GithubHelp home page GithubHelp logo

splunk / attack_range Goto Github PK

View Code? Open in Web Editor NEW
2.0K 81.0 329.0 56.5 MB

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

License: Apache License 2.0

Python 10.74% HCL 7.02% PowerShell 2.90% Shell 0.05% Dockerfile 0.08% Jinja 79.16% PureBasic 0.05%
attack-range attack-simulation adversary simulation simulations detection lab

attack_range's Introduction

Splunk Attack Range ⚔️

Attack Range Log The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud and local environments, simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections.

Purpose 🛡

The Attack Range is a detection development platform, which solves three main challenges in detection engineering:

  • The user is able to quickly build a small lab infrastructure as close as possible to a production environment.
  • The Attack Range performs attack simulation using different engines such as Atomic Red Team or Caldera in order to generate real attack data.
  • It integrates seamlessly into any Continuous Integration / Continuous Delivery (CI/CD) pipeline to automate the detection rule testing process.

Docs

The Attack Range Documentation can be found here.

Installation 🏗

Using Docker

Attack Range in AWS:

docker pull splunk/attack_range
docker run -it splunk/attack_range
aws configure
python attack_range.py configure

To install directly on Linux, or MacOS follow these instructions.

Architecture 🏯

Logical Diagram

The deployment of Attack Range consists of:

  • Windows Domain Controller
  • Windows Server
  • Windows Workstation
  • A Kali Machine
  • Splunk Server
  • Splunk SOAR Server
  • Nginx Server
  • Linux Server
  • Zeek Server

Which can be added/removed/configured using attack_range.yml.

Logging

The following log sources are collected from the machines:

  • Windows Event Logs (index = win)
  • Sysmon Logs (index = win)
  • Powershell Logs (index = win)
  • Aurora EDR (index = win)
  • Sysmon for Linux Logs (index = unix)
  • Nginx logs (index = proxy)
  • Network Logs with Splunk Stream (index = main)
  • Attack Simulation Logs from Atomic Red Team and Caldera (index = attack)

Running 🏃‍♀️

Attack Range supports different actions:

Configure Attack Range

python attack_range.py configure

Build Attack Range

python attack_range.py build

Packer Attack Range

python attack_range.py packer --image_name windows-2016

Show Attack Range Infrastructure

python attack_range.py show

Perform Attack Simulations with Atomic Red Team or PurpleSharp

python attack_range.py simulate -e ART -te T1003.001 -t ar-win-ar-ar-0

python attack_range.py simulate -e PurpleSharp -te T1003.001 -t ar-win-ar-ar-0

Destroy Attack Range

python attack_range.py destroy

Stop Attack Range

python attack_range.py stop

Resume Attack Range

python attack_range.py resume

Dump Log Data from Attack Range

python attack_range.py dump --file_name attack_data/dump.log --search 'index=win' --earliest 2h

Replay Dumps into Attack Range Splunk Server

python attack_range.py replay --file_name attack_data/dump.log --source test --sourcetype test

Features 💍

  • Splunk Server

    • Indexing of Microsoft Event Logs, PowerShell Logs, Sysmon Logs, DNS Logs, ...
    • Preconfigured with multiple TAs for field extractions
    • Out of the box Splunk detections with Enterprise Security Content Update (ESCU) App
    • Preinstalled Machine Learning Toolkit (MLTK)
    • pre-indexed BOTS datasets
    • Splunk UI available through port 8000 with user admin
    • ssh connection over configured ssh key

  • Splunk Enterprise Security

  • Splunk SOAR

  • Windows Domain Controller & Window Server & Windows 10 Client

    • Can be enabled, disabled and configured over attack_range.yml
    • Collecting of Microsoft Event Logs, PowerShell Logs, Sysmon Logs, DNS Logs, ...
    • Sysmon log collection with customizable Sysmon configuration
    • RDP connection over port 3389 with user Administrator

  • Atomic Red Team

    • Attack Simulation with Atomic Red Team
    • Will be automatically installed on target during first execution of simulate
    • Atomic Red Team already uses the new Mitre sub-techniques

  • PurpleSharp

    • Native adversary simulation support with PurpleSharp
    • Will be automatically downloaded on target during first execution of simulate
    • Supports two parameters -st for comma separated ATT&CK techniques and -sp for a simulation playbook

  • Kali Linux

    • Preconfigured Kali Linux machine for penetration testing
    • ssh connection over configured ssh key

Support 📞

Please use the GitHub issue tracker to submit bugs or request features.

If you have questions or need support, you can:

Contributing 🥰

We welcome feedback and contributions from the community! Please see our contribution guidelines for more information on how to get involved.

Author

Contributors

attack_range's People

Contributors

ajburnell avatar ajpc500 avatar bblacet avatar ccl0utier avatar daveherrald avatar dependabot-preview[bot] avatar dependabot[bot] avatar ghoto avatar gowthamarajr avatar j-c-b avatar jkuepker avatar josehelps avatar jzsplunk avatar ljstella avatar mhaggis avatar mvelazc0 avatar p4t12ick avatar patel-bhavin avatar peter-cg avatar philroyer-phantom avatar pyth0n1c avatar rosplk avatar rushabhs-crest avatar russnolen avatar rvaldez617 avatar splunk-james avatar t-contreras avatar tccontre avatar wilcosec avatar zbraiterman avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

bblacet attackgithub rsfl m00zh33 iraging mmillerxyz materaj2 etsangsplk ashr abramas sgnls g0g0gadget jpressley ramos04 agent00049 lange88 huseyinrencber rajivraj reality9 goryszewskig pricklydevil olafhartong blo0dshe3d gtrunsec p3t3rp4rk3r gooflabs skyroot jermainlaforce i85yl64 jun3p4rk chubbymaggie jonz-secops bertobot pentest-tools shantanu561993 kartikeyap jack51706 thomasmizraji karthikgudodagi-work milanpo bilalesi codeshane ith4cker cybert3ch blue-infosec 5l1v3r1 biometric-pen-test zohorul 5683xc mehediny1 blackvvine peterg75 muzilli mmg1 optionalg h4ckl4bm3 youda313 vivek310 brokenvhs cias pandapentest tmarrazzo cudeso andy-rubica leaderdevops musmansaleem natecrisler rkondracki gplay1 bigbrobro daveherrald ghoto an4kein casimkhan mrkgrcp 3453-315h jem-sec-dev oldsecureiqlab chiranjibagri kelamrani jmj-uy bandobo jkuepker securestep9 mreetyunjaya hollow667 sulaimanzai kseidenschnur hops-af ryanbsaunders jagadeeshvenkatesh andrewrobertsest jorson-chen samsplunks dsotraining morpheusme 0xlyk4n stefan075 dekoder jco1904

attack_range's Issues

Instance Ubuntu 18 (Ubuntu 18.04 LTS) Minimal - no longer available.

The BattlDroid reports the following:

Error: Error launching source instance: OptInRequired: In order to use this AWS Marketplace product you need to accept terms and subscribe. To do so please visit https://aws.amazon.com/marketplace/pp?sku=6l278ltstzlu1yvlpd3h8kdkq status code: 401, request id: 9ed5c5b0-e48f-4f4c-af0d-71dc6302bc6d

When I follow the URL it get the message:
This version has been removed and is no longer available to new customers.

Build error

OS: Fedora 31 5.3.11-300.fc31.x86_64
Vagrant: 2.2.6
VirtualBox: 6.0.14

Followed vagrant/virtualbox configuration page and then tried to build:

python attack_range.py -m vagrant -a build

starting program loaded for B1 battle droid
          ||/__'`.
          |//()'-.:
          |-.||
          |o(o)
          |||\\  .==._
          |||(o)==::'
           `|T  ""
            ()
            |\
            ||\
            ()()
            ||//
            |//
           .'=`=.
    
attack_range is using config at path attack_range.conf
2019-11-26 15:49:22,301 - INFO - attack_range - INIT - attack_range v1
2019-11-26 15:49:22,301 - INFO - attack_range - INIT - Attack Range v1
2019-11-26 15:49:22,303 - INFO - attack_range - [mode] > vagrant
2019-11-26 15:49:22,303 - INFO - attack_range - building splunk-server and windows10 workstation boxes WARNING MAKE SURE YOU HAVE 8GB OF RAM free otherwise you will have a bad time
2019-11-26 15:49:22,304 - INFO - attack_range - [action] > build

Bringing machine 'splunk-server' up with 'virtualbox' provider...
Bringing machine 'win10' up with 'virtualbox' provider...
==> splunk-server: Checking if box 'generic/ubuntu1804' version '2.0.4' is up to date...
==> splunk-server: Running provisioner: ansible...
    splunk-server: Running ansible-playbook...

...........

PLAY RECAP *********************************************************************
splunk-server              : ok=17   changed=0    unreachable=0    failed=0   

==> win10: Checking if box 'd1vious/windows10' version '1.0' is up to date...
Traceback (most recent call last):
  File "attack_range.py", line 452, in <module>
    vagrant_mode(action, log)
  File "attack_range.py", line 163, in vagrant_mode
    v1.up(provision=True)
  File "/home/dauren/projects/attack_range/venv/lib/python3.7/site-packages/vagrant/__init__.py", line 337, in up
    self._call_vagrant_command(args)
  File "/home/dauren/projects/attack_range/venv/lib/python3.7/site-packages/vagrant/__init__.py", line 963, in _call_vagrant_command
    stderr=err_fh, env=self.env)
  File "/usr/lib64/python3.7/subprocess.py", line 363, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/bin/vagrant', 'up', '--provision']' returned non-zero exit status 1.

After downloading the windows box it fails.

PiP crashing out - ubuntu

Hello,
when I run pip install -r requirements.txt I get the following error. After some more reading troubleshooting I know the package that is causing the error is psutil and trying to install older/newer version generates different error messages but smells always like compile errors.

...
Collecting path.py==12.4.0
Collecting zipp==0.6.0
Using cached zipp-0.6.0-py2.py3-none-any.whl (4.1 kB)
Requirement already satisfied: importlib-resources; python_version < "3.7" in ./venv/lib/python3.6/site-packages (from pre-commit ERROR: Command errored out with exit status 1:
ERROR: Command errored out with exit status 1:
command: /home/user/attack_range/venv/bin/python -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-rneywg_0/psutil/setup.py'"'"'; file='"'"'/tmp/pip-install-rneywg_0/psutil/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /tmp/pip-record-1uxg11up/install-record.txt --single-version-externally-managed --compile --install-headers /home/user/attack_range/venv/include/site/python3.6/psutil
cwd: /tmp/pip-install-rneywg_0/psutil/
Complete output (44 lines):
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-3.6
creating build/lib.linux-x86_64-3.6/psutil
copying psutil/_compat.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_pssunos.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_common.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_psaix.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_psosx.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_pswindows.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_psbsd.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_psposix.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_pslinux.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/init.py -> build/lib.linux-x86_64-3.6/psutil
creating build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_process.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_osx.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_windows.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_connections.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_aix.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_bsd.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/runner.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/main.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_linux.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_memory_leaks.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_unicode.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_misc.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_sunos.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_contracts.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_posix.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/init.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_system.py -> build/lib.linux-x86_64-3.6/psutil/tests
running build_ext
building 'psutil._psutil_linux' extension
creating build/temp.linux-x86_64-3.6
creating build/temp.linux-x86_64-3.6/psutil
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=567 -DPSUTIL_LINUX=1 -I/home/user/attack_range/venv/include -I/usr/include/python3.6m -c psutil/_psutil_common.c -o build/temp.linux-x86_64-3.6/psutil/_psutil_common.o
psutil/_psutil_common.c:9:10: fatal error: Python.h: No such file or directory
#include <Python.h>
^~~~~~~~~~
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
----------------------------------------
ERROR: Command errored out with exit status 1: /home/user/attack_range/venv/bin/python -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-rneywg_0/psutil/setup.py'"'"'; file='"'"'/tmp/pip-install-rneywg_0/psutil/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /tmp/pip-record-1uxg11up/install-record.txt --single-version-externally-managed --compile --install-headers /home/user/attack_range/venv/include/site/python3.6/psutil Check the logs for full command output.
WARNING: You are using pip version 20.0.2; however, version 20.1 is available.
You should consider upgrading via the '/home/user/attack_range/venv/bin/python -m pip install --upgrade pip' command.

Error when resuming if instances do not exist

When machines are not created, and resume is called it errors out, with the following message instead of letting the user know there are no known instance available to resume.

└── # python attack_range.py -a resume -m terraform

starting program loaded for B1 battle droid
          ||/__'`.
          |//()'-.:
          |-.||
          |o(o)
          |||\\  .==._
          |||(o)==::'
           `|T  ""
            ()
            |\
            ||\
            ()()
            ||//
            |//
           .'=`=.

attack_range is using config at path attack_range.conf
2020-01-27 11:14:23,585 - INFO - attack_range - INIT - attack_range v1
Traceback (most recent call last):
  File "attack_range.py", line 133, in <module>
    controller.resume()
  File "/Users/jhernandez/splunk/attack_range/modules/TerraformController.py", line 40, in resume
    aws_service.change_ec2_state(instances, 'running', self.log)
  File "/Users/jhernandez/splunk/attack_range/modules/aws_service.py", line 56, in change_ec2_state
    log.error(ec2_name + ' not found as AWS EC2 instance.')
NameError: name 'ec2_name' is not defined

sysmon v11.0 is crashing on vagrant server builds

Looks like sysmon was updated yesterday 4/28/2020 and latest release is crashing in vagrant windows server/domain controller image:

TASK [sysmon : install sysmon with defined config] *****************************
fatal: [attack-range-windows-domain-controller]: FAILED! => {"changed": true, "cmd": "\"c:\\Program Files\\ansible\\sysmon\\sysmon64.exe\" -n -accepteula -i \"c:\\Program Files\\ansible\\SysmonConfig-TSwift.xml\"", "delta": "0:00:00.562545", "end": "2020-04-29 07:35:20.433389", "msg": "non-zero return code", "rc": 3221225477, "start": "2020-04-29 07:35:19.870843", "stderr": "", "stderr_lines": [], "stdout": "\r\nSystem Monitor v11.0 - System activity monitor\r\nCopyright (C) 2014-2020 Mark Russinovich and Thomas Garnier\r\nSysinternals - www.sysinternals.com\r\n\r\n", "stdout_lines": ["", "System Monitor v11.0 - System activity monitor", "Copyright (C) 2014-2020 Mark Russinovich and Thomas Garnier", "Sysinternals - www.sysinternals.com", ""]}
PLAY RECAP *********************************************************************
attack-range-windows-domain-controller : ok=40   changed=34   unreachable=0    failed=1    skipped=2    rescued=0    ignored=0
Traceback (most recent call last):
  File "attack_range.py", line 151, in <module>
    controller.build()
  File "/Users/jhernandez/splunk/attack_range/modules/VagrantController.py", line 54, in build
    v1.up(provision=True)
  File "/Users/jhernandez/splunk/attack_range/venv/lib/python3.7/site-packages/vagrant/__init__.py", line 337, in up
    self._call_vagrant_command(args)
  File "/Users/jhernandez/splunk/attack_range/venv/lib/python3.7/site-packages/vagrant/__init__.py", line 963, in _call_vagrant_command
    stderr=err_fh, env=self.env)
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/subprocess.py", line 347, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/local/bin/vagrant', 'up', '--provision']' returned non-zero exit status 1.

