diff --git a/README-Creating-Scenarios.md b/README-Creating-Scenarios.md
index d2c7f0e8f..451a697bd 100644
--- a/README-Creating-Scenarios.md
+++ b/README-Creating-Scenarios.md
@@ -14,7 +14,7 @@ SecGen's scenario specification is a powerful interface for specifying the const
The selection logic for choosing the modules to fulfill the specified constraints can filter on any of the attributes in each module's secgen_metadata.xml file (for example, difficulty level and/or CVE), and any ambiguity results in a random selection from the remaining matching options (for example, any vulnerability matching a specified difficulty level).
-For example, scenarios/simple_examples/simple_any_random_vulnerability.xml specifies one system with a Debian Linux base, and a vulnerability. In this case the base module is specified by module name, so this selection is predefined (there is only one possible module that matches), and the vulnerability is randomly selected from the entire set of vulnerabilities because no attribute filters are specified, which could have limited down the potential matches.
+For example, scenarios/examples/simple_any_random_vulnerability.xml specifies one system with a Debian Linux base, and a vulnerability. In this case the base module is specified by module name, so this selection is predefined (there is only one possible module that matches), and the vulnerability is randomly selected from the entire set of vulnerabilities because no attribute filters are specified, which could have limited down the potential matches.
```xml
diff --git a/README-CyBOK-Scenarios-Indexed.md b/README-CyBOK-Scenarios-Indexed.md
index 63a2b46a4..ac1295997 100644
--- a/README-CyBOK-Scenarios-Indexed.md
+++ b/README-CyBOK-Scenarios-Indexed.md
@@ -2764,7 +2764,7 @@ Command to build VMs and start scenario:
| Key | Data |
| --- | --- |
|Name | Ghidra lab |
-|Description | A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you determing the password, run the program and enter the password to receive the file. [Lab sheet here](https://docs.google.com/document/d/1l4tU49JhI65Q85Zv9I1Wm1kaHNENp6iyIwMUhM8j_14/edit?usp=sharing). |
+|Description | A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you determing the password, run the program and enter the password to receive the file. [Lab sheet here](https://docs.google.com/document/d/1d2l1Z5l3r-DOdt-MG96H8HdhmN2l54dz8TL-8iigxWU/edit?usp=sharing). |
|Type | ctf-lab; lab-sheet |
|Author | Z. Cliffe Schreuders |
|Linked videos| https://youtu.be/0zUmUZoEpC4; https://youtu.be/m73pHO_0vhI|
diff --git a/README-Modules-Puppet.md b/README-Modules-Puppet.md
index b6f903cd7..9c75e3eee 100644
--- a/README-Modules-Puppet.md
+++ b/README-Modules-Puppet.md
@@ -7,7 +7,7 @@ The module directory contains
The following example should help illustrate.
-Distcc has a documented security weakness that enables remote code execution. The below example comes from modules/vulnerabilities/misc/distcc_exec.
+Distcc has a documented security weakness that enables remote code execution. The below example comes from modules/vulnerabilities/unix/misc/distcc_exec.
A manifest/ directory contains the Puppet files for a distcc_exec Puppet class.
diff --git a/lib/helpers/ovirt_affinity.py b/lib/helpers/ovirt_affinity.py
index 2afae74a0..bc1a17762 100644
--- a/lib/helpers/ovirt_affinity.py
+++ b/lib/helpers/ovirt_affinity.py
@@ -38,8 +38,6 @@ cluster = clusters_service.list(search='name=default')[0]
cluster_service = clusters_service.cluster_service(cluster.id)
cluster_affinitygroups_service = cluster_service.affinity_groups_service()
-cluster_service = clusters_service.cluster_service(cluster.id)
-cluster_affinitygroups_service = cluster_service.affinity_groups_service()
