diff --git a/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/stages/stage_7/m03_terminal_dropsite.ink b/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/stages/stage_7/m03_terminal_dropsite.ink index 7f89c8d..fdee3d7 100644 --- a/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/stages/stage_7/m03_terminal_dropsite.ink +++ b/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/stages/stage_7/m03_terminal_dropsite.ink @@ -12,7 +12,7 @@ VAR flag_distcc_exploit_submitted = false VAR flags_submitted_count = 0 // External variables -EXTERNAL player_name +EXTERNAL player_name() // =========================================== // MAIN TERMINAL INTERFACE @@ -27,7 +27,7 @@ EXTERNAL player_name ╚═══════════════════════════════════════════╝ Connection established: SAFETYNET Central -Agent ID: {player_name} +Agent ID: {player_name()} Mission: M03 - Ghost in the Machine Status: ACTIVE @@ -71,7 +71,7 @@ Flags submitted: {flags_submitted_count}/4 Enter intercepted intelligence flag: -> flag{literal}{network_scan_complete} +[> flag\{network_scan_complete\}] Processing... @@ -116,7 +116,7 @@ Unlocked: Banner grabbing and HTTP analysis objectives Enter intercepted intelligence flag: -> flag{literal}{ftp_intel_gathered} +[> flag\{ftp_intel_gathered\}] Processing... @@ -166,7 +166,7 @@ environment for Ransomware Inc hospital attacks. Enter intercepted intelligence flag: -> flag{literal}{pricing_intel_decoded} +[> flag\{pricing_intel_decoded\}] Processing... @@ -226,7 +226,7 @@ exploit sales. Locate transaction records. Enter intercepted intelligence flag: -> flag{literal}{distcc_legacy_compromised} +[> flag\{distcc_legacy_compromised\}] Processing... @@ -319,24 +319,24 @@ The terminal remains active for further submissions. Flags submitted: {flags_submitted_count}/4 {flag_scan_network_submitted: - ✓ FLAG 1: Network Scan (192.168.100.0/24) - Status: Verified | Services enumerated + [✓ FLAG 1: Network Scan (192.168.100.0/24)] + [Status: Verified -Services enumerated] } {flag_ftp_banner_submitted: - ✓ FLAG 2: FTP Banner (GHOST codename) - Status: Verified | M2 connection identified + [✓ FLAG 2: FTP Banner (GHOST codename)] + [Status: Verified -M2 connection identified] } {flag_http_analysis_submitted: - ✓ FLAG 3: HTTP Pricing Data - Status: Verified | Exploit pricing model decoded + [✓ FLAG 3: HTTP Pricing Data] + [Status: Verified -Exploit pricing model decoded] } {flag_distcc_exploit_submitted: - ✓ FLAG 4: distcc Exploitation (CRITICAL) - Status: Verified | Operational logs recovered - ⚠ M2 smoking gun evidence confirmed + [✓ FLAG 4: distcc Exploitation (CRITICAL)] + [Status: Verified -Operational logs recovered] + [⚠ M2 smoking gun evidence confirmed] } {flags_submitted_count == 4: diff --git a/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/stages/stage_7/m03_terminal_dropsite.json b/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/stages/stage_7/m03_terminal_dropsite.json new file mode 100644 index 0000000..2d80fba --- /dev/null +++ b/planning_notes/overall_story_plan/mission_initializations/m03_ghost_in_the_machine/stages/stage_7/m03_terminal_dropsite.json @@ -0,0 +1 @@ +{"inkVersion":21,"root":[[["done",{"#n":"g-0"}],null],"done",{"start":["#","^speaker:computer","/#","^╔═══════════════════════════════════════════╗","\n","^║ SAFETYNET DROP-SITE TERMINAL v2.4.1 ║","\n","^║ Secure Intelligence Submission System ║","\n","^╚═══════════════════════════════════════════╝","\n","^Connection established: SAFETYNET Central","\n","^Agent ID: ","ev",{"x()":"player_name"},"out","/ev","\n","^Mission: M03 - Ghost in the Machine","\n","^Status: ACTIVE","\n","^Submit intercepted ENTROPY intelligence (VM flags) for analysis.","\n","^Flags submitted: ","ev",{"VAR?":"flags_submitted_count"},"out","/ev","^/4","\n",{"->":"hub"},null],"hub":[["ev","str","^Submit Flag: Network Scan","/str",{"VAR?":"flag_scan_network_submitted"},"!","/ev",{"*":".