ATT 101: Caldera Operation (15 pts)

Purpose

In this project, you use Caldera to spy on a Windows system.

What You Need

• A Caldera server, which you prepared in a previous project
• A Windows system with PowerShell, such as Windows 10 or Windows Server 2016

Initial Setup

In the Caldera web console, click Campaigns, Agents.

You should see your Windows machine with a green pid number, as shown below.

Putting Loot on the Target System

Save a bookmark in Google Chrome for samsclass.info as shown below.

On your Windows target system, in Chrome, go to http://www.clamwin.com as shown below.

On the left side, click Download.

Install Clamwin with the default options. It will try to update its virus definitions, as shown below. Click the Stop button. Click the Finish button.

On your Windows target system, open Notepad and type:

TOP SECRET INFORMATION

Leave Notepad open on your desktop, as shown below.

Viewing Adversary Profiles

On the left side, select a profile of "Super Spy" as shown below.

On the right side, you see the many tactics this adversary will perform.

Creating an Operation

On the left side, at the top, click the VIEW slide so it changes to ADD.

Make these entries, as shown below.

• Operation name: SPY1

• BASIC OPTIONS
  • Use all groups
  • Profile: Super Spy
  • Keep open forever
  • Run immediately

Click the green Start button.

The operation runs, as shown below.

Gold stars means information was learned.

Viewing the Screenshot

The details of the attack appear. Notice where it put the screenshot, highlighted in the image below: the user's desktop.

Look on your Windows desktop. The screenshot is there, as shown below.

Flag ATT 101.1: Clipboard (15 pts) In the Caldera web console, in the "Copy Clipboard" line, click the gold star. The details of the attack appear. The flag is covered by a green rectangle in the image below.

References

Posted 5-15-2020 by Sam Bowne