csle_attacker.emulation.util package

Submodules

csle_attacker.emulation.util.exploit_util module

class csle_attacker.emulation.util.exploit_util.ExploitUtil[source]

Bases: object

Class containing utility functions for the exploit-related functionality to the emulation

static check_if_rce_exploit_succeeded(user: str, pw: str, source_ip: str, port: int, target_ip: str, proxy_conn) bool[source]

Utility function for checking if a RCE exploit succeeded or not, i.e. if we got shell access

Parameters

  • user – the user that should have access

  • pw – the password

  • source_ip – the ip of the source node of the attack

  • port – the port on the target

  • target_ip – the target ip

  • proxy_conn – optional proxy connection (jumphost)

Returns

True if the exploit succeeded, otherwise false

static cve_2010_0426_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction, machine: csle_common.dao.emulation_observation.attacker.emulation_attacker_machine_observation_state.EmulationAttackerMachineObservationState, result: csle_common.dao.emulation_observation.attacker.emulation_attacker_machine_observation_state.EmulationAttackerMachineObservationState) Tuple[csle_common.dao.emulation_observation.attacker.emulation_attacker_machine_observation_state.EmulationAttackerMachineObservationState, float, bool, csle_common.dao.emulation_config.credential.Credential, str][source]

Helper for executing the CVE-2010-0426 privelege_escalation action

Parameters

  • s – the current state

  • a – the CVE-2010-0425 privilege escalation action

Returns

new_machine_obs, cost, successful, root_credential, service_name

static cve_2015_1427_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Helper for executing the CVE-2015-1427 exploit action

Parameters

  • s – the current state

  • a – the CVE-2015-1427 exploit action

Returns

s_prime

static cve_2015_3306_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Helper for executing the CVE-2015-3306 exploit action

Parameters

  • s – the current state

  • a – the CVE-2015-3306 exploit action

Returns

s_prime

static cve_2015_5602_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction, machine: csle_common.dao.emulation_observation.attacker.emulation_attacker_machine_observation_state.EmulationAttackerMachineObservationState, result: csle_common.dao.emulation_observation.attacker.emulation_attacker_machine_observation_state.EmulationAttackerMachineObservationState) Tuple[csle_common.dao.emulation_observation.attacker.emulation_attacker_machine_observation_state.EmulationAttackerMachineObservationState, float, bool, csle_common.dao.emulation_config.credential.Credential, str][source]

Helper for executing the CVE-2015-5602 privilege escalation action

Parameters

  • s – the current state

  • a – the CVE-2015-5602 privilege escalation action

Returns

s_prime, cost, e_succ (flag), credentials, servicename

static cve_2016_10033_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Helper for executing the CVE-2016-10033 exploit action

Parameters

  • s – the current state

  • a – the CVE-2016-10033 exploit action

Returns

s_prime

static dvwa_sql_injection_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Helper for executing the DVWA SQL Injection exploit action

Parameters

  • s – the current state

  • a – the DVWA SQL Injection exploit action

Returns

s_prime

static read_dvwa_sql_injection_result(conn, dir: str) str[source]

Reads the result of a DVWA SQL Injection Attack :param conn: connection to use for reading :param dir: the dir to check :return: the read result

static remove_dvwa_sql_injection_result(conn, dir: str) None[source]

Remove the result of a DVWA SQL Injection Attack :param conn: connection to use for the removal :param dir: the directory where the file is :return: None

static sambacry_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Helper for executing the SambaCry exploit action

Parameters

  • s – the current state

  • a – the SambaCry exploit action

Returns

s_prime

static shellshock_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Helper for executing the ShellShock exploit action

Parameters

  • s – the current state

  • a – the Shellshock exploit action

Returns

s_prime

csle_attacker.emulation.util.nikto_util module

class csle_attacker.emulation.util.nikto_util.NiktoUtil[source]

Bases: object

Class containing utility functions for the nikto-related functionality to the emulation

static merge_nikto_scan_result_with_state(scan_result: csle_common.dao.emulation_action_result.nikto_scan_result.NiktoScanResult, s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Merges a Nikto scan result with an existing observation state

Parameters

  • scan_result – the scan result

  • s – the current state

  • a – the action just executed

Returns

s’, reward, done

static nikto_scan_action_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Helper function for executing a NIKTO web scan action on the emulation. Implements caching.