Installation fails - MacOS - Catalina 10.15.3

Hi Guys,

Love the idea behind this project, from my side I get the feeling that there is no enough information as what versions exactly do I need to have of everything for this to run properly. You said in the documentation that this was tested in MacOS and Linux, it would be great to understand exactly what system was this tested on and all the software versions. A quick example of the errors I am getting on the first try.

`(attack_virtual) bash-3.2$ python attack_range.py -m vagrant -a build

  
**attack_range is using config at path attack_range.conf
2020-02-21 18:43:33,412 - INFO - attack_range - INIT - attack_range v1
2020-02-21 18:43:33,418 - INFO - attack_range - [action] > build

Bringing machine 'attack-range-splunk-server' up with 'virtualbox' provider...
Bringing machine 'attack-range-domain-controller' up with 'virtualbox' provider...
==> attack-range-splunk-server: Box 'generic/ubuntu1804' could not be found. Attempting to find and install...
   attack-range-splunk-server: Box Provider: virtualbox
   attack-range-splunk-server: Box Version: >= 0
==> attack-range-splunk-server: Loading metadata for box 'generic/ubuntu1804'
   attack-range-splunk-server: URL: https://vagrantcloud.com/generic/ubuntu1804
==> attack-range-splunk-server: Adding box 'generic/ubuntu1804' (v2.0.6) for provider: virtualbox
   attack-range-splunk-server: Downloading: https://vagrantcloud.com/generic/boxes/ubuntu1804/versions/2.0.6/providers/virtualbox.box
   attack-range-splunk-server: Download redirected to host: vagrantcloud-files-production.s3.amazonaws.com
==> attack-range-splunk-server: Successfully added box 'generic/ubuntu1804' (v2.0.6) for 'virtualbox'!
==> attack-range-splunk-server: Importing base box 'generic/ubuntu1804'...
==> attack-range-splunk-server: Matching MAC address for NAT networking...
==> attack-range-splunk-server: Checking if box 'generic/ubuntu1804' version '2.0.6' is up to date...
==> attack-range-splunk-server: Setting the name of the VM: attack-range-splunk-server
==> attack-range-splunk-server: Clearing any previously set network interfaces...
==> attack-range-splunk-server: Preparing network interfaces based on configuration...
   attack-range-splunk-server: Adapter 1: nat
   attack-range-splunk-server: Adapter 2: hostonly
==> attack-range-splunk-server: Forwarding ports...
   attack-range-splunk-server: 8000 (guest) => 8000 (host) (adapter 1)
   attack-range-splunk-server: 8089 (guest) => 8089 (host) (adapter 1)
   attack-range-splunk-server: 22 (guest) => 2222 (host) (adapter 1)
==> attack-range-splunk-server: Running 'pre-boot' VM customizations...
==> attack-range-splunk-server: Booting VM...
==> attack-range-splunk-server: Waiting for machine to boot. This may take a few minutes...
   attack-range-splunk-server: SSH address: 127.0.0.1:2222
   attack-range-splunk-server: SSH username: vagrant
   attack-range-splunk-server: SSH auth method: private key
   attack-range-splunk-server: 
   attack-range-splunk-server: Vagrant insecure key detected. Vagrant will automatically replace
   attack-range-splunk-server: this with a newly generated keypair for better security.
   attack-range-splunk-server: 
   attack-range-splunk-server: Inserting generated public key within guest...
   attack-range-splunk-server: Removing insecure key from the guest if it's present...
   attack-range-splunk-server: Key inserted! Disconnecting and reconnecting using new SSH key...
==> attack-range-splunk-server: Machine booted and ready!
==> attack-range-splunk-server: Checking for guest additions in VM...
   attack-range-splunk-server: The guest additions on this VM do not match the installed version of
   attack-range-splunk-server: VirtualBox! In most cases this is fine, but in rare cases it can
   attack-range-splunk-server: prevent things such as shared folders from working properly. If you see
   attack-range-splunk-server: shared folder errors, please make sure the guest additions within the
   attack-range-splunk-server: virtual machine match the version of VirtualBox you have installed on
   attack-range-splunk-server: your host and reload your VM.
   attack-range-splunk-server: 
   attack-range-splunk-server: Guest Additions Version: 5.2.32
   attack-range-splunk-server: VirtualBox Version: 6.0
==> attack-range-splunk-server: Setting hostname...
==> attack-range-splunk-server: Configuring and enabling network interfaces...
==> attack-range-splunk-server: Running provisioner: ansible...
   attack-range-splunk-server: Running ansible-playbook...

PLAY [all] *********************************************************************

TASK [search_head : add splunk group] ******************************************
changed: [attack-range-splunk-server]

TASK [search_head : add splunk user] *******************************************
changed: [attack-range-splunk-server]

TASK [search_head : make /opt writetable by splunk] ****************************
changed: [attack-range-splunk-server]

TASK [search_head : checking if splunk is install] *****************************
ok: [attack-range-splunk-server]

TASK [search_head : is splunk installed?] **************************************
skipping: [attack-range-splunk-server]

TASK [search_head : download splunk] *******************************************
fatal: [attack-range-splunk-server]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Shared connection to 127.0.0.1 closed.", "unreachable": true}

PLAY RECAP *********************************************************************
attack-range-splunk-server : ok=4    changed=3    unreachable=1    failed=0    skipped=1    rescued=0    ignored=0   

Traceback (most recent call last):
 File "attack_range.py", line 134, in <module>
   controller.build()
 File "/Users/federico/Downloads/attack_range/modules/VagrantController.py", line 47, in build
   v1.up(provision=True)
 File "/Users/federico/Downloads/attack_range/attack_virtual/lib/python3.7/site-packages/vagrant/__init__.py", line 337, in up
   self._call_vagrant_command(args)
 File "/Users/federico/Downloads/attack_range/attack_virtual/lib/python3.7/site-packages/vagrant/__init__.py", line 963, in _call_vagrant_command
   stderr=err_fh, env=self.env)
 File "/usr/local/Cellar/python/3.7.6_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/subprocess.py", line 363, in check_call
   raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/local/bin/vagrant', 'up', '--provision']' returned non-zero exit status 1.
(attack_virtual) bash-3.2$** 
`

http timeout error on successful build

I am just doing a normal build from a fresh repo clone:
python attack_range.py -m terraform -a build

It all seems to work, with the last log messages being:

module.windows-domain-controller.aws_instance.windows_domain_controller[0]: Still creating... [4m50s elapsed]
module.windows-domain-controller.aws_instance.windows_domain_controller[0]: Still creating... [5m0s elapsed]
module.windows-domain-controller.aws_instance.windows_domain_controller[0] (remote-exec): Connecting to remote host via WinRM...
module.windows-domain-controller.aws_instance.windows_domain_controller[0] (remote-exec):   Host: 54.200.187.214
module.windows-domain-controller.aws_instance.windows_domain_controller[0] (remote-exec):   Port: 5986
module.windows-domain-controller.aws_instance.windows_domain_controller[0] (remote-exec):   User: Administrator
module.windows-domain-controller.aws_instance.windows_domain_controller[0] (remote-exec):   Password: true
module.windows-domain-controller.aws_instance.windows_domain_controller[0] (remote-exec):   HTTPS: true
module.windows-domain-controller.aws_instance.windows_domain_controller[0] (remote-exec):   Insecure: true
module.windows-domain-controller.aws_instance.windows_domain_controller[0] (remote-exec):   NTLM: false
module.windows-domain-controller.aws_instance.windows_domain_controller[0] (remote-exec):   CACert: false
module.windows-domain-controller.aws_instance.windows_domain_controller[0]: Still creating... [5m10s elapsed]
module.windows-domain-controller.aws_instance.windows_domain_controller[0]: Still creating... [5m20s elapsed]

However there is an error at the end that seems to be a non-fatal failure:
Error: timeout - last error: http response error: 401 - invalid content type

I don't know which step that is from, or what the HTTP request is.

This is on the following commit:

Merge: 562115e 715f8c6
Author: P4T12ICK <[email protected]>
Date:   Fri Jan 24 15:43:28 2020 -0800

    Merge pull request #202 from splunk/kali-ami-change
    
    fix broken kali ami search```

Terraform Build failure `Error: Failure associating EIP: InvalidParameterCombination` 

module.splunk-server.aws_eip.splunk_ip[0]: Creation complete after 1s [id=eipalloc-0fb8481bd846e51bd]
Error: Failure associating EIP: InvalidParameterCombination: You must specify an allocation id when mapping an address to a VPC instance
	status code: 400, request id: 7850d43a-38b9-4c26-9e06-4ee93f5a2f81
 on modules/windows-domain-controller/resources.tf line 59, in resource "aws_eip" "windows_server_ip":
 59: resource "aws_eip" "windows_server_ip" {

adding vpc=true seemed to have fixed it..found suggestion on: https://stackoverflow.com/questions/44118175/failure-associating-eip-invalidparametercombination-you-must-specify-an-alloca

failed install

Hi,

I am running 64-bit Windows 10 Pro and having issues during the install process. I am using;

  • VirtualBox-6.0.14-133895-Win
  • vagrant_2.2.6_x86_64
  • python-3.8.0
    Successfully activated venv but when I run pip install -r requirements.txt, this errors out with the below. I have tried in cmd and ps with the same result. Wondering if you have come across this before.

