diff --git a/scenarios/ctf/agent_zero.xml b/scenarios/ctf/agent_zero.xml new file mode 100644 index 000000000..697944c24 --- /dev/null +++ b/scenarios/ctf/agent_zero.xml @@ -0,0 +1,285 @@ + + + + + Agent Zero: Licence to Hack + Z. Cliffe Schreuders + In this scenario, as a secret agent analyst specializing in cyber security, you are authorized to conduct offensive operations against those who threaten the digital safety and security of your country. + +You have been tasked with conducting a cyber attack and to investigate the operations of 'The Organization' in order to discover their evil plans. As the exercise progresses, you will uncover more and more evidence of the organization's evil plans. We beleive they are using aliases, and cover businesses. The only reliable intel we have is that there is an operative that goes by the alias 'viper'. + +You will need to use a variety of tools and techniques to perform an attack: network scanning and exploitation to gain a foothold, escalate privileges as necessary, and gather and analyze data data to collect evidence. + +Submit the flags you find to track your progress. + +This challenge will be different each time, and can be taken again and again to hone your skills and experience different attacks. + +Remember, this is a training scenario and any hacking / cyber security practices should always be conducted legally and with the proper permissions and authorization. + + + + ctf + attack-ctf + pwn-ctf + medium + + + + authentication + passwords and alternatives + + + user authentication + BRUTEFORCE + + + server-side misconfiguration and vulnerable components + FILE UPLOAD VULNERABILITY + + + EXPLOITATION + EXPLOITATION FRAMEWORKS + + + CVEs and CWEs + + + PENETRATION TESTING - SOFTWARE TOOLS + PENETRATION TESTING - ACTIVE PENETRATION + + + + + access control + Elevated privileges + Vulnerabilities and attacks on access control misconfigurations + + + Access controls and operating systems + Linux security model + Attacks against SUDO + + + + kill chains + + + cyber kill chain + + + + + symmetric encryption and authentication + + + BRUTEFORCE + + + + + + + attack_vm + + + + + + 172.16.0.2 + + 172.16.0.3 + + + + + {"username":"root","password":"toor","super_user":"","strings_to_leak":[],"leaked_filenames":[]} + + + false + + + + + + + + + IP_addresses + + + + + + evil_server + + + + + + lib/resources/structured_content/organisations/json_organisations + + + + + + + + + + wordlist + + + 6 + + + + + viper + + + + + + + + + username + + + password + + + false + + + flag + + + + + secrets + + + + + + + + + + + + + + + + organisation + + + username + + + password + + + + username + + + + + + + + + + + + + + + + + + organisation + + + username + + + password + + + username + + + + + + + + + + + + + + + + + organisation + + + username + + + password + + + + + + + + + + + + + + + password + + + + + Congratulations you have cracked our protected zip file. Here is a flag for your troubles, plus something more. + + + + + + + + + + + + protected.zip + + + /root/ + + + + + + + IP_addresses + + + + +