# Terminal Processing

© Crown-owned copyright 2025, Defence Science and Technology Laboratory UK

This notebook serves as a guide on the functionality and use of the `terminal` service from both the simulation and game layers.

In [1]:
!primaite setup

2025-03-24 09:52:26,983: Performing the PrimAITE first-time setup...
2025-03-24 09:52:26,983: Building the PrimAITE app directories...
2025-03-24 09:52:26,983: Building primaite_config.yaml...
2025-03-24 09:52:26,983: Rebuilding the demo notebooks...
2025-03-24 09:52:27,005: Rebuilding the example notebooks...
2025-03-24 09:52:27,007: PrimAITE setup complete!


In [2]:
from primaite.simulator.system.services.terminal.terminal import Terminal
from primaite.simulator.network.container import Network
from primaite.simulator.network.hardware.nodes.host.computer import Computer
from primaite.simulator.system.applications.red_applications.ransomware_script import RansomwareScript
from primaite.simulator.system.services.terminal.terminal import RemoteTerminalConnection


## Simulation Layer Implementation.

The `terminal` service comes pre-installed on most node types. 

_The only exception to this being `switches` network nodes, this is because PrimAITE currently only implements 'dumb' switches. `routers` and `firewalls` however all support the `terminal`._

In [3]:
!primaite setup

2025-03-24 09:52:28,538: Performing the PrimAITE first-time setup...


2025-03-24 09:52:28,538: Building the PrimAITE app directories...
2025-03-24 09:52:28,538: Building primaite_config.yaml...
2025-03-24 09:52:28,538: Rebuilding the demo notebooks...
2025-03-24 09:52:28,561: Rebuilding the example notebooks...
2025-03-24 09:52:28,563: PrimAITE setup complete!


In this notebook, the terminal is demoed on a basic network consisting of two computers, connected together via a link to form a basic LAN network which can be seen by the `basic_network()` method defined below.

In [4]:
def basic_network() -> Network:
    """Utility function for creating a default network to demonstrate Terminal functionality"""
    network = Network()
    node_a = Computer.from_config(
            config = {
            "type": "computer",
            "hostname": "node_a",
            "ip_address": "192.168.0.10",
            "subnet_mask": "255.255.255.0",
            # "startup_duration": 0,
        }
    )
    node_a.power_on()
    node_b = Computer.from_config(
        config = {
            "type": "computer",
            "hostname": "node_b",
            "ip_address": "192.168.0.11",
            "subnet_mask": "255.255.255.0",
            # "startup_duration": 0,
        }
    )
    node_b.power_on()
    network.connect(node_a.network_interface[1], node_b.network_interface[1])
    return network

After setting up the network, the terminal can be accessed from a `Node` via the `software_manager`:

In [5]:
network: Network = basic_network()
computer_a: Computer = network.get_node_by_hostname("node_a")
terminal_a: Terminal = computer_a.software_manager.software.get("terminal")
computer_b: Computer = network.get_node_by_hostname("node_b")
terminal_b: Terminal = computer_b.software_manager.software.get("terminal")

However, before we're able to send commands from `node_a` to `node_b`, you will need to `login` to `node_b` first, using valid user credentials. 

After providing successful credentials, the login method will return type of `TerminalClientConnection` object which can then be used for sending commands to the node. 

In the example below, we are remotely logging in to the default ***'admin'*** account on `node_b`, from `node_a` (If you are not logged in, any commands sent will be rejected by the remote).


In [6]:
# Login to the remote (node_b) from local (node_a)
term_a_term_b_remote_connection: RemoteTerminalConnection = terminal_a.login(username="admin", password="admin", ip_address="192.168.0.11")

You can view all active connections to a terminal through use of the `show()` method.

In [7]:
terminal_b.show()

+----------------------------------------------------------------------------------+
|                           node_b terminal Connections                            |
+--------------+--------------------------------------+----------------------------+
| IP Address   | Connection ID                        | Creation Timestamp         |
+--------------+--------------------------------------+----------------------------+
| 192.168.0.10 | c15aa71c-461c-42dd-a2bd-0fa1cefd57dc | 2025-03-24 09:52:28.758503 |
+--------------+--------------------------------------+----------------------------+


As we logged into a remote node, the login method return a `RemoteTerminalConnection` which allows us to forward commands to be executed on the target node. 

The example below demonstrates how you can remotely install an application on the target node.