VENV_PROMPT__C:\Users\DS\Documents\GitHub\attack_range>pip install -r requirements.txt
Collecting ansible==2.7.12
Using cached https://files.pythonhosted.org/packages/0a/ad/7c05268f24c9a9234a6a10c6b96271ac7b71fcac3e6ab6955dcc7761bcc3/ansible-2.7.12.tar.gz
Collecting ansible-runner==1.4.4
Using cached https://files.pythonhosted.org/packages/ac/e0/e475d8b5c185b64821158075943c1168db5b9fc59a47cd4dab6696e5a1ed/ansible_runner-1.4.4-py2.py3-none-any.whl
Collecting apipkg==1.5
Using cached https://files.pythonhosted.org/packages/67/08/4815a09603fc800209431bec5b8bd2acf2f95abdfb558a44a42507fb94da/apipkg-1.5-py2.py3-none-any.whl
Collecting atomicwrites==1.3.0
Using cached https://files.pythonhosted.org/packages/52/90/6155aa926f43f2b2a22b01be7241be3bfd1ceaf7d0b3267213e8127d41f4/atomicwrites-1.3.0-py2.py3-none-any.whl
Collecting attrs==19.3.0
Using cached https://files.pythonhosted.org/packages/a2/db/4313ab3be961f7a763066401fb77f7748373b6094076ae2bda2806988af6/attrs-19.3.0-py2.py3-none-any.whl
Requirement already satisfied: bcrypt==3.1.7 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 6)) (3.1.7)
Collecting boto3==1.10.20
Using cached https://files.pythonhosted.org/packages/67/66/1a448eb2fe88120b3c05caf27baad0f659205f3bb7c9f8633d9ecf7384b4/boto3-1.10.20-py2.py3-none-any.whl
Collecting botocore==1.13.20
Using cached https://files.pythonhosted.org/packages/e6/bf/1be397fc65d6b8cfaa400fdc855bf381a73183d8bada8e3775b0e036a7cd/botocore-1.13.20-py2.py3-none-any.whl
Collecting certifi==2019.9.11
Using cached https://files.pythonhosted.org/packages/18/b0/8146a4f8dd402f60744fa380bc73ca47303cccf8b9190fd16a827281eac2/certifi-2019.9.11-py2.py3-none-any.whl
Requirement already satisfied: cffi==1.13.2 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 10)) (1.13.2)
Collecting chardet==3.0.4
Using cached https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl
Collecting configparser==4.0.2
Using cached https://files.pythonhosted.org/packages/7a/2a/95ed0501cf5d8709490b1d3a3f9b5cf340da6c433f896bbe9ce08dbe6785/configparser-4.0.2-py2.py3-none-any.whl
Collecting contextlib2==0.6.0.post1
Using cached https://files.pythonhosted.org/packages/85/60/370352f7ef6aa96c52fb001831622f50f923c1d575427d021b8ab3311236/contextlib2-0.6.0.post1-py2.py3-none-any.whl
Requirement already satisfied: cryptography==2.8 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 14)) (2.8)
Collecting docutils==0.15.2
Using cached https://files.pythonhosted.org/packages/22/cd/a6aa959dca619918ccb55023b4cb151949c64d4d5d55b3f4ffd7eee0c6e8/docutils-0.15.2-py3-none-any.whl
Collecting execnet==1.7.1
Using cached https://files.pythonhosted.org/packages/d3/2e/c63af07fa471e0a02d05793c7a56a9f7d274a8489442a5dc4fb3b2b3c705/execnet-1.7.1-py2.py3-none-any.whl
Collecting idna==2.8
Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
Collecting importlib-metadata==0.23
Using cached https://files.pythonhosted.org/packages/f6/d2/40b3fa882147719744e6aa50ac39cf7a22a913cbcba86a0371176c425a3b/importlib_metadata-0.23-py2.py3-none-any.whl
Requirement already satisfied: Jinja2==2.10.3 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 19)) (2.10.3)
Collecting jmespath==0.9.4
Using cached https://files.pythonhosted.org/packages/83/94/7179c3832a6d45b266ddb2aac329e101367fbdb11f425f13771d27f225bb/jmespath-0.9.4-py2.py3-none-any.whl
Collecting lockfile==0.12.2
Using cached https://files.pythonhosted.org/packages/c8/22/9460e311f340cb62d26a38c419b1381b8593b0bb6b5d1f056938b086d362/lockfile-0.12.2-py2.py3-none-any.whl
Requirement already satisfied: MarkupSafe==1.1.1 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 22)) (1.1.1)
Collecting mock==3.0.5
Using cached https://files.pythonhosted.org/packages/05/d2/f94e68be6b17f46d2c353564da56e6fb89ef09faeeff3313a046cb810ca9/mock-3.0.5-py2.py3-none-any.whl
Collecting more-itertools==7.2.0
Using cached https://files.pythonhosted.org/packages/45/dc/3241eef99eb45f1def35cf93af35d1cf9ef4c0991792583b8f33ea41b092/more_itertools-7.2.0-py3-none-any.whl
Collecting ntlm-auth==1.4.0
Using cached https://files.pythonhosted.org/packages/50/09/5e397eb18685b14fd8b209e26cdb4fa6451c82c1bcc651fef05fa73e7b27/ntlm_auth-1.4.0-py2.py3-none-any.whl
Collecting packaging==19.2
Using cached https://files.pythonhosted.org/packages/cf/94/9672c2d4b126e74c4496c6b3c58a8b51d6419267be9e70660ba23374c875/packaging-19.2-py2.py3-none-any.whl
Requirement already satisfied: paramiko==2.6.0 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 27)) (2.6.0)
Collecting path.py==12.0.1
Using cached https://files.pythonhosted.org/packages/40/62/1464f08672cac67e529967ba83b46f38da5d0ca48ac1ce2a9e7d7680ea10/path.py-12.0.1-py3-none-any.whl
Collecting pexpect==4.7.0
Using cached https://files.pythonhosted.org/packages/0e/3e/377007e3f36ec42f1b84ec322ee12141a9e10d808312e5738f52f80a232c/pexpect-4.7.0-py2.py3-none-any.whl
Collecting pluggy==0.13.1
Using cached https://files.pythonhosted.org/packages/a0/28/85c7aa31b80d150b772fbe4a229487bc6644da9ccb7e427dd8cc60cb8a62/pluggy-0.13.1-py2.py3-none-any.whl
Collecting psutil==5.6.5
Using cached https://files.pythonhosted.org/packages/03/94/e4ee514cfbc4cca176fcc6b4b1118a724848b570941e90f0b98a9bd234e1/psutil-5.6.5-cp38-cp38-win32.whl
Collecting ptyprocess==0.6.0
Using cached https://files.pythonhosted.org/packages/d1/29/605c2cc68a9992d18dada28206eeada56ea4bd07a239669da41674648b6f/ptyprocess-0.6.0-py2.py3-none-any.whl
Collecting py==1.8.0
Using cached https://files.pythonhosted.org/packages/76/bc/394ad449851729244a97857ee14d7cba61ddb268dce3db538ba2f2ba1f0f/py-1.8.0-py2.py3-none-any.whl
Requirement already satisfied: pycparser==2.19 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 34)) (2.19)
Requirement already satisfied: PyNaCl==1.3.0 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 35)) (1.3.0)
Collecting pyparsing==2.4.5
Using cached https://files.pythonhosted.org/packages/c0/0c/fc2e007d9a992d997f04a80125b0f183da7fb554f1de701bbb70a8e7d479/pyparsing-2.4.5-py2.py3-none-any.whl
Collecting pytest==5.3.0
Using cached https://files.pythonhosted.org/packages/30/c5/cf0d56d9e0458f66cfef10bc74b375597c34e53e522e23e817673e83f1b9/pytest-5.3.0-py3-none-any.whl
Collecting python-daemon==2.2.4
Using cached https://files.pythonhosted.org/packages/5a/0c/57f15b1572661877ff1acbe66c2f5be9d999ae5fb128e22933d374f62aa1/python_daemon-2.2.4-py2.py3-none-any.whl
Collecting python-dateutil==2.8.0
Using cached https://files.pythonhosted.org/packages/41/17/c62faccbfbd163c7f57f3844689e3a78bae1f403648a6afb1d0866d87fbb/python_dateutil-2.8.0-py2.py3-none-any.whl
Collecting python-terraform==0.10.1
Using cached https://files.pythonhosted.org/packages/60/a2/10fa8a5d79096f96f0a1b9917fe3038b453e40b39cc22e07410a365f2dc3/python-terraform-0.10.1.tar.gz
Collecting python-vagrant==0.5.15
Using cached https://files.pythonhosted.org/packages/bb/c6/0a6d22ae1782f261fc4274ea9385b85bf792129d7126575ec2a71d8aea18/python-vagrant-0.5.15.tar.gz
Collecting pywinrm==0.3.0
Using cached https://files.pythonhosted.org/packages/0d/12/13a3117bbd2230043aa32dcfa2198c33269665eaa1a8fa26174ce49b338f/pywinrm-0.3.0-py2.py3-none-any.whl
Requirement already satisfied: PyYAML==5.1.2 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 43)) (5.1.2)
Collecting requests==2.22.0
Using cached https://files.pythonhosted.org/packages/51/bd/23c926cd341ea6b7dd0b2a00aba99ae0f828be89d72b2190f27c11d4b7fb/requests-2.22.0-py2.py3-none-any.whl
Collecting requests-ntlm==1.1.0
Using cached https://files.pythonhosted.org/packages/03/4b/8b9a1afde8072c4d5710d9fa91433d504325821b038e00237dc8d6d833dc/requests_ntlm-1.1.0-py2.py3-none-any.whl
Collecting s3transfer==0.2.1
Using cached https://files.pythonhosted.org/packages/16/8a/1fc3dba0c4923c2a76e1ff0d52b305c44606da63f718d14d3231e21c51b0/s3transfer-0.2.1-py2.py3-none-any.whl
Requirement already satisfied: six==1.12.0 in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from -r requirements.txt (line 47)) (1.12.0)
Collecting tabulate==0.8.6
Using cached https://files.pythonhosted.org/packages/c4/41/523f6a05e6dc3329a5660f6a81254c6cd87e5cfb5b7482bae3391d86ec3a/tabulate-0.8.6.tar.gz
Collecting termcolor==1.1.0
Using cached https://files.pythonhosted.org/packages/8a/48/a76be51647d0eb9f10e2a4511bf3ffb8cc1e6b14e9e4fab46173aa79f981/termcolor-1.1.0.tar.gz
Collecting urllib3==1.25.7
Using cached https://files.pythonhosted.org/packages/b4/40/a9837291310ee1ccc242ceb6ebfd9eb21539649f193a7c8c86ba15b98539/urllib3-1.25.7-py2.py3-none-any.whl
Collecting wcwidth==0.1.7
Using cached https://files.pythonhosted.org/packages/7e/9f/526a6947247599b084ee5232e4f9190a38f398d7300d866af3ab571a5bfe/wcwidth-0.1.7-py2.py3-none-any.whl
Collecting wget==3.2
Using cached https://files.pythonhosted.org/packages/47/6a/62e288da7bcda82b935ff0c6cfe542970f04e29c756b0e147251b2fb251f/wget-3.2.zip
Collecting xmltodict==0.12.0
Using cached https://files.pythonhosted.org/packages/28/fd/30d5c1d3ac29ce229f6bdc40bbc20b28f716e8b363140c26eff19122d8a5/xmltodict-0.12.0-py2.py3-none-any.whl
Collecting zipp==0.6.0
Using cached https://files.pythonhosted.org/packages/74/3d/1ee25a26411ba0401b43c6376d2316a71addcc72ef8690b101b4ea56d76a/zipp-0.6.0-py2.py3-none-any.whl
Requirement already satisfied: setuptools in c:\users\ds\appdata\local\programs\python\python38-32\lib\site-packages (from ansible==2.7.12->-r requirements.txt (line 1)) (41.2.0)
Collecting colorama; sys_platform == "win32"
Using cached https://files.pythonhosted.org/packages/c9/dc/45cdef1b4d119eb96316b3117e6d5708a08029992b2fee2c143c7a0a5cc5/colorama-0.4.3-py2.py3-none-any.whl
Installing collected packages: ansible, psutil, lockfile, docutils, python-daemon, ptyprocess, pexpect, ansible-runner, apipkg, atomicwrites, attrs, jmespath, python-dateutil, urllib3, botocore, s3transfer, boto3, certifi, chardet, configparser, contextlib2, execnet, idna, more-itertools, zipp, importlib-metadata, mock, ntlm-auth, pyparsing, packaging, path.py, pluggy, py, colorama, wcwidth, pytest, python-terraform, python-vagrant, requests, requests-ntlm, xmltodict, pywinrm, tabulate, termcolor, wget
Running setup.py install for ansible ... error
ERROR: Command errored out with exit status 1:
command: 'c:\users\ds\appdata\local\programs\python\python38-32\python.exe' -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'C:\Users\DS\AppData\Local\Temp\pip-install-mlmfbyj8\ansible\setup.py'"'"'; file='"'"'C:\Users\DS\AppData\Local\Temp\pip-install-mlmfbyj8\ansible\setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record 'C:\Users\DS\AppData\Local\Temp\pip-record-4gs2h9sv\install-record.txt' --single-version-externally-managed --compile
cwd: C:\Users\DS\AppData\Local\Temp\pip-install-mlmfbyj8\ansible
Complete output (57 lines):
running install
running build
running build_py
creating build
creating build\lib
creating build\lib\ansible
copying lib\ansible\constants.py -> build\lib\ansible
copying lib\ansible\release.py -> build\lib\ansible
copying lib\ansible_init.py -> build\lib\ansible
creating build\lib\ansible\cli
copying lib\ansible\cli\adhoc.py -> build\lib\ansible\cli
copying lib\ansible\cli\config.py -> build\lib\ansible\cli
copying lib\ansible\cli\console.py -> build\lib\ansible\cli
copying lib\ansible\cli\doc.py -> build\lib\ansible\cli
copying lib\ansible\cli\galaxy.py -> build\lib\ansible\cli
copying lib\ansible\cli\inventory.py -> build\lib\ansible\cli
copying lib\ansible\cli\playbook.py -> build\lib\ansible\cli
copying lib\ansible\cli\pull.py -> build\lib\ansible\cli
copying lib\ansible\cli\vault.py -> build\lib\ansible\cli
copying lib\ansible\cli_init.py -> build\lib\ansible\cli
creating build\lib\ansible\compat
copying lib\ansible\compat_init_.py -> build\lib\ansible\compat
creating build\lib\ansible\config
copying lib\ansible\config\data.py -> build\lib\ansible\config
copying lib\ansible\config\manager.py -> build\lib\ansible\config
copying lib\ansible\config_init_.py -> build\lib\ansible\config
creating build\lib\ansible\errors
copying lib\ansible\errors\yaml_strings.py -> build\lib\ansible\errors
copying lib\ansible\errors_init_.py -> build\lib\ansible\errors
creating build\lib\ansible\executor
copying lib\ansible\executor\action_write_locks.py -> build\lib\ansible\executor
copying lib\ansible\executor\module_common.py -> build\lib\ansible\executor
copying lib\ansible\executor\playbook_executor.py -> build\lib\ansible\executor
copying lib\ansible\executor\play_iterator.py -> build\lib\ansible\executor
copying lib\ansible\executor\stats.py -> build\lib\ansible\executor
copying lib\ansible\executor\task_executor.py -> build\lib\ansible\executor
copying lib\ansible\executor\task_queue_manager.py -> build\lib\ansible\executor
copying lib\ansible\executor\task_result.py -> build\lib\ansible\executor
copying lib\ansible\executor_init_.py -> build\lib\ansible\executor
creating build\lib\ansible\galaxy
copying lib\ansible\galaxy\api.py -> build\lib\ansible\galaxy
copying lib\ansible\galaxy\login.py -> build\lib\ansible\galaxy
copying lib\ansible\galaxy\role.py -> build\lib\ansible\galaxy
copying lib\ansible\galaxy\token.py -> build\lib\ansible\galaxy
copying lib\ansible\galaxy_init_.py -> build\lib\ansible\galaxy
creating build\lib\ansible\inventory
copying lib\ansible\inventory\data.py -> build\lib\ansible\inventory
copying lib\ansible\inventory\group.py -> build\lib\ansible\inventory
copying lib\ansible\inventory\helpers.py -> build\lib\ansible\inventory
copying lib\ansible\inventory\host.py -> build\lib\ansible\inventory
copying lib\ansible\inventory\manager.py -> build\lib\ansible\inventory
copying lib\ansible\inventory_init_.py -> build\lib\ansible\inventory
creating build\lib\ansible\modules
copying lib\ansible\modules_init_.py -> build\lib\ansible\modules
creating build\lib\ansible\module_utils
copying lib\ansible\module_utils\acme.py -> build\lib\ansible\module_utils
error: can't copy 'lib\ansible\module_utils\ansible_release.py': doesn't exist or not a regular file
----------------------------------------
ERROR: Command errored out with exit status 1: 'c:\users\ds\appdata\local\programs\python\python38-32\python.exe' -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'C:\Users\DS\AppData\Local\Temp\pip-install-mlmfbyj8\ansible\setup.py'"'"'; file='"'"'C:\Users\DS\AppData\Local\Temp\pip-install-mlmfbyj8\ansible\setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record 'C:\Users\DS\AppData\Local\Temp\pip-record-4gs2h9sv\install-record.txt' --single-version-externally-managed --compile Check the logs for full command output.

Thanks for any pointers to fix this.

Dependabot couldn't find a Pipfile for this project

Dependabot couldn't find a Pipfile for this project.

Dependabot requires a Pipfile to evaluate your project's current Python dependencies. It had expected to find one at the path: /requirements.txt/Pipfile.

If this isn't a Python project, or if it is a library, you may wish to disable updates for it in the .dependabot/config.yml file in this repo.

View the update logs.

Failure to change hostname for domain controller.

Hello, I'm getting an exception error when running the python vagrant build. The following is the error I get for the Windows Domain Controller:

TASK [windows_common : Change the hostname] ************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: winrm.exceptions.InvalidCredentialsError: the specified credentials were rejected by the server
fatal: [attack-range-domain-controller]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""}

PLAY RECAP *********************************************************************
attack-range-domain-controller : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

Traceback (most recent call last):
  File "attack_range.py", line 134, in <module>
    controller.build()
  File "/root/attack_range/modules/VagrantController.py", line 47, in build
    v1.up(provision=True)
  File "/root/attack_range/venv/lib/python3.6/site-packages/vagrant/__init__.py", line 337, in up
    self._call_vagrant_command(args)
  File "/root/attack_range/venv/lib/python3.6/site-packages/vagrant/__init__.py", line 963, in _call_vagrant_command
    stderr=err_fh, env=self.env)
  File "/usr/lib/python3.6/subprocess.py", line 311, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/root/attack_range/venv/bin/vagrant', 'up', '--provision']' returned non-zero exit status 1.

