splunk / attack_range_local Goto Github PK

This was reported by Kelby Shelton

kelby@kelby:~/attack_range_local-master$ python3 attack_range_local.py -a simulate -st T1003.001 -t attack-range-windows-domain-controller
starting program loaded for B1 battle droid
          ||/__'`.
          |//()'-.:
          |-.||
          |o(o)
          |||\\  .==._
          |||(o)==::'
           `|T  ""
            ()
            |\
            ||\
            ()()
            ||//
            |//
           .'=`=.
attack_range is using config at path attack_range_local.conf
2020-09-11 09:09:01,702 - INFO - attack_range - INIT - attack_range v1
Traceback (most recent call last):
  File "attack_range_local.py", line 119, in <module>
    controller.simulate(target, simulation_techniques, simulation_atomics)
  File "/home/kelby/attack_range_local-master/modules/VagrantController.py", line 97, in simulate
    runner = ansible_runner.run(private_data_dir='../attack_range_local/',
  File "/home/kelby/.local/lib/python3.8/site-packages/ansible_runner/interface.py", line 177, in run
    r = init_runner(**kwargs)
  File "/home/kelby/.local/lib/python3.8/site-packages/ansible_runner/interface.py", line 43, in init_runner
    dump_artifacts(kwargs)
  File "/home/kelby/.local/lib/python3.8/site-packages/ansible_runner/utils.py", line 155, in dump_artifacts
    raise ValueError('private_data_dir path is either invalid or does not exist')
ValueError: private_data_dir path is either invalid or does not exist

The parent folder was named attack_range_local-master but the VagrantController is looking for attack_range_local

Hi

I have Ubuntu 18.04 installed, dl the files and I'm trying to run "python attack_range_local.py -a build".

Here is the error I am getting:

"Traceback (most recent call last):
File "attack_range_local.py", line 4, in
from modules import logger
ImportError: No module named modules"

I've tried different deployment variations of Attack Range Local, and it seems Elevated agents in Caldera keeps on failing.

VM setups I've tried:

• Ubuntu 20.04 Physical Host, with Attack Range installed directly on it using Virtualbox.
• Windows 10 Host Physical Host, with a Ubuntu 18.04 Guest running in VMware on which Attack Range local is then installed using Virtualbox.

I've tried different windows hosts, and have deleted rebuilt etc a few times.

Everything else works as expected. I.e. Splunk, Caldera in general etc, but Elevated agents show up, and then goes offline after a while.

If an operation is run while an Elevated agent is still live, it shows a red cross in the Operations tab for that agents job, and the message "Internal Server Error".

Operations using User level agents runs as expected.

I'm not sure though if this is due to the local Attack Range variant, or if this is a Caldera issue?

Building the Windows Server fails on Ubuntu 18.04. Error message bellow:

PLAY RECAP *********************************************************************
attack-range-windows-domain-controller : ok=52 changed=45 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

