Differences

This shows you the differences between two versions of the page.

--- lab:stack_of_nucs:ansible_playbook_-_fah_removal [2023/05/03 18:12] – [Create a Task to Crack the Hashes] user
+++ lab:stack_of_nucs:ansible_playbook_-_fah_removal [2024/05/06 02:11] (current) – removed user
@@ Line 1: / Line 1: @@
-clie====== Ansible Playbook - FAH Removal ======
-In our previous step we [[ansible playbook - fah installation|set up FAH]] on our [[start|Stack of NUCs]].
-Now we are going to disable the service and uninstall it. In the last step there was an optional step to "finish folding". Bonus points for doing this.
-Purpose:
-  * Demonstrate stopping and removing an installed service workload
-====== Step 1 - Connect to the Ansible Control Node ======
-From [[NUC 1]], log in to the Ansible control node, [[NUC 2]].
-====== Step 2 - Create the Playbook ======
-Create the file /home/ansible/my-project/fah/removefah.yml
-<file yaml removefah.yml>
----
-- hosts: all
-  become: true
-  become_user: root
-  tasks:
-    - name: Stop and disable FAHClient.service
-      ansible.builtin.service:
-        name: FAHClient.service
-        state: stopped
-        enabled: false
-    - name: Remove fahclient package
-      apt:
-        name: fahclient
-        state: absent
-        clean: true
-        purge: true
-    - name: Reboot
-      reboot:
-</file>
-====== Step 3 - Test the Playbook ======
-''ansible-playbook removefah.yml''
-====== Next Step ======
-Now that we have removed the CPU-hungry FAH service, we go next to [[Ansible Playbeook - Install Kubernetes|installing Kubernetes]].
-====== Optional ======
-Cyber security students may want to deploy hashtopolis in the Lab. This deploys a distributed hashcat cluster for brute forcing password hashes.
-===== Hashtopolis =====
-References:
-  * [[https://jakewnuk.com/posts/hashtopolis-infrastructure/]]
-  * [[https://github.com/peterezzo/hashtopolis-docker]]
-There are two pieces to set up:
-  * server - central server distributes the keyspace of a task, aggregates jobs, and collects results in MySQL database
-    * communicates over HTTPS with client machines
-    * passes over files, binaries and task commands
-  * agents - act on the commands, execute the hash cracking application, and report "founds" to the server
-==== Start a Folder for hashtopolis ====
-  - Log in to the Ansible control node ([[NUC 2]])
-  - Create directory ''/home/ansible/my-project/hashtopolis'' and change to it
-    * ''mkdir hashtopolis''
-    * ''cd hashtopolis''
-  - Create the inventory, putting one of the worker nodes in the ''[server]'' section and the rest in the ''[agents]'' section
-    * ''/home/ansible/my-project/hashtopolis/inventory''
-    * <file yaml inventory>
-[all:vars]
-ansible_python_interpreter=/usr/bin/python3
-ansible_user='ansible'
-ansible_become=true
-ansible_become_method=sudo
-[server]
-[agents]
-</file>
-  - Create the ''ansible.cfg'' file
-    * ''/home/ansible/my-project/hashtopolis/ansible.cfg''
-    * <file yaml ansible.cfg>
-[defaults]
-inventory = inventory
-</file>
-==== Server Setup ====
-Server runs on a LAMP stack
-<file yaml testing-server-build.yml>
----
-- hosts: server
-  become: true
-  vars:
-    mysql_root_password: "my_sql_root_password"
-    app_user: "ansible"
-    http_host: "hashtopolis"
-    http_conf: "hashtopolis.conf"
-    http_port: "80"
-    disable_default: true
-    hashtopolis_password: "my_hashtopolis_password"
-  tasks:
-    - name: Install prerequisites
-      apt:
-        pkg:
-          - aptitude
-          - git
-          - phpmyadmin
-    # Apache Configuration