Vagrant unable to SSH to Kali

Hello, after running the build script, and it failing multiple times to bring up different machines, I ended up doing vagrant up manually for every machine. When I got to the Kali machine, it seems that it is able to bring it up, but for some reason the machine has two ethernet interfaces eth0 and eth1. Vagrant is assigning eth0 the 10.0.1.8 IP address, however, it is unable to reach the 10.0.1.1 gateway. If i shut that interface down, and bring up eth1 with 10.0.1.8 IP, it is reachable, however, Vagrant seems to be mapping the SSH address to adapter 1 (likely eth0), and eventually ends up timing out during the connection. I am not entirely sure what to change in Vagrant to provide the correct IP address. Any recommendations?

Problem with Caldera and the Operations function

I'm having a problem with Operations in caldera. I have made sure that there is an agent running on the machine and that the desired adversary contains a few different tactics. But when I try to run the Operation no tactics are added and Caldera ends up not running anything. Is there a problem with the version of Caldera since it says "no version" in the top right corner, or am I doing something wrong?
image

Feature Request: List support OS

As I was having problems installing the attack_range on my Win10 host, I started googling the errors I was having and it appears that ansible is not supported on Win10 (or any windows).

If that is true, it would have helped to have a list of supported OS on the wiki.

OTOH, if this SHOULD install on a Win10 host, here is the error I get when I run the last part of the install command (this is inside the virtual environment): py -m pip install -r .\requirements.txt


    error: can't copy 'lib\ansible\module_utils\ansible_release.py': doesn't exist or not a regular file

    ----------------------------------------
Command "E:\splunk-attack\attack_range\env\Scripts\python.exe -u -c "import setuptools, tokenize;__file__='C:\\Users\\craig\\AppData\\Local\\Temp\\pip-install-2t1iwkn0\\ansible\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record C:\Users\craig\AppData\Local\Temp\pip-record-phwa7rjy\install-record.txt --single-version-externally-managed --compile --install-headers E:\splunk-attack\attack_range\env\include\site\python3.7\ansible" failed with error code 1 in C:\Users\craig\AppData\Local\Temp\pip-install-2t1iwkn0\ansible\

I get the same error when I try to install outside the virtual environment.

There were some suggested solutions I found:
https://stackoverflow.com/questions/51167099/installing-ansible-python-package-on-windows
Uses Docker

https://stackoverflow.com/questions/48694085/how-to-overcome-pip-install-ansible-on-windows-failing-with-filename-or-extens
ansible does not appear to publish .whl files anymore.

https://www.jeffgeerling.com/blog/2017/using-ansible-through-windows-10s-subsystem-linux
getting ready to try this.

subprocess error while booting up

(venv) root@ubuntu:~/attack_range# python3 attack_range.py -m vagrant -a build

starting program loaded for B1 battle droid
||/__'. |//()'-.: |-.|| |o(o) |||\\ .==._ |||(o)==::' |T ""
()
|
||
()()
||//
|//
.'=`=.

attack_range is using config at path attack_range.conf
2020-04-13 14:26:58,394 - INFO - attack_range - INIT - attack_range v1
2020-04-13 14:26:58,401 - INFO - attack_range - [action] > build

Bringing machine 'attack-range-splunk-server' up with 'virtualbox' provider...
Bringing machine 'attack-range-windows-domain-controller' up with 'virtualbox' provider...
==> attack-range-splunk-server: Checking if box 'generic/ubuntu1804' version '2.0.6' is up to date...
==> attack-range-splunk-server: Clearing any previously set forwarded ports...
==> attack-range-splunk-server: Vagrant has detected a configuration issue which exposes a
==> attack-range-splunk-server: vulnerability with the installed version of VirtualBox. The
==> attack-range-splunk-server: current guest is configured to use an E1000 NIC type for a
==> attack-range-splunk-server: network adapter which is vulnerable in this version of VirtualBox.
==> attack-range-splunk-server: Ensure the guest is trusted to use this configuration or update
==> attack-range-splunk-server: the NIC type using one of the methods below:
==> attack-range-splunk-server:
==> attack-range-splunk-server: https://www.vagrantup.com/docs/virtualbox/configuration.html#default-nic-type
==> attack-range-splunk-server: https://www.vagrantup.com/docs/virtualbox/networking.html#virtualbox-nic-type
==> attack-range-splunk-server: Clearing any previously set network interfaces...
==> attack-range-splunk-server: Preparing network interfaces based on configuration...
attack-range-splunk-server: Adapter 1: nat
attack-range-splunk-server: Adapter 2: hostonly
==> attack-range-splunk-server: Forwarding ports...
attack-range-splunk-server: 8000 (guest) => 8000 (host) (adapter 1)
attack-range-splunk-server: 8089 (guest) => 8089 (host) (adapter 1)
attack-range-splunk-server: 22 (guest) => 2222 (host) (adapter 1)
==> attack-range-splunk-server: Running 'pre-boot' VM customizations...
==> attack-range-splunk-server: Booting VM...
Traceback (most recent call last):
File "attack_range.py", line 145, in
controller.build()
File "/root/attack_range/modules/VagrantController.py", line 54, in build
v1.up(provision=True)
File "/root/attack_range/venv/lib/python3.5/site-packages/vagrant/init.py", line 337, in up
self._call_vagrant_command(args)
File "/root/attack_range/venv/lib/python3.5/site-packages/vagrant/init.py", line 963, in _call_vagrant_command
stderr=err_fh, env=self.env)
File "/usr/lib/python3.5/subprocess.py", line 581, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/bin/vagrant', 'up', '--provision']' returned non-zero exit status 1

I am using ubuntu vm as base machine .i tried to update & upgrade but no output.plz help me out

Feature request: add configurable timeout delays exiting failed atomic red team tests

One of the atomic red team tests seems to take upwards of 30 minutes to terminate in my testing. Not necessarily an issue but just want to make a feature request on maybe being able to configure in attack.conf the length of time we wait until we time out the state of the test (if thats even possible). Timestamps show beginning and end of execution of T1071 in my local testing:

Start: 2020-02-04 14:49:35
Finish: 2020-02-04 15:21:35

python attack_range.py -m terraform -a simulate -st T1071 -t attack-range-windows-domain-controller

`2020-02-04 14:49:35,618 - INFO - attack_range - INIT - attack_range v1

PLAY [all] *********************************************************************

TASK [atomic_red_team : Check we have installed Atomic Red Team] ***************
ok: [44.228.118.166]

TASK [atomic_red_team : Copy Atomic Red Team PS module] ************************
changed: [44.228.118.166]

TASK [atomic_red_team : Install Atomic Red Team PS Module] *********************
changed: [44.228.118.166]

TASK [atomic_red_team : Clean up before execution C:\Windows\Temp] *************
changed: [44.228.118.166]

TASK [atomic_red_team : Recreate C:\Windows\Temp before execution] *************
changed: [44.228.118.166]

TASK [atomic_red_team : set_fact] **********************************************
ok: [44.228.118.166]

TASK [atomic_red_team : Run Techniques] ****************************************
ok: [44.228.118.166] => {
"techniques": [
"T1071"
]
}

TASK [atomic_red_team : Make Atomic Red Team Execution Directory] **************
changed: [44.228.118.166]

TASK [atomic_red_team : Run all Atomic Red Team Tests] *************************
skipping: [44.228.118.166]

TASK [atomic_red_team : Run specified Atomic Red Team Technique] ***************
changed: [44.228.118.166] => (item=T1071)

TASK [atomic_red_team : Check Execution Log File] ******************************
ok: [44.228.118.166]

TASK [atomic_red_team : Save Log File] *****************************************
changed: [44.228.118.166]

TASK [atomic_red_team : Clean up processes] ************************************
changed: [44.228.118.166]

TASK [atomic_red_team : Clean up after execution] ******************************
changed: [44.228.118.166]

PLAY RECAP *********************************************************************
44.228.118.166 : ok=13 changed=9 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0

2020-02-04 15:21:35,465 - INFO - attack_range - successfully executed technique ID T1071 against target: attack-range-windows-domain-controller`

Ansible Failure: ESCU REST API Installation Failure

Just pulled down the latest from attack_range and attempt to run a generic build using the build action and got stopped on ECSU app installation through the REST API since there was a connection refused for the splunk instanced installed on the VM. I enabled boot-on-start for splunk and restart through the ansible roles but that didn't seem to resolve the installation issue 😅.
Any suggestions for a fix?
Thanks!
debug.log

Ansible vars error

=> win10: Running provisioner: ansible...
win10: Running ansible-playbook...
ERROR! vars file ../vars/vars.yml was not found on the Ansible Controller.
If you are using a module and expect the file to exist on the remote, see the remote_src option
Traceback (most recent call last):
File "attack_range.py", line 179, in
v1.up(provision=True)
File "/Users/rsoto/attack_range/venv/lib/python3.7/site-packages/vagrant/init.py", line 337, in up
self._call_vagrant_command(args)
File "/Users/rsoto/attack_range/venv/lib/python3.7/site-packages/vagrant/init.py", line 963, in _call_vagrant_command
stderr=err_fh, env=self.env)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/subprocess.py", line 347, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/local/bin/vagrant', 'up', '--provision']' returned non-zero exit status 1.

Ansible failure: inconsistent

While building the range, ansible fails inconsistently. Not exactly sure what the issue is or what's the cause. Adding the complete data dump below
`(venv) ⚙ bpatel@bpatel-mbp-6bfc0  ~/github/attack_range   macros ●  python attack_range.py -m terraform -a build

starting program loaded for B1 battle droid
||/__'. |//()'-.: |-.|| |o(o) |||\\ .==._ |||(o)==::' |T ""
()
|
||
()()
||//
|//
.'=`=.

attack_range is using config at path attack_range.conf
2019-12-05 16:21:52,437 - INFO - attack_range - INIT - attack_range v1
2019-12-05 16:21:52,440 - INFO - attack_range - [mode] > terraform
2019-12-05 16:21:52,441 - INFO - attack_range - [action] > build

aws_ebs_volume.win2016_volume: Creating...
aws_vpc.default: Creating...
aws_vpc.default: Creation complete after 2s [id=vpc-0ab6627a2b46a01fc]
aws_internet_gateway.default: Creating...
aws_security_group.default: Creating...
aws_internet_gateway.default: Creation complete after 1s [id=igw-051a2e0a928c7d495]
aws_subnet.default[0]: Creating...
aws_subnet.default[2]: Creating...
aws_subnet.default[1]: Creating...
aws_route.internet_access: Creating...
aws_route.internet_access: Creation complete after 1s [id=r-rtb-06b7e4cc36626c57c1080289494]
aws_security_group.default: Creation complete after 3s [id=sg-0bc8653816feca171]
aws_subnet.default[0]: Creation complete after 2s [id=subnet-03aba466e0c03aea1]
aws_subnet.default[2]: Creation complete after 2s [id=subnet-0bef5ee10496ac457]
aws_subnet.default[1]: Creation complete after 2s [id=subnet-0af62bd89f178e45f]
aws_instance.splunk-server: Creating...
aws_ebs_volume.win2016_volume: Still creating... [10s elapsed]
aws_ebs_volume.win2016_volume: Creation complete after 10s [id=vol-0b24de07b684ebcc9]
aws_instance.splunk-server: Still creating... [10s elapsed]
aws_instance.splunk-server: Provisioning with 'remote-exec'...
aws_instance.splunk-server (remote-exec): Connecting to remote host via SSH...
aws_instance.splunk-server (remote-exec): Host: 52.37.75.71
aws_instance.splunk-server (remote-exec): User: ubuntu
aws_instance.splunk-server (remote-exec): Password: false
aws_instance.splunk-server (remote-exec): Private key: true
aws_instance.splunk-server (remote-exec): Certificate: false
aws_instance.splunk-server (remote-exec): SSH Agent: true
aws_instance.splunk-server (remote-exec): Checking Host Key: false
aws_instance.splunk-server: Still creating... [20s elapsed]
aws_instance.splunk-server (remote-exec): Connecting to remote host via SSH...
aws_instance.splunk-server (remote-exec): Host: 52.37.75.71
aws_instance.splunk-server (remote-exec): User: ubuntu
aws_instance.splunk-server (remote-exec): Password: false
aws_instance.splunk-server (remote-exec): Private key: true
aws_instance.splunk-server (remote-exec): Certificate: false
aws_instance.splunk-server (remote-exec): SSH Agent: true
aws_instance.splunk-server (remote-exec): Checking Host Key: false
aws_instance.splunk-server: Still creating... [30s elapsed]
aws_instance.splunk-server (remote-exec): Connecting to remote host via SSH...
aws_instance.splunk-server (remote-exec): Host: 52.37.75.71
aws_instance.splunk-server (remote-exec): User: ubuntu
aws_instance.splunk-server (remote-exec): Password: false
aws_instance.splunk-server (remote-exec): Private key: true
aws_instance.splunk-server (remote-exec): Certificate: false
aws_instance.splunk-server (remote-exec): SSH Agent: true
aws_instance.splunk-server (remote-exec): Checking Host Key: false
aws_instance.splunk-server (remote-exec): Connecting to remote host via SSH...
aws_instance.splunk-server (remote-exec): Host: 52.37.75.71
aws_instance.splunk-server (remote-exec): User: ubuntu
aws_instance.splunk-server (remote-exec): Password: false
aws_instance.splunk-server (remote-exec): Private key: true
aws_instance.splunk-server (remote-exec): Certificate: false
aws_instance.splunk-server (remote-exec): SSH Agent: true
aws_instance.splunk-server (remote-exec): Checking Host Key: false
aws_instance.splunk-server (remote-exec): Connected!
aws_instance.splunk-server (remote-exec): booted
aws_instance.splunk-server: Provisioning with 'local-exec'...
aws_instance.splunk-server (local-exec): Executing: ["/bin/sh" "-c" "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu --private-key ~/keys/attack_range_bhavin.pem -i '52.37.75.71,' playbooks/splunk_server.yml"]

aws_instance.splunk-server (local-exec): PLAY [all] *********************************************************************