==> attack-range-windows-server: Importing base box 'd1vious/windows2016'...
==> attack-range-windows-server: Matching MAC address for NAT networking...
==> attack-range-windows-server: Checking if box 'd1vious/windows2016' is up to date...
==> attack-range-windows-server: Setting the name of the VM: attack-range-windows-server
==> attack-range-windows-server: Fixed port collision for 3389 => 3389. Now on port 2201.
==> attack-range-windows-server: Fixed port collision for 22 => 2200. Now on port 2202.
==> attack-range-windows-server: Fixed port collision for 5985 => 55985. Now on port 2203.
==> attack-range-windows-server: Fixed port collision for 5986 => 55986. Now on port 2204.
==> attack-range-windows-server: Clearing any previously set network interfaces...
==> attack-range-windows-server: Preparing network interfaces based on configuration...
attack-range-windows-server: Adapter 1: nat
attack-range-windows-server: Adapter 2: hostonly
==> attack-range-windows-server: Forwarding ports...
attack-range-windows-server: 3389 (guest) => 2201 (host) (adapter 1)
attack-range-windows-server: 22 (guest) => 2202 (host) (adapter 1)
attack-range-windows-server: 5985 (guest) => 6001 (host) (adapter 1)
attack-range-windows-server: 5985 (guest) => 2203 (host) (adapter 1)
attack-range-windows-server: 5986 (guest) => 2204 (host) (adapter 1)
==> attack-range-windows-server: Running 'pre-boot' VM customizations...
==> attack-range-windows-server: Booting VM...
==> attack-range-windows-server: Waiting for machine to boot. This may take a few minutes...
attack-range-windows-server: WinRM address: 127.0.0.1:6001
attack-range-windows-server: WinRM username: vagrant
attack-range-windows-server: WinRM execution_time_limit: PT2H
attack-range-windows-server: WinRM transport: plaintext
#<Thread:0x000055a1d44c6758@/var/lib/gems/2.5.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:471 run> terminated with exception (report_on_exception is true):
Traceback (most recent call last):
21: from /var/lib/gems/2.5.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in block in create_with_logging_context' 20: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/action/builtin/wait_for_communicator.rb:16:in block in call'
19: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:31:in wait_for_ready' 18: from /usr/lib/ruby/2.5.0/timeout.rb:108:in timeout'
17: from /usr/lib/ruby/2.5.0/timeout.rb:33:in catch' 16: from /usr/lib/ruby/2.5.0/timeout.rb:33:in catch'
15: from /usr/lib/ruby/2.5.0/timeout.rb:33:in block in catch' 14: from /usr/lib/ruby/2.5.0/timeout.rb:93:in block in timeout'
13: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:57:in block in wait_for_ready' 12: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:106:in ready?'
11: from /usr/lib/ruby/2.5.0/timeout.rb:108:in timeout' 10: from /usr/lib/ruby/2.5.0/timeout.rb:33:in catch'
9: from /usr/lib/ruby/2.5.0/timeout.rb:33:in catch' 8: from /usr/lib/ruby/2.5.0/timeout.rb:33:in block in catch'
7: from /usr/lib/ruby/2.5.0/timeout.rb:93:in block in timeout' 6: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:107:in block in ready?'
5: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:66:in cmd' 4: from /var/lib/gems/2.5.0/gems/winrm-2.3.5/lib/winrm/connection.rb:42:in shell'
3: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:67:in block in cmd' 2: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:111:in execute_with_rescue'
1: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:114:in rescue in execute_with_rescue' /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:172:in raise_winrm_exception': An error occurred executing a remote WinRM command. (VagrantPlugins::CommunicatorWinRM::Errors::ExecutionError)

Shell: Cmd
Command: hostname
Message: [WSMAN ERROR CODE: 2147942421]: <f:WSManFault Code='2147942421' Machine='127.0.0.1' xmlns:f='http://schemas.microsoft.com/wbem/wsman/1/wsmanfault'><f:Message><f:ProviderFault path='%systemroot%\system32\winrscmd.dll' provider='Shell cmd plugin'>The device is not ready. </f:ProviderFault></f:Message></f:WSManFault>
#<Thread:0x000055a1d463abc0@/var/lib/gems/2.5.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:471 run> terminated with exception (report_on_exception is true):
Traceback (most recent call last):
21: from /var/lib/gems/2.5.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in block in create_with_logging_context' 20: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/action/builtin/wait_for_communicator.rb:16:in block in call'
19: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:31:in wait_for_ready' 18: from /usr/lib/ruby/2.5.0/timeout.rb:108:in timeout'
17: from /usr/lib/ruby/2.5.0/timeout.rb:33:in catch' 16: from /usr/lib/ruby/2.5.0/timeout.rb:33:in catch'
15: from /usr/lib/ruby/2.5.0/timeout.rb:33:in block in catch' 14: from /usr/lib/ruby/2.5.0/timeout.rb:93:in block in timeout'
13: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:57:in block in wait_for_ready' 12: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:106:in ready?'
11: from /usr/lib/ruby/2.5.0/timeout.rb:108:in timeout' 10: from /usr/lib/ruby/2.5.0/timeout.rb:33:in catch'
9: from /usr/lib/ruby/2.5.0/timeout.rb:33:in catch' 8: from /usr/lib/ruby/2.5.0/timeout.rb:33:in block in catch'
7: from /usr/lib/ruby/2.5.0/timeout.rb:93:in block in timeout' 6: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:107:in block in ready?'
5: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:66:in cmd' 4: from /var/lib/gems/2.5.0/gems/winrm-2.3.5/lib/winrm/connection.rb:42:in shell'
3: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:67:in block in cmd' 2: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:111:in execute_with_rescue'
1: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:114:in rescue in execute_with_rescue' /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:172:in raise_winrm_exception': An error occurred executing a remote WinRM command. (VagrantPlugins::CommunicatorWinRM::Errors::ExecutionError)

