mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-20 13:50:45 +00:00
encoder/generator long args via stdin WIP
This commit is contained in:
@@ -40,6 +40,18 @@ class StringEncoder
|
||||
|
||||
def read_arguments
|
||||
# Get command line arguments
|
||||
begin
|
||||
args_array = []
|
||||
ARGF.each do |arg|
|
||||
arg.strip.split(' ').each do |split|
|
||||
args_array << split
|
||||
end
|
||||
end
|
||||
ARGV.unshift(*args_array)
|
||||
rescue
|
||||
# Do nothing...
|
||||
end
|
||||
|
||||
opts = get_options
|
||||
|
||||
# process option arguments
|
||||
|
||||
@@ -30,6 +30,16 @@ class StringGenerator
|
||||
|
||||
def read_arguments
|
||||
# Get command line arguments
|
||||
begin
|
||||
args_array = []
|
||||
ARGF.each_line do |arg|
|
||||
args_array << arg.strip
|
||||
end
|
||||
ARGV.unshift(*args_array)
|
||||
rescue
|
||||
# Do nothing...
|
||||
end
|
||||
|
||||
opts = get_options
|
||||
|
||||
# process option arguments
|
||||
|
||||
@@ -306,22 +306,29 @@ class System
|
||||
if selected.local_calc_file
|
||||
Print.verbose 'Module includes local calculation of output. Processing...'
|
||||
# build arguments
|
||||
args_string = '--b64 ' # Sets the flag for decoding base64
|
||||
args_string = "--b64 " # Sets the flag for decoding base64
|
||||
selected.received_inputs.each do |input_key, input_values|
|
||||
puts input_values.inspect
|
||||
input_values.each do |input_element|
|
||||
if input_key == ''
|
||||
Print.warn "Warning: output values not directed to module input"
|
||||
else
|
||||
args_string += "'--#{input_key}=#{Base64.strict_encode64(input_element)}' "
|
||||
args_string += "--#{input_key}=#{Base64.strict_encode64(input_element)} "
|
||||
end
|
||||
end
|
||||
end
|
||||
# execute calculation script and format output to an array of Base64 strings
|
||||
command = "ruby #{selected.local_calc_file} #{args_string}"
|
||||
Print.verbose "Running: #{command}"
|
||||
outputs = `#{command}`.chomp
|
||||
unless $?.success?
|
||||
Print.verbose "Running: ruby #{selected.local_calc_file} #{args_string[0..200]} ..."
|
||||
$stdout.sync = true
|
||||
$stderr.sync = true
|
||||
stdout, stderr, status = Open3.capture3("ruby #{selected.local_calc_file}", :stdin_data => args_string)
|
||||
puts stderr
|
||||
outputs = stdout.chomp
|
||||
|
||||
# command = "ruby #{selected.local_calc_file} #{args_string}"
|
||||
# Print.verbose "Running: #{command}"
|
||||
# outputs = `#{command}`.chomp
|
||||
unless status
|
||||
Print.err "Module failed to run (#{command})"