# could create the affinity group?
# cluster_affinitygroups_service.add(
diff --git a/lib/helpers/ovirt_affinity.rb b/lib/helpers/ovirt_affinity.rb
new file mode 100644
index 000000000..9a58d459e
--- /dev/null
+++ b/lib/helpers/ovirt_affinity.rb
@@ -0,0 +1,97 @@
+# TODO: merge this ruby version into SecGen -- should be working now
+
+require 'ovirtsdk4'
+
+affinitygroup_opt = "secgen_affinity_group_4"
+ovirt_vm_name = "p-37-317-0-fkRZ"
+
+conn_attr = {}
+conn_attr[:url] = "XXX"
+conn_attr[:username] = "XXX"
+conn_attr[:password] = "XXX"
+conn_attr[:debug] = true
+# conn_attr[:proxy_url] = "XXX"
+
+
+begin
+ connection = OvirtSDK4::Connection.new(conn_attr)
+
+
+ # # Get the reference to the affinity labels service:
+ # affinity_labels_service = connection.system_service.affinity_labels_service
+ #
+ # # Use the "add" method to create a affinity label:
+ # affinity_labels_service.add(
+ # OvirtSDK4::AffinityLabel.new(
+ # name: 'my_affinity_label'
+ # )
+ # )
+
+ begin
+ affinity_group_name = "affinity_group_test123"
+ puts "Creating affinity group: #{affinity_group_name}"
+
+ # cluster_affinitygroups_service.add(OvirtSDK4::AffinityGroup.new(
+ # name: affinity_group_name,
+ # description: 'a description',
+ # vms_rule: OvirtSDK4::AffinityRule.new(
+ # enabled: true,
+ # positive: true,
+ # enforcing: true
+ # )
+ # ))
+ rescue Exception => e
+ warn "Failed to create affinity group"
+ warn e.message
+ end
+
+ vms_service = connection.system_service.vms_service
+
+ clusters_service = connection.system_service.clusters_service
+ cluster = clusters_service.list(search: 'name=Default')
+ cluster.each do |cluster_instance|
+ cluster_service = clusters_service.cluster_service(cluster_instance.id)
+ cluster_affinitygroups_service = cluster_service.affinity_groups_service
+
+ # cluster_affinitygroups_service.add(OvirtSDK4::AffinityGroup.new(
+ # name: affinity_group_name,
+ # description: 'a description',
+ # vms_rule: OvirtSDK4::AffinityRule.new(
+ # enabled: true,
+ # positive: true,
+ # enforcing: true
+ # )
+ # ))
+
+ vms = vms_service.list(search: "name=#{ovirt_vm_name}*")
+
+ affinitygroups = cluster_affinitygroups_service.list
+
+ affinitygroups.each do |affinitygroup|
+
+ puts affinitygroup.name
+ # + '--' + args.affinitygroup)
+ if affinitygroup.name == affinitygroup_opt
+ puts ("Using Affinity_Group: " + affinitygroup.name + " Affinity_Group ID: " + affinitygroup.id)
+ group_service = cluster_affinitygroups_service.group_service(affinitygroup.id)
+ puts group_service
+ group_vms_service = group_service.vms_service
+ puts group_vms_service
+
+ vms.each do |vm|
+ puts ("Adding VM: " + vm.name)
+ # vm_service = vms_service.vm_service(vm.id)
+ vm_to_add = OvirtSDK4::Vm.new(
+ id: vm.id,
+ name: vm.name
+ )
+ puts vm_to_add.id
+ group_vms_service.add(vm_to_add)
+
+ end
+ end
+ end
+ end
+# rescue Exception => e
+# puts "Failed to control VM: #{e.message}"
+end
