--- - hosts: localhost become: yes vars: docker_repo_key: "https://download.docker.com/linux/debian/gpg" docker_repo: "deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable" sublime_repo_key: "https://download.sublimetext.com/sublimehq-pub.gpg" sublime_repo: "deb https://download.sublimetext.com/ apt/stable/" ysoserial_jar: "https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar" kitty_installer: "https://sw.kovidgoyal.net/kitty/installer.sh" tasks: - name: Confirming playbook was run properly ansible.builtin.fail: msg: "Do not call this playbook directly! Execute sudo bash setup.sh" when: tmux is not defined or zsh_func is not defined - name: Add Docker repo key ansible.builtin.shell: curl -fsSL {{ docker_repo_key }} | gpg --dearmor --batch --yes -o /etc/apt/trusted.gpg.d/docker-ce-keyring.gpg - name: Add Docker repo ansible.builtin.apt_repository: repo: "{{ docker_repo }}" state: present - name: Add Sublime Text repo key ansible.builtin.shell: curl -fsSL {{ sublime_repo_key }} | gpg --dearmor --batch --yes -o /etc/apt/trusted.gpg.d/sublime-text-keyring.gpg - name: Add Sublime Text repo ansible.builtin.apt_repository: repo: "{{ sublime_repo }}" state: present - name: Ensuring all packages are up to date ansible.builtin.apt: update_cache: yes upgrade: dist - name: Installing one-off packages from package manager ansible.builtin.package: name: - bloodhound - build-essential - bytecode-viewer - clang - cmake - crackmapexec - curl - default-jdk - default-jre - docker - docker-compose - eog - feroxbuster - flex - forensics-extra - gawk - gdb - gdbserver - ghidra - git - gobuster - golang-go - jq - jxplorer - libffi-dev - liblzma-dev - libssl-dev - libxml2-dev - ltrace - ncat - neo4j - ntpdate - mingw-w64 - patch - powershell - python3 - python3-dev - python3-pip - p7zip-full - remmina - rlwrap - samba - seclists - steghide - strace - sublime-text - terminator - tmux - xclip - xfce4-terminal - zaproxy - zlib1g-dev state: latest - name: Install pwntools ansible.builtin.pip: name: git+https://github.com/Gallopsled/pwntools.git@dev - name: Clone Invoke-Obfuscation (•_•) ( •_•)>⌐■-■ (⌐■_■) ansible.builtin.git: repo: 'https://github.com/danielbohannon/Invoke-Obfuscation' dest: /opt/Invoke-Obfuscation - name: Clone JumboJohn ansible.builtin.git: repo: 'https://github.com/magnumripper/JohnTheRipper' dest: /opt/JohnTheRipper - name: Compiling JumboJohn, hold onto yer butts... ansible.builtin.command: chdir=/opt/JohnTheRipper/src {{ item }} with_items: - ./configure - make - make install - name: Clone Nishang ansible.builtin.git: repo: 'https://github.com/samratashok/nishang' dest: /opt/nishang - name: Clone Chisel ansible.builtin.git: repo: 'https://github.com/jpillora/chisel' dest: /opt/chisel - name: Clone LinEnum ansible.builtin.git: repo: 'https://github.com/rebootuser/LinEnum' dest: /opt/LinEnum - name: Clone PEASS ansible.builtin.git: repo: 'https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite' dest: /opt/privilege-escalation-awesome-scripts-suite - name: Clone PowerSploit ansible.builtin.git: repo: 'https://github.com/PowerShellMafia/PowerSploit' dest: /opt/PowerSploit - name: Clone Impacket ansible.builtin.git: repo: 'https://github.com/SecureAuthCorp/impacket' dest: /opt/impacket - name: Installing Impacket ansible.builtin.shell: "python3 /opt/impacket/setup.py build && python3 /opt/impacket/setup.py install" args: chdir: /opt/impacket - name: Clone Bloodhound.py ansible.builtin.git: repo: 'https://github.com/fox-it/BloodHound.py.git' dest: /opt/BloodHound.py - name: Clone PyFuscation ansible.builtin.git: repo: 'https://github.com/CBHue/PyFuscation.git' dest: /opt/PyFuscation - name: Clone Gef ansible.builtin.git: repo: 'https://github.com/hugsy/gef.git' dest: /opt/gef - name: Clone Static Binaries ansible.builtin.git: repo: 'https://github.com/andrew-d/static-binaries' dest: /opt/static-binaries - name: Clone Ysoserial ansible.builtin.git: repo: 'https://github.com/frohoff/ysoserial' dest: /opt/ysoserial - name: Clone Kerbrute ansible.builtin.git: repo: 'https://github.com/ropnop/kerbrute.git' dest: /opt/kerbrute - name: Building Kerbrute... ansible.builtin.command: chdir=/opt/kerbrute make linux - name: Downloading Ysoserial JAR file ansible.builtin.get_url: url: "{{ ysoserial_jar }}" dest: /opt/ysoserial/ysoserial-all.jar mode: '0644' - name: Get Evil-WinRM via gem installer community.general.gem: name: evil-winrm norc: yes state: latest user_install: no - name: Install Kitty Terminal Emulator 🐱 ansible.builtin.shell: cmd: "/usr/bin/curl -sL {{ kitty_installer }} | sh /dev/stdin dest=/opt launch=n" - name: Create Desktop Icon for Kitty 🐱 ansible.builtin.copy: dest: "/usr/share/applications" content: | [Desktop Entry] Version=0.26.2 Type=Application Name=Kitty Terminal Emulator Exec=/opt/kitty.app/bin/kitty Icon=/opt/kitty.app/share/icons/hicolor/256x256/apps/kitty.png Categories=Utility - name: Disable mouse interactivity in vim (╯°□°)╯︵ ┻━┻ ansible.builtin.blockinfile: path: /etc/vim/vimrc marker: "\" {mark} ANSIBLE MANAGED BLOCK" insertafter: EOF state: present block: | set mouse= set ttymouse= - name: Getting all interactive users ansible.builtin.shell: "awk -F: '{ if (($3 >= 1000 && $3 != 65534) || $3 == 0) print $1}' /etc/passwd" register: users - name: Add sudo-NOPASSWD to users loop: "{{ users.stdout_lines }}" ansible.builtin.lineinfile: path: /etc/sudoers state: present insertafter: EOF line: "{{ item }} ALL=(ALL) NOPASSWD: ALL" validate: /usr/sbin/visudo -cf %s - name: Initialize Gef for all users ansible.builtin.script: /opt/gef/scripts/gef.sh become_user: "{{ item }}" loop: "{{ users.stdout_lines }}" - name: Copying over zsh functions file for all users ansible.builtin.copy: src: "{{ zsh_func }}" dest: "~{{ item }}/.zsh_functions" owner: "{{ item }}" group: "{{ item }}" mode: '0640' loop: "{{ users.stdout_lines }}" - name: Enabling zsh functions loop: "{{ users.stdout_lins }}" ansible.builtin.blockinfile: path: "~{{ item }}/.zshrc" state: present insertafter: EOF owner: "{{ item }}" block: | if [ -f ~/.zsh_functions ]; then source ~/.zsh_functions fi - name: Copying over tmux config to all users ansible.builtin.copy: src: "{{ tmux }}" dest: "~{{ item }}/.tmux.conf" owner: "{{ item }}" group: "{{ item }}" mode: '0640' loop: "{{ users.stdout_lines }}" - name: Create /srv/smb/ directory for payload population ansible.builtin.file: path: /srv/smb state: directory mode: '0755' - name: Creating IWR share in samba config ansible.builtin.blockinfile: path: /etc/samba/smb.conf insertafter: EOF state: present block: | [iwr] comment = Invoke-WebReq'd em? Damn near killed em! path = /srv/smb guest ok = yes browseable = yes create mask = 0600 directory mask = 0755 - name: Ensure that samba doesn't start on boot ansible.builtin.systemd: name: smbd enabled: no state: stopped