-
Notifications
You must be signed in to change notification settings - Fork 428
/
APTSimulator.bat
176 lines (161 loc) · 5.17 KB
/
APTSimulator.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
@ECHO OFF
setlocal EnableDelayedExpansion
color 0C
ECHO.
SET CWD=%~dp0
cd %CWD%
:: Config
SET ZIP=%CWD%\helpers\7z.exe
SET CURL=%CWD%\helpers\curl.exe
:: Encrypted archives
SET TOOLARCH=%CWD%\enc-toolset.7z
SET FILEARCH=%CWD%\enc-files.7z
:: Password
SET PASS=aptsimulator
:: Target directories
SET APTDIR=C:\TMP
SET WWWROOT=C:\inetpub\wwwroot
:: Sleep Interval
SET SINTERVAL=OFF
SET SECONDMAX=300
CLS
ECHO ===========================================================================
ECHO WARNING!
ECHO.
ECHO This program is meant to simulate an APT on the local system by
ECHO distributing traces of typical APT attacks.
ECHO.
ECHO 1.) To get the best results, run it as "Administrator"
ECHO 2.) DO NOT run this script on PRODUCTIVE systems as it drops files
ECHO that may be used by attackers for lateral movement, password dumping
ECHO and other types of manipulations.
ECHO 3.) Create a snapshot of the VM. There is no cleanup routine available.
ECHO 4.) You DO NOT have to deactivate your ANTIVIRUS. Keep it running to see
ECHO that it is useless to detect activities of skilled attackers.
ECHO 5.) DO NOT upload contents of this archive to VIRUSTOTAL or a similar
ECHO online service as they provide backend views in which researchers and
ECHO attackers get access to the uploaded files.
ECHO.
ECHO ===========================================================================
ECHO Let's go ahead ... The next steps will manipulate the local system.
ECHO.
setlocal
if [%1]==[-b] (
SET list="collection" "command-and-control" "credential-access" "defense-evasion" "discovery" "execution" "lateral-movement" "persistence" "privilege-escalation"
goto :batchmode
)
:PROMPT
SET /P AREYOUSURE=Are you sure to proceed (Y/[N])?
IF /I "%AREYOUSURE%" NEQ "Y" GOTO END
GOTO MENU
:SETTINGS
CLS
ECHO ===========================================================================
ECHO Settings
ECHO.
ECHO [Sleep Interval] = "%SINTERVAL%"
ECHO [Maximum Seconds to Wait] = %SECONDMAX%
ECHO.
IF %SINTERVAL%==OFF ECHO [A] Activate a random sleep interval between the test cases
IF %SINTERVAL%==ON ECHO [D] Deactivate a random sleep interval between the test cases
ECHO [S] Set the maximum seconds to wait between test cases (default=300)
ECHO.
ECHO [E] Exit to Menu
ECHO.
SET /P M=Your selection (then press ENTER):
IF %M%==a SET SINTERVAL=ON
IF %M%==A SET SINTERVAL=ON
IF %M%==d SET SINTERVAL=OFF
IF %M%==D SET SINTERVAL=OFF
IF %M%==e GOTO MENU
IF %M%==E GOTO MENU
IF %M%==s GOTO SETMAXSECONDS
IF %M%==S GOTO SETMAXSECONDS
GOTO SETTINGS
:COBALTSTRIKE
call ".\test-sets\cobaltstrike\cobaltstrike-simulation.bat"
PAUSE
GOTO MENU
:SETMAXSECONDS
SET /P M=Set the maximum seconds to wait:
SET SECONDMAX=%M%
GOTO SETTINGS
:AVEXCLUDER
"%ZIP%" e -p%PASS% %TOOLARCH% -aoa -o"%TEMP%" toolset\avexcluder.bat > NUL
call "%TEMP%\avexcluder.bat"
GOTO MENU
:MENU
CLS
color 07
ECHO ===========================================================================
TYPE welcome.txt
ECHO.
ECHO Select the test-set that you want to run:
ECHO.
ECHO [0] RUN EVERY TEST
ECHO [1] Collection
ECHO [2] Command and Control
ECHO [3] Credential Access
ECHO [4] Defense Evasion
ECHO [5] Discovery
ECHO [6] Execution
ECHO [7] Lateral Movement
ECHO [8] Persistence
ECHO [9] Privilege Escalation
ECHO.
ECHO [C] CobaltStrike Beacon Simulation
ECHO.
ECHO [A] Apply AV Exclusions in Registry
ECHO [S] Settings
ECHO [E] Exit
ECHO.
SET /P M=Your selection (then press ENTER):
IF %M%==0 SET list="collection" "command-and-control" "credential-access" "defense-evasion" "discovery" "execution" "lateral-movement" "persistence" "privilege-escalation"
IF %M%==1 SET list="collection"
IF %M%==2 SET list="command-and-control"
IF %M%==3 SET list="credential-access"
IF %M%==4 SET list="defense-evasion"
IF %M%==5 SET list="discovery"
IF %M%==6 SET list="execution"
IF %M%==7 SET list="lateral-movement"
IF %M%==8 SET list="persistence"
IF %M%==9 SET list="privilege-escalation"
IF %M%==C GOTO COBALTSTRIKE
IF %M%==c GOTO COBALTSTRIKE
IF %M%==s GOTO SETTINGS
IF %M%==S GOTO SETTINGS
IF %M%==a GOTO AVEXCLUDER
IF %M%==A GOTO AVEXCLUDER
IF %M%==e GOTO END
IF %M%==E GOTO END
:batchmode
:: Running all test sets
for %%i in (%list%) do (
ECHO.
ECHO ###########################################################################
ECHO RUNNING SET: %%i
ECHO.
for /f "delims=" %%x in ('dir /b /a-d .\test-sets\%%i\*.bat') do (
:: Random wait time
IF %SINTERVAL%==ON (
CALL:RAND %SECONDMAX%
ECHO Waiting !RANDNUM! seconds ...
ping 127.0.0.1 -n !RANDNUM! > nul
)
call ".\test-sets\%%i\%%x"
)
)
ECHO ===========================================================================
ECHO Finished!
ECHO Check for errors and make sure you opened the command line as 'Administrator'
if NOT [%1]==[-b] (
PAUSE
GOTO MENU
:RAND
SET /A RANDNUM=%RANDOM% %%(%1) +1
GOTO:EOF
)
:END
ECHO.
color 07
endlocal