DOCSLIB.ORG

Automating Software Installation for Cyber Security Research and Testing

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automating Software Installation for Cyber Security Research and Testing Linköping University | Department of Computer and Information Science Master’s thesis, 30 ECTS | Datateknik 2021 | LIU-IDA/LITH-EX-A--21/044--SE Automating software installation for cyber security research and testing public exploits in CRATE Att automatisera mjukvaruinstallationer för cybersäkerhets- forskning och testandet av publika angreppskoder i CRATE Johan Hedlin Joakim Kahlström Supervisor : Niklas Carlsson Examiner : Andrei Gurtov External supervisor : Jonas Almroth Linköpings universitet SE–581 83 Linköping +46 13 28 10 00 , www.liu.se Upphovsrätt Detta dokument hålls tillgängligt på Internet - eller dess framtida ersättare - under 25 år från publicer- ingsdatum under förutsättning att inga extraordinära omständigheter uppstår. Tillgång till dokumentet innebär tillstånd för var och en att läsa, ladda ner, skriva ut enstaka ko- pior för enskilt bruk och att använda det oförändrat för ickekommersiell forskning och för undervis- ning. Överföring av upphovsrätten vid en senare tidpunkt kan inte upphäva detta tillstånd. All annan användning av dokumentet kräver upphovsmannens medgivande. För att garantera äktheten, säker- heten och tillgängligheten finns lösningar av teknisk och administrativ art. Upphovsmannens ideella rätt innefattar rätt att bli nämnd som upphovsman i den omfattning som god sed kräver vid användning av dokumentet på ovan beskrivna sätt samt skydd mot att dokumentet ändras eller presenteras i sådan form eller i sådant sammanhang som är kränkande för upphovsman- nens litterära eller konstnärliga anseende eller egenart. För ytterligare information om Linköping University Electronic Press se förlagets hemsida https://www.ep.liu.se/. Copyright The publishers will keep this document online on the Internet - or its possible replacement - for a period of 25 years starting from the date of publication barring exceptional circumstances. The online availability of the document implies permanent permission for anyone to read, to down- load, or to print out single copies for his/hers own use and to use it unchanged for non-commercial research and educational purpose. Subsequent transfers of copyright cannot revoke this permission. All other uses of the document are conditional upon the consent of the copyright owner. The publisher has taken technical and administrative measures to assure authenticity, security and accessibility. According to intellectual property law the author has the right to be mentioned when his/her work is accessed as described above and to be protected against infringement. For additional information about the Linköping University Electronic Press and its procedures for publication and for assurance of document integrity, please refer to its www home page: https://www.ep.liu.se/. Johan Hedlin © Joakim Kahlström Abstract As cyber attacks are an ever-increasing threat to many organizations, the need for con- trolled environments where cyber security defenses can be tested against real-world at- tacks is increasing. These environments, called cyber ranges, exist across the world for both military and academic purposes of various scales. As the function of a cyber range involves having a set of computers, virtual or physical, that can be configured to replicate a corporate network or an industrial control system, having an automated method of config- uring these can streamline the process of performing different exercises. This thesis aims to provide a proof of concept of how the installation of software with known vulnerabili- ties can be performed and examines if the software is vulnerable directly after installation. The Cyber Range And Training Environment (CRATE) developed by the Swedish Defence Research Agency (FOI) is used as a testbed for the installations and FOI-provided tools are used for launching automated attacks against the installed software. The results show that installations can be performed without Internet access and with minimal network traf- fic being generated and that our solution can rewrite existing software packages from the package manager Chocolatey to work with an on-premises repository with an 85% success rate. It is also shown that very few publicly available exploits succeed without any man- ual configuration of either the exploit or the targeted software. Our work contributes to making it easier to set up environments where cyber security research and training can be conducted by simplifying the process of installing vulnerable applications. Contents Abstract iii Contents iv List of Figures vii List of Tables viii List of Listings ix Glossary x Acronyms xi 1 Introduction 1 1.1 Motivation . 