Closed egg-mayo-sandwich closed 3 years ago
Looking at the plugin, it seems that every time the plugin is enabled, it will re-convert the adversary emulation plans into the corresponding abilities and profiles. So any changes you make in the emu plugin abilities/profiles will be overwritten the next time you restart the server. We understand that this is definitely inconvenient - an immediate workaround would be to save the edited abilities and profiles in a separate plugin data folder so that they persist even when the emu
plugin updates. I can also pass you an edited version of the plugins/emu/hook.py
file so that the overwrite will only happen if the plugins/emu/data
directory is missing adversaries/abilities/sources.
I can make a backlog ticket to prevent this sort of thing from happening automatically without the user knowing, but that change might not be available immediately, and it would require you to update the emu plugin version.
See if you can change your plugins/emu/hook.py
to the following - I tested this in my local environment, and the emu
plugin stopped overwriting my files during each server restart.
import os
import shutil
from app.utility.base_world import BaseWorld
from plugins.emu.app.emu_svc import EmuService
name = 'Emu'
description = 'The collection of abilities from the CTID Adversary Emulation Plans'
address = None
access = BaseWorld.Access.RED
data_dir = os.path.join('plugins', name.lower(), 'data')
populated_dirs = ["abilities", "adversaries", "sources"]
async def enable(services):
plugin_svc = EmuService()
if not os.path.isdir(plugin_svc.repo_dir):
await plugin_svc.clone_repo()
if _repopulate_needed():
await plugin_svc.populate_data_directory()
def _repopulate_needed():
for directory in populated_dirs:
full_path = os.path.join(data_dir, directory)
if not os.path.isdir(full_path):
return True
return False
def _clear_dirs():
for directory in populated_dirs:
full_path = os.path.join(data_dir, directory)
if os.path.isdir(full_path):
shutil.rmtree(full_path)
Apologies for the late reply, haven't been working on CALDERA in a while. I'll try that out, thank you!
Describe the bug A clear and concise description of what the bug is.
To Reproduce Steps to reproduce the behavior:
"#{adfind_exe}" -f (objectcategory=person) > ad_users.txt
toadfind.exe -f (objectcategory=person) > ad_users.txt
"#{adfind_exe}"
Expected behavior Edited command in ability should remain as such since it has already been saved i.e. "Enumerate AD person objects" should remain as
adfind.exe -f (objectcategory=person) > ad_users.txt
, not change back to"#{adfind_exe}" -f (objectcategory=person) > ad_users.txt
This issue also happens for other abilities of the FIN6 adversary profile, including "WCE credential access" and "Compress Files with 7zip"
"#{wce_exe}" -w -o "#{output_file}"
instead ofwce.exe -w -o wce.txt
"#{7zip_exe}" a -mx3 ad.7z ad_*
instead of7.exe a -mx3 ad.7z ad_*
Desktop (please complete the following information):