Parameters

  • s – the current env state

  • a – the Nikto action to execute

  • emulation_env_config – the emulation env config

Returns

s’, reward, done

static parse_nikto_scan(file_name: str, emulation_env_config: csle_common.dao.emulation_config.emulation_env_config.EmulationEnvConfig) xml.etree.ElementTree.Element[source]

Parses an XML file containing the result of an nikt scan

Parameters

  • file_name – name of the file to parse

  • emulation_env_config – environment config

Returns

the parsed xml file

static parse_nikto_scan_xml(xml_data) csle_common.dao.emulation_action_result.nikto_scan_result.NiktoScanResult[source]

Parses an XML Tree with Nikto Scan Result into a Nikto Scan DTO

Parameters

xml_data – the xml tree of Nikto Scan Result to parse

Returns

parsed nikto scan result

csle_attacker.emulation.util.nmap_util module

class csle_attacker.emulation.util.nmap_util.NmapUtil[source]

Bases: object

Class containing utility functions for the nmap-related functionality to the emulation

static merge_nmap_scan_result_with_state(scan_result: csle_common.dao.emulation_action_result.nmap_scan_result.NmapScanResult, s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Merges a NMAP scan result with an existing observation state

Parameters

  • scan_result – the scan result

  • s – the current state

  • a – the action just executed

Returns

s’

static merge_nmap_scan_results(scan_result_1: csle_common.dao.emulation_action_result.nmap_scan_result.NmapScanResult, scan_result_2: csle_common.dao.emulation_action_result.nmap_scan_result.NmapScanResult) csle_common.dao.emulation_action_result.nmap_scan_result.NmapScanResult[source]

Merges two nmap scan results

Parameters

  • scan_result_1 – the first result to merge

  • scan_result_2 – the second result to merge

Returns

the merged result

static nmap_pivot_scan_action_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction, partial_result: csle_common.dao.emulation_action_result.nmap_scan_result.NmapScanResult) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Performs an NMAP pivot scan, utilizing many compromised hosts

Parameters

  • s – the curretn state

  • a – the attacker scan action

  • partial_result – the initial result before pivoting

Returns

the new state

static nmap_scan_action_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction, masscan: bool = False) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Helper function for executing a NMAP scan action on the emulation. Implements caching.

Parameters

  • s – the current env state

  • a – the NMAP action to execute

  • masscan – whether it is a masscan or not

Returns

s’

static parse_nmap_scan(file_name: str, emulation_env_config: csle_common.dao.emulation_config.emulation_env_config.EmulationEnvConfig, conn=None, dir: str = '') xml.etree.ElementTree.Element[source]

Parses an XML file containing the result of an nmap scan

Parameters

  • file_name – name of the file to parse

  • conn – the SSH connection to use for parsing

  • dir – the directory to parse the XML file

  • emulation_env_config – environment config

Returns

the parsed xml file

static parse_nmap_scan_xml(xml_data, ips: List[str], action: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_action_result.nmap_scan_result.NmapScanResult[source]

Parses an XML Tree into a DTO

Parameters

  • xml_data – the xml tree to parse

  • ips – ips of the source of the scan

  • action – the action of the scan

Returns

parsed nmap scan result

class csle_attacker.emulation.util.nmap_util.PivotNMAPScanThread(machine: csle_common.dao.emulation_observation.attacker.emulation_attacker_machine_observation_state.EmulationAttackerMachineObservationState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction, s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState)[source]

Bases: threading.Thread

Thread for asynchronous nmap scanning

run() None[source]

Main loop of the thread; performs the scanning

Returns

None

csle_attacker.emulation.util.shell_util module

class csle_attacker.emulation.util.shell_util.ShellUtil[source]

Bases: object

Class containing utility functions for the shell-related functionality to the emulation

static execute_service_login_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Executes a service login on the emulation using previously found credentials

Parameters

  • s – the current state

  • a – the action to take

Returns

s_prime, reward, done

static execute_ssh_backdoor_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Uses compromised machines with root access to setup SSH backdoor

Parameters

  • s – the current state

  • a – the action to take

Returns

s_prime

static install_tools_helper(s: csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState, a: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) csle_common.dao.emulation_config.emulation_env_state.EmulationEnvState[source]

Uses compromised machines with root access to install tools

Parameters

  • s – the current state

  • a – the action to take

Returns

s_prime

static parse_tools_installed_file(file_name: str, emulation_env_config: csle_common.dao.emulation_config.emulation_env_config.EmulationEnvConfig) bool[source]

Parses a file containing cached results of a install-tools action

Parameters

  • file_name – name of the file to parse

  • emulation_env_config – environment config

Returns

boolean: if installed or not

Module contents