^.c-0","flg":5},"ev","str","^Submit Flag: FTP Banner","/str",{"VAR?":"flag_ftp_banner_submitted"},"!","/ev",{"*":".^.c-1","flg":5},"ev","str","^Submit Flag: HTTP Analysis","/str",{"VAR?":"flag_http_analysis_submitted"},"!","/ev",{"*":".^.c-2","flg":5},"ev","str","^Submit Flag: distcc Exploitation","/str",{"VAR?":"flag_distcc_exploit_submitted"},"!","/ev",{"*":".^.c-3","flg":5},"ev","str","^View submission history","/str","/ev",{"*":".^.c-4","flg":4},"ev","str","^Exit terminal","/str","/ev",{"*":".^.c-5","flg":4},{"c-0":["\n",{"->":"submit_scan_network"},null],"c-1":["\n",{"->":"submit_ftp_banner"},null],"c-2":["\n",{"->":"submit_http_analysis"},null],"c-3":["\n",{"->":"submit_distcc_exploit"},null],"c-4":["\n",{"->":"view_history"},null],"c-5":["\n","#","^exit_conversation","/#","done",null]}],null],"submit_scan_network":[["#","^speaker:computer","/#","^Enter intercepted intelligence flag:","\n","^[> flag{network_scan_complete}]","\n","^Processing...","\n","^✓ FLAG VERIFIED","\n","^✓ Intelligence authenticated","\n","^✓ Network reconnaissance data decoded","\n","^ANALYSIS REPORT:","\n","^━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━","\n","^Target Network: 192.168.100.0/24","\n","^Services Identified:","\n",["^FTP (vsftpd 2.3.4) on port 21","\n",["^HTTP (Apache 2.4.18) on port 80","\n",["^distcc daemon on port 3632","\n",["^SSH on port 22","\n","^Assessment: Zero Day training network confirmed active.","\n","^Multiple vulnerable services detected for client training.","\n","^SAFETYNET Intelligence: This network profile matches","\n","^ENTROPY operational training environments. Proceed with","\n","^service-level enumeration.","\n","^Unlocked: Banner grabbing and HTTP analysis objectives","\n","ev",true,"/ev",{"VAR=":"flag_scan_network_submitted","re":true},"ev",{"VAR?":"flags_submitted_count"},1,"+",{"VAR=":"flags_submitted_count","re":true},"/ev","#","^complete_task:scan_network","/#","#","^unlock_task:ftp_banner","/#","#","^unlock_task:http_analysis","/#","ev","str","^Continue","/str","/ev",{"*":".^.c-0","flg":4},{"c-0":["\n",{"->":"hub"},null],"#n":"g-3"}],{"#n":"g-2"}],{"#n":"g-1"}],{"#n":"g-0"}],null],null],"submit_ftp_banner":[["#","^speaker:computer","/#","^Enter intercepted intelligence flag:","\n","^[> flag{ftp_intel_gathered}]","\n","^Processing...","\n","^✓ FLAG VERIFIED","\n","^✓ FTP service banner decoded","\n","^✓ Client codename extracted","\n","^ANALYSIS REPORT:","\n","^━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━","\n","^Service: vsftpd 2.3.4 (Backdoor variant)","\n","^Banner: \"Welcome to GHOST training server\"","\n","^CRITICAL INTELLIGENCE:","\n","^Codename \"GHOST\" identified in FTP welcome banner.","\n","^Cross-reference: GHOST is known alias for Ransomware Inc","\n","^operations against healthcare infrastructure.","\n","^M2 HOSPITAL ATTACK CONNECTION:","\n","^St. Catherine's Regional Medical Center ransomware","\n","^deployment used \"GHOST\" signature in encrypted notes.","\n","^ASSESSMENT: Confirms Zero Day provided training/testing","\n","^environment for Ransomware Inc hospital