ipa-lab
diff --git a/‎hosts.ini‎
Lines changed: 11 additions & 7 deletions b/‎hosts.ini‎
Lines changed: 11 additions & 7 deletions
diff --git a/‎tasks.yaml‎
Lines changed: 4 additions & 0 deletions b/‎tasks.yaml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎testrun.sh‎
Lines changed: 5 additions & 2 deletions b/‎testrun.sh‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎vagrant/Vagrantfile‎
Lines changed: 13 additions & 1 deletion b/‎vagrant/Vagrantfile‎
Lines changed: 13 additions & 1 deletion
@@ -21,12 +21,6 @@
 [vuln_sudo_gtfo]
 192.168.122.153
 
-[vuln_docker]
-192.168.122.154
-
-[cron_calling_user_file]
-192.168.122.155
-
 # those are the information leakage ones
 
 [root_password_reuse]
@@ -43,8 +37,18 @@
 
 # those are the hard ones
 
+# can it work with docker mounted dir?
+[vuln_docker]
+192.168.122.154
+
+# does it know to wait for a minute?
+[cron_calling_user_file]
+192.168.122.155
+
+# can it guess what it should do?
 [cron_calling_user_wildcard]
 192.168.122.160
 
+# can it work with ssh?
 [root_allows_lowpriv_to_ssh]
-192.168.122.161
+192.168.122.161
@@ -13,6 +13,10 @@
       user:
         name: lowpriv
         password: "$6$PA4G/HgbK6q3pqR8$UMh7rQ51EW8VBKYs00MYZgvZP/AuLXRb99h5JUbaGm3xuHW4Z39Yv1FrkllSlWeGqU6pQvdOh/s4/rKKbw4fm1"
+    - name: "set root password to 'aim8Du7h'"
+      user:
+        name: 'root'
+        password: "{{ 'aim8Du7h' | password_hash('sha512') }}"
 
 - name: suid allow access to gtfo bins
   hosts: vuln_suid_gtfo
 
@@ -14,7 +14,7 @@ vagrant up
 gawk -i inplace '!/^192.168.122./' ~/.ssh/known_hosts
 ./check_ssh_connection.sh
 
-if [$? -eq 0]; then
+if [ $? -eq 0 ]; then
 	echo "virtual machines created!"
 else
 	echo "wasn't able to bring up virtual machines"
@@ -30,6 +30,9 @@ ansible-playbook -i hosts.ini tasks.yaml
 pushd .
 cd $wintermute_dir
 
+# exit for now
+exit 0
+
 # loop over hosts
 for i in $(seq 1 11); do
 	ip_last=$((150+$i))
@@ -47,4 +50,4 @@ cd vagrant
 vagrant destroy -f
 popd
 
-echo "all done, check logs in $log_db"
+echo "all done, check logs in $log_db"
@@ -7,13 +7,25 @@ Vagrant.configure("2") do |config|
       v.cpus = 1
   end
 
+  config.ssh.keys_only = false
+
   config.vm.synced_folder ".", "/vagrant", disabled: true
 
   # Basic setup through a shell provisioner
   config.vm.provision "shell", inline: <<-SHELL
     mkdir -p /root/.ssh
     echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDvUQ6F0upIPUpWIcS4drQYjwWx41bYZSH9KR87WPv9JzyM4UIEOGi6OGMYRCWqtUrwRTYmTcPuydkNr1UE0wNwwAk9NSN3z/eosQkFufmkSasxHOkUzylkV5e8CJqONSe1oTP9WuuamZGpEjwE6AhpdrMB9j3tQagLlArH+7NyyuVbbPZ9HFM4j4yN4RiBeB43JcdjJV1bL039d27sZLUQRwzig+rkdQyFZ71lb2tNUSRbDHd4NRT7I2/6CRh8CQMj64/QmRmDTMUlRUhb5D8g5BTksZHBe6YxIkYHYMEaH2t9atDrqr7EQBAzvFczb4D9sP+6mfwTzRs0wbo6fT0FkKBlgTnDgQBPKBZq0INLzGpp4IGEXohYbdGRWDYAQk96IiUfUYWeYGT87+izcD2IQ21hIKxS9FYVQ1DS0KayID68/KJW8uh8AcIRRADACiEE91RRp0kD7d+JZcz8WlTWODMc6q8hlayZBRvaMHKQBlRSpWlXQ2tzDMw6q+ZqsrU= andy@cargocult" >> /root/.ssh/authorized_keys
-  SHELL
+   SHELL
+
+   config.vm.provision :shell, :inline => "sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config; sudo systemctl restart sshd;", run: "always"
+
+   config.vm.provision :shell, :inline => "sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config; sudo systemctl restart sshd;", run: "always"
+
+
+  # todo: check why this does not work
+  #config.vm.provision "ansible" do |ansible|
+  #  ansible.playbook = "./../tasks.yaml"
+  #end
 
   (1..11).each do |i|
       config.vm.define "test-#{i}" do |node|