Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License.

# Random agent playing the Capture The Flag toy environment

In [4]:
import sys
import logging
import gym

logging.basicConfig(stream=sys.stdout, level=logging.INFO, format="%(levelname)s: %(message)s")

### CyberBattle simulation
- **Environment**: a network of nodes with assigned vulnerabilities/functionalities, value, and firewall configuration
- **Action space**: local attack | remote attack | authenticated connection
- **Observation**: effects of action on environment

In [5]:
import sys
sys.path.append('/home/windy/Desktop/experiment/CyberBattleSim')
import cyberbattle._env.cyberbattle_env
gym_env = gym.make('CyberBattleToyCtf-v0')

In [6]:
gym_env.environment

Environment(network=<networkx.classes.digraph.DiGraph object at 0x7f9bf6728ca0>, vulnerability_library={}, identifiers=Identifiers(properties=['CTFFLAG:LeakedCustomerData', 'CTFFLAG:LeakedCustomerData2', 'CTFFLAG:Readme.txt-Discover secret data', 'CTFFLAG:VMPRIVATEINFO', 'GitHub', 'MySql', 'SasUrlInCommit', 'SharepointLeakingPassword', 'Ubuntu', 'nginx/1.10.3'], ports=['GIT', 'HTTPS', 'MySQL', 'PING', 'SSH', 'SSH-key', 'su'], local_vulnerabilities=['CredScan-HomeDirectory', 'CredScanBashHistory', 'SearchEdgeHistory'], remote_vulnerabilities=['AccessDataWithSASToken', 'CredScanGitHistory', 'ListAzureResources', 'NavigateWebDirectory', 'NavigateWebDirectoryFurther', 'ScanPageContent', 'ScanPageSource', 'ScanSharepointParentDirectory']), creationTime=datetime.datetime(2024, 4, 4, 8, 40, 26, 757640), lastModified=datetime.datetime(2024, 4, 4, 8, 40, 26, 757645), version='0.1.0')

In [None]:
gym_env.action_space

In [None]:
gym_env.action_space.sample()

## A random agent

In [9]:
for i_episode in range(1):
    observation = gym_env.reset()

    total_reward = 0

    for t in range(5600):
        action = gym_env.sample_valid_action()

        observation, reward, done, info = gym_env.step(action)
        
        total_reward += reward
        
        if reward>0:
            print('####### rewarded action: {action}')
            print(f'total_reward={total_reward} reward={reward}')
            gym_env.render()
    
        if done:
            print("Episode finished after {} timesteps".format(t+1))
            break

    gym_env.render()

gym_env.close()
print("simulation ended")

INFO: Resetting the CyberBattle environment
INFO: Vulnerability 'CredScanGitHistory' not supported by node 'client'
INFO: Vulnerability 'ListAzureResources' not supported by node 'client'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
####### rewarded action: {action}
total_reward=6.0 reward=6.0


Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,Website,discovered,,,"[ScanPageSource, ScanPageContent]"


INFO: Vulnerability 'ScanPageSource' not supported by node 'client'
INFO: Vulnerability 'ListAzureResources' not supported by node 'Website'
INFO: Vulnerability 'ListAzureResources' not supported by node 'Website'
INFO: Vulnerability 'ScanSharepointParentDirectory' not supported by node 'Website'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'client'
INFO: Vulnerability 'NavigateWebDirectory' not supported by node 'Website'
INFO: Vulnerability 'CredScanGitHistory' not supported by node 'client'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: Vulnerability 'ScanPageSource' not supported by node 'client'
INFO: Vulnerability 'CredScanGitHistory' not supported by node 'client'
INFO: Vulnerability 'ListAzureRes

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,Website,discovered,,,"[ScanPageSource, ScanPageContent]"
2,GitHubProject,discovered,,,[CredScanGitHistory]


INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'client'
INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'GitHubProject'
INFO: Vulnerability 'ScanPageSource' not supported by node 'GitHubProject'
INFO: discovered node: GitHubProject
INFO: GOT REWARD: WEBSITE page content has a link to github -> Github project discovered!
INFO: Vulnerability 'NavigateWebDirectoryFurther' not supported by node 'client'
INFO: Vulnerability 'ScanSharepointParentDirectory' not supported by node 'Website'
INFO: Vulnerability 'ListAzureResources' not supported by node 'Website'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: Vulnerability 'ListAzureResources' not supported by node 'GitHubProject'
INFO: Vulnerability 'NavigateWebDirectory' not supported by node 'GitHubProject'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: Vulnerability 'NavigateWebDirec

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,Website,discovered,,,"[ScanPageSource, ScanPageContent]"
2,GitHubProject,discovered,,,[CredScanGitHistory]
3,AzureStorage,discovered,,,[AccessDataWithSASToken]


INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'MySQL'
INFO: Vulnerability 'NavigateWebDirectory' not supported by node 'Website'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'PING'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'su'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'MySQL'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'su'
INFO: GOT REWARD: Stole data using a publicly shared SAS token
####### rewarded action: {action}
total_reward=27.0 reward=6.0


Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,Website,discovered,,,"[ScanPageSource, ScanPageContent]"
2,GitHubProject,discovered,,,[CredScanGitHistory]
3,AzureStorage,discovered,,,[AccessDataWithSASToken]


INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'su'
INFO: Vulnerability 'ScanSharepointParentDirectory' not supported by node 'AzureStorage'
INFO: target node 'GitHubProject' not listening on port 'HTTPS'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'PING'
INFO: Vulnerability 'ListAzureResources' not supported by node 'client'
INFO: Vulnerability 'ListAzureResources' not supported by node 'GitHubProject'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: Vulnerability 'ScanSharepointParentDirectory' not supported by node 'AzureStorage'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'PING'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'SSH-key'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: Vulnerability 'ScanPageSource' not supported

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
2,Website,discovered,,,"[ScanPageSource, ScanPageContent]"
3,GitHubProject,discovered,,,[CredScanGitHistory]


INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'client'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'SSH-key'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: target node 'GitHubProject' not listening on port 'SSH'
INFO: Vulnerability 'NavigateWebDirectory' not supported by node 'Website'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: Vulnerability 'ScanSharepointParentDirectory' not supported by node 'GitHubProject'
INFO: Vulnerability 'ListAzureResources' not supported by node 'client'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'su'
INFO: Vulnerability 'CredScanGitHistory' not supported by node 'Website'
INFO: Vulnerability 'NavigateWebDirectory' not supported by node 'client'
INFO: discovered node: AzureStorage
INFO: discovered credential: CachedCredential(nod

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
2,Website,discovered,,,"[ScanPageSource, ScanPageContent]"
3,GitHubProject,discovered,,,[CredScanGitHistory]
4,Website.Directory,discovered,,,"[NavigateWebDirectoryFurther, NavigateWebDirec..."


INFO: Vulnerability 'NavigateWebDirectoryFurther' not supported by node 'client'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'su'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'MySQL'
INFO: Vulnerability 'NavigateWebDirectoryFurther' not supported by node 'client'
INFO: target node 'client' not listening on port 'SSH'
INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'client'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'su'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'GIT'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'GIT'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'GIT'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'SSH-key'
INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'client'
INFO: 

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
2,Website,discovered,,,"[ScanPageSource, ScanPageContent]"
3,GitHubProject,discovered,,,[CredScanGitHistory]
4,Website.Directory,discovered,,,"[NavigateWebDirectoryFurther, NavigateWebDirec..."


INFO: Vulnerability 'NavigateWebDirectory' not supported by node 'Website'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'su'
INFO: Vulnerability 'ListAzureResources' not supported by node 'GitHubProject'
INFO: Vulnerability 'NavigateWebDirectory' not supported by node 'Website'
INFO: target node 'AzureStorage' not listening on port 'SSH'
INFO: target node 'AzureStorage' not listening on port 'SSH'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'SSH-key'
INFO: Vulnerability 'ScanPageSource' not supported by node 'Website.Directory'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: Vulnerability 'ScanPageSource' not supported by node 'AzureStorage'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'GIT'
INFO: Vulnerability 'ScanSharepointParentDirectory' not supported by node 'client'
INFO: BLOCKED TRAFFIC: source node 'clien