attacks.","\n","ev",true,"/ev",{"VAR=":"flag_ftp_banner_submitted","re":true},"ev",{"VAR?":"flags_submitted_count"},1,"+",{"VAR=":"flags_submitted_count","re":true},"/ev","#","^complete_task:ftp_banner","/#","ev","str","^This proves the M2 connection...","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^Continue","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","^You input: This confirms Zero Day trained the M2 attackers.","\n","^System response: Affirmative. Evidence chain strengthening.","\n","^Continue gathering intelligence.","\n",{"->":"hub"},null],"c-1":["\n",{"->":"hub"},null]}],null],"submit_http_analysis":[["#","^speaker:computer","/#","^Enter intercepted intelligence flag:","\n","^[> flag{pricing_intel_decoded}]","\n","^Processing...","\n","^✓ FLAG VERIFIED","\n","^✓ Base64-encoded pricing data decoded","\n","^✓ Commercial intelligence extracted","\n","^ANALYSIS REPORT:","\n","^━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━","\n","^HTTP Service: Apache 2.4.18","\n","^Hidden Data: Base64-encoded comment in HTML","\n","^DECODED PRICING STRUCTURE:","\n",[["^CVSS 9.0-10.0 (CRITICAL): $35,000 base","\n","^CVSS 7.0-8.9 (HIGH): $15,000-$20,000 base","\n","^CVSS 4.0-6.9 (MEDIUM): $6,000-$7,500 base","\n","^SECTOR PREMIUMS:","\n","^Healthcare: +30% (delayed incident response)","\n","^Energy/Infrastructure: +40% (regulatory scrutiny)","\n","^Finance: +25% (insurance budgets)","\n","^Education: +15% (limited resources)","\n",["^ASSESSMENT: Commercial exploit marketplace confirmed.","\n","^Pricing model optimized for targeting vulnerable sectors.","\n","^\"Healthcare premium\" explicitly references victims'","\n","^inability to respond quickly. Calculated exploitation","\n","^of defensive weaknesses.","\n","^RECOMMENDATION: Correlate with physical evidence of","\n","^exploit sales. Locate transaction records.","\n","ev",true,"/ev",{"VAR=":"flag_http_analysis_submitted","re":true},"ev",{"VAR?":"flags_submitted_count"},1,"+",{"VAR=":"flags_submitted_count","re":true},"/ev","#","^complete_task:http_analysis","/#",{"#n":"g-1"}],{"#n":"g-0"}],null],"ev","str","^They charge MORE to attack the vulnerable...","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^Continue","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","^You input: Healthcare premium = profiting from victims' weakness","\n","^System response: Correct assessment. Evidence of calculated harm.","\n","^This strengthens prosecution case significantly.","\n",{"->":"hub"},null],"c-1":["\n",{"->":"hub"},null]}],null],"submit_distcc_exploit":[["#","^speaker:computer","/#","^Enter intercepted intelligence flag:","\n","^[> flag{distcc_legacy_compromised}]","\n","^Processing...","\n","^✓ FLAG VERIFIED","\n","^✓ distcc service exploitation successful","\n","^✓ Operational logs accessed","\n","^⚠ CRITICAL INTELLIGENCE ALERT ⚠","\n","^ANALYSIS REPORT:","\n","^━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━","\n","^Service: distcc daemon (CVE-2004-2687)","\n","^Exploitation: Remote code execution achieved","\n","^Access Level: Full system compromise","\n","^OPERATIONAL LOGS RECOVERED:","\n","^> Exploit deployment log (2024-05-15):","\n","^ProFTPD 1.3.5 backdoor CVE-2010-4652","\n","^CLIENT: GHOST (Ransomware Incorporated)","\n","^TARGET: St. Catherine's Regional Medical Center","\n","^PRICE: $12,500 ($9,615 base + $2,885 healthcare premium)","\n","^STATUS: Delivered","\n","^AUTHORIZATION: Victoria Sterling (Cipher)","\n","^ARCHITECT DIRECTIVE: Priority - Healthcare Phase 1","\n","^⚠ M2 HOSPITAL ATTACK - DIRECT EVIDENCE ⚠","\n","^This is the smoking gun. Zero Day Syndicate sold