search

splunk / attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Apache License 2.0
2.12k stars 353 forks source link

default ssh key creation is not working on aws. #910

Closed LaviBenshimol closed 2 months ago

LaviBenshimol commented 2 months ago

I used EC2 (ubunto) on AWS, to run the Splunk attack range docker. I choose to create a new SSH key, but this key is not compatible with AWS AMI apparently.

The build configuration is as follows: starting configuration for AT-ST mech walker

? select cloud provider aws ? enter a master password for your attack_range (minimum 8 characters: one UPPERCASE, one lowercase, ttackrange1! ? do you want to use packer for prebuilt images? No

configuring attack_range settings ? detected existing key in /attack_range/root-17003.key, would you like to use it No ? generate a new ssh key pair for this range Yes new aws ssh created: /attack_range/root-20565.key ? enter region to build in. us-west-2 ? enter public ips that are allowed to reach the attack_range. Example: 34.211.155.63/32,0.0.0.0/0 34.211.155.63/32,0.0.0.0/0 ? enter attack_range name, multiple can be build under different names in the same region arrr using ssh key name: root-20565 configuring attack_range environment ? shall we build a windows server Yes ? which version should it be 2019 ? should the windows server be a domain controller Yes ? should we install red team tools on the windows server No ? should we install badblood on the windows server, which will populate the domain with objects No ? shall we build another windows server Yes ? which version should it be 2019 ? should the windows server join the domain Yes ? should we install red team tools on the windows server No ? shall we build a linux server Yes ? shall we build a kali linux machine Yes ? shall we build nginx plus web proxy Yes ? shall we include Splunk SOAR No configuration file was written to: /attack_range/attack_range.yml, run `python attack_range.py build' you can also edit this file to configure advance parameters setup has finished successfully ... exiting

After running the build script, i recived this error for the windows server:

│ Error: creating EC2 Instance: Unsupported: ED25519 key pairs are not supported with Windows AMIs. C │ status code: 400, request id: d3d01d4c-103b-4f7c-a4d1-af4e93acb5e2 │ │ with module.windows-server.aws_instance.windows_server[1], │ on modules/windows/resources.tf line 33, in resource "aws_instance" "windows_server": │ 33: resource "aws_instance" "windows_server" {

Gecko-Brothers commented 2 months ago

Did you check the modules/configuration.py?

"""
create_key_pair_aws function reates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified PEM or PPK format. 
Amazon EC2 stores the public key and displays the private key for you to save to a file.
:param region: region
:return: ssh key name
"""

The code with latest tag is ED25519?

P4T12ICK commented 2 months ago

This should be fixed.