|
||||
# TODO: this works, but subsequent attempts at resolving the scenario always fail ("Error can't add no data...")
|
||||
raise 'failed'
|
||||
|
||||
@@ -11,6 +11,13 @@
|
||||
<xs:enumeration value="windows"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
<xs:simpleType name="difficultyOptions">
|
||||
<xs:restriction base="xs:string">
|
||||
<xs:enumeration value="low"/>
|
||||
<xs:enumeration value="medium"/>
|
||||
<xs:enumeration value="high"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
<xs:element name="encoder">
|
||||
<xs:complexType>
|
||||
@@ -32,6 +39,7 @@
|
||||
<xs:element name="platform" type="platformOptions" minOccurs="1" maxOccurs="unbounded"/>
|
||||
|
||||
<!--optional details-->
|
||||
<xs:element name="difficulty" type="difficultyOptions" minOccurs="0" maxOccurs="1"/>
|
||||
<xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
|
||||
|
||||
@@ -125,6 +125,7 @@
|
||||
<xs:attribute name="description" type="xs:string"/>
|
||||
<xs:attribute name="type" type="xs:string"/>
|
||||
<xs:attribute name="platform" type="xs:string"/>
|
||||
<xs:attribute name="difficulty" type="xs:string"/>
|
||||
|
||||
<xs:attribute name="read_fact" type="xs:string"/>
|
||||
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
#!/usr/bin/ruby
|
||||
require 'bases'
|
||||
require_relative '../../../../../lib/objects/local_string_encoder.rb'
|
||||
class BASE32Encoder < StringEncoder
|
||||
def initialize
|
||||
super
|
||||
self.module_name = 'BASE32 Encoder'
|
||||
self.strings_to_encode = ['test']
|
||||
end
|
||||
|
||||
def encode(str)
|
||||
byte_array = str.bytes
|
||||
byte_array.each { |byte|
|
||||
Bases.val(byte).in_hex.to_base(64)
|
||||
}
|
||||
test = Bases.val(binary).in_base(10).to_base(64)
|
||||
|
||||
test
|
||||
end
|
||||
end
|
||||
|
||||
BASE32Encoder.new.run
|
||||
@@ -1,24 +0,0 @@
|
||||
<?xml version="1.0"?>
|
||||
|
||||
<encoder xmlns="http://www.github/cliffe/SecGen/encoder"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.github/cliffe/SecGen/encoder">
|
||||
<name>BASE64 Encoder</name>
|
||||
<author>Z. Cliffe Schreuders</author>
|
||||
<module_license>MIT</module_license>
|
||||
<description>Converts to BASE64 encoding.</description>
|
||||
|
||||
<type>string_encoder</type>
|
||||
<type>ascii_reversible</type>
|
||||
<type>alpha_reversible</type>
|
||||
<platform>linux</platform>
|
||||
<platform>windows</platform>
|
||||
|
||||
<solution>Encoded using Base64. Decoding tools available online e.g. https://www.base64decode.org/</solution>
|
||||
|
||||
<read_fact>strings_to_encode</read_fact>
|
||||
<read_fact>base64_options</read_fact>
|
||||
|
||||
<output_type>encoded_strings</output_type>
|
||||
|
||||
</encoder>
|
||||
@@ -1,6 +1,7 @@
|
||||
#!/usr/bin/ruby
|
||||
require_relative '../../../../../lib/objects/local_string_encoder.rb'
|
||||
require 'braille'
|
||||
require 'braille/translator'
|
||||
|
||||
class BrailleEncoder < StringEncoder
|
||||
|
||||
|
||||
@@ -9,10 +9,10 @@
|
||||
<description>Encodes a string with Huffman compression. Outputs a huffman string and png.</description>
|
||||
|
||||
<type>huffman_encoder</type>
|
||||
<type>ascii_reversible</type>
|
||||
<type>string_encoder</type>
|
||||
<type>compression</type>
|
||||
<platform>linux</platform>
|
||||
<platform>windows</platform>
|
||||
<difficulty>high</difficulty>
|
||||
|
||||
<reference>https://github.com/nicanor/braille</reference>
|
||||
|
||||
|
||||
@@ -17,8 +17,8 @@
|
||||
<read_fact>username</read_fact>
|
||||
<read_fact>password</read_fact>
|
||||
<read_fact>super_user</read_fact>
|
||||
<read_fact>strings_to_leak</read_fact>
|
||||
<read_fact>leaked_filenames</read_fact>
|
||||
<read_fact>data_to_leak</read_fact>
|
||||