-    - name: Install LAMP Packages
-      apt:
-        pkg:
-          - apache2
-          - mysql-server
-          - python3-pymysql
-          - php
-          - php-pear
-          - php-mysql
-          - libapache2-mod-php
-    - name: Create document root
-      file:
-        path: "/var/www/{{ http_host }}"
-        state: directory
-        owner: "{{ app_user }}"
-        mode: '0755'
-    - name: Set up Apache virtualhost
-      template:
-        src: "apache.conf.j2"
-        dest: "/etc/apache2/sites-available/{{ http_conf }}"
-      notify: Reload Apache
-    - name: Enable new site
-      shell: /usr/sbin/a2ensite {{ http_conf }}
-      notify: Reload Apache
-    - name: Disable default Apache site
-      shell: /usr/sbin/a2dissite 000-default.conf
-      when: disable_default
-      notify: Reload Apache
-    # MySQL Configuration
-    - name: start and enable mysql service
-      service:
-        name: mysql
-        state: started
-        enabled: yes
-    - name: manage MySQL root password
-      become: true
-      mysql_user:
-        login_user: root
-        login_password: "{{ mysql_root_password }}"
-        name: root
-        password: "{{ mysql_root_password }}"
-        check_implicit_admin: true
-    - name: Sets the hashtopolis password
-      mysql_user:
-        name: hashtopolis
-        password: "{{ hashtopolis_password }}"
-        priv: "*.*:ALL"
-        login_user: root
-        login_password: "{{ mysql_root_password }}"
-        state: present
-    - name: Removes all anonymous user accounts
-      mysql_user:
-        name: ''
-        host_all: true
-        state: absent
-        login_user: root
-        login_password: "{{ mysql_root_password }}"
-    - name: Removes the MySQL test database
-      mysql_db:
-        name: test
-        state: absent
-        login_user: root
-        login_password: "{{ mysql_root_password }}"
-    - name: Create new databases
-      mysql_db:
-        name:
-          - hashtopolis
-        state: present
-        login_user: root
-        login_password: "{{ mysql_root_password }}"
-    # UFW Configuration
-    - name: "UFW - Allow HTTP on port {{ http_port }}"
-      ufw:
-        rule: allow
-        port: "{{ http_port }}"
-        proto: tcp
-    # PHP Info Page
-    - name: Sets Up PHP Info Page
-      template:
-        src: "info.php.j2"
-        dest: "/var/www/{{ http_host }}/info.php"
-    - name: Clone a github repository
-      git:
-        repo: https://github.com/s3inlc/hashtopolis.git
-        dest: /home/ansible/repos/
-        clone: true
-        update: true
-    - name: copy hastopolis/src/* to /var/www/hashtopolis
-      copy:
-        src: /home/ansible/repos/src/
-        dest: "/var/www/{{ http_host }}/"
-        remote_src: true
-        owner: www-data
-        group: www-data
-    # - name: chown -R www-data:www-data /var/www/hashtopolis
-    # - name: php.ini tweaking
-  handlers:
-    - name: Reload Apache
-      service:
-        name: apache2
-        state: reloaded
-    - name: Restart Apache
-      service:
-        name: apache2
-        state: restarted
-</file>
-  - Configure the server using the Web UI
-    * open web browser and point to the server's IP address
-    * complete the installation gui to configure the server
-      * server hostname: localhost
-      * server port: 3306
-      * mysql user: hashtopolis
-      * mysql password: my_hastopolis_password
-      * database name: hashtopolis
-    * create a login account when prompted
-  - After configuration is complete, remove the install directory.
