Detect Windows WSL adapter IP via PowerShell instead of resolv.conf #12
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration Tests | |
| # Runs entirely on a single GitHub-hosted windows-latest runner. | |
| # AdaptixC2 and adaptix-testing run inside WSL2 (Ubuntu). | |
| # The beacon runs on the Windows host. | |
| # SSH delivery goes from WSL → Windows via the Hyper-V bridge IP. | |
| # Beacon callbacks go from Windows → WSL via the WSL veth IP. | |
| # All IPs are detected at runtime — no static config needed. | |
| # | |
| # Hardcoded CI credentials are intentional: these containers are | |
| # ephemeral, hold no real secrets, and only exist for testing. | |
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| ADAPTIXC2_REPO: Adaptix-Framework/AdaptixC2 | |
| ADAPTIXC2_VERSION: v1.2 | |
| CI_USER: ci_runner | |
| CI_PASS: Ci_Test_Pass1! | |
| CI_AGENT_DIR: 'C:\ci' | |
| CI_AGENT_PATH: 'C:\ci\agent.exe' | |
| jobs: | |
| integration-test: | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Pass CI variables into WSL | |
| shell: powershell | |
| run: echo "WSLENV=CI_USER/u:CI_PASS/u:CI_AGENT_PATH/u:ADAPTIXC2_REPO/u:ADAPTIXC2_VERSION/u:WINDOWS_IP/u" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
| - name: Detect Windows IP for WSL | |
| shell: powershell | |
| run: | | |
| $ip = (Get-NetIPAddress -AddressFamily IPv4 | | |
| Where-Object { $_.InterfaceAlias -like "*WSL*" } | | |
| Select-Object -First 1).IPAddress | |
| echo "WINDOWS_IP=$ip" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
| # ── Windows: CI user, OpenSSH, agent directory ────────────────────────── | |
| - name: Create CI user | |
| shell: powershell | |
| run: | | |
| $pass = ConvertTo-SecureString $env:CI_PASS -AsPlainText -Force | |
| if (-not (Get-LocalUser $env:CI_USER -ErrorAction SilentlyContinue)) { | |
| New-LocalUser $env:CI_USER -Password $pass -PasswordNeverExpires | |
| Add-LocalGroupMember -Group Administrators -Member $env:CI_USER | |
| } else { | |
| Set-LocalUser $env:CI_USER -Password $pass | |
| } | |
| - name: Start OpenSSH Server with password auth | |
| shell: powershell | |
| run: | | |
| $cap = Get-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
| if ($cap.State -ne 'Installed') { | |
| Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
| } | |
| Set-Service sshd -StartupType Automatic | |
| Start-Service sshd | |
| $cfg = "$env:ProgramData\ssh\sshd_config" | |
| (Get-Content $cfg) ` | |
| -replace '^#?PasswordAuthentication\s+\w+', 'PasswordAuthentication yes' | | |
| Set-Content $cfg | |
| Restart-Service sshd | |
| - name: Create agent drop directory | |
| shell: powershell | |
| run: New-Item -ItemType Directory -Force -Path $env:CI_AGENT_DIR | Out-Null | |
| # ── WSL: Ubuntu with required packages ────────────────────────────────── | |
| - uses: Vampire/setup-wsl@v3 | |
| with: | |
| distribution: Ubuntu-22.04 | |
| additional-packages: sshpass python3-pip openssl | |
| - name: Install uv | |
| shell: wsl-bash {0} | |
| run: pip3 install -q uv | |
| # ── WSL: clone release, generate cert, write profile, start server ─────── | |
| - name: Clone AdaptixC2 | |
| shell: wsl-bash {0} | |
| run: git clone --depth 1 --branch "$ADAPTIXC2_VERSION" "https://github.com/$ADAPTIXC2_REPO" /tmp/adaptixc2 | |
| - name: Generate TLS certificate | |
| shell: wsl-bash {0} | |
| run: | | |
| openssl req -x509 -nodes -newkey rsa:2048 \ | |
| -keyout /tmp/adaptixc2/server.rsa.key \ | |
| -out /tmp/adaptixc2/server.rsa.crt \ | |
| -days 1 -subj "/CN=ci" | |
| - name: Write server profile | |
| shell: wsl-bash {0} | |
| run: | | |
| cat > /tmp/adaptixc2/profile.yaml << 'EOF' | |
