UncleNUC Wiki

Second chance for NUCs

User Tools

Site Tools

Trace:
lab:stack_of_nucs:ansible_playbook_-_fah_removal

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
lab:stack_of_nucs:ansible_playbook_-_fah_removal [2023/05/03 18:03] – [Start a Folder for hashtopolis] userlab:stack_of_nucs:ansible_playbook_-_fah_removal [2024/05/06 02:11] (current) – removed user
Line 1: Line 1:
-clie====== Ansible Playbook - FAH Removal ====== 
-In our previous step we [[ansible playbook - fah installation|set up FAH]] on our [[start|Stack of NUCs]]. 
  
-Now we are going to disable the service and uninstall it. In the last step there was an optional step to "finish folding". Bonus points for doing this. 
- 
-Purpose: 
-  * Demonstrate stopping and removing an installed service workload 
- 
-====== Step 1 - Connect to the Ansible Control Node ====== 
-From [[NUC 1]], log in to the Ansible control node, [[NUC 2]]. 
- 
-====== Step 2 - Create the Playbook ====== 
-Create the file /home/ansible/my-project/fah/removefah.yml 
- 
-<file yaml removefah.yml> 
---- 
-- hosts: all 
-  become: true 
-  become_user: root 
-  tasks: 
-    - name: Stop and disable FAHClient.service 
-      ansible.builtin.service: 
-        name: FAHClient.service 
-        state: stopped 
-        enabled: false 
-    - name: Remove fahclient package 
-      apt: 
-        name: fahclient 
-        state: absent 
-        clean: true 
-        purge: true 
-    - name: Reboot 
-      reboot: 
-</file> 
-====== Step 3 - Test the Playbook ====== 
-''ansible-playbook removefah.yml'' 
- 
-====== Next Step ====== 
-Now that we have removed the CPU-hungry FAH service, we go next to [[Ansible Playbeook - Install Kubernetes|installing Kubernetes]]. 
- 
-====== Optional ====== 
-Cyber security students may want to deploy hashtopolis in the Lab. This deploys a distributed hashcat cluster for brute forcing password hashes. 
- 
-===== Hashtopolis ===== 
-References: 
-  * [[https://jakewnuk.com/posts/hashtopolis-infrastructure/]] 
-  * [[https://github.com/peterezzo/hashtopolis-docker]] 
- 
-There are two pieces to set up: 
-  * server - central server distributes the keyspace of a task, aggregates jobs, and collects results in MySQL database 
-    * communicates over HTTPS with client machines 
-    * passes over files, binaries and task commands 
-  * agents - act on the commands, execute the hash cracking application, and report "founds" to the server 
- 
-==== Start a Folder for hashtopolis ==== 
-  - Log in to the Ansible control node ([[NUC 2]])  
-  - Create directory ''/home/ansible/my-project/hashtopolis'' and change to it 
-    * ''mkdir hashtopolis'' 
-    * ''cd hashtopolis'' 
-  - Create the inventory, putting one of the worker nodes in the ''[server]'' section and the rest in the ''[agents]'' section 
-    * ''/home/ansible/my-project/hashtopolis/inventory'' 
-    * <file yaml inventory> 
-[all:vars] 
-ansible_python_interpreter=/usr/bin/python3 
-ansible_user='ansible' 
-ansible_become=true 
-ansible_become_method=sudo 
-[server] 
- 
-[agents] 
-</file> 
-  - Create the ''ansible.cfg'' file 
-    * ''/home/ansible/my-project/hashtopolis/ansible.cfg'' 
-    * <file yaml ansible.cfg> 
-[defaults] 
-inventory = inventory 
-</file> 
- 
-==== Server Setup ==== 
-Server runs on a LAMP stack 
- 
-<file yaml testing-server-build.yml> 
---- 
-- hosts: server 
-  become: true 
-  vars: 
-    mysql_root_password: "my_sql_root_password" 
-    app_user: "ansible" 
-    http_host: "hashtopolis" 
-    http_conf: "hashtopolis.conf" 
-    http_port: "80" 
-    disable_default: true 
-    hashtopolis_password: "my_hastopolis_password" 
-  tasks: 
-    - name: Install prerequisites 
-      apt: 
-        pkg: 
-          - aptitude 
-          - git 
-          - phpmyadmin 
- 
-    # Apache Configuration 
-    - name: Install LAMP Packages 
-      apt: 
-        pkg: 
