mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-22 19:58:03 +00:00
lab updates
This commit is contained in:
Z. Cliffe Schreuders
@@ -145,7 +145,7 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
|
||||
<get_shell>false</get_shell>
|
||||
<post_command></post_command>
|
||||
|
||||
<prompt>Create a Snort rule that detects any TCP connection attempt to TCP port <%= $rand_port %>. The alert must include the message "<%= $rand_alert1 %>".</prompt>
|
||||
<prompt>Create a Snort rule that detects any TCP connection attempt to TCP port <%= $rand_port %> to <%= $web_server_ip %>. The alert must include the message "<%= $rand_alert1 %>".</prompt>
|
||||
|
||||
<condition>
|
||||
<output_matches>^--1</output_matches>
|
||||
@@ -181,7 +181,7 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
|
||||
<get_shell>false</get_shell>
|
||||
<post_command></post_command>
|
||||
|
||||
<prompt>Create a Snort rule that detects any packet with the contents "<%= $rand_content1 %>". The alert must include the message "<%= $rand_alert2 %>".</prompt>
|
||||
<prompt>Create a Snort rule that detects any packet with the contents "<%= $rand_content1 %>" to <%= $web_server_ip %>. The alert must include the message "<%= $rand_alert2 %>".</prompt>
|
||||
|
||||
<condition>
|
||||
<output_matches>^--1</output_matches>
|
||||
@@ -219,7 +219,7 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
|
||||
<get_shell>false</get_shell>
|
||||
<post_command></post_command>
|
||||
|
||||
<prompt>Create a Snort rule that detects any unencrypted POP3 email *user authentication attempt* (someone trying to log in). The alert must include the message "<%= $rand_alert4 %>". Up to three flags will be awarded, based on the quality of the rule.</prompt>
|
||||
<prompt>Create a Snort rule that detects any unencrypted POP3 email *user authentication attempt* (someone trying to log in), to a mail server on <%= $web_server_ip %>. The alert must include the message "<%= $rand_alert4 %>". Up to three flags will be awarded, based on the quality of the rule.</prompt>
|
||||
|
||||
<condition>
|
||||
<output_matches>^--1</output_matches>
|
||||
@@ -231,12 +231,12 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
|
||||
</condition>
|
||||
<condition>
|
||||
<output_matches>^--0.*<%= $rand_alert4 %>.*Classification.*User.*<%= $rand_alert4 %></output_matches>
|
||||
<message>:-D Well done! ALL THREE FLAGS!: <%= $flag1 %>, <%= $flag2 %>, <%= $flag3 %>. Could be improved with a meaningful classification.</message>
|
||||
<message>:-D Well done! ALL THREE FLAGS!: <%= $flag1 %>, <%= $flag2 %>, <%= $flag3 %>.</message>
|
||||
<trigger_next_attack />
|
||||
</condition>
|
||||
<condition>
|
||||
<output_matches>^--0.*<%= $rand_alert4 %>.*<%= $rand_alert4 %></output_matches>
|
||||
<message>8-) Well done! Two flags: <%= $flag1 %>, <%= $flag2 %>. Could be improved with a classification.</message>
|
||||
<message>8-) Well done! Two flags: <%= $flag1 %>, <%= $flag2 %>. Could be further improved with a classification.</message>
|
||||
<trigger_next_attack />
|
||||
</condition>
|
||||
<condition>
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
<get_shell>false</get_shell>
|
||||
<post_command></post_command>
|
||||
|
||||
<prompt>Create a Snort rule that detects any TCP connection attempt to <%= $rand_service1 %> (just the connection attempt, does not require content inspection). The alert must include the message "<%= $rand_alert3 %>".</prompt>
|
||||
<prompt>Create a Snort rule that detects any TCP connection attempt to <%= $rand_service1 %> (just the connection attempt, does not require content inspection) on <%= $web_server_ip %>. The alert must include the message "<%= $rand_alert3 %>".</prompt>
|
||||
|
||||
<condition>
|
||||
<output_matches>^--1</output_matches>
|
||||
|
||||
@@ -8,6 +8,13 @@
|
||||
<system_name>desktop</system_name>
|
||||
<base distro="Debian 7.8" type="desktop" name="KDE"/>
|
||||
|
||||
<input into_datastore="IP_addresses">
|
||||
<value>172.16.0.2</value>
|
||||
<value>172.16.0.3</value>
|
||||
<value>172.16.0.4</value>
|
||||
<value>172.16.0.5</value>
|
||||
</input>
|
||||
|
||||
<input into_datastore="organisation">
|
||||
<generator type="realistic_organisation"/>
|
||||
</input>
|
||||
@@ -115,13 +122,13 @@
|
||||
<value>true</value>
|
||||
</input>
|
||||
<input into="start_page">
|
||||
<value>http://172.16.0.5</value>
|
||||
<datastore access="3">IP_addresses</datastore>
|
||||
</input>
|
||||
</utility>
|
||||
|
||||
<utility module_path=".*pidgin">
|
||||
<input into="server_ip">
|
||||
<value>172.16.0.5</value>
|
||||
<datastore access="3">IP_addresses</datastore>
|
||||
</input>
|
||||
<input into="accounts">
|
||||
<datastore access="0">accounts</datastore>
|
||||
@@ -134,7 +141,11 @@
|
||||
</input>
|
||||
</vulnerability>
|
||||
|
||||
<network type="private_network" range="172.16.0.0"/>
|
||||
<network type="private_network" >
|
||||
<input into="IP_address">
|
||||
<datastore access="0">IP_addresses</datastore>
|
||||
</input>
|
||||
</network>
|
||||
</system>
|
||||
|
||||
<system>
|
||||
@@ -169,7 +180,11 @@
|
||||
</input>
|
||||
</vulnerability>
|
||||
|
||||
<network type="private_network" range="172.16.0.0"/>
|
||||
<network type="private_network">
|
||||
<input into="IP_address">
|
||||
<datastore access="1">IP_addresses</datastore>
|
||||
</input>
|
||||
</network>
|
||||
</system>
|
||||
|
||||
<system>
|
||||
@@ -201,7 +216,11 @@
|
||||
</input>
|
||||
</vulnerability>
|
||||
|
||||
<network type="private_network" range="172.16.0.0"/>
|
||||
<network type="private_network" >
|
||||
<input into="IP_address">
|
||||
<datastore access="2">IP_addresses</datastore>
|
||||
</input>
|
||||
</network>
|
||||
</system>
|
||||
|
||||
<system>
|
||||
@@ -226,19 +245,23 @@
|
||||
<datastore>hackerbot_access_root_password</datastore>
|
||||
</input>
|
||||
<input into="ids_server_ip">
|
||||
<value>172.16.0.3</value>
|
||||
<datastore access="1">IP_addresses</datastore>
|
||||
</input>
|
||||
<input into="web_server_ip">
|
||||
<value>172.16.0.4</value>
|
||||
<datastore access="2">IP_addresses</datastore>
|
||||
</input>
|
||||
<input into="hackerbot_server_ip">
|
||||
<value>172.16.0.5</value>
|
||||
<datastore access="3">IP_addresses</datastore>
|
||||
</input>
|
||||
</generator>
|
||||
</input>
|
||||
</utility>
|
||||
|
||||
<network type="private_network" range="172.16.0.0"/>
|
||||
<network type="private_network" >
|
||||
<input into="IP_address">
|
||||
<datastore access="3">IP_addresses</datastore>
|
||||
</input>
|
||||
</network>
|
||||
|
||||
<build type="cleanup">
|
||||
<input into="root_password">
|
||||
|
||||
Reference in New Issue
Block a user