| Teamserver: | |
| interface: "0.0.0.0" | |
| port: 4321 | |
| endpoint: "/endpoint" | |
| password: "cipass" | |
| only_password: true | |
| operators: | |
| ci: "cipass" | |
| cert: "server.rsa.crt" | |
| key: "server.rsa.key" | |
| extenders: | |
| - extenders/listener_http/config.yaml | |
| - extenders/beacon/config.yaml | |
| access_token_live_hours: 1 | |
| refresh_token_live_hours: 2 | |
| httpserver: | |
| error: | |
| status: 404 | |
| headers: | |
| content-type: "text/html; charset=utf-8" | |
| server: "adaptixc2" | |
| page: "" | |
| http: | |
| max_header_bytes: 8192 | |
| read_header_timeout_sec: 0 | |
| read_timeout_sec: 0 | |
| write_timeout_sec: 0 | |
| idle_timeout_sec: 0 | |
| request_timeout_sec: 300 | |
| request_timeout_message: "504 gateway timeout" | |
| disable_keep_alives: false | |
| enable_http2: true | |
| tls: | |
| min_version: "tls1.2" | |
| max_version: "tls1.3" | |
| prefer_server_cipher_suites: false | |
| cipher_suites: | |
| - "tls_ecdhe_rsa_with_aes_128_gcm_sha256" | |
| - "tls_ecdhe_rsa_with_aes_256_gcm_sha384" | |
| - "tls_ecdhe_ecdsa_with_aes_128_gcm_sha256" | |
| - "tls_ecdhe_ecdsa_with_aes_256_gcm_sha384" | |
| - "tls_rsa_with_aes_128_gcm_sha256" | |
| - "tls_rsa_with_aes_256_gcm_sha384" | |
| EOF | |
| - name: Start AdaptixC2 server | |
| shell: wsl-bash {0} | |
| run: | | |
| cd /tmp/adaptixc2 | |
| ./adaptixserver -profile profile.yaml & | |
| echo $! > /tmp/adaptixc2.pid | |
| sleep 2 | |
| # ── WSL: install testing kit ───────────────────────────────────────────── | |
| - name: Install adaptix-testing | |
| shell: wsl-bash {0} | |
| run: | | |
| WIN_WS=$(cmd.exe /c "echo %GITHUB_WORKSPACE%" 2>/dev/null | tr -d '\r') | |
| cp -r "$(wslpath "$WIN_WS")" /tmp/testing-kit | |
| cd /tmp/testing-kit | |
| uv sync | |
| # ── WSL: SSH setup + config + run ──────────────────────────────────────── | |
| - name: Generate SSH keypair and install on Windows | |
| shell: wsl-bash {0} | |
| run: | | |
| ssh-keygen -t ed25519 -N "" -f ~/.ssh/ci_key | |
| sshpass -p "$CI_PASS" ssh-copy-id \ | |
| -i ~/.ssh/ci_key.pub \ | |
| -o StrictHostKeyChecking=no \ | |
| "$CI_USER@$WINDOWS_IP" | |
| - name: Write CI config | |
| shell: wsl-bash {0} | |
| run: | | |
| # Windows → WSL: use the WSL veth IP so the beacon can call home | |
| WSL_IP=$(hostname -I | awk '{print $1}') | |
| cat > /tmp/ci_config.yaml << EOF | |
| server: | |
| url: https://127.0.0.1:4321 | |
| endpoint: /endpoint | |
| operator: | |
| name: ci | |
| password: cipass | |
| setup: | |
| project: ci | |
| agent_output: /tmp/ci_agent.exe | |
| listener: | |
| name: ci_http | |
| type: HTTP | |
| config: | |
| host: "$WSL_IP" | |
| path: /beacon | |
| port: 8080 | |
| use_tls: false | |
| agent: | |
| agent: beacon | |
| listener: ci_http | |
| listener_type: HTTP | |
| config: | |
| debug: false | |
| format: EXE | |
| jitter: 5 | |
| sleep: 5 | |
| ssh: | |
| host: "$WINDOWS_IP" | |
| username: "$CI_USER" | |
| key_path: ~/.ssh/ci_key | |
| source_path: /tmp/ci_agent.exe | |
| agent_path: '$CI_AGENT_PATH' | |
| terminate: true | |
| EOF | |
| - name: Run integration tests | |
| shell: wsl-bash {0} | |
| run: | | |
| cd /tmp/testing-kit | |
| uv run adaptix-testing -c /tmp/ci_config.yaml -t tasks.yaml | |
| # ── Cleanup ────────────────────────────────────────────────────────────── | |
| - name: Stop AdaptixC2 server | |
| if: always() | |
| shell: wsl-bash {0} | |
| run: | | |
| [ -f /tmp/adaptixc2.pid ] && kill "$(cat /tmp/adaptixc2.pid)" 2>/dev/null || true | |
| - name: Remove SSH key | |
| if: always() | |
| shell: wsl-bash {0} | |
| run: rm -f ~/.ssh/ci_key ~/.ssh/ci_key.pub |