-          - apache2 
-          - mysql-server 
-          - python3-pymysql 
-          - php 
-          - php-pear 
-          - php-mysql 
-          - libapache2-mod-php 
- 
-    - name: Create document root 
-      file: 
-        path: "/var/www/{{ http_host }}" 
-        state: directory 
-        owner: "{{ app_user }}" 
-        mode: '0755' 
- 
-    - name: Set up Apache virtualhost 
-      template: 
-        src: "apache.conf.j2" 
-        dest: "/etc/apache2/sites-available/{{ http_conf }}" 
-      notify: Reload Apache 
- 
-    - name: Enable new site 
-      shell: /usr/sbin/a2ensite {{ http_conf }} 
-      notify: Reload Apache 
- 
-    - name: Disable default Apache site 
-      shell: /usr/sbin/a2dissite 000-default.conf 
-      when: disable_default 
-      notify: Reload Apache 
-    # MySQL Configuration 
-    - name: start and enable mysql service 
-      service: 
-        name: mysql 
-        state: started 
-        enabled: yes 
-    - name: manage MySQL root password 
-      become: true 
-      mysql_user: 
-        login_user: root 
-        login_password: "{{ mysql_root_password }}" 
-        name: root 
-        password: "{{ mysql_root_password }}" 
-        check_implicit_admin: true 
-    - name: Sets the hashtopolis password 
-      mysql_user: 
-        name: hashtopolis 
-        password: "{{ hashtopolis_password }}" 
-        priv: "*.*:ALL" 
-        login_user: root 
-        login_password: "{{ mysql_root_password }}" 
-        state: present 
-    - name: Removes all anonymous user accounts 
-      mysql_user: 
-        name: '' 
-        host_all: true 
-        state: absent 
-        login_user: root 
-        login_password: "{{ mysql_root_password }}" 
-    - name: Removes the MySQL test database 
-      mysql_db: 
-        name: test 
-        state: absent 
-        login_user: root 
-        login_password: "{{ mysql_root_password }}" 
-    - name: Create new databases 
-      mysql_db: 
-        name: 
-          - hashtopolis 
-        state: present 
-        login_user: root 
-        login_password: "{{ mysql_root_password }}" 
- 
-    # UFW Configuration 
-    - name: "UFW - Allow HTTP on port {{ http_port }}" 
-      ufw: 
-        rule: allow 
-        port: "{{ http_port }}" 
-        proto: tcp 
- 
-    # PHP Info Page 
-    - name: Sets Up PHP Info Page 
-      template: 
-        src: "info.php.j2" 
-        dest: "/var/www/{{ http_host }}/info.php" 
- 
-    - name: Clone a github repository 
-      git: 
-        repo: https://github.com/s3inlc/hashtopolis.git 
-        dest: /home/ansible/repos/ 
-        clone: true 
-        update: true 
-    - name: copy hastopolis/src/* to /var/www/hashtopolis 
-      copy: 
-        src: /home/ansible/repos/src/ 
-        dest: "/var/www/{{ http_host }}/" 
-        remote_src: true 
-        owner: www-data 
-        group: www-data 
-    # - name: chown -R www-data:www-data /var/www/hashtopolis 
-    # - name: php.ini tweaking 
- 
-  handlers: 
-    - name: Reload Apache 
-      service: 
-        name: apache2 
-        state: reloaded 
- 
-    - name: Restart Apache 
-      service: 
-        name: apache2 
-        state: restarted 
-</file> 
-  - Configure the server using the Web UI 
-    * open web browser and point to the server's IP address 
-    * complete the installation gui to configure the server 
-      * server hostname: localhost 
-      * server port: 3306 
-      * mysql user: hashtopolis 
-      * mysql password: my_hastopolis_password 
-      * database name: hashtopolis 
-    * create a login account when prompted 
-  - After configuration is complete, remove the install directory. 
-     * <file yaml remove-hashtopolis-installer.yml> 
---- 
-- hosts: server 
-  become: true 
-  vars: 
-    http_host: "hashtopolis" 
-  tasks: 
-    - name: Remove install directory 
-      file: 