aws_instance.splunk-server (local-exec): TASK [Install python for Ansible] **********************************************
aws_instance.splunk-server: Still creating... [40s elapsed]
aws_instance.splunk-server (local-exec): fatal: [52.37.75.71]: FAILED! => {"changed": false, "msg": "non-zero return code", "rc": 100, "stderr": "Warning: Permanently added '52.37.75.71' (ECDSA) to the list of known hosts.\r\nShared connection to 52.37.75.71 closed.\r\n", "stderr_lines": ["Warning: Permanently added '52.37.75.71' (ECDSA) to the list of known hosts.", "Shared connection to 52.37.75.71 closed."], "stdout": "\u001b[33m\r0% [Working]\u001b[0m\r \rGet:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]\r\n\u001b[33m\r0% [Waiting for headers] [1 InRelease 2589 B/88.7 kB 3%]\u001b[0m\r \rHit:2 http://archive.ubuntu.com/ubuntu bionic InRelease\r\n\u001b[33m\r \r0% [1 InRelease 43.1 kB/88.7 kB 49%]\u001b[0m\u001b[33m\r0% [2 InRelease gpgv 0 B] [Waiting for headers] [1 InRelease 43.1 kB/88.7 kB 49\u001b[0m\r \rErr:2 http://archive.ubuntu.com/ubuntu bionic InRelease\r\n Splitting up /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_bionic_InRelease into data and signature failed\r\n\u001b[33m\r \r0% [Waiting for headers] [1 InRelease 43.1 kB/88.7 kB 49%]\u001b[0m\u001b[33m\r \r0% [Waiting for headers]\u001b[0m\u001b[33m\r0% [1 InRelease gpgv 88.7 kB] [Waiting for headers]\u001b[0m\u001b[33m\r \r0% [Waiting for headers]\u001b[0m\r \rGet:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]\r\n\u001b[33m\r0% [3 InRelease 2604 B/88.7 kB 3%]\u001b[0m\r \rGet:4 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [591 kB]\r\n\u001b[33m\r0% [3 InRelease 15.6 kB/88.7 kB 18%] [4 Packages 14.3 kB/591 kB 2%]\u001b[0m\u001b[33m\r \r0% [3 InRelease 80.8 kB/88.7 kB 91%]\u001b[0m\u001b[33m\r0% [4 Packages store 0 B] [3 InRelease 83.7 kB/88.7 kB 94%] [Waiting for header\u001b[0m\u001b[33m\r \r0% [4 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r0% [4 Packages store 0 B] [3 InRelease gpgv 88.7 kB] [Waiting for headers] [Wai\u001b[0m\u001b[33m\r \r0% [4 Packages store 0 B] [Waiting for headers] [Waiting for headers]\u001b[0m\r \rGet:5 http://security.ubuntu.com/ubuntu bionic-security/main Translation-en [194 kB]\r\n\u001b[33m\r0% [4 Packages store 0 B] [Waiting for headers] [5 Translation-en 17.2 kB/194 k\u001b[0m\u001b[33m\r \r0% [4 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r0% [Waiting for headers] [Waiting for headers]\u001b[0m\u001b[33m\r0% [5 Translation-en store 0 B] [Waiting for headers] [Waiting for headers]\u001b[0m\u001b[33m\r \r0% [Waiting for headers] [Waiting for headers]\u001b[0m\r \rGet:6 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]\r\n\u001b[33m\r0% [6 InRelease 2604 B/74.6 kB 3%] [Waiting for headers]\u001b[0m\r \rGet:7 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [14.9 kB]\r\n\u001b[33m\r0% [6 InRelease 8396 B/74.6 kB 11%] [7 Packages 8481 B/14.9 kB 57%]\u001b[0m\u001b[33m\r \r0% [6 InRelease 11.3 kB/74.6 kB 15%]\u001b[0m\u001b[33m\r0% [7 Packages store 0 B] [6 InRelease 11.3 kB/74.6 kB 15%] [Waiting for header\u001b[0m\u001b[33m\r \r0% [6 InRelease 14.2 kB/74.6 kB 19%] [Waiting for headers]\u001b[0m\u001b[33m\r \r0% [Waiting for headers]\u001b[0m\u001b[33m\r0% [6 InRelease gpgv 74.6 kB] [Waiting for headers]\u001b[0m\r \rGet:8 http://security.ubuntu.com/ubuntu bionic-security/restricted Translation-en [4632 B]\r\n\u001b[33m\r0% [6 InRelease gpgv 74.6 kB] [Waiting for headers] [8 Translation-en 4632 B/46\u001b[0m\u001b[33m\r \r0% [6 InRelease gpgv 74.6 kB] [Waiting for headers]\u001b[0m\u001b[33m\r0% [8 Translation-en store 0 B] [6 InRelease gpgv 74.6 kB] [Waiting for headers\u001b[0m\u001b[33m\r \r0% [6 InRelease gpgv 74.6 kB] [Waiting for headers] [Waiting for headers]\u001b[0m\u001b[33m\r \r34% [Waiting for headers] [Waiting for headers]\u001b[0m\r \rGet:9 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [626 kB]\r\n\u001b[33m\r34% [Waiting for headers] [9 Packages 8479 B/626 kB 1%]\u001b[0m\u001b[33m\r \r45% [Waiting for headers]\u001b[0m\u001b[33m\r45% [9 Packages store 0 B] [Waiting for headers] [Waiting for headers]\u001b[0m\r \rGet:10 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [816 kB]\r\n\u001b[33m\r45% [9 Packages store 0 B] [10 Packages 2687 B/816 kB 0%] [Waiting for headers]\u001b[0m\r \rGet:11 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [209 kB]\r\n\u001b[33m\r47% [9 Packages store 0 B] [10 Packages 63.5 kB/816 kB 8%] [11 Translation-en 1\u001b[0m\u001b[33m\r \r50% [9 Packages store 0 B] [10 Packages 76.5 kB/816 kB 9%]\u001b[0m\u001b[33m\r51% [10 Packages 93.9 kB/816 kB 12%] [Waiting for headers]\u001b[0m\u001b[33m\r51% [11 Translation-en store 0 B] [10 Packages 93.9 kB/816 kB 12%] [Waiting for\u001b[0m\u001b[33m\r \r52% [10 Packages 129 kB/816 kB 16%] [Waiting for headers]\u001b[0m\r \rGet:12 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [6116 B]\r\n\u001b[33m\r52% [10 Packages 147 kB/816 kB 18%] [12 Packages 6116 B/6116 B 100%]\u001b[0m\u001b[33m\r \r52% [10 Packages 147 kB/816 kB 18%]\u001b[0m\u001b[33m\r52% [12 Packages store 0 B] [10 Packages 147 kB/816 kB 18%] [Waiting for header\u001b[0m\u001b[33m\r \r53% [10 Packages 150 kB/816 kB 18%] [Waiting for headers]\u001b[0m\r \rGet:13 http://security.ubuntu.com/ubuntu bionic-security/multiverse Translation-en [2600 B]\r\n\u001b[33m\r54% [10 Packages 224 kB/816 kB 27%] [13 Translation-en 2600 B/2600 B 100%]\u001b[0m\u001b[33m\r \r54% [10 Packages 224 kB/816 kB 27%]\u001b[0m\u001b[33m\r54% [13 Translation-en store 0 B] [10 Packages 224 kB/816 kB 27%]\u001b[0m\u001b[33m\r \r54% [10 Packages 224 kB/816 kB 27%]\u001b[0m\u001b[33m\r \r65% [Working]\u001b[0m\u001b[33m\r65% [10 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r66% [Waiting for headers]\u001b[0m\r \rGet:14 http://archive.ubuntu.com/ubuntu bionic-updates/main Translation-en [287 kB]\r\n\u001b[33m\r66% [14 Translation-en 7031 B/287 kB 2%]\u001b[0m\u001b[33m\r \r71% [Working]\u001b[0m\u001b[33m\r71% [14 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r71% [Waiting for headers]\u001b[0m\r \rGet:15 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [24.1 kB]\r\n\u001b[33m\r71% [15 Packages 7033 B/24.1 kB 29%]\u001b[0m\u001b[33m\r \r71% [Working]\u001b[0m\u001b[33m\r71% [15 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r72% [Waiting for headers]\u001b[0m\r \rGet:16 http://archive.ubuntu.com/ubuntu bionic-updates/restricted Translation-en [6620 B]\r\n\u001b[33m\r72% [16 Translation-en 6620 B/6620 B 100%]\u001b[0m\u001b[33m\r \r72% [Working]\u001b[0m\u001b[33m\r72% [16 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r72% [Waiting for headers]\u001b[0m\r \rGet:17 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1032 kB]\r\n\u001b[33m\r72% [17 Packages 7030 B/1032 kB 1%]\u001b[0m\u001b[33m\r \r91% [Working]\u001b[0m\u001b[33m\r91% [17 Packages store 0 B] [Waiting for headers]\u001b[0m\r \rGet:18 http://archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [319 kB]\r\n\u001b[33m\r91% [17 Packages store 0 B] [18 Translation-en 9927 B/319 kB 3%]\u001b[0m\u001b[33m\r \r96% [18 Translation-en 281 kB/319 kB 88%]\u001b[0m\u001b[33m\r \r97% [Working]\u001b[0m\u001b[33m\r97% [18 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r97% [Waiting for headers]\u001b[0m\r \rGet:19 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [9304 B]\r\n\u001b[33m\r98% [19 Packages 9304 B/9304 B 100%]\u001b[0m\u001b[33m\r \r98% [Working]\u001b[0m\u001b[33m\r98% [19 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r98% [Waiting for headers]\u001b[0m\r \rGet:20 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse Translation-en [4508 B]\r\n\u001b[33m\r98% [20 Translation-en 4508 B/4508 B 100%]\u001b[0m\u001b[33m\r \r98% [Working]\u001b[0m\u001b[33m\r98% [20 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r98% [Waiting for headers]\u001b[0m\r \rGet:21 http://archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [2512 B]\r\n\u001b[33m\r98% [21 Packages 2512 B/2512 B 100%]\u001b[0m\u001b[33m\r \r98% [Working]\u001b[0m\u001b[33m\r98% [21 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r99% [Waiting for headers]\u001b[0m\r \rGet:22 http://archive.ubuntu.com/ubuntu bionic-backports/main Translation-en [1644 B]\r\n\u001b[33m\r99% [22 Translation-en 1644 B/1644 B 100%]\u001b[0m\u001b[33m\r \r99% [Working]\u001b[0m\u001b[33m\r99% [22 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r99% [Waiting for headers]\u001b[0m\r \rGet:23 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [4028 B]\r\n\u001b[33m\r99% [23 Packages 4028 B/4028 B 100%]\u001b[0m\u001b[33m\r \r99% [Working]\u001b[0m\u001b[33m\r99% [23 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m\r \r99% [Waiting for headers]\u001b[0m\r \rGet:24 http://archive.ubuntu.com/ubuntu bionic-backports/universe Translation-en [1856 B]\r\n\u001b[33m\r99% [24 Translation-en 1856 B/1856 B 100%]\u001b[0m\u001b[33m\r \r99% [Working]\u001b[0m\u001b[33m\r99% [24 Translation-en store 0 B]\u001b[0m\u001b[33m\r \r100% [Working]\u001b[0m\r \r\rReading package lists... 0%\r\rReading package lists... 0%\r\rReading package lists... 0%\r\rReading package lists... 15%\r\rReading package lists... 15%\r\rReading package lists... 27%\r\rReading package lists... 27%\r\rReading package lists... 27%\r\rReading package lists... 27%\r\rReading package lists... 27%\r\rReading package lists... 27%\r\rReading package lists... 49%\r\rReading package lists... 49%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 58%\r\rReading package lists... 70%\r\rReading package lists... 70%\r\rReading package lists... 79%\r\rReading package lists... 79%\r\rReading package lists... 79%\r\rReading package lists... 79%\r\rReading package lists... 79%\r\rReading package lists... 79%\r\rReading package lists... 92%\r\rReading package lists... 92%\r\rReading package lists... 98%\r\rReading package lists... 98%\r\rReading package lists... 98%\r\rReading package lists... 98%\r\rReading package lists... 98%\r\rReading package lists... 98%\r\rReading package lists... Done\r\r\nW: GPG error: http://archive.ubuntu.com/ubuntu bionic InRelease: Splitting up /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_bionic_InRelease into data and signature failed\r\nE: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.\r\nN: Updating from such a repository can't be done securely, and is therefore disabled by default.\r\nN: See apt-secure(8) manpage for repository creation and user configuration details.\r\n", "stdout_lines": ["\u001b[33m", "0% [Working]\u001b[0m", " ", "Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]", "\u001b[33m", "0% [Waiting for headers] [1 InRelease 2589 B/88.7 kB 3%]\u001b[0m", " ", "Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease", "\u001b[33m", " ", "0% [1 InRelease 43.1 kB/88.7 kB 49%]\u001b[0m\u001b[33m", "0% [2 InRelease gpgv 0 B] [Waiting for headers] [1 InRelease 43.1 kB/88.7 kB 49\u001b[0m", " ", "Err:2 http://archive.ubuntu.com/ubuntu bionic InRelease", " Splitting up /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_bionic_InRelease into data and signature failed", "\u001b[33m", " ", "0% [Waiting for headers] [1 InRelease 43.1 kB/88.7 kB 49%]\u001b[0m\u001b[33m", " ", "0% [Waiting for headers]\u001b[0m\u001b[33m", "0% [1 InRelease gpgv 88.7 kB] [Waiting for headers]\u001b[0m\u001b[33m", " ", "0% [Waiting for headers]\u001b[0m", " ", "Get:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]", "\u001b[33m", "0% [3 InRelease 2604 B/88.7 kB 3%]\u001b[0m", " ", "Get:4 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [591 kB]", "\u001b[33m", "0% [3 InRelease 15.6 kB/88.7 kB 18%] [4 Packages 14.3 kB/591 kB 2%]\u001b[0m\u001b[33m", " ", "0% [3 InRelease 80.8 kB/88.7 kB 91%]\u001b[0m\u001b[33m", "0% [4 Packages store 0 B] [3 InRelease 83.7 kB/88.7 kB 94%] [Waiting for header\u001b[0m\u001b[33m", " ", "0% [4 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", "0% [4 Packages store 0 B] [3 InRelease gpgv 88.7 kB] [Waiting for headers] [Wai\u001b[0m\u001b[33m", " ", "0% [4 Packages store 0 B] [Waiting for headers] [Waiting for headers]\u001b[0m", " ", "Get:5 http://security.ubuntu.com/ubuntu bionic-security/main Translation-en [194 kB]", "\u001b[33m", "0% [4 Packages store 0 B] [Waiting for headers] [5 Translation-en 17.2 kB/194 k\u001b[0m\u001b[33m", " ", "0% [4 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "0% [Waiting for headers] [Waiting for headers]\u001b[0m\u001b[33m", "0% [5 Translation-en store 0 B] [Waiting for headers] [Waiting for headers]\u001b[0m\u001b[33m", " ", "0% [Waiting for headers] [Waiting for headers]\u001b[0m", " ", "Get:6 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]", "\u001b[33m", "0% [6 InRelease 2604 B/74.6 kB 3%] [Waiting for headers]\u001b[0m", " ", "Get:7 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [14.9 kB]", "\u001b[33m", "0% [6 InRelease 8396 B/74.6 kB 11%] [7 Packages 8481 B/14.9 kB 57%]\u001b[0m\u001b[33m", " ", "0% [6 InRelease 11.3 kB/74.6 kB 15%]\u001b[0m\u001b[33m", "0% [7 Packages store 0 B] [6 InRelease 11.3 kB/74.6 kB 15%] [Waiting for header\u001b[0m\u001b[33m", " ", "0% [6 InRelease 14.2 kB/74.6 kB 19%] [Waiting for headers]\u001b[0m\u001b[33m", " ", "0% [Waiting for headers]\u001b[0m\u001b[33m", "0% [6 InRelease gpgv 74.6 kB] [Waiting for headers]\u001b[0m", " ", "Get:8 http://security.ubuntu.com/ubuntu bionic-security/restricted Translation-en [4632 B]", "\u001b[33m", "0% [6 InRelease gpgv 74.6 kB] [Waiting for headers] [8 Translation-en 4632 B/46\u001b[0m\u001b[33m", " ", "0% [6 InRelease gpgv 74.6 kB] [Waiting for headers]\u001b[0m\u001b[33m", "0% [8 Translation-en store 0 B] [6 InRelease gpgv 74.6 kB] [Waiting for headers\u001b[0m\u001b[33m", " ", "0% [6 InRelease gpgv 74.6 kB] [Waiting for headers] [Waiting for headers]\u001b[0m\u001b[33m", " ", "34% [Waiting for headers] [Waiting for headers]\u001b[0m", " ", "Get:9 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [626 kB]", "\u001b[33m", "34% [Waiting for headers] [9 Packages 8479 B/626 kB 1%]\u001b[0m\u001b[33m", " ", "45% [Waiting for headers]\u001b[0m\u001b[33m", "45% [9 Packages store 0 B] [Waiting for headers] [Waiting for headers]\u001b[0m", " ", "Get:10 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [816 kB]", "\u001b[33m", "45% [9 Packages store 0 B] [10 Packages 2687 B/816 kB 0%] [Waiting for headers]\u001b[0m", " ", "Get:11 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [209 kB]", "\u001b[33m", "47% [9 Packages store 0 B] [10 Packages 63.5 kB/816 kB 8%] [11 Translation-en 1\u001b[0m\u001b[33m", " ", "50% [9 Packages store 0 B] [10 Packages 76.5 kB/816 kB 9%]\u001b[0m\u001b[33m", "51% [10 Packages 93.9 kB/816 kB 12%] [Waiting for headers]\u001b[0m\u001b[33m", "51% [11 Translation-en store 0 B] [10 Packages 93.9 kB/816 kB 12%] [Waiting for\u001b[0m\u001b[33m", " ", "52% [10 Packages 129 kB/816 kB 16%] [Waiting for headers]\u001b[0m", " ", "Get:12 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [6116 B]", "\u001b[33m", "52% [10 Packages 147 kB/816 kB 18%] [12 Packages 6116 B/6116 B 100%]\u001b[0m\u001b[33m", " ", "52% [10 Packages 147 kB/816 kB 18%]\u001b[0m\u001b[33m", "52% [12 Packages store 0 B] [10 Packages 147 kB/816 kB 18%] [Waiting for header\u001b[0m\u001b[33m", " ", "53% [10 Packages 150 kB/816 kB 18%] [Waiting for headers]\u001b[0m", " ", "Get:13 http://security.ubuntu.com/ubuntu bionic-security/multiverse Translation-en [2600 B]", "\u001b[33m", "54% [10 Packages 224 kB/816 kB 27%] [13 Translation-en 2600 B/2600 B 100%]\u001b[0m\u001b[33m", " ", "54% [10 Packages 224 kB/816 kB 27%]\u001b[0m\u001b[33m", "54% [13 Translation-en store 0 B] [10 Packages 224 kB/816 kB 27%]\u001b[0m\u001b[33m", " ", "54% [10 Packages 224 kB/816 kB 27%]\u001b[0m\u001b[33m", " ", "65% [Working]\u001b[0m\u001b[33m", "65% [10 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "66% [Waiting for headers]\u001b[0m", " ", "Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/main Translation-en [287 kB]", "\u001b[33m", "66% [14 Translation-en 7031 B/287 kB 2%]\u001b[0m\u001b[33m", " ", "71% [Working]\u001b[0m\u001b[33m", "71% [14 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "71% [Waiting for headers]\u001b[0m", " ", "Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [24.1 kB]", "\u001b[33m", "71% [15 Packages 7033 B/24.1 kB 29%]\u001b[0m\u001b[33m", " ", "71% [Working]\u001b[0m\u001b[33m", "71% [15 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "72% [Waiting for headers]\u001b[0m", " ", "Get:16 http://archive.ubuntu.com/ubuntu bionic-updates/restricted Translation-en [6620 B]", "\u001b[33m", "72% [16 Translation-en 6620 B/6620 B 100%]\u001b[0m\u001b[33m", " ", "72% [Working]\u001b[0m\u001b[33m", "72% [16 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "72% [Waiting for headers]\u001b[0m", " ", "Get:17 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1032 kB]", "\u001b[33m", "72% [17 Packages 7030 B/1032 kB 1%]\u001b[0m\u001b[33m", " ", "91% [Working]\u001b[0m\u001b[33m", "91% [17 Packages store 0 B] [Waiting for headers]\u001b[0m", " ", "Get:18 http://archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [319 kB]", "\u001b[33m", "91% [17 Packages store 0 B] [18 Translation-en 9927 B/319 kB 3%]\u001b[0m\u001b[33m", " ", "96% [18 Translation-en 281 kB/319 kB 88%]\u001b[0m\u001b[33m", " ", "97% [Working]\u001b[0m\u001b[33m", "97% [18 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "97% [Waiting for headers]\u001b[0m", " ", "Get:19 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [9304 B]", "\u001b[33m", "98% [19 Packages 9304 B/9304 B 100%]\u001b[0m\u001b[33m", " ", "98% [Working]\u001b[0m\u001b[33m", "98% [19 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "98% [Waiting for headers]\u001b[0m", " ", "Get:20 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse Translation-en [4508 B]", "\u001b[33m", "98% [20 Translation-en 4508 B/4508 B 100%]\u001b[0m\u001b[33m", " ", "98% [Working]\u001b[0m\u001b[33m", "98% [20 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "98% [Waiting for headers]\u001b[0m", " ", "Get:21 http://archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [2512 B]", "\u001b[33m", "98% [21 Packages 2512 B/2512 B 100%]\u001b[0m\u001b[33m", " ", "98% [Working]\u001b[0m\u001b[33m", "98% [21 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "99% [Waiting for headers]\u001b[0m", " ", "Get:22 http://archive.ubuntu.com/ubuntu bionic-backports/main Translation-en [1644 B]", "\u001b[33m", "99% [22 Translation-en 1644 B/1644 B 100%]\u001b[0m\u001b[33m", " ", "99% [Working]\u001b[0m\u001b[33m", "99% [22 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "99% [Waiting for headers]\u001b[0m", " ", "Get:23 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [4028 B]", "\u001b[33m", "99% [23 Packages 4028 B/4028 B 100%]\u001b[0m\u001b[33m", " ", "99% [Working]\u001b[0m\u001b[33m", "99% [23 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "99% [Waiting for headers]\u001b[0m", " ", "Get:24 http://archive.ubuntu.com/ubuntu bionic-backports/universe Translation-en [1856 B]", "\u001b[33m", "99% [24 Translation-en 1856 B/1856 B 100%]\u001b[0m\u001b[33m", " ", "99% [Working]\u001b[0m\u001b[33m", "99% [24 Translation-en store 0 B]\u001b[0m\u001b[33m", " ", "100% [Working]\u001b[0m", " ", "", "Reading package lists... 0%", "", "Reading package lists... 0%", "", "Reading package lists... 0%", "", "Reading package lists... 15%", "", "Reading package lists... 15%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 49%", "", "Reading package lists... 49%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 70%", "", "Reading package lists... 70%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 92%", "", "Reading package lists... 92%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... Done", "", "W: GPG error: http://archive.ubuntu.com/ubuntu bionic InRelease: Splitting up /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_bionic_InRelease into data and signature failed", "E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.", "N: Updating from such a repository can't be done securely, and is therefore disabled by default.", "N: See apt-secure(8) manpage for repository creation and user configuration details."]}