Shell: Cmd
Command: hostname
Message: [WSMAN ERROR CODE: 2147942421]: <f:WSManFault Code='2147942421' Machine='127.0.0.1' xmlns:f='http://schemas.microsoft.com/wbem/wsman/1/wsmanfault'><f:Message><f:ProviderFault path='%systemroot%\system32\winrscmd.dll' provider='Shell cmd plugin'>The device is not ready. </f:ProviderFault></f:Message></f:WSManFault>
An error occurred executing a remote WinRM command.

Shell: Cmd
Command: hostname
Message: [WSMAN ERROR CODE: 2147942421]: <f:WSManFault Code='2147942421' Machine='127.0.0.1' xmlns:f='http://schemas.microsoft.com/wbem/wsman/1/wsmanfault'><f:Message><f:ProviderFault path='%systemroot%\system32\winrscmd.dll' provider='Shell cmd plugin'>The device is not ready. </f:ProviderFault></f:Message></f:WSManFault>
2020-12-04 14:35:51,135 - ERROR - attack_range - vagrant failed to build

I found the windows_client machine cannot join domain because the powershell script is not adapted to NonInteractive mode.

https://github.com/splunk/attack_range_local/blob/master/ansible/roles/windows_domain_client/files/join_domain.ps1

Just need to add "Force" option for Add-Computer command.

Add-Computer -DomainName $domain -Credential $credential -Force

Hi
i installed attack range local on Ubuntu 18.04 and it worked fine, i changed the configuration file to add a windows client and after i destroyed the current range the and try to rebuild the range, but the setup process stops after configuring the spunk VM displaying a vagrant error.

1. I tried to re download the git and configure. -didn't work
2. Uninstalled and reinstall the requirements. -didn't work.
3. Reinstalled the host OS (ubuntu 18) and tried again and the setup process and it only worked once, after destroying the range i got the same error below.

Error:
1: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/provisioners/ansible/provisioner/host.rb:179:in execute_ansible_playbook_from_host' /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/provisioners/ansible/provisioner/host.rb:104:in execute_command_from_host': Ansible failed to complete successfully. Any error output should be (VagrantPlugins::Ansible::Errors::AnsibleCommandFailed)
visible above. Please fix these errors and try again.
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.

howdy,

trying to build the environment locally from my MacOS and am getting the following error:

fatal: [attack-range-splunk-server]: FAILED! => {"changed": false, "msg": "Could not find the requested service splunk: host"}

• I have restarted the virtualbox service
• installed/reinstalled virtualbox

still haven't came across a solution. do you know the way forward?

Thanks!

Looks like we got rid of the dsp flag and since this now does not evaluate the sysmon inputs is never dropped into the machine

https://github.com/splunk/attack_range_local/blob/master/ansible/roles/windows_universal_forwarder/tasks/main.yml#L8-L12

When running the following command the following error is produced.

Command: "python attack_range_local.py" -a build

Error: "The VirtualBox VM was created with a user that doesn't match the current user running Vagrant. VirtualBox requires that the same user be used to manage the VM that was created. Please re-run Vagrant with that user. This is not a Vagrant issue."

