はじめに
Overlordは、自動化された方法でRedTeamingインフラストラクチャを構築するために使用されるPythonベースのコンソールCLIを提供します。ユーザーは、C2、Eメールサーバー、HTTP Web配信サーバーなどのツールのモジュールを使用して入力を提供する必要があり、モジュールとスクリプトは選択したクラウドプロバイダーで生成されます。
オーバーロード はまだ開発中であり、GithubにあるRed-BaronTerraformに影響を与えて使用しています。
このツールはAWSとDigitalOceanをサポートしています。
オーバーロードのインストール
- これらのコマンドを実行して、LinuxにOverlordをインストールします。
git clone https://github.com/qsecure-labs/overlord.git
cd overlord/config
chmod +x install.sh
./install.sh出力:
[root@unixcop ~]# git clone https://github.com/qsecure-labs/overlord.git
Cloning into 'overlord'...
remote: Enumerating objects: 1778, done.
remote: Counting objects: 100% (160/160), done.
remote: Compressing objects: 100% (148/148), done.
remote: Total 1778 (delta 66), reused 80 (delta 11), pack-reused 1618
Receiving objects: 100% (1778/1778), 23.76 MiB | 254.00 KiB/s, done.
Resolving deltas: 100% (1198/1198), done.
[root@unixcop ~]# [root@unixcop config]# ./install.sh
Collecting cmd2
Downloading cmd2-2.2.0-py3-none-any.whl (144 kB)
|████████████████████████████████| 144 kB 58 kB/s
Collecting prettytable
Downloading prettytable-2.2.1-py3-none-any.whl (23 kB)
Collecting PTable
Downloading PTable-0.9.2.tar.gz (31 kB)
Collecting ansible
Downloading ansible-4.6.0.tar.gz (35.6 MB)
|████████████████████████████████| 35.6 MB 26 kB/s
Collecting pyperclip>=1.6
Downloading pyperclip-1.8.2.tar.gz (20 kB)
Requirement already satisfied: attrs>=16.3.0 in /usr/local/lib/python3.9/site-packages (from cmd2->-r requirements.txt (line 1)) (21.2.0)
Collecting colorama>=0.3.7
Downloading colorama-0.4.4-py2.py3-none-any.whl (16 kB)
Requirement already satisfied: wcwidth>=0.1.7 in /usr/local/lib/python3.9/site-packages (from cmd2->-r requirements.txt (line 1)) (0.2.5)
Collecting ansible-core<2.12,>=2.11.5
Downloading ansible-core-2.11.5.tar.gz (6.8 MB)
|████████████████████████████████| 6.8 MB 69 kB/s
Requirement already satisfied: jinja2 in /usr/local/lib/python3.9/site-packages (from ansible-core<2.12,>=2.11.5->ansible->-r requirements.txt (line 4)) (3.0.1)
Collecting PyYAML
Downloading PyYAML-5.4.1-cp39-cp39-manylinux1_x86_64.whl (630 kB)
|████████████████████████████████| 630 kB 169 kB/s
Collecting cryptography
Downloading cryptography-35.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (3.5 MB)
|████████████████████████████████| 3.5 MB 125 kB/s
Requirement already satisfied: packaging in /usr/local/lib/python3.9/site-packages (from ansible-core<2.12,>=2.11.5->ansible->-r requirements.txt (line 4)) (21.0)
Collecting resolvelib<0.6.0,>=0.5.3
Downloading resolvelib-0.5.4-py2.py3-none-any.whl (12 kB)
Requirement already satisfied: cffi>=1.12 in /usr/local/lib/python3.9/site-packages (from cryptography->ansible-core<2.12,>=2.11.5->ansible->-r requirements.txt (line 4)) (1.14.6)
Requirement already satisfied: pycparser in /usr/local/lib/python3.9/site-packages (from cffi>=1.12->cryptography->ansible-core<2.12,>=2.11.5->ansible->-r requirements.txt (line 4)) (2.20)
Requirement already satisfied: MarkupSafe>=2.0 in /usr/local/lib/python3.9/site-packages (from jinja2->ansible-core<2.12,>=2.11.5->ansible->-r requirements.txt (line 4)) (2.0.1)
Requirement already satisfied: pyparsing>=2.0.2 in /usr/local/lib/python3.9/site-packages (from packaging->ansible-core<2.12,>=2.11.5->ansible->-r requirements.txt (line 4)) (2.4.7)
Using legacy 'setup.py install' for PTable, since package 'wheel' is not installed.
Using legacy 'setup.py install' for ansible, since package 'wheel' is not installed.
Using legacy 'setup.py install' for ansible-core, since package 'wheel' is not installed.
Using legacy 'setup.py install' for pyperclip, since package 'wheel' is not installed.