diff --git a/lib/templates/Vagrantfile.erb b/lib/templates/Vagrantfile.erb
index fb8089961..5611134b8 100644
--- a/lib/templates/Vagrantfile.erb
+++ b/lib/templates/Vagrantfile.erb
@@ -127,6 +127,9 @@ end
<%= system.name %>.vm.provision 'shell', inline: "echo 'datasource_list: [ None ] '> /etc/cloud/cloud.cfg.d/90_dpkg.cfg"
<% end -%>
+ <%= system.name %>.vm.boot_timeout = 600
+ <%= system.name %>.ssh.connect_timeout = 600
+
# SecGen datastore
# <%= JSON.generate($datastore) %>
diff --git a/modules/bases/debian_stretch_desktop_kde/secgen_metadata.xml b/modules/bases/debian_stretch_desktop_kde/secgen_metadata.xml
index 8a9d61900..0470f174c 100644
--- a/modules/bases/debian_stretch_desktop_kde/secgen_metadata.xml
+++ b/modules/bases/debian_stretch_desktop_kde/secgen_metadata.xml
@@ -15,7 +15,7 @@
Debian 9.5.0 Stretch amd64
https://app.vagrantup.com/secgen/boxes/debian_stretch_desktop_kde/versions/1.2/providers/virtualbox.box
https://app.vagrantup.com/redwiz666/boxes/debian_stretch_desktop_kde/versions/1.0.0/providers/vmware.box
- stretch_desktop_kde_20210519
+ stretch_desktop_kde_20210911
https://atlas.hashicorp.com/puppetlabs
various
diff --git a/modules/bases/debian_stretch_server/secgen_metadata.xml b/modules/bases/debian_stretch_server/secgen_metadata.xml
index 178ed976f..337b826da 100644
--- a/modules/bases/debian_stretch_server/secgen_metadata.xml
+++ b/modules/bases/debian_stretch_server/secgen_metadata.xml
@@ -16,10 +16,11 @@
Debian 9.5.0 Stretch amd64
https://app.vagrantup.com/secgen/boxes/debian_stretch_server/versions/1.3/providers/virtualbox.box
https://app.vagrantup.com/redwiz666/boxes/debian_stretch_server/versions/1.0.0/providers/vmware.box
- debian_stretch_server_291118
+
+ stretch_desktop_kde_20210911
various
-
+
bases/.*
diff --git a/modules/bases/kali_light/secgen_metadata.xml b/modules/bases/kali_light/secgen_metadata.xml
deleted file mode 100644
index dab0861da..000000000
--- a/modules/bases/kali_light/secgen_metadata.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-
- Kali Light and Puppet
- Z. Cliffe Schreuders
- GPLv3
- Kali Light 2018.3 with puppet.
- 64-bit
- attack
- desktop
-
- linux
- unix
- Kali Linux 2018.3
- https://app.vagrantup.com/secgen/boxes/kali_light/versions/1.0/providers/virtualbox.box
- https://app.vagrantup.com/redwiz666/boxes/kali_light/versions/1.0.0/providers/vmware.box
-
- https://app.vagrantup.com/secgen
- various
-
-
-
- bases/.*
-
-
diff --git a/modules/bases/kali_light_msf/secgen_metadata.xml b/modules/bases/kali_light_msf/secgen_metadata.xml
index 11b95d83c..d8be94306 100644
--- a/modules/bases/kali_light_msf/secgen_metadata.xml
+++ b/modules/bases/kali_light_msf/secgen_metadata.xml
@@ -6,17 +6,17 @@
Kali Light, MSF, XFCE and Puppet
Z. Cliffe Schreuders
GPLv3
- Kali Light 2017.1 XFCE minimal install, with metasploit framework and puppet.
+ Kali Light rolling release XFCE minimal install, with metasploit framework and puppet.
