }, 1));
messageReasons.add("The message doesn't include the sender's name");
}
- if(recipients_name != "") {
+ if(recipients_name != null && !recipients_name.isBlank()) {
// Message body contains recipient name (either name at least once)
- messageFilters.add(containsKeywords(recipients_name.split("|"), 1));
+ messageFilters.add(containsKeywords(recipients_name.split("\\|", -1), 1));
messageReasons.add("It's not addressed to me");
}
- if(relevant_keyword != "" && num_keywords != 0) {
+ if((relevant_keyword != null && !relevant_keyword.isBlank()) && num_keywords != 0) {
// Message body seems relevant (contains keywords)
- messageFilters.add(containsKeywords(relevant_keyword.split("|"), num_keywords));
+ messageFilters.add(containsKeywords(relevant_keyword.split("\\|", -1), num_keywords));
messageReasons.add("It's unrelated to me");
}
// Attachment has file extension (i.e. is an executable file, or document)
attachmentFilters.add(a -> getFileExtension(a).equals(accepted_file_extension));
- if(accepted_file_extension == "") {
+ if(accepted_file_extension != null && !accepted_file_extension.isBlank()) {
attachmentReasons.add("I cannot run that file extension");
} else {
attachmentReasons.add("I can only open " + accepted_file_extension + "files");
diff --git a/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/activation-1.1-rev-1.jar b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/activation-1.1-rev-1.jar
new file mode 100644
index 000000000..9fc65295d
Binary files /dev/null and b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/files/activation-1.1-rev-1.jar differ
diff --git a/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/manifests/install.pp b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/manifests/install.pp
index 275dcbd7e..896f393d0 100644
--- a/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/manifests/install.pp
+++ b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/manifests/install.pp
@@ -1,43 +1,50 @@
class phish_victim_bot::install {
- require java
$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
- $port = $secgen_parameters['port'][0]
$strings_to_leak = $secgen_parameters['strings_to_leak']
$leaked_filenames = $secgen_parameters['leaked_filenames']
$usernames = $secgen_parameters['usernames']
+ $passwords = $secgen_parameters['passwords']
$phish_victim_bot_configs = $secgen_parameters['phish_victim_bot_configs']
+ ensure_packages(['openjdk-11-jre', 'openjdk-11-jdk', 'zip' ])
+
+ user { 'guest':
+ ensure => present,
+ password => pw_hash("guestpassword", 'SHA-512', 'bXlzYWx0'),
+ managehome => true,
+ }
+
if $usernames {
$usernames.each |$index, $username| {
# Create user
user { $username:
ensure => present,
- home => "/home/$username",
+ password => pw_hash($passwords[$index], 'SHA-512', 'bXlzYWx0'),
managehome => true,
} ->
file { "/home/$username/.user.properties":
ensure => present,
- owner => 'root',
- group => 'root',
+ owner => $username,
+ group => $username,
mode => '0600',
- content => $phish_victim_bot_config[index],
+ content => $phish_victim_bot_configs[$index],
}
# run on each boot via cron
cron { "$username-mail":
- command => "sleep 60 && cd /home/$username && java -cp mail.jar:. MailReader &",
+ command => "sleep 60 && cd /home/$username && java -cp /opt/mailreader/mail.jar:/opt/mailreader/activation-1.1-rev-1.jar:/opt/mailreader/ MailReader &",
special => 'reboot',
user => $username,
}
::secgen_functions::leak_files { "$username-mail-file-leak":
storage_directory => "/home/$username",
- leaked_filenames => $leaked_filenames,
- strings_to_leak => $strings_to_leak[$index],
+ leaked_filenames => [$leaked_filenames[$index]],
+ strings_to_leak => [$strings_to_leak[$index]],
owner => $username,
mode => '0600',
- leaked_from => "phish_victim_bot",
+ leaked_from => "phish_victim_bot-$username",
}
}
@@ -57,6 +64,13 @@ class phish_victim_bot::install {
mode => '0755',
source => 'puppet:///modules/phish_victim_bot/MailReader.class',
}->
+ file { '/opt/mailreader/activation-1.1-rev-1.jar':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ source => 'puppet:///modules/phish_victim_bot/activation-1.1-rev-1.jar',
+ }->
file { '/opt/mailreader/mail.jar':
ensure => present,
owner => 'root',
@@ -65,5 +79,4 @@ class phish_victim_bot::install {
source => 'puppet:///modules/phish_victim_bot/mail.jar',
}
-
}
diff --git a/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/secgen_metadata.xml b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/secgen_metadata.xml
index d4dbcfef2..6421856f5 100644
--- a/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/email_phishing/phish_victim_bot/secgen_metadata.xml
@@ -22,7 +22,8 @@
strings_to_leak
leaked_filenames
phish_victim_bot_config
- username
+ usernames
+ passwords
@@ -41,6 +42,12 @@
mailuser
+
+ password
+
+
+
+
update
diff --git a/scenarios/labs/cyber_security_landscape/7_phishing.xml b/scenarios/labs/cyber_security_landscape/7_phishing.xml
index 4691fb241..ec46d3de8 100644
--- a/scenarios/labs/cyber_security_landscape/7_phishing.xml
+++ b/scenarios/labs/cyber_security_landscape/7_phishing.xml
@@ -42,6 +42,14 @@
j.baker
j.wilkinson
+
+ newbie
+ oldguy
+ jobgiver
+ kingmaker
+ monkeys
+ monkeys
+
@@ -50,7 +58,18 @@
+
+ flag
+ flag
+ flag
+ flag
+ file
+ file
+
+
+ IP_addresses
+
user=s.lord