Merge branch 'master' of https://github.com/cliffe/SecGen

README-Creating-Scenarios.md

@@ -14,7 +14,7 @@ SecGen's scenario specification is a powerful interface for specifying the const
 
 The selection logic for choosing the modules to fulfill the specified constraints can filter on any of the attributes in each module's secgen_metadata.xml file (for example, difficulty level and/or CVE), and any ambiguity results in a random selection from the remaining matching options (for example, any vulnerability matching a specified difficulty level).
 
-For example, scenarios/simple_examples/simple_any_random_vulnerability.xml specifies one system with a Debian Linux base, and a vulnerability. In this case the base module is specified by module name, so this selection is predefined (there is only one possible module that matches), and the vulnerability is randomly selected from the entire set of vulnerabilities because no attribute filters are specified, which could have limited down the potential matches.
+For example, scenarios/examples/simple_any_random_vulnerability.xml specifies one system with a Debian Linux base, and a vulnerability. In this case the base module is specified by module name, so this selection is predefined (there is only one possible module that matches), and the vulnerability is randomly selected from the entire set of vulnerabilities because no attribute filters are specified, which could have limited down the potential matches.
 
 ```xml
 <?xml version="1.0"?>

README-CyBOK-Scenarios-Indexed.md

@@ -2764,7 +2764,7 @@ Command to build VMs and start scenario:
 | Key | Data |
 | --- | --- |
 |Name | Ghidra lab |
-|Description | A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you determing the password, run the program and enter the password to receive the file.</br></br>	[Lab sheet here](https://docs.google.com/document/d/1l4tU49JhI65Q85Zv9I1Wm1kaHNENp6iyIwMUhM8j_14/edit?usp=sharing).</br>	|
+|Description | A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you determing the password, run the program and enter the password to receive the file.</br></br>	[Lab sheet here](https://docs.google.com/document/d/1d2l1Z5l3r-DOdt-MG96H8HdhmN2l54dz8TL-8iigxWU/edit?usp=sharing).</br>	|
 |Type | ctf-lab; lab-sheet |
 |Author | Z. Cliffe Schreuders |
 |Linked videos| https://youtu.be/0zUmUZoEpC4; https://youtu.be/m73pHO_0vhI|

README-Modules-Puppet.md

@@ -7,7 +7,7 @@ The module directory contains
 
 The following example should help illustrate.
 
-Distcc has a documented security weakness that enables remote code execution. The below example comes from modules/vulnerabilities/misc/distcc_exec.
+Distcc has a documented security weakness that enables remote code execution. The below example comes from modules/vulnerabilities/unix/misc/distcc_exec.
 
 A manifest/ directory contains the Puppet files for a distcc_exec Puppet class.
 

lib/helpers/ovirt_affinity.py

@@ -38,8 +38,6 @@ cluster = clusters_service.list(search='name=default')[0]
 cluster_service = clusters_service.cluster_service(cluster.id)
 cluster_affinitygroups_service = cluster_service.affinity_groups_service()
 
-cluster_service = clusters_service.cluster_service(cluster.id)
-cluster_affinitygroups_service = cluster_service.affinity_groups_service()
 
 # could create the affinity group?
 # cluster_affinitygroups_service.add(

lib/helpers/ovirt_affinity.rb

@@ -0,0 +1,97 @@
+# TODO: merge this ruby version into SecGen -- should be working now
+
+require 'ovirtsdk4'
+
+affinitygroup_opt = "secgen_affinity_group_4"
+ovirt_vm_name = "p-37-317-0-fkRZ"
+
+conn_attr = {}
+conn_attr[:url] = "XXX"
+conn_attr[:username] = "XXX"
+conn_attr[:password] = "XXX"
+conn_attr[:debug] = true
+# conn_attr[:proxy_url] = "XXX"
+
+
+begin
+  connection = OvirtSDK4::Connection.new(conn_attr)
+
+
+  # # Get the reference to the affinity labels service:
+  # affinity_labels_service = connection.system_service.affinity_labels_service
+  #
+  # # Use the "add" method to create a affinity label:
+  # affinity_labels_service.add(
+  #   OvirtSDK4::AffinityLabel.new(
+  #     name: 'my_affinity_label'
+  #   )
+  # )
+
+  begin
+    affinity_group_name = "affinity_group_test123"