The default tasks set dns ip address on the NAT adapter of windows_client machine, "ansible_interfaces.0.connection_name".
https://github.com/splunk/attack_range_local/blob/master/ansible/roles/windows_domain_client/tasks/create.yml

I think the dns ip should be applied for the host-only adapter, because "windows_domain_controller_private_ip" is local network ip address.
(The host-only adapter name is "ansible_interfaces.1.connection_name".)

Caldera - Dependencies check failing during the build.
It tries for 3 times and fail causing caldera down after resume from failed step.

Please can you check on this @P4T12ICK

LOG:
TASK [caldera : Ensure caldera dependencies are present] ***********************
FAILED - RETRYING: Ensure caldera dependencies are present (3 retries left).
FAILED - RETRYING: Ensure caldera dependencies are present (2 retries left).
FAILED - RETRYING: Ensure caldera dependencies are present (1 retries left).
failed: [attack-range-splunk-server] (item=['python3', 'python3-dev', 'python3-pip', 'python3-virtualenv', 'python-virtualenv', 'git-core', 'libffi-dev', 'libssl-dev', 'acl', 'haproxy']) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": ["python3", "python3-dev", "python3-pip", "python3-virtualenv", "python-virtualenv", "git-core", "libffi-dev", "libssl-dev", "acl", "haproxy"], "msg": "Failed to update apt cache: E:Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/main/binary-amd64/by-hash/SHA256/ed0089acce716a99d0e2f5b24cf07869cc32ce14d41bda4d139e5ff36ee3e454 Hash Sum mismatch\nHashes of expected file:\n - Filesize:1425484 [weak]\n - SHA256:ed0089acce716a99d0e2f5b24cf07869cc32ce14d41bda4d139e5ff36ee3e454\n - SHA1:e8db2c3c49181550151126dd45be0082fddffe9d [weak]\n - MD5Sum:e1d5bbd2218b0b842ceb3ea5008841f9 [weak]\nHashes of received file:\n - SHA256:76c4ef3050dacb352cad896bbf84109d1537886075fe5a756899524cadb214ed\n - SHA1:6306912bd0c4764bc38d5be993c9b67d29f06a3d [weak]\n - MD5Sum:f9fd8435c1a57240f6548e99de102b81 [weak]\n - Filesize:1425484 [weak]\nLast modification reported: Thu, 26 Nov 2020 18:15:01 +0000\nRelease file created at: Sun, 29 Nov 2020 19:00:40 +0000\n, E:Some index files failed to download. They have been ignored, or old ones used instead."}

The default timeout may not work for all URLs retrieved. Adding a default "url_timeout" would allow setting a default in one location, rather than finding all locations where a get_url may timeout.

The Splunk and ESCU downloads have both taken longer than the default timeout (10s), causing build failures.

- name: download splunk
  tags: install
  get_url:
    url: '{{ splunk_url }}'
    dest: /opt/
    timeout:  30
  when: splunk_path.stat.exists == false

or to scale based on the size of the download or hosting provider:

- name: download splunk
  tags: install
  get_url:
    url: '{{ splunk_url }}'
    dest: /opt/
    timeout:  '{{  url_timeout * 4 }}'
  when: splunk_path.stat.exists == false

Error Message:

2022-12-27 12:02:44,636 - INFO - attack_range - INIT - attack_range v1
2022-12-27 12:02:44,653 - INFO - attack_range - [action] > build

Vagrant failed to initialize at a very early stage:

The plugins failed to initialize correctly. This may be due to manual
modifications made within the Vagrant home directory. Vagrant can
attempt to automatically correct this issue by running:

  vagrant plugin repair

If Vagrant was recently updated, this error may be due to incompatible
versions of dependencies. To fix this problem please remove and re-install
all plugins. Vagrant can attempt to do this automatically by running:

  vagrant plugin expunge --reinstall

Or you may want to try updating the installed plugins to their latest
versions:

  vagrant plugin update

Error message given during initialization: Unable to resolve dependency: user requested 'vagrant-vsphere (= 1.13.5)'
2022-12-27 12:02:45,526 - ERROR - attack_range - vagrant failed to build