the","\n","^exact exploit used in the St. Catherine's attack that","\n","^killed 6 people in critical care.","\n","^Payment received. Exploit delivered. Attack executed.","\n","^ADDITIONAL INTELLIGENCE:","\n","^Reference to \"The Architect\" - likely ENTROPY leadership.","\n","^\"Healthcare Phase 1\" suggests coordinated multi-phase","\n","^attack campaign.","\n","^SPAWNING PHYSICAL EVIDENCE:","\n","^Check executive office for operational logs document.","\n","^May contain Phase 2 targeting information.","\n","ev",true,"/ev",{"VAR=":"flag_distcc_exploit_submitted","re":true},"ev",{"VAR?":"flags_submitted_count"},1,"+",{"VAR=":"flags_submitted_count","re":true},"/ev","#","^complete_task:distcc_exploit","/#","#","^unlock_task:find_operational_logs","/#","ev","str","^We have them. We can prove everything.","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^Continue","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","^You input: This proves causation. Zero Day → GHOST → St. Catherine's.","\n","^System response: Affirmative. Evidence chain complete.","\n","^6 fatalities directly attributable to Zero Day sales.","\n","^Federal prosecution viable with this evidence.","\n",{"->":"m2_revelation_event"},null],"c-1":["\n",{"->":"m2_revelation_event"},null]}],null],"m2_revelation_event":["#","^speaker:computer","/#","^TRIGGERING EVENT: M2_REVELATION","\n","^Connecting to Agent 0x99...","\n","^[Terminal displays: INCOMING SECURE CALL]","\n","#","^trigger_event:m2_revelation_call","/#","^The terminal remains active for further submissions.","\n",{"->":"hub"},null],"view_history":[["#","^speaker:computer","/#","^╔══════════════════════════════════════════╗","\n","^║ SUBMISSION HISTORY LOG ║","\n","^╚══════════════════════════════════════════╝","\n","^Flags submitted: ","ev",{"VAR?":"flags_submitted_count"},"out","/ev","^/4","\n","ev",{"VAR?":"flag_scan_network_submitted"},"/ev",[{"->":".^.b","c":true},{"b":["\n","^[✓ FLAG 1: Network Scan (192.168.100.0/24)]","\n","^[Status: Verified -Services enumerated]","\n",{"->":".^.^.^.20"},null]}],"nop","\n","ev",{"VAR?":"flag_ftp_banner_submitted"},"/ev",[{"->":".^.b","c":true},{"b":["\n","^[✓ FLAG 2: FTP Banner (GHOST codename)]","\n","^[Status: Verified -M2 connection identified]","\n",{"->":".^.^.^.26"},null]}],"nop","\n","ev",{"VAR?":"flag_http_analysis_submitted"},"/ev",[{"->":".^.b","c":true},{"b":["\n","^[✓ FLAG 3: HTTP Pricing Data]","\n","^[Status: Verified -Exploit pricing model decoded]","\n",{"->":".^.^.^.32"},null]}],"nop","\n","ev",{"VAR?":"flag_distcc_exploit_submitted"},"/ev",[{"->":".^.b","c":true},{"b":["\n","^[✓ FLAG 4: distcc Exploitation (CRITICAL)]","\n","^[Status: Verified -Operational logs recovered]","\n","^[⚠ M2 smoking gun evidence confirmed]","\n",{"->":".^.^.^.38"},null]}],"nop","\n","ev",{"VAR?":"flags_submitted_count"},4,"==","/ev",[{"->":".^.b","c":true},{"b":["\n","^═══════════════════════════════════════════","\n","^ALL FLAGS SUBMITTED - MISSION CRITICAL","\n","^Evidence package complete for prosecution.","\n","^═══════════════════════════════════════════","\n",{"->":".^.^.^.46"},null]}],"nop","\n","ev","str","^Return to main menu","/str","/ev",{"*":".^.c-0","flg":4},{"c-0":["\n",{"->":"hub"},null]}],null],"global decl":["ev",false,{"VAR=":"flag_scan_network_submitted"},false,{"VAR=":"flag_ftp_banner_submitted"},false,{"VAR=":"flag_http_analysis_submitted"},false,{"VAR=":"flag_distcc_exploit_submitted"},0,{"VAR=":"flags_submitted_count"},"/ev","end",null]}],"listDefs":{}} \ No newline at end of file