1 1.2 Aim............................................ 2 1.3 Research questions . 2 1.4 Contributions . 2 1.5 Delimitations . 3 1.6 Disclaimer . 3 1.7 Thesis outline . 4 2 Background 5 2.1 Cyber Range And Training Environment (CRATE) . 5 2.2 Package managers for Windows . 6 2.2.1 Chocolatey . 7 2.2.2 Windows Package Manager . 7 2.2.3 Scoop . 7 2.2.4 Others . 7 2.3 Automation tools . 8 2.3.1 Ansible . 8 2.3.2 Chef . 9 2.3.3 Puppet . 10 2.3.4 Salt . 12 2.4 Virtual machine setup tools . 13 2.4.1 Boxstarter . 13 2.4.2 Packer . 14 2.5 Vulnerability-related naming schemes . 14 2.5.1 Common Platform Enumeration (CPE) . 14 2.5.2 Common Vulnerabilities and Exposures (CVE) . 14 2.6 Metasploit . 15 2.7 Scanning, Vulnerabilities, Exploits and Detection (SVED) . 15 iv 2.8 SVED Visualization Tool (SVIZ) . 16 2.9 Related work . 17 3 Method 20 3.1 Automating software installation . 20 3.1.1 Package managers selection . 21 3.1.2 Automation tool selection . 22 3.1.3 Summary of the tool selection . 23 3.1.4 Chocolatey list of packages . 23 3.1.5 Feedback from installation . 24 3.1.6 Database . 24 3.1.7 Mapping to vulnerabilities . 24 3.1.8 Online installation tests . 27 3.1.9 Rate limiting and excessive use . 27 3.1.10 Internal repository . 28 3.1.11 Offline installation tests . 30 3.2 Selecting exploits for evaluation . 31 3.2.1 Version difference . 31 3.2.2 Name and vendor difference . 32 3.2.3 Exploit selection criteria . 33 3.3 Automatic testing of exploits . 33 3.3.1 Preparing VMs . 34 3.3.2 Creating an attack sequence . 34 3.4 Manual testing of exploits . 35 3.5 Vulnerable state . 36 4 Results 37 4.1 Automating software installation . 37 4.1.1 With online access . 37 4.1.2 Evaluating the reliability of Chocolatey’s online repository . 38 4.1.3 Internal repository . 39 4.2 Selecting exploits for evaluation . 40 4.3 Automatic testing of exploits . 40 4.4 Manual testing of exploits . 41 4.5 Vulnerable state . 42 5 Discussion 44 5.1 Results . 44 5.1.1 Internal repository . 44 5.1.2 First usage . 45 5.1.3 Exploit testing . 46 5.2 Method . 47 5.2.1 Alternative methods of performing automated software installations . 47 5.2.2 Less focus on automated testing . 47 5.2.3 Source criticism . 47 5.3 Challenges . 47 5.3.1 Hitting the rate limit during downloading and testing packages . 47 5.3.2 Database . 48 5.3.3 Corrupt output from Ansible . 48 5.3.4 Strange URLs . 48 5.4 The work in a wider context . 49 6 Conclusion 51 v 6.1 Research questions . 51 6.2 Future work . 52 6.2.1 Improving the mapping from program and version to CPE . 52 6.2.2 Improving the exploit suggestion process . 52 6.2.3 Further automating the internalization process . 53 Bibliography 54 A Automatic exploit test results 59 vi List of Figures 2.1 Simplified illustration of CRATE . 6 2.2 Typical attack sequence in SVED . 16 2.3 Screenshot of the attack graph creator in SVED . 16 2.4 Screenshot of the attack graph section of SVIZ . 17 3.1 Information flow for automated software installation . 21 3.2 Internal repository using Sonatype Nexus 3 . 30 4.1 Output from the software installation process . 37 4.2 Installation result statistics . 38 4.3 Installation results over time . ..
Load more

Recommended publications
  • Developer Survey
    Developer Survey Questions requiring a response are in r ed . Questions in which a response is NOT required are in blue. This survey is a critical element of the developers workshop. We are using it to capture nuts and bolts information about codes within the community so that we can assess the landscape before the workshop and use this information to drive the discussions. Please collaborate to provide only one submission per code and submit your response using the online survey: h ttps://ucdavis.co1.qualtrics.com/jfe/form/SV_57wtv4gpuaowTsh Basic Information Code identification 1. What is the name of the code? [small text box] 2. Who are the primary authors/maintainers? [medium text box] 3. URL of webpage for the code (if different than the version control repository) [small text box] 4. URL of version control repository (if public) [small text box] Software 1. Which license(s) do you use? Select all that apply. a. Apache license b. BSD license c. GNU General Public License d. GNU Lesser General Public License e. MIT license f. Mozilla Public License g. Common Development and Distribution License h. Eclipse Public License i. Other. Please specify [small text box] j. No license 2. What programming language(s) is your code currently written in? Select all that apply a. Fortran 77 b. Fortran 90 or later c. C d. C++ e. Go f. Python g. Julia h. Matlab i. Other. Please specify. [small text box] 3. List the primary (high-level) code dependencies (e.g., PETSc, deal.ii, FEniCS) [medium text box] 4. List any additional (low-level) code dependencies (e.g., MPI, NetCDF, HDF5) [medium text box] 5.