aws_instance.splunk-server (local-exec): PLAY RECAP *********************************************************************
aws_instance.splunk-server (local-exec): 52.37.75.71 : ok=0 changed=0 unreachable=0 failed=1

Error: Error running command 'ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu --private-key ~/keys/attack_range_bhavin.pem -i '52.37.75.71,' playbooks/splunk_server.yml': exit status 2. Output: ] [Waiting for header\u001b[0m\u001b[33m", " ", "53% [10 Packages 150 kB/816 kB 18%] [Waiting for headers]\u001b[0m", " ", "Get:13 http://security.ubuntu.com/ubuntu bionic-security/multiverse Translation-en [2600 B]", "\u001b[33m", "54% [10 Packages 224 kB/816 kB 27%] [13 Translation-en 2600 B/2600 B 100%]\u001b[0m\u001b[33m", " ", "54% [10 Packages 224 kB/816 kB 27%]\u001b[0m\u001b[33m", "54% [13 Translation-en store 0 B] [10 Packages 224 kB/816 kB 27%]\u001b[0m\u001b[33m", " ", "54% [10 Packages 224 kB/816 kB 27%]\u001b[0m\u001b[33m", " ", "65% [Working]\u001b[0m\u001b[33m", "65% [10 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "66% [Waiting for headers]\u001b[0m", " ", "Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/main Translation-en [287 kB]", "\u001b[33m", "66% [14 Translation-en 7031 B/287 kB 2%]\u001b[0m\u001b[33m", " ", "71% [Working]\u001b[0m\u001b[33m", "71% [14 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "71% [Waiting for headers]\u001b[0m", " ", "Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [24.1 kB]", "\u001b[33m", "71% [15 Packages 7033 B/24.1 kB 29%]\u001b[0m\u001b[33m", " ", "71% [Working]\u001b[0m\u001b[33m", "71% [15 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "72% [Waiting for headers]\u001b[0m", " ", "Get:16 http://archive.ubuntu.com/ubuntu bionic-updates/restricted Translation-en [6620 B]", "\u001b[33m", "72% [16 Translation-en 6620 B/6620 B 100%]\u001b[0m\u001b[33m", " ", "72% [Working]\u001b[0m\u001b[33m", "72% [16 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "72% [Waiting for headers]\u001b[0m", " ", "Get:17 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1032 kB]", "\u001b[33m", "72% [17 Packages 7030 B/1032 kB 1%]\u001b[0m\u001b[33m", " ", "91% [Working]\u001b[0m\u001b[33m", "91% [17 Packages store 0 B] [Waiting for headers]\u001b[0m", " ", "Get:18 http://archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [319 kB]", "\u001b[33m", "91% [17 Packages store 0 B] [18 Translation-en 9927 B/319 kB 3%]\u001b[0m\u001b[33m", " ", "96% [18 Translation-en 281 kB/319 kB 88%]\u001b[0m\u001b[33m", " ", "97% [Working]\u001b[0m\u001b[33m", "97% [18 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "97% [Waiting for headers]\u001b[0m", " ", "Get:19 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [9304 B]", "\u001b[33m", "98% [19 Packages 9304 B/9304 B 100%]\u001b[0m\u001b[33m", " ", "98% [Working]\u001b[0m\u001b[33m", "98% [19 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "98% [Waiting for headers]\u001b[0m", " ", "Get:20 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse Translation-en [4508 B]", "\u001b[33m", "98% [20 Translation-en 4508 B/4508 B 100%]\u001b[0m\u001b[33m", " ", "98% [Working]\u001b[0m\u001b[33m", "98% [20 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "98% [Waiting for headers]\u001b[0m", " ", "Get:21 http://archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [2512 B]", "\u001b[33m", "98% [21 Packages 2512 B/2512 B 100%]\u001b[0m\u001b[33m", " ", "98% [Working]\u001b[0m\u001b[33m", "98% [21 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "99% [Waiting for headers]\u001b[0m", " ", "Get:22 http://archive.ubuntu.com/ubuntu bionic-backports/main Translation-en [1644 B]", "\u001b[33m", "99% [22 Translation-en 1644 B/1644 B 100%]\u001b[0m\u001b[33m", " ", "99% [Working]\u001b[0m\u001b[33m", "99% [22 Translation-en store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "99% [Waiting for headers]\u001b[0m", " ", "Get:23 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [4028 B]", "\u001b[33m", "99% [23 Packages 4028 B/4028 B 100%]\u001b[0m\u001b[33m", " ", "99% [Working]\u001b[0m\u001b[33m", "99% [23 Packages store 0 B] [Waiting for headers]\u001b[0m\u001b[33m", " ", "99% [Waiting for headers]\u001b[0m", " ", "Get:24 http://archive.ubuntu.com/ubuntu bionic-backports/universe Translation-en [1856 B]", "\u001b[33m", "99% [24 Translation-en 1856 B/1856 B 100%]\u001b[0m\u001b[33m", " ", "99% [Working]\u001b[0m\u001b[33m", "99% [24 Translation-en store 0 B]\u001b[0m\u001b[33m", " ", "100% [Working]\u001b[0m", " ", "", "Reading package lists... 0%", "", "Reading package lists... 0%", "", "Reading package lists... 0%", "", "Reading package lists... 15%", "", "Reading package lists... 15%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 27%", "", "Reading package lists... 49%", "", "Reading package lists... 49%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 58%", "", "Reading package lists... 70%", "", "Reading package lists... 70%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 79%", "", "Reading package lists... 92%", "", "Reading package lists... 92%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... 98%", "", "Reading package lists... Done", "", "W: GPG error: http://archive.ubuntu.com/ubuntu bionic InRelease: Splitting up /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_bionic_InRelease into data and signature failed", "E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.", "N: Updating from such a repository can't be done securely, and is therefore disabled by default.", "N: See apt-secure(8) manpage for repository creation and user configuration details."]}

PLAY RECAP *********************************************************************
52.37.75.71 : ok=0 changed=0 unreachable=0 failed=1

2019-12-05 16:22:47,670 - INFO - attack_range - attack_range has been built using terraform successfully`

Host VM freezes during setup

I'm working on standing up attack range with vagrant and the host VM comes to a dead halt right after printing the following. Any idea what I can do to troubleshoot?
image

Ubuntu + Vagrant build fails at ES post-install setup

Hello, when enabling ES install, I get the following error:

``TASK [search_head : Run es post-install setup] *********************************
fatal: [attack-range-splunk-server]: FAILED! => {"changed": true, "cmd": ["/opt/splunk/bin/splunk", "search", "| essinstall", "-auth", "admin:*****"], "delta": "0:00:01.608341", "end": "2020-03-04 11:43:12.291611", "msg": "non-zero return code", "rc": 17, "start": "2020-03-04 11:43:10.683270", "stderr": "FATAL: Error in 'essinstall' command: External search command exited unexpectedly with non-zero error code 1.", "stderr_lines": ["FATAL: Error in 'essinstall' command: External search command exited unexpectedly with non-zero error code 1."], "stdout": "", "stdout_lines": []}

PLAY RECAP *********************************************************************
attack-range-splunk-server : ok=15 changed=2 unreachable=0 failed=1 skipped=5 rescued=0 ignored=0

Traceback (most recent call last):
File "attack_range.py", line 134, in
controller.build()
File "/home/socboss/attackRange/attack_range/modules/VagrantController.py", line 47, in build
v1.up(provision=True)
File "/home/socboss/attackRange/attack_range/venv/lib/python3.6/site-packages/vagrant/init.py", line 337, in up
self._call_vagrant_command(args)
File "/home/socboss/attackRange/attack_range/venv/lib/python3.6/site-packages/vagrant/init.py", line 963, in _call_vagrant_command
stderr=err_fh, env=self.env)
File "/usr/lib/python3.6/subprocess.py", line 311, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/home/socboss/attackRange/attack_range/venv/bin/vagrant', 'up', '--provision']' returned non-zero exit status 1.
``

If I don't install ES, then all works as expected. Any tips / suggestions / recommendations?