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
2,Website,discovered,,,"[ScanPageSource, ScanPageContent]"
3,GitHubProject,discovered,,,[CredScanGitHistory]
4,Website.Directory,discovered,,,"[NavigateWebDirectoryFurther, NavigateWebDirec..."
5,Sharepoint,discovered,,,[ScanSharepointParentDirectory]


INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'GIT'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'SSH-key'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'GIT'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'su'
INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'client'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'GIT'
INFO: target node 'GitHubProject' not listening on port 'HTTPS'
INFO: Vulnerability 'ListAzureResources' not supported by node 'GitHubProject'
INFO: target node 'Website.Directory' not listening on port 'SSH'
INFO: discovered node: Website
INFO: GOT REWARD: Web br

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
2,Website,discovered,,,"[ScanPageSource, ScanPageContent]"
3,GitHubProject,discovered,,,[CredScanGitHistory]
4,Website.Directory,discovered,,,"[NavigateWebDirectoryFurther, NavigateWebDirec..."
5,Sharepoint,discovered,,,[ScanSharepointParentDirectory]
6,AzureResourceManager,discovered,,,[ListAzureResources]


INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'GIT'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'MySQL'
INFO: Vulnerability 'ListAzureResources' not supported by node 'GitHubProject'
INFO: Vulnerability 'ListAzureResources' not supported by node 'AzureStorage'
INFO: discovered node: AzureVM
INFO: GOT REWARD: Obtained Azure VM and public IP information
####### rewarded action: {action}
total_reward=113.0 reward=6.0


Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
2,Website,discovered,,,"[ScanPageSource, ScanPageContent]"
3,GitHubProject,discovered,,,[CredScanGitHistory]
4,Website.Directory,discovered,,,"[NavigateWebDirectoryFurther, NavigateWebDirec..."
5,Sharepoint,discovered,,,[ScanSharepointParentDirectory]
6,AzureResourceManager,discovered,,,[ListAzureResources]
7,AzureVM,discovered,,,[]


INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'su'
INFO: target node 'client' not listening on port 'SSH'
INFO: Vulnerability 'CredScanGitHistory' not supported by node 'AzureResourceManager'
INFO: Vulnerability 'ScanPageSource' not supported by node 'client'
INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'GIT'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'MySQL'
INFO: Vulnerability 'ScanSharepointParentDirectory' not supported by node 'AzureResourceManager'
INFO: Vulnerability 'ScanPageContent' not supported by node 'AzureStorage'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: Vulnerability 'NavigateWebDirectoryFurther' not supported by node 'AzureStorage'
INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'client'
INFO: Vulnerability 'ListAzureResources' not supported by node 'AzureStorage'
INFO: BL

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,Website,owned,"[MySql, Ubuntu, nginx/1.10.3]",[CredScanBashHistory],"[ScanPageSource, ScanPageContent]"
2,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
3,GitHubProject,discovered,,,[CredScanGitHistory]
4,Website.Directory,discovered,,,"[NavigateWebDirectoryFurther, NavigateWebDirec..."
5,Sharepoint,discovered,,,[ScanSharepointParentDirectory]
6,AzureResourceManager,discovered,,,[ListAzureResources]
7,AzureVM,discovered,,,[]


INFO: BLOCKED TRAFFIC: source node 'client' is blocking outgoing traffic on port 'PING'
INFO: BLOCKED TRAFFIC: source node 'Website' is blocking outgoing traffic on port 'MySQL'
INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'GitHubProject'
INFO: Vulnerability 'AccessDataWithSASToken' not supported by node 'AzureResourceManager'
INFO: Vulnerability 'NavigateWebDirectoryFurther' not supported by node 'GitHubProject'
INFO: invalid credentials supplied
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'GIT'
INFO: Vulnerability 'NavigateWebDirectoryFurther' not supported by node 'client'
INFO: Infected node 'AzureResourceManager' from 'Website' via HTTPS with credential 'ADPrincipalCreds'
INFO: Owned message: FLAG: Shared credentials with database user - Obtained secrets hidden in Azure Managed Resources
####### rewarded action: {action}
total_reward=263.0 reward=50.0


Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,Website,owned,"[MySql, Ubuntu, nginx/1.10.3]",[CredScanBashHistory],"[ScanPageSource, ScanPageContent]"
2,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
3,AzureResourceManager,owned,[CTFFLAG:LeakedCustomerData2],[],[ListAzureResources]
4,GitHubProject,discovered,,,[CredScanGitHistory]
5,Website.Directory,discovered,,,"[NavigateWebDirectoryFurther, NavigateWebDirec..."
6,Sharepoint,discovered,,,[ScanSharepointParentDirectory]
7,AzureVM,discovered,,,[]


INFO: Vulnerability 'CredScanGitHistory' not supported by node 'client'
INFO: Vulnerability 'ScanPageContent' not supported by node 'AzureResourceManager'
INFO: BLOCKED TRAFFIC: source node 'AzureResourceManager' is blocking outgoing traffic on port 'PING'
INFO: Vulnerability 'ListAzureResources' not supported by node 'AzureStorage'
INFO: Vulnerability 'ListAzureResources' not supported by node 'Website.Directory'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'su'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'PING'
INFO: target node 'GitHubProject' not listening on port 'HTTPS'
INFO: Vulnerability 'NavigateWebDirectoryFurther' not supported by node 'client'
INFO: BLOCKED TRAFFIC: source node 'AzureResourceManager' is blocking outgoing traffic on port 'SSH-key'
INFO: discovered node: Website
INFO: GOT REWARD: Web browser history revealed website URL of interest
INFO: discovered node: Website
INFO: GOT REW

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,Website,owned,"[MySql, Ubuntu, nginx/1.10.3]",[CredScanBashHistory],"[ScanPageSource, ScanPageContent]"
2,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
3,AzureResourceManager,owned,[CTFFLAG:LeakedCustomerData2],[],[ListAzureResources]
4,GitHubProject,discovered,,,[CredScanGitHistory]
5,Website.Directory,discovered,,,"[NavigateWebDirectoryFurther, NavigateWebDirec..."
6,Sharepoint,discovered,,,[ScanSharepointParentDirectory]
7,AzureVM,discovered,,,[]
8,Website[user=monitor],discovered,,,[]


INFO: discovered node: Website[user=monitor]
INFO: discovered credential: CachedCredential(node='Website[user=monitor]', port='SSH', credential='monitorBashCreds')
INFO: GOT REWARD: FLAG: SSH history revealed credentials for the monitoring user (monitor)
INFO: BLOCKED TRAFFIC: source node 'AzureResourceManager' is blocking outgoing traffic on port 'SSH-key'
INFO: Vulnerability 'NavigateWebDirectory' not supported by node 'Website'
INFO: Vulnerability 'ListAzureResources' not supported by node 'AzureStorage'
INFO: Vulnerability 'NavigateWebDirectory' not supported by node 'AzureStorage'
INFO: Vulnerability 'ScanPageSource' not supported by node 'Website[user=monitor]'
INFO: target node 'Website[user=monitor]' not listening on port 'HTTPS'
INFO: BLOCKED TRAFFIC: source node 'AzureStorage' is blocking outgoing traffic on port 'GIT'
INFO: discovered node: Website[user=monitor]
INFO: discovered credential: CachedCredential(node='Website[user=monitor]', port='SSH', credential='monitorBashCre

Unnamed: 0,id,status,properties,local_attacks,remote_attacks
0,client,owned,[],[SearchEdgeHistory],[]
1,Website,owned,"[MySql, Ubuntu, nginx/1.10.3]",[CredScanBashHistory],"[ScanPageSource, ScanPageContent]"
2,AzureStorage,owned,[CTFFLAG:LeakedCustomerData],[],[AccessDataWithSASToken]
3,AzureResourceManager,owned,[CTFFLAG:LeakedCustomerData2],[],[ListAzureResources]
4,GitHubProject,discovered,,,[CredScanGitHistory]
5,Website.Directory,discovered,,,"[NavigateWebDirectoryFurther, NavigateWebDirec..."
6,Sharepoint,discovered,,,[ScanSharepointParentDirectory]
7,AzureVM,discovered,,,[]
8,Website[user=monitor],discovered,,,[]


simulation ended


### End of simulation