In [8]:
term_a_term_b_remote_connection.execute(["software_manager", "application", "install", "ransomware-script"])

True

In [9]:
computer_b.software_manager.show()

+---------------------------------------------------------------------------------------+
|                                node_b Software Manager                                |
+----------------------+-------------+-----------------+--------------+------+----------+
| Name                 | Type        | Operating State | Health State | Port | Protocol |
+----------------------+-------------+-----------------+--------------+------+----------+
| arp                  | Service     | RUNNING         | GOOD         | 219  | udp      |
| icmp                 | Service     | RUNNING         | GOOD         | None | icmp     |
| dns-client           | Service     | RUNNING         | GOOD         | 53   | tcp      |
| ntp-client           | Service     | RUNNING         | GOOD         | 123  | udp      |
| web-browser          | Application | CLOSED          | GOOD         | 80   | tcp      |
| nmap                 | Application | CLOSED          | GOOD         | None | none     |
| user-ses

As the terminal allows us to leverage the [request system](./Requests-and-Responses.ipynb) we have full access to the request manager on any simulation component. For example, the code snippet below demonstrates how we the `terminal` allows the user of `terminal_a`, on `computer_a`, to send a command (in the form of a request) to `computer_b` to create a downloads folder. 


In [10]:
# Display the current state of the file system on computer_b
computer_b.file_system.show()

# Send command
term_a_term_b_remote_connection.execute(["file_system", "create", "folder", "downloads"])

+-----------------------------------------------------------------+
|                        node_b File System                       |
+--------+------+---------------+-----------------------+---------+
| Folder | Size | Health status | Visible health status | Deleted |
+--------+------+---------------+-----------------------+---------+
| root   | 0 B  | GOOD          | NONE                  | False   |
+--------+------+---------------+-----------------------+---------+


True

The resultant call to `computer_b.file_system.show()` shows that the new folder has been created.

In [11]:
computer_b.file_system.show()

+--------------------------------------------------------------------+
|                         node_b File System                         |
+-----------+------+---------------+-----------------------+---------+
| Folder    | Size | Health status | Visible health status | Deleted |
+-----------+------+---------------+-----------------------+---------+
| downloads | 0 B  | GOOD          | NONE                  | False   |
| root      | 0 B  | GOOD          | NONE                  | False   |
+-----------+------+---------------+-----------------------+---------+


Information about the latest response when executing a remote command can be seen by calling the `last_response` attribute within `Terminal`

In [12]:
print(terminal_a.last_response)

status='success' data={'folder_name': 'downloads'}


When finished, the connection can be closed by calling the `disconnect` function of the Remote Client object

In [13]:
# Display active connection
terminal_a.show()
terminal_b.show()

term_a_term_b_remote_connection.disconnect()

terminal_a.show()
terminal_b.show()

+----------------------------------------------------------------------------------+
|                           node_a terminal Connections                            |
+--------------+--------------------------------------+----------------------------+
| IP Address   | Connection ID                        | Creation Timestamp         |
+--------------+--------------------------------------+----------------------------+
| 192.168.0.11 | c15aa71c-461c-42dd-a2bd-0fa1cefd57dc | 2025-03-24 09:52:28.762285 |
+--------------+--------------------------------------+----------------------------+
+----------------------------------------------------------------------------------+
|                           node_b terminal Connections                            |
+--------------+--------------------------------------+----------------------------+
| IP Address   | Connection ID                        | Creation Timestamp         |
+--------------+--------------------------------------+----------

Disconnected Terminal sessions will no longer show in the node's Terminal connection list, but will be under the historic sessions in the `user_session_manager`.

In [14]:
computer_b.user_session_manager.show(include_historic=True, include_session_id=True)

+--------------------------------------------------------------------------------------------------------------------+
|                                                node_b User Sessions                                                |
+--------------------------------------+----------+--------+--------------+------------+------------------+----------+
| Session ID                           | Username | Type   | Remote IP    | Start Step | Step Last Active | End Step |
+--------------------------------------+----------+--------+--------------+------------+------------------+----------+
| c15aa71c-461c-42dd-a2bd-0fa1cefd57dc | admin    | remote | 192.168.0.10 | 0          | 0                |          |
+--------------------------------------+----------+--------+--------------+------------+------------------+----------+


## Game Layer Implementation

This notebook section will detail the implementation of how the game layer utilises the terminal to support different agent actions.

The ``terminal`` is directly leveraged to implement the following agent actions.


|  Game Layer Action                | Simulation Layer         |
|-----------------------------------|--------------------------|
| ``node-send-local-command``       | Uses the given user credentials, creates a ``LocalTerminalSession`` and executes the given command and returns the ``RequestResponse``.
| ``node-session-remote-login``                 | Uses the given user credentials and remote IP to create a ``RemoteTerminalSession``.
| ``node-send-remote-command``      | Uses the given remote IP to locate the correct ``RemoteTerminalSession``, executes the given command and returns the ``RequestsResponse``.

