diff --git a/modules/generators/structured_content/ss_modules/secgen_local/local.rb b/modules/generators/structured_content/ss_modules/secgen_local/local.rb
index d19969b17..5ed9c2e98 100644
--- a/modules/generators/structured_content/ss_modules/secgen_local/local.rb
+++ b/modules/generators/structured_content/ss_modules/secgen_local/local.rb
@@ -1,6 +1,7 @@
#!/usr/bin/ruby
require_relative '../../../../../lib/objects/local_string_generator.rb'
require 'fileutils'
+require 'json'
class SSModuleListGenerator < StringGenerator
attr_accessor :filter
@@ -12,22 +13,37 @@ class SSModuleListGenerator < StringGenerator
super
self.module_name = 'Security Shepherd Module Generator'
- self.filter = []
+
+ self.filter = ''
end
def generate
- modules = File.new(TEMPLATE_PATH)
+ modules_file = File.new(TEMPLATE_PATH)
if not self.filter.empty?
- self.filter.each { |criteria|
- IO.foreach(modules) { |line|
- # Very basic filter to capture matches based on a filter string
- if "#{line}".match(criteria)
+ # Returns string based around the format (search_term)(\s\d)+
+ self.filter.split(/,/).each { |filter_term|
+ words = filter_term.match(/[^\d|\n]+/).to_s.strip;
+ filter_nos = filter_term.split(/\s+/).select!{|item| item.to_s.match?(/\d/)};
+
+ modules_file = File.new(TEMPLATE_PATH)
+ modules_file.each { |line|
+ if line.include?(words) && filter_nos.size == 0
self.outputs << "#{line}".strip
+ elsif filter_nos.size > 0
+ filter_nos.each { |number|
+ if line.include?(words) && line.include?(number)
+ self.outputs << "#{line}".strip
+ end
+ }
end
}
+ modules_file.close;
}
else
- modules.each { |line| self.outputs << "#{line}".strip}
+ modules_file.each { |line|
+ self.outputs << "#{line}".strip;
+ }
+ modules_file.close;
end
end
@@ -50,7 +66,7 @@ class SSModuleListGenerator < StringGenerator
OPTIONS:
--filter [String]
-"
+ "
exit
end
end
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.war b/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.war
index 6d1af66a7..3dc831384 100644
Binary files a/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.war and b/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.war differ
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp
index 6c0bf4f6a..db57fa87a 100644
--- a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp
@@ -4,17 +4,16 @@ class security_shepherd::install {
Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
- ensure_packages(['tomcat9', 'mariadb-server', 'openjdk-11-jdk'], {ensure => installed})
-
- service { 'tomcat9':
- ensure => running,
- name => 'tomcat9',
- enable => true,
- hasrestart => true,
- subscribe => [
- File['/var/lib/tomcat9/webapps/ROOT.war'],
- ],
+ # Temp fix. Seemed to not be able to generate this...
+ file { '/etc/ssl/certs/java/':
+ ensure => directory,
}
+ -> package { 'install-ca-certs':
+ name => 'ca-certificates-java',
+ ensure => installed,
+ }
+
+ ensure_packages(['tomcat9', 'mariadb-server', 'openjdk-11-jdk'], {ensure => installed})
exec { 'remove-default-site':
command => 'rm -rf /var/lib/tomcat9/webapps/*',
@@ -46,4 +45,14 @@ class security_shepherd::install {
source => 'puppet:///modules/security_shepherd/my.cnf',
replace => true,
}
+
+ service { 'tomcat9':
+ ensure => running,
+ name => 'tomcat9',
+ enable => true,
+ hasrestart => true,
+ subscribe => [
+ File['/var/lib/tomcat9/webapps/ROOT.war'],
+ ],
+ }
}
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp
index 1710aff62..aa8acaf43 100644
--- a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp
@@ -37,20 +37,17 @@ class security_shepherd::mariadb {
command => "mysql -u ${user} -p${db_pass} < moduleSchemas.sql",
}
-
file { '/var/lib/tomcat9/webapps/ROOT/WEB-INF/classes/flags':
- ensure => present,
+ ensure => file,