Installing collected packages: resolvelib, PyYAML, cryptography, pyperclip, colorama, ansible-core, PTable, prettytable, cmd2, ansible
Running setup.py install for pyperclip ... done
Running setup.py install for ansible-core ... done
Running setup.py install for PTable ... done
Running setup.py install for ansible ... done
Successfully installed PTable-0.9.2 PyYAML-5.4.1 ansible-4.6.0 ansible-core-2.11.5 cmd2-2.2.0 colorama-0.4.4 cryptography-35.0.0 prettytable-2.2.1 pyperclip-1.8.2 resolvelib-0.5.4
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
--2021-09-30 11:41:34-- https://releases.hashicorp.com/terraform/0.12.26/terraform_0.12.26_linux_amd64.zip
Resolving releases.hashicorp.com (releases.hashicorp.com)... 199.232.81.183, 2a04:4e42:54::439
Connecting to releases.hashicorp.com (releases.hashicorp.com)|199.232.81.183|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16838433 (16M) [application/zip]
Saving to: 'terraform_0.12.26_linux_amd64.zip'
terraform_0.12.26_linux_amd64.zip 100%[=======================================================================>] 16.06M 184KB/s in 95s
2021-09-30 11:43:16 (173 KB/s) - 'terraform_0.12.26_linux_amd64.zip' saved [16838433/16838433]
Archive: terraform_0.12.26_linux_amd64.zip
inflating: terraform
--2021-09-30 11:43:17-- https://github.com/n3integration/terraform-godaddy/releases/download/v1.7.3/terraform-godaddy_linux_amd64.tgz
Resolving github.com (github.com)... 140.82.121.4
Connecting to github.com (github.com)|140.82.121.4|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/n3integration/terraform-provider-godaddy/releases/download/v1.7.3/terraform-godaddy_linux_amd64.tgz [following]
--2021-09-30 11:43:21-- https://github.com/n3integration/terraform-provider-godaddy/releases/download/v1.7.3/terraform-godaddy_linux_amd64.tgz
Reusing existing connection to github.com:443.
HTTP request sent, awaiting response... 302 Found
Location: https://github-releases.githubusercontent.com/73431297/32836b00-7523-11ea-9d88-1194ab754b5b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210930%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210930T154321Z&X-Amz-Expires=300&X-Amz-Signature=190697238275f2a82f92e01443f4c1922adba37097d01aa25909287b0e758277&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=73431297&response-content-disposition=attachment%3B%20filename%3Dterraform-godaddy_linux_amd64.tgz&response-content-type=application%2Foctet-stream [following]
--2021-09-30 11:43:22-- https://github-releases.githubusercontent.com/73431297/32836b00-7523-11ea-9d88-1194ab754b5b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210930%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210930T154321Z&X-Amz-Expires=300&X-Amz-Signature=190697238275f2a82f92e01443f4c1922adba37097d01aa25909287b0e758277&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=73431297&response-content-disposition=attachment%3B%20filename%3Dterraform-godaddy_linux_amd64.tgz&response-content-type=application%2Foctet-stream
Resolving github-releases.githubusercontent.com (github-releases.githubusercontent.com)... 185.199.110.154, 185.199.108.154, 185.199.111.154, ...
Connecting to github-releases.githubusercontent.com (github-releases.githubusercontent.com)|185.199.110.154|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13564045 (13M) [application/octet-stream]
Saving to: 'terraform-godaddy_linux_amd64.tgz'
terraform-godaddy_linux_amd64.tgz 100%[=======================================================================>] 12.94M 94.3KB/s in 2m 8s
2021-09-30 11:45:35 (103 KB/s) - 'terraform-godaddy_linux_amd64.tgz' saved [13564045/13564045]
./terraform-godaddy_linux_amd64
[root@unixcop config]#オーバーロード構成
オーバーロードインストールテンプレート
- c2モジュールで 、ユーザーはリストからツールをインストールできます。
- ツールは、 ./ redbaron / data / scripts / toolsからスクリプトをロードします 。
- また、ディレクトリに新しいスクリプトを追加する場合は、ツールでインストールできます。 c2モジュールの変数 。
モジュールのメイン構成ファイル
モジュールのメインファイルには、各モジュールのデフォルト構成のモジュールと、overlordが使用するプロバイダーが含まれています。
/config/config.jsonと呼ばれます
Overlordにロードするときに、各モジュールのデフォルト値をカスタマイズできます。
例:
以下に示すデフォルト構成のc2モジュール。
この設定はカスタマイズできます。設定。
“mod_c2”: {
“module”: “c2”,
“type” : “http”,
“redirectors”: 0,
“tools”: [“metasploit”,”empire”],
“region”: “eu-west-1”,
“provider”: “aws”,
“size”: “t2.nano”,
“id”: “”
}結論
このガイドでは、LinuxにOverlordをインストールする方法について説明しました。