Additionally, the `terminal` is utilised extensively by the [c2 suite](./Command-and-Control-E2E-Demonstration.ipynb) and it's related actions. 

### Game Layer Setup

Similar to other notebooks, the next code cells create a custom proxy agent to demonstrate how these commands can be leveraged by agents in the ``UC2`` network environment.

If you're unfamiliar with ``UC2`` then please refer to the [UC2-E2E-Demo notebook for further reference](./Data-Manipulation-E2E-Demonstration.ipynb).

In [15]:
import yaml
from primaite.config.load import data_manipulation_config_path
from primaite.session.environment import PrimaiteGymEnv

In [16]:
custom_terminal_agent = """
  - ref: CustomTerminalAgent
    team: RED
    type: proxy-agent
    action_space:
      action_map:
        0:
          action: do-nothing
          options: {}
        1:
          action: node-send-local-command
          options:
            node_name: client_1
            username: admin
            password: admin
            command:
                - file_system
                - create
                - file
                - downloads
                - dog.png
                - False
        2:
          action: node-session-remote-login
          options:
            node_name: client_1
            username: admin
            password: admin
            remote_ip: 192.168.10.22
        3:
          action: node-send-remote-command
          options:
            node_name: client_1
            remote_ip: 192.168.10.22
            command:
                - file_system
                - create
                - file
                - downloads
                - cat.png
                - False
"""
custom_terminal_agent_yaml = yaml.safe_load(custom_terminal_agent)

In [17]:
with open(data_manipulation_config_path()) as f:
    cfg = yaml.safe_load(f)
    # removing all agents & adding the custom agent.
    cfg['agents'] = {}
    cfg['agents'] = custom_terminal_agent_yaml

env = PrimaiteGymEnv(env_config=cfg)

client_1: Computer = env.game.simulation.network.get_node_by_hostname("client_1")
client_2: Computer = env.game.simulation.network.get_node_by_hostname("client_2")

2025-03-24 09:52:31,097: PrimaiteGymEnv RNG seed = None


### Terminal Action | ``node-send-local-command`` 

The yaml snippet below shows all the relevant agent options for this action:

```yaml
      action_map:
        1:
          action: node-send-local-command
          options:
            node_name: client_1
            username: admin
            password: admin
            command:
                - file_system
                - create
                - file
                - downloads
                - dog.png
                - False
```

In [18]:
env.step(1)
client_1.file_system.show(full=True)

+-------------------------------------------------------------------------------+
|                              client_1 File System                             |
+-------------------+---------+---------------+-----------------------+---------+
| File Path         | Size    | Health status | Visible health status | Deleted |
+-------------------+---------+---------------+-----------------------+---------+
| downloads/dog.png | 40.0 KB | GOOD          | NONE                  | False   |
| root              | 0 B     | GOOD          | NONE                  | False   |
+-------------------+---------+---------------+-----------------------+---------+


### Terminal Action | ``node-session-remote-login``  

The yaml snippet below shows all the relevant agent options for this action:

```yaml
      action_map:
        2:
          action: node-session-remote-login
          options:
            node_name: client_1
            username: admin
            password: admin
            remote_ip: 192.168.10.22 # client_2's ip address.
```

In [19]:
env.step(2)
client_2.session_manager.show()

+----------------------------------+
|     client_2 Session Manager     |
+----------------+------+----------+
| Destination IP | Port | Protocol |
+----------------+------+----------+
| 192.168.10.1   | 219  | udp      |
| 192.168.10.21  | 219  | udp      |
| 192.168.10.21  | 22   | tcp      |
+----------------+------+----------+


### Terminal Action |  ``node-send-remote-command``

The yaml snippet below shows all the relevant agent options for this action:

```yaml
      action_map:
        3:
          action: node-send-remote-command
          options:
            node_name: client_1
            remote_ip: 192.168.10.22 # client_2's ip address.
            command:
                - file_system
                - create
                - file
                - downloads
                - cat.png
                - False
```

In [20]:
env.step(3)
client_2.file_system.show(full=True)

+-------------------------------------------------------------------------------+
|                              client_2 File System                             |
+-------------------+---------+---------------+-----------------------+---------+
| File Path         | Size    | Health status | Visible health status | Deleted |
+-------------------+---------+---------------+-----------------------+---------+
| downloads/cat.png | 40.0 KB | GOOD          | NONE                  | False   |
| root              | 0 B     | GOOD          | NONE                  | False   |
+-------------------+---------+---------------+-----------------------+---------+
