Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
microsoft
GitHub Repository: microsoft/cyberbattlesim
 Path: blob/main/cyberbattle/simulation/commandcontrol_test.py
960 views
1
# Copyright (c) Microsoft Corporation.

2
# Licensed under the MIT License.

3


4
"""

5
Unit tests for commandcontrol.py.

6


7
"""

8
# pylint: disable=missing-function-docstring

9


10
from . import model, commandcontrol

11
from ..samples.toyctf import toy_ctf as ctf

12


13


14
def test_toyctf() -> None:

15
    # Use the C&C to exploit remote and local vulnerabilities in the toy CTF game

16
    network = model.create_network(ctf.nodes)

17
    env = model.Environment(network=network, vulnerability_library=dict([]), identifiers=ctf.ENV_IDENTIFIERS)

18
    command = commandcontrol.CommandControl(env)

19
    leak_website = command.run_attack("client", "SearchEdgeHistory")

20
    assert leak_website

21
    github = command.run_remote_attack("client", "Website", "ScanPageContent")

22
    leaked_sas_url_outcome = command.run_remote_attack("client", "GitHubProject", "CredScanGitHistory")

23
    leaked_sas_url = commandcontrol.get_outcome_first_credential(leaked_sas_url_outcome)

24


25
    blobwithflag = command.connect_and_infect("client", "AzureStorage", "HTTPS", leaked_sas_url)

26
    assert blobwithflag is not False

27


28
    browsable_directory = command.run_remote_attack("client", "Website", "ScanPageSource")

29
    assert browsable_directory

30


31
    outcome_mysqlleak = command.run_remote_attack("client", "Website.Directory", "NavigateWebDirectoryFurther")

32
    mysql_credential = commandcontrol.get_outcome_first_credential(outcome_mysqlleak)

33
    sharepoint_url = command.run_remote_attack("client", "Website.Directory", "NavigateWebDirectory")

34
    assert sharepoint_url

35


36
    outcome_azure_ad = command.run_remote_attack("client", "Sharepoint", "ScanSharepointParentDirectory")

37
    azure_ad_credentials = commandcontrol.get_outcome_first_credential(outcome_azure_ad)

38


39
    azure_vm_info = command.connect_and_infect("client", "AzureResourceManager", "HTTPS", azure_ad_credentials)

40
    assert azure_vm_info is not False

41


42
    azure_resources = command.run_remote_attack("client", "AzureResourceManager", "ListAzureResources")

43
    assert azure_resources

44


45
    directly_ssh_connected = command.connect_and_infect("client", "AzureVM", "SSH", mysql_credential)

46
    assert not directly_ssh_connected

47


48
    sshd = command.connect_and_infect("client", "Website", "SSH", mysql_credential)

49
    assert sshd is not False

50


51
    outcome = command.run_attack("Website", "CredScanBashHistory")

52
    monitor_bash_breds = commandcontrol.get_outcome_first_credential(outcome)

53


54
    connected_as_monitor = command.connect_and_infect("Website", "Website[user=monitor]", "sudo", monitor_bash_breds)

55
    assert not connected_as_monitor

56


57
    connected_as_monitor_from_client = command.connect_and_infect("client", "Website[user=monitor]", "SSH", monitor_bash_breds)

58
    assert not connected_as_monitor_from_client

59


60
    flag = command.connect_and_infect("Website", "Website[user=monitor]", "su", monitor_bash_breds)

61
    assert flag is not False

62


63
    outcome_azuread = command.run_attack("Website[user=monitor]", "CredScan-HomeDirectory")

64
    azure_ad_user_credential = commandcontrol.get_outcome_first_credential(outcome_azuread)

65


66
    secrets = command.connect_and_infect("client", "AzureResourceManager", "HTTPS", azure_ad_user_credential)

67
    assert secrets is not False

68


69
    reward = command.total_reward()

70
    print("Total reward " + str(reward))

71
    assert reward == 389.0

72
    assert github is not None

73
    pass

74


75