Error KeyPair

aws_instance.splunk-server: Creating...

Error: Error launching source instance: InvalidKeyPair.NotFound: The key pair 'terraform' does not exist
status code: 400, request id: 2911f96b-b45d-41ad-beae-6670f20bce9d

on main.tf line 53, in resource "aws_instance" "splunk-server":
53: resource "aws_instance" "splunk-server" {

Error: Error launching source instance: InvalidKeyPair.NotFound: The key pair 'terraform' does not exist
status code: 400, request id: 381aee0c-b702-4ae8-ae3d-3482beab270a

on main.tf line 74, in resource "aws_instance" "windows_2016_dc":
74: resource "aws_instance" "windows_2016_dc" {

attack_range has been built using terraform successfully

Vagrant abstract class error

Do you have any insight as to what I need to do when faced with this message? I'm still learning Python to troubleshoot it but any insight would be appreciated.

image

HTTP Error access forbidden

(venv) root@biometric-Vostro-3470:~/attack_range# python3 attack_range.py -m vagrant -a destroy

starting program loaded for B1 battle droid
||/__'. |//()'-.: |-.|| |o(o) |||\\ .==._ |||(o)==::' |T ""
()
|
||
()()
||//
|//
.'=`=.

attack_range is using config at path attack_range.conf
2020-04-18 20:43:35,310 - INFO - attack_range - INIT - attack_range v1
2020-04-18 20:43:35,315 - INFO - attack_range - [action] > destroy

==> attack-range-windows-domain-controller: VM not created. Moving on...
==> attack-range-splunk-server: VM not created. Moving on...
2020-04-18 20:43:37,372 - INFO - attack_range - attack_range has been destroy using vagrant successfully
(venv) root@biometric-Vostro-3470:~/attack_range# python3 attack_range.py -m vagrant -a destroy

starting program loaded for B1 battle droid
||/__'. |//()'-.: |-.|| |o(o) |||\\ .==._ |||(o)==::' |T ""
()
|
||
()()
||//
|//
.'=`=.

attack_range is using config at path attack_range.conf
2020-04-18 20:43:49,677 - INFO - attack_range - INIT - attack_range v1
2020-04-18 20:43:49,682 - INFO - attack_range - [action] > destroy

==> attack-range-windows-domain-controller: VM not created. Moving on...
==> attack-range-splunk-server: VM not created. Moving on...
2020-04-18 20:43:52,008 - INFO - attack_range - attack_range has been destroy using vagrant successfully
(venv) root@biometric-Vostro-3470:/attack_range# vboxmanage list vms
(venv) root@biometric-Vostro-3470:/attack_range# cd vagrant/
(venv) root@biometric-Vostro-3470:~/attack_range/vagrant# vagrant up
Bringing machine 'attack-range-splunk-server' up with 'virtualbox' provider...
Bringing machine 'attack-range-windows-domain-controller' up with 'virtualbox' provider...
==> attack-range-splunk-server: Importing base box 'generic/ubuntu1804'...
==> attack-range-splunk-server: Matching MAC address for NAT networking...
==> attack-range-splunk-server: Checking if box 'generic/ubuntu1804' version '2.0.6' is up to date...
==> attack-range-splunk-server: Setting the name of the VM: attack-range-splunk-server
==> attack-range-splunk-server: Clearing any previously set network interfaces...
==> attack-range-splunk-server: Preparing network interfaces based on configuration...
attack-range-splunk-server: Adapter 1: nat
attack-range-splunk-server: Adapter 2: hostonly
==> attack-range-splunk-server: Forwarding ports...
attack-range-splunk-server: 8000 (guest) => 8000 (host) (adapter 1)
attack-range-splunk-server: 8089 (guest) => 8089 (host) (adapter 1)
attack-range-splunk-server: 22 (guest) => 2222 (host) (adapter 1)
==> attack-range-splunk-server: Running 'pre-boot' VM customizations...
==> attack-range-splunk-server: Booting VM...
==> attack-range-splunk-server: Waiting for machine to boot. This may take a few minutes...
attack-range-splunk-server: SSH address: 127.0.0.1:2222
attack-range-splunk-server: SSH username: vagrant
attack-range-splunk-server: SSH auth method: private key
attack-range-splunk-server:
attack-range-splunk-server: Vagrant insecure key detected. Vagrant will automatically replace
attack-range-splunk-server: this with a newly generated keypair for better security.
attack-range-splunk-server:
attack-range-splunk-server: Inserting generated public key within guest...
attack-range-splunk-server: Removing insecure key from the guest if it's present...
attack-range-splunk-server: Key inserted! Disconnecting and reconnecting using new SSH key...
==> attack-range-splunk-server: Machine booted and ready!
==> attack-range-splunk-server: Checking for guest additions in VM...
attack-range-splunk-server: The guest additions on this VM do not match the installed version of
attack-range-splunk-server: VirtualBox! In most cases this is fine, but in rare cases it can
attack-range-splunk-server: prevent things such as shared folders from working properly. If you see
attack-range-splunk-server: shared folder errors, please make sure the guest additions within the
attack-range-splunk-server: virtual machine match the version of VirtualBox you have installed on
attack-range-splunk-server: your host and reload your VM.
attack-range-splunk-server:
attack-range-splunk-server: Guest Additions Version: 5.2.32
attack-range-splunk-server: VirtualBox Version: 6.0
==> attack-range-splunk-server: Setting hostname...
==> attack-range-splunk-server: Configuring and enabling network interfaces...
==> attack-range-splunk-server: Running provisioner: ansible...
attack-range-splunk-server: Running ansible-playbook...

PLAY [all] *********************************************************************

TASK [search_head : add splunk group] ******************************************
changed: [attack-range-splunk-server]

TASK [search_head : add splunk user] *******************************************
changed: [attack-range-splunk-server]

TASK [search_head : make /opt writetable by splunk] ****************************
changed: [attack-range-splunk-server]

TASK [search_head : checking if splunk is install] *****************************
ok: [attack-range-splunk-server]

TASK [search_head : is splunk installed?] **************************************
skipping: [attack-range-splunk-server]

TASK [search_head : download splunk] *******************************************
changed: [attack-range-splunk-server]

TASK [search_head : install splunk binary] *************************************
changed: [attack-range-splunk-server]

TASK [search_head : accept license and start splunk] ***************************
changed: [attack-range-splunk-server]

TASK [search_head : enable boot-start] *****************************************
changed: [attack-range-splunk-server]

TASK [search_head : restart splunk] ********************************************
changed: [attack-range-splunk-server]

TASK [search_head : Create folder directory for inputs configuration] **********
changed: [attack-range-splunk-server] => (item=/opt/splunk/etc/apps/inputs_app/local/)

TASK [search_head : copy inputs.conf] ******************************************
changed: [attack-range-splunk-server]

TASK [search_head : Create folder directory for indexes configuration] *********
changed: [attack-range-splunk-server] => (item=/opt/splunk/etc/apps/indexes_app/local/)

TASK [search_head : copy indexes.conf to splunk server] ************************
changed: [attack-range-splunk-server]

TASK [search_head : copy authorize.conf for default searchable indexes_app] ****
changed: [attack-range-splunk-server]

TASK [search_head : Create folder directory for web configuration] *************
changed: [attack-range-splunk-server] => (item=/opt/splunk/etc/apps/web_app/local/)

TASK [search_head : copy web.conf to splunk server] ****************************
changed: [attack-range-splunk-server]

TASK [search_head : Create folder directory for server configuration] **********
changed: [attack-range-splunk-server] => (item=/opt/splunk/etc/apps/server_app/local/)

TASK [search_head : copy server.conf to splunk server] *************************
changed: [attack-range-splunk-server]

TASK [search_head : restart splunk] ********************************************
changed: [attack-range-splunk-server]

TASK [search_head : Copy enterprise security to server] ************************
skipping: [attack-range-splunk-server]

TASK [search_head : Install es app via REST] ***********************************
skipping: [attack-range-splunk-server]

TASK [search_head : Run es post-install setup] *********************************
skipping: [attack-range-splunk-server]

TASK [search_head : Check if ESCU App exists] **********************************
ok: [attack-range-splunk-server]

TASK [search_head : download ESCU app from S3 bucket] **************************
changed: [attack-range-splunk-server]

TASK [search_head : Install escu app via REST] *********************************
ok: [attack-range-splunk-server]

TASK [search_head : download ASX app from S3 bucket] ***************************
fatal: [attack-range-splunk-server]: FAILED! => {"changed": false, "dest": "/tmp/asx_app.tgz", "elapsed": 1, "msg": "Request failed", "response": "HTTP Error 403: Forbidden", "status_code": 403, "url": "https://attack-range-appbinaries.s3-us-west-2.amazonaws.com/Splunk_ASX-latest.tar.gz"}

i was running the machine fine .All of a suddden this error comes up
pls help

All apps should "maybe" global permisions

for attack_range to work with ESCU, ASX and all other apps. we should perhaps have all apps to have global permissions since we .conf file configurations from various Splunk apps

Windows Domain Controller Fails to build

When running terraform or packer fails to build the windows domain controller using the default config.

Packer

us-east-2

python attack_range.py -m packer -a build_amis
starting program loaded for B1 battle droid
          ||/__'`.
          |//()'-.:
          |-.||
          |o(o)
          |||\\  .==._
          |||(o)==::'
           `|T  ""
            ()
            |\
            ||\
            ()()
            ||//
            |//
           .'=`=.
attack_range is using config at path attack_range.conf
2020-04-09 09:18:21,360 - INFO - attack_range - INIT - attack_range v1
2020-04-09 09:18:21,373 - INFO - attack_range - [action] > build AMIs
2020-04-09 09:18:21,374 - INFO - attack_range - Generate new Packer AMI packer-splunk-server-attack-range-key-pair. This can take some time.
2020-04-09 09:31:21,231 - INFO - attack_range - successfully generated Packer AMI packer-splunk-server-attack-range-key-pair
2020-04-09 09:31:21,231 - INFO - attack_range - Generate new Packer AMI packer-windows-domain-controller-attack-range-key-pair. This can take some time.
2020-04-09 09:31:22,272 - ERROR - attack_range - ERROR: b'1586439081,,ui,say,==> amazon-ebs: Force Deregister flag found%!(PACKER_COMMA) skipping prevalidating AMI Name\n1586439081,,ui,error,==> amazon-ebs: No AMI was found matching filters: {\\n==> amazon-ebs:   Filters: [{\\n==> amazon-ebs:       Name: "name"%!(PACKER_COMMA)\\n==> amazon-ebs:       Values: ["Windows_Server_2016"]\\n==> amazon-ebs:     }%!(PACKER_COMMA){\\n==> amazon-ebs:       Name: "root-device-type"%!(PACKER_COMMA)\\n==> amazon-ebs:       Values: ["ebs"]\\n==> amazon-ebs:     }%!(PACKER_COMMA){\\n==> amazon-ebs:       Name: "virtualization-type"%!(PACKER_COMMA)\\n==> amazon-ebs:       Values: ["hvm"]\\n==> amazon-ebs:     }]%!(PACKER_COMMA)\\n==> amazon-ebs:   Owners: ["801119661308"]\\n==> amazon-ebs: }\n1586439081,,ui,error,Build \'amazon-ebs\' errored: No AMI was found matching filters: {\\n  Filters: [{\\n      Name: "name"%!(PACKER_COMMA)\\n      Values: ["Windows_Server_2016"]\\n    }%!(PACKER_COMMA){\\n      Name: "root-device-type"%!(PACKER_COMMA)\\n      Values: ["ebs"]\\n    }%!(PACKER_COMMA){\\n      Name: "virtualization-type"%!(PACKER_COMMA)\\n      Values: ["hvm"]\\n    }]%!(PACKER_COMMA)\\n  Owners: ["801119661308"]\\n}\n1586439081,,error-count,1\n1586439081,,ui,error,\\n==> Some builds didn\'t complete successfully and had errors:\n1586439081,amazon-ebs,error,No AMI was found matching filters: {\\n  Filters: [{\\n      Name: "name"%!(PACKER_COMMA)\\n      Values: ["Windows_Server_2016"]\\n    }%!(PACKER_COMMA){\\n      Name: "root-device-type"%!(PACKER_COMMA)\\n      Values: ["ebs"]\\n    }%!(PACKER_COMMA){\\n      Name: "virtualization-type"%!(PACKER_COMMA)\\n      Values: ["hvm"]\\n    }]%!(PACKER_COMMA)\\n  Owners: ["801119661308"]\\n}\n1586439081,,ui,error,--> amazon-ebs: No AMI was found matching filters: {\\n  Filters: [{\\n      Name: "name"%!(PACKER_COMMA)\\n      Values: ["Windows_Server_2016"]\\n    }%!(PACKER_COMMA){\\n      Name: "root-device-type"%!(PACKER_COMMA)\\n      Values: ["ebs"]\\n    }%!(PACKER_COMMA){\\n      Name: "virtualization-type"%!(PACKER_COMMA)\\n      Values: ["hvm"]\\n    }]%!(PACKER_COMMA)\\n  Owners: ["801119661308"]\\n}\n1586439081,,ui,say,\\n==> Builds finished but no artifacts were created.\n'
Traceback (most recent call last):
  File "attack_range.py", line 132, in <module>
    controller.build_amis()
  File "/home/range/attack_range/modules/PackerController.py", line 38, in build_amis
    sys.exit(1)
NameError: name 'sys' is not defined

us-west-2

python attack_range.py -m packer -a build_amis

starting program loaded for B1 battle droid
          ||/__'`.
          |//()'-.:
          |-.||
          |o(o)
          |||\\  .==._
          |||(o)==::'
           `|T  ""
            ()
            |\
            ||\
            ()()
            ||//
            |//
           .'=`=.

