# Lab 11: MiniCCC MiniCCC is a command and control binary you can run on your VMs. Various builds are in the `bin/` folder By default Minimega VMs launch with a serial interface attached. This can be disabled with `vm config backchannel false` This serial interface and MiniCCC can be used to execute commands, copy files, and establish SSH like tunnels over serial. Miniccc can also be run over IP instead of serial by placing a TAP in the experiment. You can read more about it [here](https://minimega.org/articles/tutorials/cc.article) Note: Different releases of Miniccc communicate differently, make sure to use the same version on the node and host or you will run into issues. An auto updater is in the works. https://github.com/sandia-minimega/minimega/issues/1106 ## Windows 7 Miniccc Download a windows 7 x64 iso and put it in /root https://www.microsoft.com/en-us/software-download/windows7 Build a windows 7 vm ```mini disk create qcow2 /root/w7.qcow2 100G clear vm config vm config disk /root/w7.qcow2 vm config snapshot false vm config cdrom /root/x17-59186.iso vm launch kvm w7 vm start w7 ``` Install Windows and shut off the vm Mount the disk ```term mkdir -p temp qemu-nbd -c /dev/nbd0 w7.qcow2 partx -a /dev/nbd0 mount /dev/nbd0p2 temp ``` Copy the miniccc binary over ```term cp /opt/minimega/bin/miniccc.exe temp/ ``` Inject a batch script to launch via serial or ip ```term echo "C:\\miniccc.exe -serial \\\\.\\Global\\cc" > temp/mini.bat ``` ```term echo "C:\\miniccc.exe -parent 10.0.0.1" > temp/mini.bat ``` Unmount the disk ```term umount temp qemu-nbd -d /dev/nbd0 ``` Boot the VM in snapshot false ```mini vm flush vm launch kvm w7 vm start w7 ``` If you want to use miniccc over serial you will need to install virtio drivers ```term cd /root wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso ``` ```mini vm cdrom change w7 /root/virtio-win.iso ``` Open Device Manager - Right click PCI Simple Communications Controller - Update Driver Software - Browse my computer - D:\vioserial\w7\ - Install Create a scheduled task to launch miniccc Open Task Scheduler - Right Click on Local Library - Click 'Create Task' - Name the task miniccc - Select Run whether user is logged on or not - Select Run with highest privileges - Check Hidden - Click on the Triggers Tab - Click New - Select Begin the Task: At startup - Click Ok - Click on the Actions Tab - Click New - Click Browse - Select C:\mini.bat - Click Ok - Click Ok - Click Ok - Type in a username and password for an Administrative User Turn off the vm ## Ubuntu 18.04 Miniccc Use the Ubuntu 18.04 vm from a previous module Mount the disk ```term mkdir -p temp qemu-nbd -c /dev/nbd0 u1804.qcow2 partx -a /dev/nbd0 mount /dev/nbd0p1 temp ``` Copy over the miniccc binary ```term cp /opt/minimega/bin/miniccc temp/ ``` Add a command to launch miniccc as serial or ip ```term cat > temp/etc/rc.local << EOF #!/bin/sh /miniccc -v=false -serial /dev/virtio-ports/cc -logfile /miniccc.log & exit 0 EOF chmod +x temp/etc/rc.local ``` ```term cat > temp/etc/rc.local << EOF #!/bin/sh /miniccc -v=false -parent 10.0.0.1 -logfile /miniccc.log & exit 0 EOF chmod +x temp/etc/rc.local ``` Unmount the disk ```term umount temp qemu-nbd -d /dev/nbd0 ``` ## Building for Windows x86 ```term cat >> /opt/minimega/build.bash << EOF # build x86 packages echo "BUILD PACKAGES (x86)" for i in "protonuke" "miniccc"; do echo \$i "- windows" GOOS=windows GOARCH=386 go build -o \$SCRIPT_DIR/bin/\$i-x86.exe \$i if [[ \$? != 0 ]]; then exit 1 fi echo \$i "- linux" GOOS=linux GOARCH=386 go build -o \$SCRIPT_DIR/bin/\$i-x86 \$i if [[ \$? != 0 ]]; then exit 1 fi done echo unset GOARCH unset GOOS EOF ``` And run ```term /opt/minimega/build.bash ``` ## Launching VMs ```mini vm flush clear vm config vm config disk /root/w7.qcow2 vm launch kvm w7 vm start w7 vm config disk /root/u1804.qcow2 vm launch kvm ubuntu vm start ubuntu ``` ## MiniCCC Commands ### Command Execution ``` cc # List the number of active clients cc clients # List detailed client information cc filter os=windows # Filter so commands only run on windows cc exec cmd /c 'echo hello' # Execute a command on the windows clients cc commands # Print the commands cc responses all # Print the responses clear cc responses # Delete the responses clear cc commands # Delete commands cc filter os=linux # Filter