# Sandworm Range Setup Instructions

# Configure dungeon - 192.168.0.4

  1. Clone sandworm repo to home directory
cd ~/
git clone git@github.com:attackevals/sandworm.git
git clone git@github.com:attackevals/wizard_spider.git

Enter your credentials when prompted.

Stage the file generator for later user:

cp ~/wizard_spider/Resources/setup/file_generator/generate-files.exe ~/sandworm/Resources/setup/
cp -R ~/wizard_spider/Resources/setup/file_generator/templates/ ~/sandworm/Resources/setup/

Install terminator:

sudo chmod 755 ./sandworm/Resources/setup/setup_attack_platform.sh
sudo ./sandworm/Resources/setup/setup_attack_platform.sh

If you are prompted to automatically restart services, select yes.

# Configure Caladan - 10.0.1.5

  1. Upload caladan.sh to 10.0.1.5 via SCP
scp sandworm/Resources/setup/setup_caladan.sh fherbert@10.0.1.5:/tmp/setup_caladan.sh

Password:

Whg42WbhhCE17FEzrqeJ

⚠️ Run this command if you get SSH key errors

rm -rf ~/.ssh/known_hosts
  1. Upload SUID binary to caladan
scp sandworm/Resources/suid-binary/suid-binary fherbert@10.0.1.5:/tmp/suid-binary
  1. Run caladan.sh
ssh fherbert@10.0.1.5 "chmod 755 /tmp/setup_caladan.sh && sudo /tmp/setup_caladan.sh && shred /tmp/setup_caladan.sh"
  1. Reboot caladan
ssh fherbert@10.0.1.5 "sudo reboot"

# Configure Gammu - 10.0.1.7

  1. RDP into Gammu:
xfreerdp +clipboard /u:WORKGROUP\\fherbert /p:"Whg42WbhhCE17FEzrqeJ" /v:10.0.1.7 /drive:X,sandworm/Resources/setup/

  1. Open Windows Defender, toggle all nobs to the off position.

  2. Open PowerShell being sure to select "Run as Administrator":

cd \\TSCLIENT\X
Set-Executionpolicy bypass -force
.\install_software.ps1
.\enable-winrm.ps1
.\disable-defender.ps1
.\generate-files.exe -d "C:\Users\" -c 50 --seed "EVALS" --noprompt
  1. Open Chromium and navigate to:

https://www.stealmylogin.com/demo.html

  1. Enter the following credentails; save / cache the credentials when prompted.
fherbert@mail.com
Passw0rd123!!!

  1. Double check the credentials were cached by going to Chromium settings > passwords. You should have one entry for stealmylogin.com.

  2. Reboot gammu:

Restart-Computer -Force

# Configure arrakis - 10.0.1.4

  1. RDP into arrakis:
xfreerdp +clipboard /u:dune\\patreides /p:"ebqMB7DmM81QVUqpf7XI" /v:10.0.1.4 /drive:X,sandworm/Resources/setup/

  1. Open Windows Defender, toggle all nobs to the off position.

  2. Open PowerShell being sure to select "Run as Administrator":

cd \\TSCLIENT\X
Set-Executionpolicy bypass -force
.\enable-winrm.ps1
.\disable-defender.ps1
  1. Reboot
Restart-Computer -Force

# Configure quadra - 10.0.1.8

  1. RDP into quadra:
xfreerdp +clipboard /u:dune\\patreides /p:"ebqMB7DmM81QVUqpf7XI" /v:10.0.1.8 /drive:X,sandworm/Resources/setup/

  1. Open Windows Defender, toggle all nobs to the off position.

  2. Open PowerShell being sure to select "Run as Administrator":

cd \\TSCLIENT\X
Set-Executionpolicy bypass -force
.\install_software.ps1
.\enable-winrm.ps1
.\disable-defender.ps1
.\generate-files.exe -d "C:\Users\" -c 50 --seed "EVALS" --noprompt
  1. Reboot
Restart-Computer -Force