After trying to build the range I am given this error message.
I tried to follow the suggestions made by vagrant, this did not fix the problem.
I manually installed the vagrant-vsphere-1.13.5.gem file through vagrant with: vagrant plugin install /path/to/vagrant-vsphere-1.13.5.gem this did not fix the issue.
Running vagrant plugin update updated the 1.13.5 version to 1.14.0
It seems that vagrant is looking for the 1.13.5 version, but cannot find it even when I manually install the plugin.

Any suggestions! Thanks!

After following the installation instructions here, trying to build an AR on a Ubuntu 18.04 machine fails with the following error:

Host: MacOS Big Sur - Version 11.1 (i9, 32GB Memory)
Virtual Environment: Vmware Fusion Pro 12
Guest: Ubuntu 18.04 LTS (8 cores, 16GB Memory)
Error below:

PLAY RECAP *********************************************************************
attack-range-splunk-server : ok=62 changed=8 unreachable=0 failed=0 skipped=77 rescued=0 ignored=0

==> attack-range-windows-domain-controller: Checking if box 'd1vious/windows2016' version '1.0' is up to date...
==> attack-range-windows-domain-controller: Clearing any previously set forwarded ports...
==> attack-range-windows-domain-controller: Fixed port collision for 22 => 2222. Now on port 2200.
==> attack-range-windows-domain-controller: Clearing any previously set network interfaces...
==> attack-range-windows-domain-controller: Preparing network interfaces based on configuration...
attack-range-windows-domain-controller: Adapter 1: nat
attack-range-windows-domain-controller: Adapter 2: hostonly
==> attack-range-windows-domain-controller: Forwarding ports...
attack-range-windows-domain-controller: 3389 (guest) => 3389 (host) (adapter 1)
attack-range-windows-domain-controller: 22 (guest) => 2200 (host) (adapter 1)
attack-range-windows-domain-controller: 5985 (guest) => 6000 (host) (adapter 1)
attack-range-windows-domain-controller: 5985 (guest) => 55985 (host) (adapter 1)
attack-range-windows-domain-controller: 5986 (guest) => 55986 (host) (adapter 1)
==> attack-range-windows-domain-controller: Running 'pre-boot' VM customizations...
==> attack-range-windows-domain-controller: Booting VM...
==> attack-range-windows-domain-controller: Waiting for machine to boot. This may take a few minutes...
attack-range-windows-domain-controller: WinRM address: 127.0.0.1:6000
attack-range-windows-domain-controller: WinRM username: vagrant
attack-range-windows-domain-controller: WinRM execution_time_limit: PT2H
attack-range-windows-domain-controller: WinRM transport: plaintext
The guest machine entered an invalid state while waiting for it
to boot. Valid states are 'starting, running'. The machine is in the
'gurumeditation' state. Please verify everything is configured
properly and try again.

If the provider you're using has a GUI that comes with it,
it is often helpful to open that and watch the machine, since the
GUI often has more helpful error messages than Vagrant can retrieve.
For example, if you're using VirtualBox, run vagrant up while the
VirtualBox GUI is open.

The primary issue for this error is that the provider you're using
is not properly configured. This is very rarely a Vagrant issue.
2020-12-30 14:39:53,246 - ERROR - attack_range - vagrant failed to build

I have other VMs that only work with vmware (and not virtualbox) that I would like to interact with Attack Range.

On line 3, the stat value is incorrect, it should be the same as the other lines in this file.
Splunk_SA_CIM

My installation is breaking down as its failing at the one of the ansible task. Please find the error message i am getting.

