/
Models.cs
295 lines (240 loc) · 8.55 KB
/
Models.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
using System;
using System.Collections.Generic;
using System.Linq;
using System.Management.Automation.Host;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading.Tasks;
namespace PurpleSharp.Lib
{
// Command Line Parameter Model
public class CommandlineParameters
{
public string scout_full_path;
public string simulator_relative_path;
public string remote_host;
public string remote_user;
public string remote_password;
public string domain;
public string techniques;
public string domain_controller;
public int variation;
public int playbook_sleep;
public int task_sleep;
public bool cleanup;
public bool opsec;
public bool verbose;
public string scout_namepipe;
public string simulator_namedpipe;
public string log_filename;
public string scout_action;
public CommandlineParameters()
{
}
public CommandlineParameters(string scout_path, string simulator_path, string rhost, string ruser, string rpwd, string d, string techs, string dc, string sc_action, string scout_np, string simulator_np, string log, int var, int pbsleep, int tsleep, bool cln, bool ops, bool verb)
{
scout_full_path = scout_path;
simulator_relative_path = simulator_path;
remote_host = rhost;
remote_user = ruser;
remote_password = rpwd;
domain = d;
techniques = techs;
domain_controller = dc;
scout_action = sc_action;
scout_namepipe = scout_np;
simulator_namedpipe = simulator_np;
log_filename = log;
variation = var;
playbook_sleep = pbsleep;
task_sleep = tsleep;
cleanup = cln;
opsec = ops;
verbose = verb;
}
}
// Input classes
public class SimulationExercise
{
public string domain { get; set; }
public string username { get; set; }
public string password { get; set; }
public string domain_controller { get; set; }
public int sleep { get; set; }
public string type { get; set; } = "local";
public List<SimulationPlaybook> playbooks { get; set; }
}
public class SimulationPlaybook
{
public string name { get; set; }
public string description { get; set; }
public string scout_full_path { get; set; }
public string simulator_relative_path { get; set; }
public int playbook_sleep { get; set; }
public string remote_host { get; set; }
public string opsec { get; set; } = "ppid";
public bool enabled { get; set; } = true;
public List<PlaybookTask> tasks { get; set; }
public SimulationPlaybook(int pbsleep)
{
playbook_sleep = pbsleep;
}
public SimulationPlaybook()
{
}
}
public class PlaybookTask
{
// Generic variables
public string tactic { get; set; } = "";
public string technique_id { get; set; }
public int variation { get; set; } = 1;
public int task_sleep { get; set; } = 0;
public bool cleanup { get; set; } = true;
// Password Spraying T1110.003
public string protocol { get; set; } = "Kerberos";
public string spray_password { get; set; } = "Passw0rd1";
// User target variables
// User by Password Spraying & Kerberoasting
public int user_target_type { get; set; } = 1;
public int user_target_total { get; set; } = 5;
public string[] user_targets { get; set; }
// Host target variables
public int host_target_type { get; set; } = 1;
public int host_target_total { get; set; } = 5;
public string[] host_targets { get; set; }
// Group Domain Enumeration T1069.002
public string[] groups { get; set; } = { };
// Network Service Scanning
public int[] ports { get; set; } = { 135, 139, 443, 445, 1433, 3306, 3389 };
// Remote Service Creation
public string serviceName { get; set; } ="PurpleSharp Updater";
public string servicePath { get; set; } = @"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe";
// WinRM remote execution and WMI remote execution
public string command { get; set; } = @"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe";
// Creating local and remote scheduled tasks
public string taskName { get; set; } = @"PurpleSharp Updater";
public string taskPath { get; set; } = @"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe";
public PlaybookTask()
{
}
public PlaybookTask(string tech, int var, int t_sleep, bool cl = true)
{
technique_id = tech;
variation = var;
task_sleep = t_sleep;
cleanup = cl;
}
}
// Result classes
public class SimulationExerciseResult
{
public List<SimulationPlaybookResult> playbookresults { get; set; }
}
public class SimulationPlaybookResult
{
public string name { get; set; }
public string host { get; set; }
public string user { get; set; }
public string simprocess { get; set; }
public int simprocessid { get; set; }
public List<PlaybookTaskResult> taskresults { get; set; }
}
public class PlaybookTaskResult
{
public string timestamp { get; set; }
public string technique { get; set; }
//public string host { get; set; }
public bool success { get; set; }
public List<TaskDebugMsg> debugmsgs { get; set; }
}
public class TaskDebugMsg
{
public string msg { get; set; }
}
// ATT&CK Classes
public class NavigatorLayer
{
public string name { get; set; }
public string version { get; set; }
public string domain { get; set; }
public string description { get; set; }
public bool hideDisabled { get; set; }
public NavigatorFilters filters { get; set; }
public List<NavigatorTechnique> techniques { get; set; }
//public Gradient gradient { get; set; }
//public object[] legendItems { get; set; }
//public object[] metadata { get; set; }
//public bool showTacticRowBackground { get; set; }
//public string tacticRowBackground { get; set; }
//public bool selectTechniquesAcrossTactics { get; set; }
}
public class NavigatorFilters
{
public string[] stages { get; set; }
public string[] platforms { get; set; }
}
public class NavigatorGradient
{
public string[] colors { get; set; }
public int minValue { get; set; }
public int maxValue { get; set; }
}
public class NavigatorTechnique
{
public string techniqueID { get; set; }
//public string tactic { get; set; }
public string color { get; set; }
//public string comment { get; set; }
public int score { get; set; }
public bool enabled { get; set; }
//public object[] metadata { get; set; }
}
// Named Pipe Comms Classes
public class SimulationRequest
{
public string header;
public string recon_type;
public SimulationPlaybook playbook;
public SimulationRequest(string hd, string re_type = "", SimulationPlaybook pb = null)
{
header = hd;
recon_type = re_type;
playbook = pb;
}
}
public class SimulationResponse
{
public string header;
public ReconResponse recon_response;
public ScoutResponse scout_response;
public SimulationResponse(string stat, ReconResponse recon_resp = null, ScoutResponse sc_resp = null)
{
header = stat;
recon_response = recon_resp;
scout_response = sc_resp;
}
}
public class ReconResponse
{
public string user;
public string process;
public string process_id;
public string process_integrity;
public ReconResponse(string u, string proc, string proc_id, string proc_int)
{
user = u;
process = proc;
process_id = proc_id;
process_integrity = proc_int;
}
}
public class ScoutResponse
{
public string results;
public ScoutResponse(string res)
{
results = res;
}
}
}