attack_range is using config at path attack_range.conf
2020-04-09 10:20:11,398 - INFO - attack_range - INIT - attack_range v1
2020-04-09 10:20:11,416 - INFO - attack_range - [action] > build AMIs

2020-04-09 10:20:11,417 - INFO - attack_range - Generate new Packer AMI packer-splunk-server-attack-range-key-pair. This can take some time.
2020-04-09 10:33:43,990 - INFO - attack_range - successfully generated Packer AMI packer-splunk-server-attack-range-key-pair
2020-04-09 10:33:43,991 - INFO - attack_range - Generate new Packer AMI packer-windows-domain-controller-attack-range-key-pair. This can take some time.
2020-04-09 10:33:45,429 - ERROR - attack_range - ERROR: b'1586442824,,ui,say,==> amazon-ebs: Force Deregister flag found%!(PACKER_COMMA) skipping prevalidating AMI Name\n1586442825,,ui,error,==> amazon-ebs: No AMI was found matching filters: {\\n==> amazon-ebs:   Filters: [{\\n==> amazon-ebs:       Name: "name"%!(PACKER_COMMA)\\n==> amazon-ebs:       Values: ["Windows_Server-2016-English-Full-Base-2019.12.16"]\\n==> amazon-ebs:     }%!(PACKER_COMMA){\\n==> amazon-ebs:       Name: "root-device-type"%!(PACKER_COMMA)\\n==> amazon-ebs:       Values: ["ebs"]\\n==> amazon-ebs:     }%!(PACKER_COMMA){\\n==> amazon-ebs:       Name: "virtualization-type"%!(PACKER_COMMA)\\n==> amazon-ebs:       Values: ["hvm"]\\n==> amazon-ebs:     }]%!(PACKER_COMMA)\\n==> amazon-ebs:   Owners: ["801119661308"]\\n==> amazon-ebs: }\n1586442825,,ui,error,Build \'amazon-ebs\' errored: No AMI was found matching filters: {\\n  Filters: [{\\n      Name: "name"%!(PACKER_COMMA)\\n      Values: ["Windows_Server-2016-English-Full-Base-2019.12.16"]\\n    }%!(PACKER_COMMA){\\n      Name: "root-device-type"%!(PACKER_COMMA)\\n      Values: ["ebs"]\\n    }%!(PACKER_COMMA){\\n      Name: "virtualization-type"%!(PACKER_COMMA)\\n      Values: ["hvm"]\\n    }]%!(PACKER_COMMA)\\n  Owners: ["801119661308"]\\n}\n1586442825,,error-count,1\n1586442825,,ui,error,\\n==> Some builds didn\'t complete successfully and had errors:\n1586442825,amazon-ebs,error,No AMI was found matching filters: {\\n  Filters: [{\\n      Name: "name"%!(PACKER_COMMA)\\n      Values: ["Windows_Server-2016-English-Full-Base-2019.12.16"]\\n    }%!(PACKER_COMMA){\\n      Name: "root-device-type"%!(PACKER_COMMA)\\n      Values: ["ebs"]\\n    }%!(PACKER_COMMA){\\n      Name: "virtualization-type"%!(PACKER_COMMA)\\n      Values: ["hvm"]\\n    }]%!(PACKER_COMMA)\\n  Owners: ["801119661308"]\\n}\n1586442825,,ui,error,--> amazon-ebs: No AMI was found matching filters: {\\n  Filters: [{\\n      Name: "name"%!(PACKER_COMMA)\\n      Values: ["Windows_Server-2016-English-Full-Base-2019.12.16"]\\n    }%!(PACKER_COMMA){\\n      Name: "root-device-type"%!(PACKER_COMMA)\\n      Values: ["ebs"]\\n    }%!(PACKER_COMMA){\\n      Name: "virtualization-type"%!(PACKER_COMMA)\\n      Values: ["hvm"]\\n    }]%!(PACKER_COMMA)\\n  Owners: ["801119661308"]\\n}\n1586442825,,ui,say,\\n==> Builds finished but no artifacts were created.\n'
Traceback (most recent call last):
  File "attack_range.py", line 132, in <module>
    controller.build_amis()
  File "/home/range/attack_range/modules/PackerController.py", line 38, in build_amis
    sys.exit(1)
NameError: name 'sys' is not defined

Terraform

python attack_range.py -m terraform -a build
2020-04-08 20:18:37,855 - INFO - attack_range - INIT - attack_range v1
2020-04-08 20:18:37,855 - INFO - attack_range - [action] > build
module.splunk-server.data.aws_ami.latest-ubuntu[0]: Refreshing state...
module.kali_machine.data.aws_ami.latest-kali-linux: Refreshing state...
module.windows-domain-controller.data.aws_ami.latest-windows-server-2016[0]: Refreshing state...
Error: Your query returned no results. Please change your search criteria and try again.
  on modules/windows-domain-controller/resources.tf line 2, in data "aws_ami" "latest-windows-server-2016":
   2: data "aws_ami" "latest-windows-server-2016" {

Kali build hangs script

Hi,
sorry me again. I think everything works nearly (literally spend 1,5 hour on this in 5 hours while cooking, daughter into bed, etc.)
Servers build: Splunk, Win DC, Win10, Win server

But Kali gets stuck for some reason. Login with vagrant user works aka VM is up and running

Kali int:

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.56.104  netmask 255.255.255.0  broadcast 192.168.56.255
        inet6 fe80::a00:27ff:fe8f:15d3  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:8f:15:d3  txqueuelen 1000  (Ethernet)
        RX packets 12  bytes 2519 (2.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 2622 (2.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[[](](url)
[PLAY RECAP *********************************************************************
attack-range-windows-server : ok=43   changed=37   unreachable=0    failed=0    skipped=4    rescued=0    ignored=0   

==> attack-range-kali_machine: Box 'kalilinux/rolling' could not be found. Attempting to find and install...
    attack-range-kali_machine: Box Provider: virtualbox
    attack-range-kali_machine: Box Version: 2019.3.0
==> attack-range-kali_machine: Loading metadata for box 'kalilinux/rolling'
    attack-range-kali_machine: URL: https://vagrantcloud.com/kalilinux/rolling
==> attack-range-kali_machine: Adding box 'kalilinux/rolling' (v2019.3.0) for provider: virtualbox
    attack-range-kali_machine: Downloading: https://vagrantcloud.com/kalilinux/boxes/rolling/versions/2019.3.0/providers/virtualbox.box
    attack-range-kali_machine: Download redirected to host: vagrantcloud-files-production.s3.amazonaws.com
==> attack-range-kali_machine: Successfully added box 'kalilinux/rolling' (v2019.3.0) for 'virtualbox'!
==> attack-range-kali_machine: Importing base box 'kalilinux/rolling'...
==> attack-range-kali_machine: Matching MAC address for NAT networking...
==> attack-range-kali_machine: Checking if box 'kalilinux/rolling' version '2019.3.0' is up to date...
==> attack-range-kali_machine: Setting the name of the VM: attack-range-kali_machine
==> attack-range-kali_machine: Fixed port collision for 22 => 2222. Now on port 2209.
==> attack-range-kali_machine: Clearing any previously set network interfaces...
==> attack-range-kali_machine: Preparing network interfaces based on configuration...
    attack-range-kali_machine: Adapter 1: nat
    attack-range-kali_machine: Adapter 2: hostonly
==> attack-range-kali_machine: Forwarding ports...
    attack-range-kali_machine: 22 (guest) => 2209 (host) (adapter 1)
==> attack-range-kali_machine: Running 'pre-boot' VM customizations...
==> attack-range-kali_machine: Booting VM...
==> attack-range-kali_machine: Waiting for machine to boot. This may take a few minutes...
    attack-range-kali_machine: SSH address: 127.0.0.1:2209
    attack-range-kali_machine: SSH username: vagrant
    attack-range-kali_machine: SSH auth method: private key

Timed out while waiting for the machine to boot. This means that
Vagrant was unable to communicate with the guest machine within
the configured ("config.vm.boot_timeout" value) time period.

If you look above, you should be able to see the error(s) that
Vagrant had when attempting to connect to the machine. These errors
are usually good hints as to what may be wrong.

If you're using a custom box, make sure that networking is properly
working and you're able to connect to the machine. It is a common
problem that networking isn't setup properly in these boxes.
Verify that authentication configurations are also setup properly,
as well.

If the box appears to be booting properly, you may want to increase
the timeout ("config.vm.boot_timeout") value.
2020-04-30 20:12:19,632 - ERROR - attack_range - vagrant failed to build


](url))

Question on how to solve this?

`(venv):attack_range user$ sudo python3 attack_range.py -m vagrant -a build

attack_range is using config at path attack_range.conf
2020-05-04 19:43:00,652 - INFO - attack_range - INIT - attack_range v1
2020-05-04 19:43:00,658 - INFO - attack_range - [action] > build

Bringing machine 'attack-range-splunk-server' up with 'virtualbox' provider...
==> attack-range-splunk-server: Box 'generic/ubuntu1804' could not be found. Attempting to find and install...
attack-range-splunk-server: Box Provider: virtualbox
attack-range-splunk-server: Box Version: >= 0
==> attack-range-splunk-server: Loading metadata for box 'generic/ubuntu1804'
attack-range-splunk-server: URL: https://vagrantcloud.com/generic/ubuntu1804
==> attack-range-splunk-server: Adding box 'generic/ubuntu1804' (v2.0.6) for provider: virtualbox
attack-range-splunk-server: Downloading: https://vagrantcloud.com/generic/boxes/ubuntu1804/versions/2.0.6/providers/virtualbox.box
attack-range-splunk-server: Download redirected to host: vagrantcloud-files-production.s3.amazonaws.com
==> attack-range-splunk-server: Successfully added box 'generic/ubuntu1804' (v2.0.6) for 'virtualbox'!
==> attack-range-splunk-server: Importing base box 'generic/ubuntu1804'...
==> attack-range-splunk-server: Matching MAC address for NAT networking...
==> attack-range-splunk-server: Checking if box 'generic/ubuntu1804' version '2.0.6' is up to date...
A VirtualBox machine with the name 'attack-range-splunk-server' already exists.
Please use another name or delete the machine with the existing
name, and try again.
2020-05-04 19:45:44,789 - ERROR - attack_range - vagrant failed to build`

On MacOS 10.15.4
Vagrant 2.2.7
VBox 6.1.6
Python 3.6.0

I get this error with no mods to the attack_range.conf. No previous vagrant runs.

Vagrant - step splunk apps> FAILED! => {"msg": "The task includes an option with an undefined variable

TASK [search_head : Check if python app exists] ********************************
ok: [attack-range-splunk-server]

TASK [search_head : download Python app from S3 bucket] ************************
fatal: [attack-range-splunk-server]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'splunk_python_app' is undefined\n\nThe error appears to be in '/home/homelab/attack_range/ansible/roles/search_head/tasks/install_mltk_app.yml': line 6, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: download Python app from S3 bucket\n ^ here\n"}

RUNNING HANDLER [search_head : restart splunk] *********************************

PLAY RECAP *********************************************************************
attack-range-splunk-server : ok=33 changed=22 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0

The bug is in vagrant/splunk_server/Vagrantfile

change splunk_mltk_ta to splunk_mltk_app and splunk_python_ta to splunk_python_app.

Error launching source instance - This version has been removed and is no longer available to new customers.

When I run the terraform version of attack range I cannot accept the terms and subscribe due to the ubuntu image not being available for new customers any longer (https://aws.amazon.com/marketplace/pp?sku=6l278ltstzlu1yvlpd3h8kdkq).

Error launching source instance: OptInRequired: In order to use this AWS Marketplace product you need to accept terms and subscribe. To do so please visit https://aws.amazon.com/marketplace/pp?sku=6l278ltstzlu1yvlpd3h8kdkq
status code: 401, request id: 598d622c-ab45-4643-8d84-ce4fcc3c1aa5

vagrant build not working

Hello,

not a python dev but when vagrant is used the terraform modules are loaded and the code bombs out.... Then I comment out the terraform module import and the vagrant bombs out.

Should the modules not all be in the library and just work?

user@ubuntu1:~/attack_range$ python attack_range.py -m vagrant -a build Traceback (most recent call last): File "attack_range.py", line 7, in <module> from modules.TerraformController import TerraformController File "/home/user/attack_range/modules/TerraformController.py", line 4, in <module> from modules import aws_service, splunk_sdk File "/home/user/attack_range/modules/aws_service.py", line 3, in <module> import boto3 ModuleNotFoundError: No module named 'boto3'

no terraform module import
(venv) user@ubuntu1:~/attack_range$ python attack_range.py -m vagrant -a build Traceback (most recent call last): File "attack_range.py", line 8, in <module> from modules.VagrantController import VagrantController File "/home/user/attack_range/modules/VagrantController.py", line 7, in <module> import ansible_runner ModuleNotFoundError: No module named 'ansible_runner' (venv) 1 user@ubuntu1:~/attack_range$

`

Feature request: make Splunk server an optional component

Now that we have Phantom, Kali, and multiple Windows instances, we might want to enable a build that does not include the splunk server. This would make it faster to test Phantom-only workflows. We could use a similar environment variable of 1 or 0 to enable or disable splunk.

error attack_range

INIT - Attack Range v1

starting program loaded for mode - B1 battle droid

||/__'. |//()'-.: |-.|| |o(o) |||\\ .==._ |||(o)==::' |T ""
()
|
||
()()
||//
|//
.'=`=.

this is not our first run binary directory exists, skipping setup
Traceback (most recent call last):
File "attack_range.py", line 68, in prep_ansible
f = open("terraform/terraform.tfvars", "r")
FileNotFoundError: [Errno 2] No such file or directory: 'terraform/terraform.tfvars'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "attack_range.py", line 208, in
prep_ansible()
File "attack_range.py", line 88, in prep_ansible
except e:
NameError: name 'e' is not defined

Atomic Red Team T1071 does not terminate on attack range windows instance

python attack_range.py -m terraform -a simulate -st T1071 -t attack-range-windows-domain-controller is failing in a weird state and not returning or timing out. I am on the latest bits and still running into the issue after testing a few different times to make sure it was not something particular about my local config.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.