-        path: "/var/www/{{ http_host }}/install" 
-        state: "absent" 
-</file> 
-  - Log in and create enough vouches for all your worker nodes 
-    * Click Agents > New 
-    * Under Vouchers, and next to the New voucher button, click Create 
-    * Repeat to generate vouchers for all your workers 
-    * Save these voucher codes to ''vouchers.txt'' 
-  - Click Files, then the Wordlists Tab 
-    * Click Add File, the upload a list of passwords to use for cracking 
-      * Use [[https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-100000.txt]] to start with 
- 
-==== Agent Setup ==== 
-  - Create a text file with the list of voucher codes: ''/home/ansible/my-project/hashtopolis/vouchers.txt''. Replace the example voucher codes with your actual codes. 
-    * <file text vouchers.txt> 
-A3wwdhU2 
-Yznktilt 
-</file> 
-  - Create a j2 template for the agent configuration file 
-    * <file json config.json.j2> 
-{ 
-  "files-path": "/home/ansible/files", 
-  "crackers-path": "/home/ansible/crackers", 
-  "hashlists-path": "/home/ansible/hashlists", 
-  "zaps-path": "/home/ansible", 
-  "preprocessors-path": "/home/ansible/preprocessors", 
-  "url": "http://{{ server_ip }}/api/server.php", 
-  "voucher": "{{ vouchers[play_hosts.index(inventory_hostname)]}}", 
-  "token": "", 
-  "uuid": "" 
-} 
-</file> 
-  - Create unit file for the new hashtopolis-agent service 
-    * <file systemd hashtopolis-agent.service> 
-[Unit] 
-Description=Hashtopolis Agent 
-After=network.target 
- 
-[Service] 
-Type=simple 
-ExecStart=/usr/bin/python3 /home/ansible/hashtopolis.zip 
-Restart=on-failure 
-StandardOutput=syslog 
-StandardError=syslog 
-SyslogIdentifier=hashtopolis-client 
-WorkingDirectory=/home/ansible 
- 
-[Install] 
-WantedBy=multi-user.target 
-</file> 
-  - Create playbook to install the agent 
-    * <file yaml hashtopolis-agent.yml> 
---- 
-- hosts: server 
-- hosts: agents 
-  become: true 
-  vars: 
-    server_ip: "{{groups['server'].0}}" 
-    vouchers: "{{ lookup('file', '/home/ansible/my-project/hashtopolis/vouchers.txt').splitlines() }}" 
-  tasks: 
-    - name: Install prerequisites 
-      apt: 
-        pkg: 
-          - zip 
-          - git 
-          - python3 
-          - python3-psutil 
-          - python3-requests 
-          - pciutils 
-          - curl 
-    - name: Pull agent 
-      get_url: 
-        url: "http://{{ server_ip }}/agents.php?download=1" 
-        dest: /home/ansible/ 
-    - name: Create config file 
-      template: 
-        src: "/home/ansible/my-project/hashtopolis/config.json.j2" 
-        dest: "/home/ansible/config.json" 
-    - name: Create systemd unit file 
-      copy: 
-        src: /home/ansible/my-project/hashtopolis/hashtopolis-agent.service 
-        dest: /etc/systemd/system 
-        owner: root 
-        mode: 644 
-    - name: Reload systemd 
-      command: systemctl daemon-reload 
-      sudo: yes 
-    - name: Start hashtopolis-agent service 
-      systemd: 
-        name: hashtopolis-agent 
-        enabled: true 
-        state: started 
-</file> 
- 
-==== Confirm Agents are Up and Running ==== 
- 
-<file yaml check-agent-service.yml> 
---- 
-- hosts: agents 
-  tasks: 
-    - name: Get Service Status 
-      ansible.builtin.systemd: 
-        name: "hashtopolis-agent" 
-      register: hta_service_status 
-    - debug: 
-        var: hta_service_status.status.ActiveState 
-</file> 
- 
-If you make change to the service file and re-run the playbook 
- 
- 
-Not sure if this method of applying vouchers will work. 
- 
-I chose a hash from /etc/shadow, type 1800. ([[https://hashcat.net/wiki/doku.php?id=example_hashes]]) 
- 
-==== Create Sample md5 Password Hashes ==== 
- 
-md5sum 
- 
-==== Create a Task to Crack the Hashes ==== 
- 
-to do 
lab/stack_of_nucs/ansible_playbook_-_fah_removal.1683136984.txt.gz · Last modified: 2023/05/03 18:03 by user