😎
Intruder
  • About Shantanu Khandelwal
  • Reporting
    • Excel Sheet to Word Report by PowerShell
    • Ghostwriter - Add report type
  • Red Team
    • HTTPS C2 Done Right NGINX
    • Domain Front
      • Firebase Domain Front - Hiding C2 as App traffic
    • GoLang
      • Red Team: How to embed Golang tools in C#
      • Red Team: Using SharpChisel to exfil internal network
      • Converting your GO bins to Shellcode and Using them in C#
    • ShellCode Injection
      • magic_mz_x86 and magic_mz_x64
      • Process Hollowing DInvoke
      • Shellcode Formatter
      • DLL Sideloading
      • InMemory Shellcode Encryption and Decryption using SystemFunction033
    • PowerShell
      • Enable Restricted Admin using powershell and use mimikatz for RDP
      • Powershell Custom Runspace
      • Using Reflection for AMSI Bypass
    • Database
      • Extract MSSQL Link Password
      • MSSQL Link Crawl - OpenQuery Quotes Calculator
    • DLL Sideloading
      • DLL Koppeling
      • DLL Sideloading not by DLLMain
    • Walking with Docker
      • Self-Hosting Havoc C2 / or any other C2 in Docker
    • Breach Attack Simulation - Starting With OpenBAS
  • Dealing with the Errors
    • Setting Up OPENVAS in KALI 2020.3
    • Page
      • Page 1
  • Phishing
    • Connecting GoPhish with Office365
    • SharpLoginPrompt - Success and a Curious Case
    • Gophish MODs
    • Long Live DMARC - Email Spoof issues
    • Error Solves (Random)
      • Rust OPENSSL install issues
  • Mobile Application Testing
    • How to Download APK from Huawei App Store
  • Talks I Like
  • Talks Worth Checking Out
  • Web Application Penetration Testing
    • Parsing Certificate Transparency Logs
Powered by GitBook
On this page
  • Installation
  • Changing Environment Variables
  • Starting the docker
  • Login
  • Platform
  • Installing the agent
  • Creating a Scenario
  • Final Thoughts
  • References

Was this helpful?

  1. Red Team

Breach Attack Simulation - Starting With OpenBAS

Caldera has been in market for years, I have never tried it. I saw OpenBAS on my recommended lists in Github so I thought I might give it a try

Installation

Since I have my docker server running I used that. There are ways to install it directly as well, I didn't go through it.

I followed steps as per the docs 

mkdir -p ~/openBAS && cd ~/openBAS
git clone https://github.com/OpenBAS-Platform/docker.git .

Changing Environment Variables

I did nothing in this regard. This was a local test for me. I just followed the installation guide and ran the following commands 

mv .env.sample .env
export $(cat .env | grep -v "#" | xargs)

Starting the docker

When I tried 

docker-compose up -d

It gave me an error that the file rabbitmq.conf should have the full path.

It seems like a simple fix in the docker-compose.yml file. Find the section about RabbitMQ and change the source to include a full path or a ./

rabbitmq:
    image: rabbitmq:4.0-management
    environment:
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}
      - RABBITMQ_NODENAME=rabbit01@localhost
    volumes:
      - type: bind
        source: ./rabbitmq.conf #Fix This Line 
        target: /etc/rabbitmq/rabbitmq.conf
      - amqpdata:/var/lib/rabbitmq
    restart: always

After fixing the docker-compose.yml file. The docker-compose up -d command was successful. After a few minutes, the system was ready and I could reach the platform web UI at http://localhost:8080

Login

The credentials were supplied in the .env file. I used that to log in.

Platform

The platform was nice and very intuitive to me. There is a 3 min short video of OpenBAS as well.

Installing the agent

The agent installation is a breeze. Click the top right button and follow the instructions

The next step is to run the agent as an admin and non-admin user. I leave that as an exercise to the reader. I am sure the reader of this blog post knows how to run a bunch of Powershell commands as an admin and non-admin user.

Creating a Scenario

Use the Scenarios button to list or create a scenario

For creating a scenario, use the bottom right bottom and provide details as follows

I was only interested in running some tactics through my agent first. My larger goal would be to import tactics and run them for a specific threat group. I'll try that in a later post. For now, just running some tactics would be fine.

After creating the scenario, click on injects and import the tactics you want to run. For sampling, I imported a few injects related to process injection

To add an inject, click on inject and click create

Once you have the injects that you want, you will see something like this in your injects tab of the scenario you created.

Now lets change the missing content status to enabled. click update

Now Add the missing content.

Once done, your TTP should be enabled. Now let's click Launch

In a few moments, you will see the results

Final Thoughts

Looks pretty awesome at first glance. Will explore how to integrate with OpenCTI to include scenarios.

References

PreviousSelf-Hosting Havoc C2 / or any other C2 in DockerNextSetting Up OPENVAS in KALI 2020.3

Last updated 17 days ago

Was this helpful?

Page cover image
LogoGitHub - OpenBAS-Platform/openbas: Open Breach and Attack Simulation PlatformGitHub
LogoOpenBAS Documentation