digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 11:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

renamed guildford_event_basic_narrative.xml => basic_narrative.xml

Browse Source
This commit is contained in:
thomashaw
2017-08-16 18:06:06 +01:00
parent 957212daff
commit 799d729f2c
2 changed files with 14 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
scenarios/ctf/guildford_event_basic_narrative_v2.xml → scenarios/ctf/basic_narrative.xml
View File

@@ -4,34 +4,12 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<!-- Single system narrative-based CTF challenge.
1) Start by visiting ip:80 and recieving a message to decode (another flag in html source code comments too)
2) Log onto the box with the credentials found in 1. Read directions in mail discussing store at ip:1337.
3) Second, password-less, user account. Another mail between acc2 and acc3.
4) Third account using SSH Leaked Keys.
5) Onlinestore module - get at the database. Included utilities/sqlmap to help with this.
-->
<!-- Single system narrative-based CTF challenge. -->
<system>
<system_name>system</system_name>
<base platform="linux"/>
<!-- DATASTORE SETUP START -->
<!-- Store domain and port -->
<input into_datastore="store_domain">
<value>dangerous_store.co.uk</value>
</input>
<input into_datastore="store_port">
<value>1337</value>
</input>
<!-- Create @account's for user1, user2 and user3-->
<input into_datastore="accounts">
<!-- [0]: Entry account -->
<generator type="account">
@@ -218,9 +196,7 @@
</generator>
</input>
<!-- DATASTORE SETUP END. -->
<!-- Scenario Modules -->
<utility module_path=".*parameterised_accounts">
<input into="accounts">
@@ -256,7 +232,7 @@
<encoder type="caesar_cipher">
<input into="strings_to_encode">
<value>Log into the server and check your mail.</value>
<value>Username: </value>
<value>Username:</value>
<datastore access="0" access_json="['username']">accounts</datastore>
<value>Password:</value>
<datastore access="0" access_json="['password']">accounts</datastore>
@@ -323,10 +299,15 @@
<input into="content">
<value>To whom this may concern,</value>
<value>Now that you're on the server, we need your help with our investigation.</value>
<value>We've managed to hide this account on the server for you. Criminal activity has been taking place, particularly over port 1337.</value>
<value>Our initial examinations lead us to believe that the perpetrators use poor security practices.</value>
<value>We've managed to hide this account on the server for you. Criminal activity has been taking place,
particularly over port 1337.
</value>
<value>Our initial examinations lead us to believe that the perpetrators use poor security practices.
</value>
<value>Find out if the suspects have user accounts on this server and see if you can break in.</value>
<value>We need all the evidence we can get. In the form of flags. The more you collect the stronger our case will be.</value>
<value>We need all the evidence we can get. In the form of flags. The more you collect the stronger our case
will be.
</value>
<value>Godspeed,</value>
<value>Detective Jones.</value>
</input>
@@ -346,8 +327,8 @@
<input into="sender_user">
<datastore access="2" access_json="['username']">accounts</datastore>
</input>
<input into="sender_domain">
<datastore>store_domain</datastore>
<input into="sender_domain" into_datastore="store_domain">
<value>dangerous_store.co.uk</value>
</input>
<input into="recipient_user">
<datastore access="1" access_json="['username']">accounts</datastore>
@@ -412,7 +393,7 @@
<vulnerability module_path=".*onlinestore.*">
<input into="port">
<datastore>store_port</datastore>
<value>1337</value>
</input>
<input into="domain">
<datastore>store_domain</datastore>