so commands only run on linux cc exec sh -c 'echo hello' # Execute a command on the linux clients cc commands # Print the commands cc responses all # Print the responses clear cc responses # Delete the responses clear cc commands # Delete commands clear cc filter # clear the filter ``` You can stack filters on multiple fields in ```cc clients``` such as uuid, hostname, architecture, os, ip, and mac. For example: ```mini cc filter os=windows ip=1.0.0.0/24 clear cc filter ``` ### Background Command Execution ```mini cc filter os=linux cc background sleep 30 # launch the command sleep in the background cc process list all # list all background processes cc process killall sleep # kill all processes matching the string sleep ``` You can kill by pid value, but be careful on your filter. ### File Transfer Don't send or receive files > 512kB [issue 1262](https://github.com/sandia-minimega/minimega/issues/1262) Create some files ```term echo a > /data/mmfiles/test.txt mkdir /data/mmfiles/new echo a > /data/mmfiles/new/1 echo a > /data/mmfiles/new/2 echo a > /data/mmfiles/new/3 echo '#!/bin/sh' > /data/mmfiles/test.bash echo 'mkdir /foo' >> /data/mmfiles/test.bash echo 'echo a > /foo/bar.txt' >> /data/mmfiles/test.bash chmod +x /data/mmfiles/test.bash echo 'whoami > C:\\output.txt' > /data/mmfiles/test.bat ``` File transfer and execute on windows ```mini cc filter os=windows cc send test.bat # upload a file cc send new/* # upload a folder */ cc exec cmd /c 'C:\\tmp\\miniccc\\files\\test.bat' # execute a batch file cc recv C:\\output.txt # download C:\output.txt cc commands cc responses all clear cc filter clear cc commands clear cc responses ``` File transfer and execute on linux ```mini cc filter os=linux cc send test.bash # upload a file cc send new/* # upload a folder */ cc exec bash /tmp/miniccc/files/test.bash # execute a bash script cc recv /foo/bar.txt # download /foo/bar.txt cc commands cc responses all clear cc filter clear cc commands clear cc responses ``` ### Mounts As a workaround, mounts are able to send and receive larger files >512kB at ~10mB/s over serial ```mini cc mount ubuntu /root/temp # creates a mount on the ubuntu vm cc mount # lists mounts ``` ```term md5sum /opt/minimega/bin/miniccc md5sum /root/temp/miniccc ``` you can remove mounts with clear ```mini clear cc mount ``` if unmounting doesn't work kill any processes using the mount and try again ```term lsof | grep '/root/temp' kill <process number> ``` Make sure to clear mounts before killing or stopping vms. This is very useful in copying files on and off a VM without networking. ### Tunnels MiniCCC tunnels work similar to ssh tunnels. There is no way to delete a cc tunnel once created. #### Normal ```mini cc tunnel ubuntu 4444 127.0.0.1 8000 ``` Open the ubuntu vm ```vm python3 -m http.server ``` Open firefox on the server and browse to 127.0.0.1:4444 #### Reverse Note: This is broken in 2.6, has been fixed in latest source, and will be released in 2.7 [issue 1384](https://github.com/sandia-minimega/minimega/issues/1384) Open a new terminal tab and start a python web server on port 9999 ```term python3 -m http.server 9999 ``` ```mini cc rtunnel 5555 127.0.0.1 9999 ``` Open firefox in the ubuntu vm and browse to 127.0.0.1:5555 Tunneling to SSH and Proxy servers works well too. ### Prefixes You can group commands and responses into prefixes ```mini cc prefix watchthis cc filter os=linux cc exec echo 'this' cc exec echo 'is' cc exec echo 'a' cc exec echo 'test' clear cc prefix ``` ```mini cc responses watchthis raw ``` ```mini cc delete response watchthis cc responses all cc commands cc delete command watchthis cc commands ``` When finished ```mini vm kill all vm flush ``` ### Miscellaneous There are a few things to keep in mind. - CC commands work across multiple servers in a cluster. - If new hosts connect and commands are active, they will be executed. - If the vm reboots after connecting to cc, miniccc will prevent a reconnection from the same uuid. There is no way to currently reconnect. - If you want to interact with the desktop session. Say opening a window you can see when logged in. Change how you start MiniCCC, on windows you can place mini.bat in the startup folder and enable automatic login. On Ubuntu you can add a script to Startup Applications and enable automatic login. # Video