    [Show full text]
  • Updating Systems and Adding Software in Oracle® Solaris 11.4
    Updating Systems and Adding Software ® in Oracle Solaris 11.4 Part No: E60979 November 2020 Updating Systems and Adding Software in Oracle Solaris 11.4 Part No: E60979 Copyright © 2007, 2020, Oracle and/or its affiliates. License Restrictions Warranty/Consequential Damages Disclaimer This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. Warranty Disclaimer The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. Restricted Rights Notice If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial
    [Show full text]
  • Project Report
    Project Report An Extension of CodeFeedr Team 1Up Project Report An Extension of CodeFeedr by Roald van der Heijden, Matthijs van Wijngaarden, Wouter Zonneveld in order to obtain the degree of Bachelor of Science in Computer Science at the Delft University of Technology, to be defended publicly on the 5th of February 2020, 10:30 Project duration: November 11, 2019 – January 31, 2020 Thesis committee: Dr. G. Gousios, Client, TU Delft Dr. A. Katsifodimos, Supervisor, TU Delft Dr. H. Wang, Bachelor Project Coordinator, TU Delft An electronic version of this thesis is available at http://repository.tudelft.nl/. Contents 1 Introduction 4 2 CodeFeedr 5 2.1 Overview.........................................5 2.2 Architecture........................................5 2.3 Dependencies.......................................6 3 Research Report 7 3.1 Overview.........................................7 3.2 Problem Description...................................7 3.3 Design Goals.......................................8 3.4 Requirement Analysis...................................9 3.5 Development Methodology................................ 10 3.6 Related Work....................................... 11 3.7 Design Choices...................................... 12 4 Software Architecture 15 4.1 Design Patterns...................................... 15 4.2 Plugins.......................................... 15 4.3 SQL REPL......................................... 17 5 Implementation 18 5.1 Plugins.......................................... 18 5.2 SQL REPL........................................
    [Show full text]
  • Diplomat: Using Delegations to Protect Community Repositories
    Diplomat: Using Delegations to Protect Community Repositories Trishank Karthik Kuppusamy, Santiago Torres-Arias, Vladimir Diaz, and Justin Cappos, New York University https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy This paper is included in the Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’16). March 16–18, 2016 • Santa Clara, CA, USA ISBN 978-1-931971-29-4 Open access to the Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’16) is sponsored by USENIX. Diplomat: Using Delegations to Protect Community Repositories Trishank Karthik Kuppusamy Santiago Torres-Arias Vladimir Diaz Justin Cappos Tandon School of Engineering, New York University Abstract software. Major repositories run by Adobe, Apache, Debian, Fedora, FreeBSD, Gentoo, GitHub, GNU Sa- Community repositories, such as Docker Hub, PyPI, vannah, Linux, Microsoft, npm, Opera, PHP, RedHat, and RubyGems, are bustling marketplaces that distribute RubyGems, SourceForge, and WordPress repositories software. Even though these repositories use common have all been compromised at least once [4,5,7,27,28,30, software signing techniques (e.g., GPG and TLS), at- 31,35,36,39–41,48,59,61,62,67,70,79,80,82,86,87,90]. tackers can still publish malicious packages after a server For example, a compromised SourceForge repository compromise. This is mainly because a community repos- mirror located in Korea distributed a malicious ver- itory must have immediate access to signing keys in or- sion of phpMyAdmin, a popular database administration der to certify the large number of new projects that are tool [79]. The modified version allowed attackers to gain registered each day.
    [Show full text]
  • Jupyter Tutorial Release 0.8.0
    Jupyter Tutorial Release 0.8.0 Veit Schiele Oct 01, 2021 CONTENTS 1 Introduction 3 1.1 Status...................................................3 1.2 Target group...............................................3 1.3 Structure of the Jupyter tutorial.....................................3 1.4 Why Jupyter?...............................................4 1.5 Jupyter infrastructure...........................................4 2 First steps 5 2.1 Install Jupyter Notebook.........................................5 2.2 Create notebook.............................................7 2.3 Example................................................. 10 2.4 Installation................................................ 13 2.5 Follow us................................................. 15 2.6 Pull-Requests............................................... 15 3 Workspace 17 3.1 IPython.................................................. 17 3.2 Jupyter.................................................. 50 4 Read, persist and provide data 143 4.1 Open data................................................. 143 4.2 Serialisation formats........................................... 144 4.3 Requests................................................. 154 4.4 BeautifulSoup.............................................. 159 4.5 Intake................................................... 160 4.6 PostgreSQL................................................ 174 4.7 NoSQL databases............................................ 199 4.8 Application Programming Interface (API)..............................
