updated scenarios, metadata changes + updated qr code

modules/generators/challenges/exif/secgen_metadata.xml

@@ -9,7 +9,8 @@
   <description>TODO</description>
 
   <type>modified_exif</type>
-  <type>string_generator</type>
+  <type>image_generator</type>
+  <type>image_challenge_generator</type>
   <type>local_calculation</type>
   <platform>linux</platform>
   <platform>windows</platform>

modules/generators/challenges/hidden_data_in_image_file/secgen_metadata.xml

@@ -11,6 +11,7 @@
   </description>
 
   <type>hidden_data_in_image_file</type>
+  <type>image_generator</type>
   <type>image_challenge_generator</type>
   <type>local_calculation</type>
   <platform>linux</platform>

modules/generators/image/qr_code/secgen_local/local.rb

@@ -2,35 +2,35 @@
 require 'rqrcode'
 require_relative '../../../../../lib/objects/local_string_encoder.rb'
 class QRCodeGenerator < StringEncoder
-  attr_accessor :string_to_mask
+  attr_accessor :strings_to_leak
 
   def initialize
     super
     self.module_name = 'QR Code Generator'
-    self.string_to_mask = []
+    self.strings_to_leak = []
   end
 
   def encode_all
-    qr_code = RQRCode::QRCode.new(self.string_to_mask[0])
+    qr_code = RQRCode::QRCode.new(self.strings_to_leak[0])
     image = qr_code.as_png
     self.outputs <<  Base64.strict_encode64(image.to_blob)
   end
 
   def get_options_array
-    super + [['--string_to_mask', GetoptLong::REQUIRED_ARGUMENT]]
+    super + [['--strings_to_leak', GetoptLong::REQUIRED_ARGUMENT]]
   end
 
   def process_options(opt, arg)
     super
     case opt
-      when '--string_to_mask'
-        self.string_to_mask << arg;
+      when '--strings_to_leak'
+        self.strings_to_leak << arg;
     end
   end
 
 
   def encoding_print_string
-    'String to mask: ' + self.string_to_mask.first
+    'Strings_to_leak: ' + self.strings_to_leak.first
   end
 end
 

modules/generators/image/qr_code/secgen_metadata.xml

@@ -9,13 +9,14 @@
   <description>Generates a QR code image from an input string. </description>
 
   <type>image_generator</type>
+  <type>image_challenge_generator</type>
   <type>qr_code_generator</type>
   <type>local_calculation</type>
   <platform>linux</platform>
   <platform>windows</platform>
 
-  <read_fact>string_to_mask</read_fact>
-  <default_input into="string_to_mask">
+  <read_fact>strings_to_leak</read_fact>
+  <default_input into="strings_to_leak">
     <generator type="flag_generator"/>
   </default_input>
 

scenarios/ctf/flawed_fortress_1.xml

@@ -56,6 +56,11 @@
 		</vulnerability>
 
 		<network module_path=".*private_network_1"/>
+		<build type="cleanup">
+			<input into="root_password">
+				<generator type="password_generator"/>
+			</input>
+		</build>
 	</system>
 
 
@@ -93,10 +98,11 @@
 
 		<!-- vulnerability which can leak images, leak 2 image challenges and a random red-herring image -->
 		<vulnerability read_fact="images_to_leak">
-			<input into="images_to_leak">
-				<generator name="Hidden Data in Image File Challenge"/>
-				<generator name="QR Code Generator"/>
-				<generator name="Random Image Generator"/>
+			<input into="images_to_leak" unique_module_list="image_challenges">
+				<generator type="image_challenge_generator"/>
+				<generator type="image_generator"/>
+				<generator type="image_challenge_generator"/>
+				<generator type="image_challenge_generator"/>
 			</input>
 		</vulnerability>
 
@@ -110,6 +116,11 @@
 		<service/>
 
 		<network module_path=".*private_network_1"/>
+		<build type="cleanup">
+			<input into="root_password">
+				<generator type="password_generator"/>
+			</input>
+		</build>
 	</system>
 
 	<!-- an example remote storage system, with a remotely exploitable vulnerability that can then be escalated to root -->
@@ -132,6 +143,11 @@
 		<service/>
 
 		<network module_path=".*private_network_1"/>
+		<build type="cleanup">
+			<input into="root_password">
+				<generator type="password_generator"/>
+			</input>
+		</build>
 	</system>