content => template('security_shepherd/flags.erb'),
- replace => true,
}
-> file { '/var/lib/tomcat9/webapps/ROOT/WEB-INF/classes/active-modules':
- ensure => present,
+ ensure => file,
content => template('security_shepherd/active-modules.erb'),
- replace => true,
notify => Service['tomcat9']
}
# This needs updating? Weird chicanery happens if not used this way
- -> exec { 'restart-tom':
+ exec { 'restart-tom':
command => 'systemctl restart tomcat9',
}
}
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/templates/coreSchema.sql.erb b/modules/vulnerabilities/unix/web_training/security_shepherd/templates/coreSchema.sql.erb
index d210775f1..581de709c 100644
--- a/modules/vulnerabilities/unix/web_training/security_shepherd/templates/coreSchema.sql.erb
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/templates/coreSchema.sql.erb
@@ -1740,12 +1740,16 @@ CALL cheatSheetCreate('08b3dffd4b837ebe53d52e53b5bbbabf4a4ca9ae', '08b3dffd4b837
COMMIT;
+-- Add a secgen class
+--call classCreate('secgen1', '2023');
+
-- Default admin user
-- Use password shepherd-admin
call userCreate(null, 'admin', '$argon2i$v=19$m=65535,t=10,p=1$Z05BaG5SdTZaQ3l2OUJvbA$SN7TyTDF/gd07wi7T96RK8pYgQ', 'admin', null, 'admin@securityShepherd.org', 'login', false, false);
-- Generate a user account
-call userCreate(null, '<%= @unix_username %>', '$argon2i$v=19$m=65536,t=10,p=1$7oxgR8QkdOd4tsHFieFKrw$eOy0TCxhY1bQIAbLQcLr9Sz2+4q9DhPTz1frsytgtTk', 'player', null, '<%= @unix_username %> @securityShepherd.org', 'login', true, false);
+-- Default password to tiaspbiqe2r
+call userCreate(null, '<%= @unix_username %>', '$argon2i$v=19$m=65535,t=10,p=1$c2hlcGhlcmQ$HiyZr2J5J5dRM6HQoHw15A', 'player', null, '<%= @unix_username %>@securityShepherd.org', 'login', true, false);
-- Enable backup script
diff --git a/scenarios/labs/web_network_security/WNS_1.xml b/scenarios/labs/web_network_security/WNS_1.xml
new file mode 100644
index 000000000..c9df9619f
--- /dev/null
+++ b/scenarios/labs/web_network_security/WNS_1.xml
@@ -0,0 +1,110 @@
+
+
+
+
+ WNS Intro
+ James Davis
+ Web and Network Security - Introducing Web security
+
+ lab-environment
+ ctf-lab
+
+
+ wns_server
+
+
+
+
+ 172.16.0.2
+
+ 172.16.0.3
+
+
+
+
+
+
+ shepherd
+
+
+ tiaspbiqe2r
+
+
+ false
+
+
+
+
+
+
+
+
+
+ Insecure Direct Object References
+
+
+
+
+ shepherd
+
+
+
+
+ 1
+
+
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
+ wns_attack
+
+
+
+
+ {"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}
+
+
+
+
+ kali_account
+
+
+
+
+
+ 8085
+
+
+
+
+
+
+
+ kali_account
+
+
+ true
+
+
+ http://localhost:8085/WebGoat
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
\ No newline at end of file
diff --git a/scenarios/labs/web_network_security/WNS_2.xml b/scenarios/labs/web_network_security/WNS_2.xml
new file mode 100644
index 000000000..6d0a08a51
--- /dev/null
+++ b/scenarios/labs/web_network_security/WNS_2.xml
@@ -0,0 +1,108 @@
+
+
+
+
+ WNS Intro
+ James Davis
+ Web and Network Security - Introducing Web security
+
+ lab-environment
+ ctf-lab
+
+
+ wns_server
+
+
+
+
+ 172.16.0.2
+
+ 172.16.0.3
+
+
+
+
+
+
+ shepherd
+
+
+ tiaspbiqe2r
+
+
+ false
+
+
+
+
+
+
+
+
+
+ Session Management 1 2 3 4 5,Valid, Mis
+
+
+
+
+ shepherd
+
+
+
+
+ 10
+
+
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
+ wns_2
+
+
+
+
+ {"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}
+
+
+
+
+ kali_account
+
+
+
+
+
+
+
+ 8085
+
+
+
+
+
+
+
+ kali_account
+
+
+ true
+
+
+ http://localhost:8085/WebGoat|http://localhost/
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/scenarios/labs/web_network_security/WNS_3.xml b/scenarios/labs/web_network_security/WNS_3.xml
new file mode 100644
index 000000000..818fe9c16
--- /dev/null
+++ b/scenarios/labs/web_network_security/WNS_3.xml
@@ -0,0 +1,108 @@