    [Show full text]
  • Windows Batch Downloader App Windows Batch Downloader App
    windows batch downloader app Windows batch downloader app. A free bulk image downloader application that also serves as a multi-purpose bulk downloader for your PC. Cross-Platform. It doesn't matter whether you use a Windows, Mac or Linux Operating System. We've got you covered. DOWNLOAD MEDIA FILES. WFDownloader App is able to batch download entire image galleries, wallpapers, animes, mangas, videos, audio files, documents and so on from suported sites. Organized Downloading. Your downloads are grouped by batches making it easy to access related downloaded contents on your computer. More Features! Bulk download urls with patterns, download forum images and other media, grab images directly from search engines, use app's built-in crawler for advanced link search, save download progress and resume at any time, and other stuffs. WFDownloader App is a smart batch downloading app and it's absolutely FREE! Features. Grab original images directly from search engines like Google, Bing, and Yandex. Download entire image galleries, wallpapers, documents, videos, audio files, etc., from supported sites like Instagram, Twitter, Pinterest, ArtStation, etc. Use app's customizable crawler for advanced link search. Has special support for bulk downloading any kind of media from forum threads. How can I download a file with batch file without using any external tools? First to clarify this question is aimed to HTTP(s) download .For FTP may be I'll ask (and answer) another question. Here are some similar questions - but I want to be more precise . Besides excluding external tools I want the solution(s) to be applicable for the widest possible types of windows machines (including XP,Win2003,Vista which still have big enough share).
    [Show full text]
  • Designdocument < Hellasgrid/Egiumdrepository
    Table of Contents EGI Repository Design Document...................................................................................................................1 Executive Summary................................................................................................................................1 Glossary..................................................................................................................................................1 Table of Contents....................................................................................................................................1 Introduction and Requirements and Objectives......................................................................................1 Operations on the repository............................................................................................................2 Contents of the repository................................................................................................................2 Supported Projects............................................................................................................................2 Users and User's Roles in the Repository...............................................................................................2 Repository Contents for End Users..................................................................................................3 Repository Administrators...............................................................................................................3
    [Show full text]
  • Skype Download 64 Bit
    1 / 4 Skype Download 64 Bit Download Voice Changer App apk 1. ... Antares Autotune 7 64 Bit Mac Crack. ... Clownfish Voice Changer can be synced with Steam, Skype, Hangouts, Viber, .... youtube, youtube to mp3, download youtube, mymp3song, hindi music lyrics ,download punjabi music, free punjabi music, hindi songs mp3 ,punjabi wap .... Download Skype (Classic) for Windows to expand boundaries and reach out to limitless opportunities for instant worldwide communication.. The following is an explanation on how to get Skype for Business, download and ... Office applications and system requirements, selecting either 32 bit or 64 bit.. German 64-bit · German 32-bit. the full KB article and rest of clients download links can be found here. Spread the news .... Download Skype for Business latest version (2021) free for Windows 10 PC/Laptop. 64 bit and 32 bit safe Download and Install from official .... Please note: the latest versions of Skype work only on 64 bit architectures. It is possible to install Skype on Fedora using these package methods. Using the RPM .... Here we will describe downloading and installing a Skype package ... There are different versions of Skype available for 32-bit and 64-bit flavors of Ubuntu.. If you need a rollback of Skype, check out the app's version history on Uptodown. It includes all the file versions available to download off Uptodown for that app. Get Skype, free messaging and video chat app. Conference calls for up to 25 people. Download Skype for Windows, Mac or Linux today.. How to Download &Install Skype for Business software of Office 365 in ..