+    puts "Creating affinity group: #{affinity_group_name}"
+
+    # cluster_affinitygroups_service.add(OvirtSDK4::AffinityGroup.new(
+    #   name: affinity_group_name,
+    #   description: 'a description',
+    #   vms_rule: OvirtSDK4::AffinityRule.new(
+    #   enabled: true,
+    #   positive: true,
+    #   enforcing: true
+    #   )
+    # ))
+  rescue Exception => e
+    warn "Failed to create affinity group"
+    warn e.message
+  end
+
+  vms_service = connection.system_service.vms_service
+
+  clusters_service = connection.system_service.clusters_service
+  cluster = clusters_service.list(search: 'name=Default')
+  cluster.each do |cluster_instance|
+    cluster_service = clusters_service.cluster_service(cluster_instance.id)
+    cluster_affinitygroups_service = cluster_service.affinity_groups_service
+
+    # cluster_affinitygroups_service.add(OvirtSDK4::AffinityGroup.new(
+    #   name: affinity_group_name,
+    #   description: 'a description',
+    #   vms_rule: OvirtSDK4::AffinityRule.new(
+    #   enabled: true,
+    #   positive: true,
+    #   enforcing: true
+    #   )
+    # ))
+
+    vms = vms_service.list(search: "name=#{ovirt_vm_name}*")
+
+    affinitygroups = cluster_affinitygroups_service.list
+
+    affinitygroups.each do |affinitygroup|
+
+      puts affinitygroup.name
+      # + '--' + args.affinitygroup)
+      if affinitygroup.name == affinitygroup_opt
+        puts ("Using Affinity_Group: " + affinitygroup.name + " Affinity_Group ID: " + affinitygroup.id)
+        group_service = cluster_affinitygroups_service.group_service(affinitygroup.id)
+        puts group_service
+        group_vms_service = group_service.vms_service
+        puts group_vms_service
+
+        vms.each do |vm|
+          puts ("Adding VM: " + vm.name)
+          # vm_service = vms_service.vm_service(vm.id)
+          vm_to_add =  OvirtSDK4::Vm.new(
+            id: vm.id,
+            name: vm.name
+          )
+          puts vm_to_add.id
+          group_vms_service.add(vm_to_add)
+
+        end
+      end
+    end
+  end
+# rescue Exception => e
+#   puts "Failed to control VM: #{e.message}"
+end

lib/templates/Vagrantfile.erb

@@ -127,6 +127,9 @@ end
         <%= system.name %>.vm.provision 'shell', inline: "echo 'datasource_list: [ None ] '> /etc/cloud/cloud.cfg.d/90_dpkg.cfg"
     <%  end -%>
 
+    <%= system.name %>.vm.boot_timeout = 600
+    <%= system.name %>.ssh.connect_timeout = 600
+
     # SecGen datastore
     # <%= JSON.generate($datastore) %>
 

modules/bases/debian_stretch_desktop_kde/secgen_metadata.xml

@@ -15,7 +15,7 @@
   <distro>Debian 9.5.0 Stretch amd64</distro>
   <url>https://app.vagrantup.com/secgen/boxes/debian_stretch_desktop_kde/versions/1.2/providers/virtualbox.box</url>
   <esxi_url>https://app.vagrantup.com/redwiz666/boxes/debian_stretch_desktop_kde/versions/1.0.0/providers/vmware.box</esxi_url>
-  <ovirt_template>stretch_desktop_kde_20210519</ovirt_template>
+  <ovirt_template>stretch_desktop_kde_20210911</ovirt_template>
 
   <reference>https://atlas.hashicorp.com/puppetlabs</reference>
   <software_license>various</software_license>

modules/bases/debian_stretch_server/secgen_metadata.xml

@@ -16,10 +16,11 @@
   <distro>Debian 9.5.0 Stretch amd64</distro>
   <url>https://app.vagrantup.com/secgen/boxes/debian_stretch_server/versions/1.3/providers/virtualbox.box</url>
   <esxi_url>https://app.vagrantup.com/redwiz666/boxes/debian_stretch_server/versions/1.0.0/providers/vmware.box</esxi_url>
-  <ovirt_template>debian_stretch_server_291118</ovirt_template>
+  <!-- use the ovirt kde template even for servers, so there are less bases to maintain -->
+  <ovirt_template>stretch_desktop_kde_20210911</ovirt_template>
 
   <software_license>various</software_license>
-  
+
   <!-- another base should not be added to this base -->
   <conflict>
     <module_path>bases/.*</module_path>

modules/bases/kali_light/secgen_metadata.xml

@@ -1,27 +0,0 @@
-<?xml version="1.0"?>
-
-<base xmlns="http://www.github/cliffe/SecGen/base"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://www.github/cliffe/SecGen/base">
-  <name>Kali Light and Puppet</name>
-  <author>Z. Cliffe Schreuders</author>
-  <module_license>GPLv3</module_license>