-     * <file yaml remove-hashtopolis-installer.yml>
----
-- hosts: server
-  become: true
-  vars:
-    http_host: "hashtopolis"
-  tasks:
-    - name: Remove install directory
-      file:
-        path: "/var/www/{{ http_host }}/install"
-        state: "absent"
-</file>
-  - Log in and create enough vouches for all your worker nodes
-    * Click Agents > New
-    * Under Vouchers, and next to the New voucher button, click Create
-    * Repeat to generate vouchers for all your workers
-    * Save these voucher codes to ''vouchers.txt''
-  - Click Files, then the Wordlists Tab
-    * Click Add File, the upload a list of passwords to use for cracking
-      * Use [[https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-100000.txt]] to start with
-==== Agent Setup ====
-  - Create a text file with the list of voucher codes: ''/home/ansible/my-project/hashtopolis/vouchers.txt''. Replace the example voucher codes with your actual codes.
-    * <file text vouchers.txt>
-A3wwdhU2
-Yznktilt
-</file>
-  - Create a j2 template for the agent configuration file
-    * <file json config.json.j2>
-{
-  "files-path": "/home/ansible/files",
-  "crackers-path": "/home/ansible/crackers",
-  "hashlists-path": "/home/ansible/hashlists",
-  "zaps-path": "/home/ansible",
-  "preprocessors-path": "/home/ansible/preprocessors",
-  "url": "http://{{ server_ip }}/api/server.php",
-  "voucher": "{{ vouchers[play_hosts.index(inventory_hostname)]}}",
-  "token": "",
-  "uuid": ""
-}
-</file>
-  - Create unit file for the new hashtopolis-agent service
-    * <file systemd hashtopolis-agent.service>
-[Unit]
-Description=Hashtopolis Agent
-After=network.target
-[Service]
-Type=simple
-ExecStart=/usr/bin/python3 /home/ansible/hashtopolis.zip
-Restart=on-failure
-StandardOutput=syslog
-StandardError=syslog
-SyslogIdentifier=hashtopolis-client
-WorkingDirectory=/home/ansible
-[Install]
-WantedBy=multi-user.target
-</file>
-  - Create playbook to install the agent
-    * <file yaml hashtopolis-agent.yml>
----
-- hosts: server
-- hosts: agents
-  become: true
-  vars:
-    server_ip: "{{groups['server'].0}}"
-    vouchers: "{{ lookup('file', '/home/ansible/my-project/hashtopolis/vouchers.txt').splitlines() }}"
-  tasks:
-    - name: Install prerequisites
-      apt:
-        pkg:
-          - zip
-          - git
-          - python3
-          - python3-psutil
-          - python3-requests
-          - pciutils
-          - curl
-    - name: Pull agent
-      get_url:
-        url: "http://{{ server_ip }}/agents.php?download=1"
-        dest: /home/ansible/
-    - name: Create config file
-      template:
-        src: "/home/ansible/my-project/hashtopolis/config.json.j2"
-        dest: "/home/ansible/config.json"
-    - name: Create systemd unit file
-      copy:
-        src: /home/ansible/my-project/hashtopolis/hashtopolis-agent.service
-        dest: /etc/systemd/system
-        owner: root
-        mode: 644
-    - name: Reload systemd
-      command: systemctl daemon-reload
-      sudo: yes
-    - name: Start hashtopolis-agent service
-      systemd:
-        name: hashtopolis-agent
-        enabled: true
-        state: started
-</file>
-==== Confirm Agents are Up and Running ====
-  - Check the services using a playbook
-    * <file yaml check-agent-service.yml>
----
-- hosts: agents
-  tasks:
-    - name: Get Service Status
-      ansible.builtin.systemd:
-        name: "hashtopolis-agent"
-      register: hta_service_status
-    - debug:
-        var: hta_service_status.status.ActiveState
-</file>
-  - Log in to the Hashtopolis dashboard and view the agents
-==== Add Dictionary of Passwords to Try ====
-  - Click Files, then the Wordlists Tab
-    * Click Add File, the upload a list of passwords to use for cracking
-      * Use [[https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-100000.txt]] to start with
-==== Create Sample md5 Password Hashes ====
-md5sum
-==== Create a Task to Crack the Hashes ====
-to do
-I chose a hash from /etc/shadow, type 1800. ([[https://hashcat.net/wiki/doku.php?id=example_hashes]]) Unix passwords.