    [Show full text]
  • BSCW Administrator Documentation Release 7.4.1
    BSCW Administrator Documentation Release 7.4.1 OrbiTeam Software Mar 11, 2021 CONTENTS 1 How to read this Manual1 2 Installation of the BSCW server3 2.1 General Requirements........................................3 2.2 Security considerations........................................4 2.3 EU - General Data Protection Regulation..............................4 2.4 Upgrading to BSCW 7.4.1......................................5 2.4.1 Upgrading on Unix..................................... 13 2.4.2 Upgrading on Windows................................... 17 3 Installation procedure for Unix 19 3.1 System requirements......................................... 19 3.2 Installation.............................................. 20 3.3 Software for BSCW Preview..................................... 26 3.4 Configuration............................................. 30 3.4.1 Apache HTTP Server Configuration............................ 30 3.4.2 BSCW instance configuration............................... 35 3.4.3 Administrator account................................... 36 3.4.4 De-Installation....................................... 37 3.5 Database Server Startup, Garbage Collection and Backup..................... 37 3.5.1 BSCW Startup....................................... 38 3.5.2 Garbage Collection..................................... 38 3.5.3 Backup........................................... 38 3.6 Folder Mail Delivery......................................... 39 3.6.1 BSCW mail delivery agent (MDA)............................. 39 3.6.2 Local Mail Transfer Agent
    [Show full text]
  • Current Capacity Reporter Installation Guide
    CA Current Capacity Reporter Installation Guide Version 1.5 June, 2014 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the “Documentation”) is for your informational purposes only and is subject to change or withdrawal by CA at any time. This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. This Documentation is confidential and proprietary information of CA and may not be disclosed by you or used for any purpose other than as may be permitted in (i) a separate agreement between you and CA governing your use of the CA software to which the Documentation relates; or (ii) a separate confidentiality agreement between you and CA. Notwithstanding the foregoing, if you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise make available a reasonable number of copies of the Documentation for internal use by you and your employees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproduced copy. The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT.
    [Show full text]
  • Installer Crack Pkg
    Installer crack pkg click here to download but i want to install the game: i am alive. but its an pkg file and i cant . The retail PKG files will install but the Cracked PKG files fail to install. Restarting in Target Disk Mode If you want to install NewMac's bundled and type: $ /Volumes/Mac OS X Install Disc 1/System/Installation/Packages/ Note that . 5 days ago DownloadDirectX End-User Runtime Web Installer · Close windowDirectX End- User Runtime Web Installer. Skype for Business on Mac. Details. Download the installer files based on the download methods available for your product. Click www.doorway.ru and follow the prompts to continue. Image of the. All packages available in the latest release of Anaconda are listed on the pages linked below. These packages may be installed with the command conda install. The individual Unity installers are provided www.doorway.ru files, which can be installed the option is presented as Torrent download (Win+Mac) in the Downloads. Ubuntu packages. Ubuntu comes with darktable packages. You can install them with. sudo apt-get install darktable. If you need a newer version than what is. Learn www.doorway.ru files and view a list of programs that open them. A PKG file is a package of compressed installer files used to install a software program. Get Involved. If you want to help out with developing and testing, grab a daily build. Our GitHub project is here and the issue tracker for the server here. , Windows Installer (EXE) · Mac Package Installer (PKG) · AS Package, n/a, n/a Please refer to our documentation for install/uninstall instructions.
    [Show full text]
  • Json Schema Python Package
    Json Schema Python Package Epiphytical and irascible Stanly often tetanized some caraway astern or recap terminably. Alicyclic or sepaloid, Rajeev never lambastes any paedophilia! Lubricious and unperilous Martin unsolders while tonish Sherwin uprears her savers first-class and vitiates ungovernably. Thats it uses json package The jsonschema package must be installed separately in order against use this decorator Combining schemas Understanding JSON Schema 70 Apr 12 2020. It is in xml processing of specific use regular expressions are examples show you can create a mandatory conversion tactic can see full list. Any changes take effect, our example below is there is a given types, free edition of code example above, happy testing process generated from any. By which require that in addition, and click actions on disk, but you have a standard. Learn about JSON Schemas and how you agree use sometimes to build your own JSON Validator Server using Python and Django. You maybe transitive dependencies. The instance object. You really fast json package manager for packaging into a packages in python library in json schema, if there any errors with. Build Your Own Schema Registry Server Using Python and. Jsonchema Custom type format and validator in Python. Debian - Details of package python3-jsonschema in stretch. If you to your messy. Pyarrow datatype. In go to properly formatted string. Validate an XML or JSON file against a LIXI2 Schema Validate a LIXI package XML or JSON against a Schematron file that contains business. See if not build one. Lightweight data to configure canonical logging, seems somewhat different tasks that contain all news about contact search.
    [Show full text]