64-bit
attack
desktop
linux
unix
- Kali Linux 2018.3
+ Kali Linux Rolling
https://app.vagrantup.com/secgen/boxes/kali_light_msf/versions/1.0/providers/virtualbox.box
- kali_linux_msf_20210930
+ kali_linux_msf_20211006_2
https://app.vagrantup.com/secgen
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_csp/Ch3.1-3.5/Ch3_00_GdbSetmem/program.c.template b/modules/utilities/unix/ctf/metactf/files/repository/src_csp/Ch3.1-3.5/Ch3_00_GdbSetmem/program.c.template
index bfee2e204..be09f94ac 100644
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_csp/Ch3.1-3.5/Ch3_00_GdbSetmem/program.c.template
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_csp/Ch3.1-3.5/Ch3_00_GdbSetmem/program.c.template
@@ -10,6 +10,34 @@
void printflag();
+void printflag()
+{
+ int fd;
+ int len;
+ unsigned char data[128];
+
+ fd = open("flag", O_RDONLY);
+
+ if ( fd <= 0 ) {
+ printf("Failed to open flag.\n");
+ return;
+ }
+
+ len = lseek( fd, 0, SEEK_END);
+ lseek(fd, 0, SEEK_SET);
+
+ if ( len > 128 ) {
+ len = 128;
+ }
+
+ memset(data, 0, 128);
+ read( fd, data, len);
+ close(fd);
+
+ printf("%s\n", data);
+ return;
+}
+
//Hash function created by Thomas Wang and taken from https://naml.us/post/inverse-of-a-hash-function/
unsigned long long int hash(unsigned long long int key) {
@@ -100,34 +128,6 @@ void print_msg() {
printf("%s",msg);
}
-void printflag()
-{
- int fd;
- int len;
- unsigned char data[128];
-
- fd = open("flag", O_RDONLY);
-
- if ( fd <= 0 ) {
- printf("Failed to open flag.\n");
- return;
- }
-
- len = lseek( fd, 0, SEEK_END);
- lseek(fd, 0, SEEK_SET);
-
- if ( len > 128 ) {
- len = 128;
- }
-
- memset(data, 0, 128);
- read( fd, data, len);
- close(fd);
-
- printf("%s\n", data);
- return;
-}
-
int main(void) {
signal(SIGSEGV, segv_handler);
int x=1024;
diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_malware/Ch01-08/Ch08Dbg_GdbSetmem/program.c.template b/modules/utilities/unix/ctf/metactf/files/repository/src_malware/Ch01-08/Ch08Dbg_GdbSetmem/program.c.template
index a424b6459..a9911f897 100644
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_malware/Ch01-08/Ch08Dbg_GdbSetmem/program.c.template
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_malware/Ch01-08/Ch08Dbg_GdbSetmem/program.c.template
@@ -8,6 +8,8 @@
#define USERDEF0 AAAAAA
#define USERDEF1 BBBBBB
+void printflag();
+
//Hash function created by Thomas Wang and taken from https://naml.us/post/inverse-of-a-hash-function/
unsigned long long int hash(unsigned long long int key) {
@@ -61,11 +63,6 @@ void print_pswd(unsigned long long int key) {
printf("%llu\n", inverse_hash(key));
}
-void print_good(void) {
- puts("Good Job.");
- printflag();
-}
-
void printflag()
{
int fd;
@@ -94,6 +91,11 @@ void printflag()
return;
}
+void print_good(void) {
+ puts("Good Job.");
+ printflag();
+}
+
void segv_handler(int sig) {
printf("Segmentation fault. Try again.\n");
exit(0);
diff --git a/scenarios/labs/software_and_malware_analysis/5_ghidra.xml b/scenarios/labs/software_and_malware_analysis/5_ghidra.xml
index a996ccefa..0f6bbc451 100644
--- a/scenarios/labs/software_and_malware_analysis/5_ghidra.xml
+++ b/scenarios/labs/software_and_malware_analysis/5_ghidra.xml
@@ -9,7 +9,7 @@
A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
program expects. Once you have found the password, run the program and enter the password to receive the file.
- [Lab sheet here](https://docs.google.com/document/d/1l4tU49JhI65Q85Zv9I1Wm1kaHNENp6iyIwMUhM8j_14/edit?usp=sharing).
+ [Lab sheet here](https://docs.google.com/document/d/1d2l1Z5l3r-DOdt-MG96H8HdhmN2l54dz8TL-8iigxWU/edit?usp=sharing).
ctf-lab