==> attack-range-windows-domain-controller: Checking if box 'd1vious/windows2016' version '1.0' is up to date...
==> attack-range-windows-domain-controller: Running provisioner: ansible...
attack-range-windows-domain-controller: Running ansible-playbook...
ERROR! couldn't resolve module/action 'community.windows.win_timezone'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '/Users/charlesbinny/attack_range_local/ansible/roles/windows_common/tasks/set-timezone.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

• name: Set timezone
  ^ here

Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
2021-04-12 23:12:12,256 - ERROR - attack_range - vagrant failed to build

hey, as per title, i run the script in an ubunut 18.04 VM in VMWare (host is windows). i have deleted, re-installed numerous of times, and nothing appears in Virtuabox.

any ideas as to how i should work around this will be greatly appreciated!!!!!
Thank you all! :)

Looks like we got rid of the dsp flag and since this now does not evaluate the sysmon inputs is never dropped into the machine

https://github.com/splunk/attack_range_local/blob/master/ansible/roles/windows_universal_forwarder/tasks/main.yml#L8-L12

I am trying to run Splunk attack range locally on VirtualBox and as soon as the attack-range-splunk-server starts up my host VirtualBox environment locks up and becomes unresponsive. If it’s a resource issue what system requirements are recommended (hard drive space, memory size, number of CPU’s).

Small copy paste error I assume as I think the AWS install script was copy pasted by accident?
On the install page the initial script has a few error and I think entries that are not needed.
So on page https://github.com/splunk/attack_range_local/wiki/Ubuntu-18.04-Installation

git clone https://github.com/splunk/attack_range && cd attack_range
attack_range**_local** is correct

terraform commands are not needed/does not exist in _local (vagrant does but vagrant does not require initialization it seems)

FYI on 18.04 Desktop git is not included so you could add it to the apt-get install packages as a dependency.

But this is much easier then the article I have written in Q1 this year 👍

Hello team,

PFA

Even before this error, splunk package was unable to download automatically so, I manually downloaded and extracted the tar file and then it doesnt get past this step.

Phantom box has some issue

I have enabled the boxes in attack_range_local.conf. I am currently on macOS Big Sur 11.6. The only boxes that will build are the Splunk server and the domain controller. I am on an Intel chip and have plenty of RAM.

ERROR! couldn't resolve module/action 'community.windows.win_timezone'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '/opt/attack_range_local/ansible/roles/windows_common/tasks/set-timezone.yml': line 1, column 3, but may be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

• name: Set timezone to 'GMT Standard Time' (GMT)
  ^ here

Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again._

Any ideas how to fix? I already tried to change the config file from this:

• name: Set timezone
  community.windows.win_timezone:
  timezone: "{{ win_timezone }}"

..to this:

• name: Set timezone to 'GMT Standard Time' (GMT)
  community.windows.win_timezone:
  timezone: "GMT Standard Time"

..but still same issue.

Thank you for your help.

I am getting this error would appreciate a guide
"ansible failed to complete successfully. any error output should be visible above. Please fix these errors and try again"
for phantom and windows domain controller machines.
my ansible version is 2.9.2
vagrant 2.2.14
virtualbox = 5.2.42

The complete error is :

==> attack-range-windows-domain-controller: Checking if box 'd1vious/windows2016' version '1.0' is up to date...
==> attack-range-windows-domain-controller: Running provisioner: ansible...
  attack-range-windows-domain-controller: Running ansible-playbook...
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
fatal: [attack-range-windows-domain-controller]: UNREACHABLE! => {"changed": false, "msg": "plaintext: the specified credentials were rejected by the server", "unreachable": true}
PLAY RECAP *********************************************************************
attack-range-windows-domain-controller : ok=0  changed=0  unreachable=1  failed=0  skipped=0  rescued=0  ignored=0  
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
2021-02-03 15:37:01,191 - ERROR - attack_range - vagrant failed to build

The Windows DC cannot resolve DNS.

