MITRE
Caldera
cheat sheet

Below is a boots-on-the-ground cheat sheet for CS4501 A.I. in Cybersecurity to help with completion of the MITRE Caldera User Certificate. Watch out for odd-numbered packets.

Updates

10-17-2023:
If you are having issues getting the “Add New User” flag to work, you can edit conf/default.yml INSTEAD OF conf/local.yml.

10-18-2023:
New tunneling command for manx agent plugin compatibility, see prep section with new tunnel command

PREP

Here are some helpful links if you want to make this assignment easier with a little more work up front. Mastering these tasks will make this assignment easier (and teach you stuff that you can use beyond the assignment), but requires extra work and is not required.

TABBY: Terminal Multiplexer for the modern age (ITS SO GOOD) => https://tabby.sh/

MITRE Caldera GUI Tunnel: Here is a command to run a tunnel to the dada caldera server (10-18: updated for Manx Plugin)

ssh -N -L 8888:<caldera server ip>:8888 -L 7010:<caldera server ip>:7010 -L 7011:<caldera server ip>:7011 -L 7012:<caldera server ip>:7012 <username>@dada.cs.virginia.edu

OR WITH SSH CONFIG

ssh -N -L 8888:<caldera server ip>:8888 -L 7010:<caldera server ip>:7010 -L 7011:<caldera server ip>:7011 -L 7012:<caldera server ip>:7012 dada

OR IF YOU ARE OFF CAMPUS/NOT ON UVA WIFI

ssh -N -L ssh -N -L 8888:<caldera server ip>:8888 -L 7010:<caldera server ip>:7010 -L 7011:<caldera server ip>:7011 -L 7012:<caldera server ip>:7012 -J <username>@portal.cs.virginia.edu <username>@dada.cs.virginia.edu

SSH CONFIG: Configuration file for making multiple connections easier => Digital Ocean Explanation

EXAMPLE CONFIG PROVIDED BELOW:

#   ▄████████  ▄██████▄  ███▄▄▄▄      ▄████████  ▄█     ▄██████▄  ▄██   ▄   
#  ███    ███ ███    ███ ███▀▀▀██▄   ███    ███ ███    ███    ███ ███   ██▄ 
#  ███    █▀  ███    ███ ███   ███   ███    █▀  ███▌   ███    █▀  ███▄▄▄███ 
#  ███        ███    ███ ███   ███  ▄███▄▄▄     ███▌  ▄███        ▀▀▀▀▀▀███ 
#  ███        ███    ███ ███   ███ ▀▀███▀▀▀     ███▌ ▀▀███ ████▄  ▄██   ███ 
#  ███    █▄  ███    ███ ███   ███   ███        ███    ███    ███ ███   ███ 
#  ███    ███ ███    ███ ███   ███   ███        ███    ███    ███ ███   ███ 
#  ████████▀   ▀██████▀   ▀█   █▀    ███        █▀     ████████▀   ▀█████▀  
                                                                         
# ************************* LEVEL 1 JUMPS ************************* #
Host CSPORTAL 
    User <your Username here> 
    HostName portal03.cs.virginia.edu 
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa


# ***************************************************************** #
# ************************* LEVEL 2 JUMPS ************************* # 
Host dada 
    User <your Username here> 
    HostName dada.cs.virginia.edu
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa
    ProxyJump CSPORTAL
    ServerAliveInterval 120

# ***************************************************************** #
# ***************************************************************** #
# ************************* LEVEL 3 JUMPS ************************* # 

Host dada_caldera_server
    HostName <ipaddress here>
    User ubuntu
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa
    ProxyJump dada
    ServerAliveInterval 120
    StrictHostKeyChecking no

OP.St.
VM
CONFIG

CREATE TWO VM’s in openstack

  1. Make a single server using Ubuntu 22.04 Jammy for your MITRE Caldera host

  2. The second server can be whatever you wish it to be. If you feel like going for extra hacker koolness, try a different OS like CentOS 9

  3. The third server can be whatever you wish it to be. This has been tested with Ubuntu 22.04 Jammy VM for the remote agent and operation execution

NOTE: This is a picture of the Openstack GUI. If you choose to do this via command line, create an instance using the below command:

openstack server create --image <name of image> --flavor m1.small --key-name <yourkeypair> --network ext_net --security-group Allow_SSH <nameofvm>

CALDERA
SERVER
CONFIG

CLONE Caldera repo using - -recursive

Make sure to clone the mitre caldera server using the recursive command, that way you not only download the caldera server but the plugins as well.

git clone https://github.com/mitre/caldera.git --recursive

PATCH CALDERA REMOTE AGENT FLAG

The second flag of the user certificate requires a different operating system, which you may not have access to. In order to fix this, apply the following file at the specified path:

PATH: caldera/plugins/training/app/flags/agents/

DOWNLOAD FILE: flag_1.py

Install requirements and pip

Run a system wide update using the below command:

sudo apt-get update && sudo apt-get upgrade -y

Install pip in case it is not present:

sudo apt-get install python3-pip

PERSISTENT CALDERA SERVER

You may wish to use screen to make your MITRE Caldera server persistent even after you close your terminal session. You can do this by launching a screen session utilizing the command:

screen -r ####.caldera_server

screen -S caldera_server

You can resume your session after closing out the screen session by listing the available sessions with:

screen -ls

CALDERA OPenssl error

If you run into the following error when trying to launch the caldera server, you may need to upgrade python3’s openssl package using the following command:

python3 -m pip install -U pyopenssl cryptography

install golanG

Caldera relies on Golang, make sure it is installed on your system with the following commands:

wget https://go.dev/dl/go1.21.1.linux-amd64.tar.gz

sudo bash -c "rm -rf /usr/local/go && tar -C /usr/local -xzvf go1.21.1.linux-amd64.tar.gz"

echo "export PATH=$PATH:/usr/local/go/bin" >> ~/.bashrc

source ~/.bashrc

go version

CD into the Caldera directory and install the requirements:

cd caldera

python3 -m pip install -r requirements.txt

USER CERT

Submit your completed scoreboard.