<!--<read_fact>leaked_filenames</read_fact>-->
|
||||
|
||||
<default_input into="username">
|
||||
<generator type="username_generator"/>
|
||||
@@ -29,12 +29,12 @@
|
||||
<default_input into="super_user">
|
||||
<value>false</value>
|
||||
</default_input>
|
||||
<default_input into="strings_to_leak">
|
||||
<default_input into="data_to_leak">
|
||||
<generator type="message_generator"/>
|
||||
</default_input>
|
||||
<default_input into="leaked_filenames">
|
||||
<generator type="filename_generator"/>
|
||||
</default_input>
|
||||
<!--<default_input into="leaked_filenames">-->
|
||||
<!--<generator type="filename_generator"/>-->
|
||||
<!--</default_input>-->
|
||||
|
||||
<output_type>account</output_type>
|
||||
</generator>
|
||||
|
||||
94
scenarios/ctf/encoding_challenges.xml
Normal file
94
scenarios/ctf/encoding_challenges.xml
Normal file
@@ -0,0 +1,94 @@
|
||||
<?xml version="1.0"?>
|
||||
|
||||
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
|
||||
|
||||
<!--TODO-->
|
||||
<name>Encoding Challenges</name>
|
||||
<author>Thomas Shaw</author>
|
||||
<description>Single system narrative-based CTF challenge.</description>
|
||||
|
||||
<type>ctf</type>
|
||||
<type>attack-ctf</type>
|
||||
<type>web-hints</type>
|
||||
<difficulty>intermediate</difficulty>
|
||||
<!--/TODO-->
|
||||
|
||||
<system>
|
||||
<system_name>system</system_name>
|
||||
<base platform="linux" type="desktop"/>
|
||||
|
||||
<!-- 5x challenges per student -->
|
||||
<!--1: random encoder -->
|
||||
<!--2: random encoder -->
|
||||
<!--3: random encoder -->
|
||||
<!--4: random encoder -->
|
||||
<!--5: random encoder double encoded -->
|
||||
<!--6: random high difficulty encoder -->
|
||||
|
||||
<!-- Either remote file storage system OR local challenges -->
|
||||
<utility module_path=".*parameterised_accounts">
|
||||
<input into="account">
|
||||
<generator type="account">
|
||||
<input into="username">
|
||||
<value>challenger</value>
|
||||
</input>
|
||||
<input into="password">
|
||||
<value>tiaspbiqe2r</value>
|
||||
</input>
|
||||
<input into="super_user">
|
||||
<value>true</value>
|
||||
</input>
|
||||
<input into="data_to_leak" unique_module_list="unique_encoders">
|
||||
<encoder type="ascii_reversible">
|
||||
<input into="strings_to_encode">
|
||||
<generator type="flag_generator"/>
|
||||
</input>
|
||||
</encoder>
|
||||
<encoder type="alpha_reversible">
|
||||
<input into="strings_to_encode">
|
||||
<generator type="flag_generator"/>
|
||||
</input>
|
||||
</encoder>
|
||||
<encoder type="ascii_reversible">
|
||||
<input into="strings_to_encode">
|
||||
<generator type="flag_generator"/>
|
||||
</input>
|
||||
</encoder>
|
||||
<encoder type="ascii_reversible">
|
||||
<input into="strings_to_encode">
|
||||
<generator type="flag_generator"/>
|
||||
</input>
|
||||
</encoder>
|
||||
<encoder type="ascii_reversible">
|
||||
<input into="strings_to_encode">
|
||||
<encoder type="ascii_reversible">
|
||||
<input into="strings_to_encode">
|
||||
<generator type="flag_generator"/>
|
||||
</input>
|
||||
</encoder>
|
||||
</input>
|
||||
</encoder>
|
||||
<encoder module_path=".*huffman.*" difficulty="high">
|
||||
<input into="strings_to_encode">
|
||||
<generator type="flag_generator"/>
|
||||
</input>
|
||||
</encoder>
|
||||
</input>
|
||||
</generator>
|
||||
</input>
|
||||
</utility>
|
||||
|
||||
<!--TODO-->
|
||||
<network module_path=".*private_network_1"/>
|
||||
<!--<build type="cleanup">-->
|
||||
<!--<input into="root_password">-->
|
||||
<!--<generator type="strong_password_generator"/>-->
|
||||
<!--</input>-->
|
||||
<!--</build>-->
|
||||
<!--/TODO-->
|
||||
|
||||
</system>
|
||||
|
||||
</scenario>
|
||||
Reference in New Issue
Block a user