TASK [windows_universal_forwarder : Download Splunk UF from Splunk website] ****
fatal: [attack-range-windows-domain-controller]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"\n(New-Object System.Net.WebClient).DownloadFile("https://download.splunk.com/products/universalforwarder/releases/8.0.2/windows/splunkforwarder-8.0.2-a7f645ddaf91-x64-release.msi\", "C:\splunkuf.msi")", "delta": "0:00:06.203879", "end": "2020-09-28 05:42:52.751918", "msg": "non-zero return code", "rc": 1, "start": "2020-09-28 05:42:46.548039", "stderr": "Exception calling "DownloadFile" with "2" argument(s): "The remote name could not be resolved: 'download.splunk.com'"\r\nAt line:2 char:1\r\n+ (New-Object System.Net.WebClient).DownloadFile("https://download.splu ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : WebException", "stderr_lines": ["Exception calling "DownloadFile" with "2" argument(s): "The remote name could not be resolved: 'download.splunk.com'"", "At line:2 char:1", "+ (New-Object System.Net.WebClient).DownloadFile("https://download.splu ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : WebException"], "stdout": "", "stdout_lines": []}

So executing the following, as per Splunk’s instructions:

Chmod +x deploy_attack_range.sh
./deploy_attack_range.sh
[This script is successful, no errors found so dependencies are happy]

Then trying to build it:
Python attack_range_local.py –a build
[This errors out with the below]
Traceback (most recent call last):
File “attack_range_local.py”, line 4, in
From modules import logger
ImportError: No module named modules

So I tried Python3 and this time stops on an import in line 7:
Python3 attack_range_local.py –a build
[Error below]
Traceback (Most recent call last):
File “attack_range_local.py”, line 7, in
From modules.VagrantController import VagrantController
File “/home/DEVICE/attackrange/attack_range_local/modules/VagrantController.py”, Line 2, in
From jinja2 import Environment, FileSystemLoader
ModuleNotFoundError: No Module named ‘jinja2’

So no matter using Python 2 or 3, it’s not happy with the Py scripts provided by Splunk. We can’t remove the offending module imports because this would have a knock on effect on the code in the body of the script, as it’s written using those modules.

All support welcome.

Issue: AttributeError: module 'vagrant' has no attribute 'Vagrant'
I have faced this issue multiple times if I leave the created virtual machine running and it terminates or the system turns off.
After this whichever command you try you would face the issue. Tried debugging it but it doesn't solve in any way.

Please help out on this:

First of all, thank you for developing this project. I am eager to set up this range and start learning more about splunk.

My concern is that as a "noob", I am finding it difficult to know where to start from the documentation. For instance, what are the pre-requisites for setting up this range? I see Ubuntu mentioned and virtual box in the readme, but what does that mean exactly? For instance, do I run all of this from a Ubuntu VM that is running virtual box and have a nested setup, or does this need to be a bare metal Ubuntu install with virtual box installed? I am currently a windows user with VMware installed, so I am trying to figure out what I need to do to get this range up and going on a local server that is running the same.

Any clarification would be greatly appreciated. Thank you!

References 'attack_range', rather than 'attack_range_local'

Also refers to the use of terraform, which is not used in this project. Please remove.

Trying to build attack range locally getting following error even though i have the module in the path site-package

(venv) ron@ron-VirtualBox:/Desktop/attack_range_local$ which python
/home/ron/Desktop/attack_range_local/venv/bin/python
(venv) ron@ron-VirtualBox:/Desktop/attack_range_local$ export PATH=$PATH:^C
(venv) ron@ron-VirtualBox:/Desktop/attack_range_local$ export PATH=$PATH:/home/ron/Desktop/attack_range_local/venv/bin/python
(venv) ron@ron-VirtualBox:/Desktop/attack_range_local$ export PYTHONPATH=$PYTHONPATH:/home/ron/Desktop/attack_range_local/venv/lib/python2.7/site-packages/

(venv) ron@ron-VirtualBox:~/Desktop/attack_range_local$ python attack_range_local.py -a build
Traceback (most recent call last):
File "attack_range_local.py", line 10, in
from modules.CustomConfigParser import CustomConfigParser

please help how to get pass this module?

"Linux endpoint" referred to in image in Readme doesnt exist in project files. Instead there is a windows10 workstation.