+
+
+
+
+ WNS Intro
+ James Davis
+ Web and Network Security - Cross-Site Scripting
+
+ lab-environment
+ ctf-lab
+
+
+ wns_server
+
+
+
+
+ 172.16.0.2
+
+ 172.16.0.3
+
+
+
+
+
+
+ shepherd
+
+
+ tiaspbiqe2r
+
+
+ false
+
+
+
+
+
+
+
+
+
+ Cross 1 2 3 4 5 6
+
+
+
+
+ shepherd
+
+
+
+
+ 6
+
+
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
+ wns_3
+
+
+
+
+ {"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}
+
+
+
+
+ kali_account
+
+
+
+
+
+
+
+ 8085
+
+
+
+
+
+
+
+ kali_account
+
+
+ true
+
+
+ http://localhost:8085/WebGoat|http://localhost/
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/scenarios/labs/web_network_security/WNS_4.xml b/scenarios/labs/web_network_security/WNS_4.xml
new file mode 100644
index 000000000..7529674b0
--- /dev/null
+++ b/scenarios/labs/web_network_security/WNS_4.xml
@@ -0,0 +1,112 @@
+
+
+
+
+ WNS Intro
+ James Davis
+ Web and Network Security - SQL
+
+ lab-environment
+ ctf-lab
+
+
+ wns_server
+
+
+
+
+ 172.16.0.2
+
+ 172.16.0.3
+
+
+
+
+
+
+ shepherd
+
+
+ tiaspbiqe2r
+
+
+ false
+
+
+
+
+
+
+
+
+
+ Session 6 7 8,SQL 1 2 3 4 5 6 7,Escaping
+
+
+
+
+ shepherd
+
+
+
+
+ 11
+
+
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
+ wns_intro
+
+
+
+
+ {"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}
+
+
+
+
+ kali_account
+
+
+
+
+
+
+
+ 8085
+
+
+
+
+
+
+
+ kali_account
+
+
+ true
+
+
+ http://localhost:8085/WebGoat
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
\ No newline at end of file
diff --git a/scenarios/labs/web_network_security/WNS_5.xml b/scenarios/labs/web_network_security/WNS_5.xml
new file mode 100644
index 000000000..e863bdc81
--- /dev/null
+++ b/scenarios/labs/web_network_security/WNS_5.xml
@@ -0,0 +1,112 @@
+
+
+
+
+ WNS Intro
+ James Davis
+ Web and Network Security - Advanced Injection
+
+ lab-environment
+ ctf-lab
+
+
+ wns_server
+
+
+
+
+ 172.16.0.2
+
+ 172.16.0.3
+
+
+
+
+
+
+ shepherd
+
+
+ tiaspbiqe2r
+
+
+ false
+
+
+
+
+
+
+
+
+
+ Failure
+
+
+
+
+ shepherd
+
+
+
+
+ 4
+
+
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
+ wns_intro
+
+
+
+
+ {"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}
+
+
+
+
+ kali_account
+
+
+
+
+
+
+
+ 8085
+
+
+
+
+
+
+
+ kali_account
+
+
+ true
+
+
+ http://localhost:8085/WebGoat
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
\ No newline at end of file
diff --git a/scenarios/labs/web_network_security/WNS_6.xml b/scenarios/labs/web_network_security/WNS_6.xml
new file mode 100644
index 000000000..9e083d4c9
--- /dev/null
+++ b/scenarios/labs/web_network_security/WNS_6.xml
@@ -0,0 +1,112 @@
+
+
+
+
+ WNS Intro
+ James Davis
+ Web and Network Security - Cross-Site Request Forgery
+
+ lab-environment
+ ctf-lab
+
+
+ wns_server
+
+
+
+
+ 172.16.0.2
+
+ 172.16.0.3
+
+
+
+
+
+
+ shepherd
+
+
+ tiaspbiqe2r
+
+
+ false
+
+
+
+
+
+
+
+
+
+ CSRF
+
+
+
+
+ shepherd
+
+
+
+
+ 8
+
+
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
+ wns_intro
+
+
+
+
+ {"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}
+
+
+
+
+ kali_account
+
+
+
+
+
+
+
+ 8085
+
+
+
+
+
+
+
+ kali_account
+
+
+ true
+
+
+ http://localhost:8085/WebGoat
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
\ No newline at end of file
diff --git a/scenarios/labs/web_network_security/WNS_8.xml b/scenarios/labs/web_network_security/WNS_8.xml
new file mode 100644
index 000000000..7f69d1b62
--- /dev/null
+++ b/scenarios/labs/web_network_security/WNS_8.xml
@@ -0,0 +1,57 @@
+
+
+
+
+ WNS Intro
+ James Davis
+ Web and Network Security - Packet analysis, firewalls and VPNs
+
+ lab-environment
+ ctf-lab
+
+
+ wns_server
+
+
+
+
+
+
+ shepherd
+
+
+ tiaspbiqe2r
+
+
+ false
+
+
+
+
+
+
+
+
+
+ Insecure C 1 2 3,Unv
+
+
+
+
+ shepherd
+
+
+
+
+ 4
+
+
+
+
+
+
+
+
+
\ No newline at end of file