digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-22 03:38:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

WebActioner generation update: updated string generation

Browse Source
This commit is contained in:
thomashaw
2022-02-03 19:00:42 +00:00
parent 39199dba29
commit 1fc034e9ef
2 changed files with 130 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/output/xml_alertaction_config_generator.rb
View File

@@ -71,17 +71,19 @@ class XmlAlertActionConfigGenerator
end
def all_goal_flags_to_hacktivity(aa_conf)
auto_grader_hostname
@systems.each do |system|
if system.goals != []
@alert_actions = @alert_actions + get_web_alertactions(aa_conf, system.name, system.goals, $datastore['goal_flags'], system.hostname)
@alert_actions = @alert_actions + get_web_alertactions(aa_conf, system.name, system.goals, $datastore['goal_flags'], system.hostname, auto_grader_hostname)
end
system.module_selections.each do |module_selection|
@alert_actions = @alert_actions + get_web_alertactions(aa_conf, module_selection.module_path_end, module_selection.goals, module_selection.received_inputs['goal_flags'], system.hostname)
@alert_actions = @alert_actions + get_web_alertactions(aa_conf, module_selection.module_path_end, module_selection.goals, module_selection.received_inputs['goal_flags'], system.hostname, auto_grader_hostname)
end
end
end
def get_web_alertactions(aa_conf, name, goals, goal_flags, hostname)
def get_web_alertactions(aa_conf, name, goals, goal_flags, hostname, auto_grader_hostname)
alert_actions = []
# Validate whether there are an equal number of goals and goal_flags + warn / error here if not...
@@ -102,7 +104,8 @@ class XmlAlertActionConfigGenerator
'action_type' => 'WebAction',
'target' => aa_conf['target'],
'request_type' => 'POST',
'data' => goal_flags[i]
'data' => "vm_name=" + auto_grader_hostname + "&flag=" + goal_flags[i] # TODO: test if this works
# 'data' => goal_flags[i] # TODO: Update this to the correct format
}
end
end
@@ -152,4 +155,14 @@ class XmlAlertActionConfigGenerator
end
builder.to_xml
end
def auto_grader_hostname
ag_hostname = ''
@systems.each do |system|
if system.hostname.include? 'grading'
ag_hostname = system.hostname
end
end
ag_hostname
end
end

117
scenarios/tests/test_scenario.xml
View File

@@ -4,16 +4,81 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Thomas Shaw</name>
<name>Experiment: Auto Grading</name>
<author>Thomas Shaw</author>
<description>Test Scenario - param accs: Pass group in vs not</description>
<type>AGT / AAA scenario</type>
<description>
</description>
<type>ctf</type>
<difficulty>easy</difficulty>
<!-- 4 user account level challenges: -->
<!-- Distcc [x] -->
<!-- Readable shadow file [x] -->
<!-- Hidden file [x] -->
<!-- Password Cracking [x]
(user account, via readable shadow) -->
<!-- 2 systems: -->
<!-- Kali -->
<!-- Debian victim -->
<system>
<system_name>hackme_desktop</system_name>
<base distro="Debian 10" type="desktop"/>
<input into_datastore="IP_addresses">
<!-- 0 attack_vm -->
<value>172.16.0.2</value>
<!-- 1 hackme_server -->
<value>172.16.0.3</value>
<!-- 2 auto_grading_server -->
<value>172.16.0.4</value>
</input>
<input into_datastore="aaa_config">
<generator type="aaa_config">
<input into="server_ip">
<datastore access="0">IP_addresses</datastore>
</input>
<input into="client_ips">
<datastore access="1">IP_addresses</datastore>
</input>
<input into="elasticsearch_port">
<value>9200</value>
</input>
<input into="logstash_port">
<value>5044</value>
</input>
<input into="kibana_port">
<value>5601</value>
</input>
<input into="aa_configs">
<!-- <generator type="alert_actioner_config" module_path=".*goal_flag_hacktivity.*"/>-->
<generator type="alert_actioner_config" module_path=".*goal_message_host.*">
<input into="host">
<datastore access="1">IP_addresses</datastore>
</input>
<input into="message_header">
<value>Well done!</value>
</input>
<input into="message_subtext">
<value>Here is some subtext from the scenario.</value>
</input>
<input into="sender">
<value>root</value>
</input>
<input into="password">
<value>test</value>
</input>
<input into="recipient">
<value>challenger</value>
</input>
</generator>
</input>
</generator>
</input>
<utility module_path=".*/parameterised_accounts">
<input into="accounts" into_datastore="account">
<!-- Default account -->
@@ -38,7 +103,12 @@
</input>
</utility>
<vulnerability module_path="vulnerabilities/unix/misc/distcc_exec"/>
<utility module_path=".*analysis_alert_action_client">
<input into="aaa_config">
<datastore access="0">aaa_config</datastore>
</input>
</utility>
<vulnerability module_path="vulnerabilities/unix/access_control_misconfigurations/readable_shadow"/>
<vulnerability module_path=".*/hidden_file">
<input into="account">
@@ -48,5 +118,44 @@
<generator type="message_generator"/>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>auto_grading_server</system_name>
<base distro="Debian 10" />
<input into_datastore="goal_flags">
<value>flag{static_flag_1}</value>
<value>flag{static_flag_2}</value>
<value>flag{static_flag_3}</value>
<value>flag{static_flag_4}</value>
<value>flag{static_flag_5}</value>
</input>
<utility module_path=".*handy_cli_tools.*"/>
<service module_path=".*analysis_alert_action_server">
<input into="aaa_config">
<datastore access="0">aaa_config</datastore>
</input>
</service>
<network type="private_network">
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<value>test</value>
</input>
</build>
</system>
</scenario>