-  <description>Kali Light 2018.3 with puppet.</description>
-  <cpu_word_size>64-bit</cpu_word_size>
-  <type>attack</type>
-  <type>desktop</type>
-
-  <platform>linux</platform>
-  <platform>unix</platform>
-  <distro>Kali Linux 2018.3</distro>
-  <url>https://app.vagrantup.com/secgen/boxes/kali_light/versions/1.0/providers/virtualbox.box</url>
-  <esxi_url>https://app.vagrantup.com/redwiz666/boxes/kali_light/versions/1.0.0/providers/vmware.box</esxi_url>
-
-  <reference>https://app.vagrantup.com/secgen</reference>
-  <software_license>various</software_license>
-
-  <!-- another base should not be added to this base -->
-  <conflict>
-    <module_path>bases/.*</module_path>
-  </conflict>
-</base>

modules/bases/kali_light_msf/secgen_metadata.xml

@@ -6,17 +6,17 @@
   <name>Kali Light, MSF, XFCE and Puppet</name>
   <author>Z. Cliffe Schreuders</author>
   <module_license>GPLv3</module_license>
-  <description>Kali Light 2017.1 XFCE minimal install, with metasploit framework and puppet.</description>
+  <description>Kali Light rolling release XFCE minimal install, with metasploit framework and puppet.</description>
   <cpu_word_size>64-bit</cpu_word_size>
   <type>attack</type>
   <type>desktop</type>
 
   <platform>linux</platform>
   <platform>unix</platform>
-  <distro>Kali Linux 2018.3</distro>
+  <distro>Kali Linux Rolling</distro>
   <url>https://app.vagrantup.com/secgen/boxes/kali_light_msf/versions/1.0/providers/virtualbox.box</url>
   <esxi_url></esxi_url>
-  <ovirt_template>kali_linux_msf_20210930</ovirt_template>
+  <ovirt_template>kali_linux_msf_20211006_2</ovirt_template>
 
 
   <reference>https://app.vagrantup.com/secgen</reference>

modules/utilities/unix/ctf/metactf/files/repository/src_csp/Ch3.1-3.5/Ch3_00_GdbSetmem/program.c.template

@@ -10,6 +10,34 @@
 
 void printflag();
 
+void printflag()
+{
+	int fd;
+	int len;
+	unsigned char data[128];
+
+	fd = open("flag", O_RDONLY);
+
+	if ( fd <= 0 ) {
+		printf("Failed to open flag.\n");
+		return;
+	}
+
+	len = lseek( fd, 0, SEEK_END);
+	lseek(fd, 0, SEEK_SET);
+
+	if ( len > 128 ) {
+		len = 128;
+	}
+
+	memset(data, 0, 128);
+	read( fd, data, len);
+	close(fd);
+
+	printf("%s\n", data);
+	return;
+}
+
 //Hash function created by Thomas Wang and taken from https://naml.us/post/inverse-of-a-hash-function/
 
 unsigned long long int hash(unsigned long long int key) {
@@ -100,34 +128,6 @@ void print_msg() {
     printf("%s",msg);
 }
 
-void printflag()
-{
-	int fd;
-	int len;
-	unsigned char data[128];
-
-	fd = open("flag", O_RDONLY);
-
-	if ( fd <= 0 ) {
-		printf("Failed to open flag.\n");
-		return;
-	}
-
-	len = lseek( fd, 0, SEEK_END);
-	lseek(fd, 0, SEEK_SET);
-
-	if ( len > 128 ) {
-		len = 128;
-	}
-
-	memset(data, 0, 128);
-	read( fd, data, len);
-	close(fd);
-
-	printf("%s\n", data);
-	return;
-}
-
 int main(void) {
   signal(SIGSEGV, segv_handler);
   int x=1024;

modules/utilities/unix/ctf/metactf/files/repository/src_malware/Ch01-08/Ch08Dbg_GdbSetmem/program.c.template

@@ -8,6 +8,8 @@
 #define USERDEF0 AAAAAA
 #define USERDEF1 BBBBBB
 
+void printflag();
+
 //Hash function created by Thomas Wang and taken from https://naml.us/post/inverse-of-a-hash-function/
 
 unsigned long long int hash(unsigned long long int key) {
@@ -61,11 +63,6 @@ void print_pswd(unsigned long long int key) {
     printf("%llu\n", inverse_hash(key));
 }
 
-void print_good(void) {
-  puts("Good Job.");
-  printflag();
-}
-
 void printflag()
 {
 	int fd;
@@ -94,6 +91,11 @@ void printflag()
 	return;
 }
 
+void print_good(void) {
+  puts("Good Job.");
+  printflag();
+}
+
 void segv_handler(int sig) {
         printf("Segmentation fault.  Try again.\n");
         exit(0);

scenarios/labs/software_and_malware_analysis/5_ghidra.xml

@@ -9,7 +9,7 @@
     <description>A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
         program expects. Once you have found the password, run the program and enter the password to receive the file.
 
-        [Lab sheet here](https://docs.google.com/document/d/1l4tU49JhI65Q85Zv9I1Wm1kaHNENp6iyIwMUhM8j_14/edit?usp=sharing).
+        [Lab sheet here](https://docs.google.com/document/d/1d2l1Z5l3r-DOdt-MG96H8HdhmN2l54dz8TL-8iigxWU/edit?usp=sharing).
     </description>
 
     <type>ctf-lab</type>