mitre/caldera

Emu plugin not importing adversaries or abilities after Docker installation

Closed this issue · 3 comments

mllamazares commented

After following the Emu installation instructions, the plugin dashboard does not display any new adversaries, and the plugins/emu/data folder remains empty.

Steps to reproduce

  1. Download MITRE Caldera's repo: git clone https://github.com/mitre/caldera.git --recursive --branch master
  2. Enable the Emu plugin in the conf/default.yml file by adding - emu to the plugin list
  3. Copy conf/default.yml to conf/local.yml (this is necessary because the Dockerfile only checks if Emu is enabled in local.yml, not in default.yml)
  4. Copying the magma env cp plugins/magma/.env.template plugins/magma/.env
  5. Build the image: docker build --build-arg WIN_BUILD=true . -t caldera:server
  6. Run the server docker run -p 7010:7010 -p 7011:7011 -p 7012:7012 -p 8888:8888 caldera:server --insecure
  7. Access http://localhost:8888 and login with admin:admin.
  8. Click on the emu tab and you will that they are no adversaries or abilities loaded:

image

Assumption

The step 4 of Emu plugin installation stays:

Start Caldera to automatically download the Adversary Emulation Library to the data folder of the Emu plugin.

I assume the steps of the Dockerfile are not enough to install and setup all dependencies:

# If emu is enabled, complete necessary installation steps
RUN if [ $(grep -c "\- emu" ../../conf/local.yml)  ]; then \
    apt-get -y install zlib1g unzip;                \
    pip3 install -r requirements.txt;               \
    ./download_payloads.sh;                         \
fi

It should also download the Adversary Emulation Library as well, and that's not included in the ./download_payloads.sh script.

File contents

plugins/magma/.env 
VITE_CALDERA_URL=http://localhost:8888
conf/default.yml 
ability_refresh: 60
api_key_blue: BLUEADMIN123
api_key_red: ADMIN123
app.contact.dns.domain: mycaldera.caldera
app.contact.dns.socket: 0.0.0.0:8853
app.contact.gist: API_KEY
app.contact.html: /weather
app.contact.http: http://0.0.0.0:8888
app.contact.slack.api_key: SLACK_TOKEN
app.contact.slack.bot_id: SLACK_BOT_ID
app.contact.slack.channel_id: SLACK_CHANNEL_ID
app.contact.tunnel.ssh.host_key_file: REPLACE_WITH_KEY_FILE_PATH
app.contact.tunnel.ssh.host_key_passphrase: REPLACE_WITH_KEY_FILE_PASSPHRASE
app.contact.tunnel.ssh.socket: 0.0.0.0:8022
app.contact.tunnel.ssh.user_name: sandcat
app.contact.tunnel.ssh.user_password: s4ndc4t!
app.contact.ftp.host: 0.0.0.0
app.contact.ftp.port: 2222
app.contact.ftp.pword: caldera
app.contact.ftp.server.dir: ftp_dir
app.contact.ftp.user: caldera_user
app.contact.tcp: 0.0.0.0:7010
app.contact.udp: 0.0.0.0:7011
app.contact.websocket: 0.0.0.0:7012
app.frontend.api_base_url: http://localhost:8888
objects.planners.default: atomic
crypt_salt: REPLACE_WITH_RANDOM_VALUE
encryption_key: ADMIN123
exfil_dir: /tmp/caldera
reachable_host_traits:
- remote.host.fqdn
- remote.host.ip
host: 0.0.0.0
plugins:
- access
- atomic
- emu
- compass
- debrief
- fieldmanual
- manx
- response
- sandcat
- stockpile
- training
port: 8888
reports_dir: /tmp
auth.login.handler.module: default
requirements:
  go:
    command: go version
    type: installed_program
    version: 1.19
  python:
    attr: version
    module: sys
    type: python_module
    version: 3.8.0
users:
  blue:
    blue: admin
  red:
    admin: admin
    red: admin

Desktop

  • OS: Ubuntu
  • Browser: Firefox
  • Version: 131.0.3
  • Caldera Version: 5.0.0
github-actions commented

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

mllamazares commented

Related with #3035 (comment).

Edited the plugins/emu/hook.py without success:

    #if not os.path.isdir(plugin_svc.repo_dir):
    await plugin_svc.clone_repo()