543
scenarios/ctf/guildford_event_basic_narrative.xml
View File

@@ -1,543 +0,0 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<!-- Single system narrative-based CTF challenge.
1) Start by visiting ip:80 and recieving a message to decode (another flag in html source code comments too)
2) Log onto the box with the credentials found in 1. Read directions in mail discussing store at ip:1337.
3) Second, password-less, user account. Another mail between acc2 and acc3.
4) Third account using SSH Leaked Keys.
5) Onlinestore module - get at the database. Included utilities/sqlmap to help with this.
-->
<system>
<system_name>system</system_name>
<base platform="linux"/>
<!-- DATASTORE SETUP START -->
<!-- Store domain and port -->
<input into_datastore="store_domain">
<value>dangerous_store.co.uk</value>
</input>
<input into_datastore="store_port">
<value>1337</value>
</input>
<!-- Account Username and Passwords -->
<input into_datastore="1_username">
<value>ceaseless_daughter</value>
<!--<generator type="username_generator"/>-->
</input>
<input into_datastore="1_password">
<generator type="password_generator"/>
</input>
<input into_datastore="2_username">
<!--<generator type="username_generator"/>-->
<value>creepy_fly</value>
</input>
<input into_datastore="3_username">
<!--<generator type="username_generator"/>-->
<value>icky-company</value>
</input>
<!-- Create @account's for user1, user2 and user3-->
<input into_datastore="1_account">
<generator type="account">
<input into="username">
<datastore>1_username</datastore>
</input>
<input into="password">
<datastore>1_password</datastore>
</input>
<input into="leaked_filenames">
<value>missing_persons_report</value>
</input>
<input into="strings_to_leak">
<value>*** Missing Persons Report ***</value>
<value>Two individuals are missing. No names or dates attached to the report.</value>
<value>If you can find out who has gone missing and when, you will be rewarded for your efforts.</value>
<value>Enter their names in the format flag{Firstname Lastname YYYY-MM-DD HH:MM:SS}</value>
<value>If you find any more evidence, such as the name of a suspect, use the format flag{Firstname Lastname}</value>
</input>
</generator>
</input>
<input into_datastore="2_account">
<generator type="account">
<input into="username">
<datastore>2_username</datastore>
</input>
<input into="password">
<value/>
</input>
<input into="strings_to_leak">
<generator type="flag_generator"/>
</input>
</generator>
</input>
<input into_datastore="3_account">
<generator type="account">
<input into="username">
<datastore>3_username</datastore>
</input>
<input into="strings_to_leak">
<value/>
</input>
</generator>
</input>
<!-- Create @person's for user2 and user3 and the 3 other store_person db entries -->
<input into_datastore="2_person">
<generator type="person">
<input into="account">
<datastore>2_account</datastore>
</input>
<input into="name" into_datastore="2_person_name">
<generator type="name_generator"/>
</input>
</generator>
</input>
<input into_datastore="3_person">
<generator type="person">
<input into="account">
<datastore>3_account</datastore>
</input>
<input into="name" into_datastore="3_person_name">
<generator type="name_generator"/>
</input>
</generator>
</input>
<input into_datastore="1_store_person">
<generator type="person">
<input into="name" into_datastore="1_store_person_name">
<generator type="name_generator"/>
</input>
</generator>
</input>
<input into_datastore="2_store_person">
<generator type="person">
<input into="name" into_datastore="2_store_person_name">
<generator type="name_generator"/>
</input>
</generator>
</input>
<input into_datastore="3_store_person">
<generator type="person">
<input into="name" into_datastore="3_store_person_name">
<generator type="name_generator"/>
</input>
</generator>
</input>
<!-- Web Store data: dealer, murderer, victims and timestamps -->
<input into_datastore="dealer_id">
<encoder type="string_selector">
<input into="strings_to_encode">
<value>3</value>
<value>4</value>
<value>5</value>
</input>
</encoder>
</input>
<input into_datastore="murderer_id">
<encoder type="string_selector">
<input into="strings_to_encode">
<value>2</value>
<value>3</value>
<value>4</value>
<value>5</value>
</input>
</encoder>
</input>
<input into_datastore="murderer_name">
<encoder type="string_selector">
<input into="strings_to_encode">
<datastore>2_person_name</datastore>
<datastore>3_person_name</datastore>
<datastore>1_store_person_name</datastore>
<datastore>2_store_person_name</datastore>
<datastore>3_store_person_name</datastore>
</input>
<input into="position">
<datastore>murderer_id</datastore>
</input>
</encoder>
</input>
<input into_datastore="1_murdered_id">
<encoder type="string_selector_with_exclusions">
<input into="exclusion_list">
<datastore>murderer_id</datastore>
<datastore>dealer_id</datastore>
</input>
<input into="strings_to_encode">
<value>2</value>
<value>3</value>
<value>4</value>
<value>5</value>
</input>
</encoder>
</input>
<input into_datastore="2_murdered_id">
<encoder type="string_selector_with_exclusions">
<input into="exclusion_list">
<datastore>murderer_id</datastore>
<datastore>dealer_id</datastore>
<datastore>1_murdered_id</datastore>
</input>
<input into="strings_to_encode">
<value>2</value>
<value>3</value>
<value>4</value>
<value>5</value>
</input>
</encoder>
</input>
<input into_datastore="1_murdered_name">
<encoder type="string_selector">
<input into="strings_to_encode">
<datastore>2_person_name</datastore>
<datastore>3_person_name</datastore>
<datastore>1_store_person_name</datastore>
<datastore>2_store_person_name</datastore>
<datastore>3_store_person_name</datastore>
</input>
<input into="position">
<datastore>1_murdered_id</datastore>
</input>
</encoder>
</input>
<input into_datastore="2_murdered_name">
<encoder type="string_selector">
<input into="strings_to_encode">
<datastore>2_person_name</datastore>
<datastore>3_person_name</datastore>
<datastore>1_store_person_name</datastore>
<datastore>2_store_person_name</datastore>
<datastore>3_store_person_name</datastore>
</input>
<input into="position">
<datastore>2_murdered_id</datastore>
</input>
</encoder>
</input>
<input into_datastore="1_murdered_timestamp">
<generator type="date_generator">
<input into="format">
<value>mysql_datetime</value>
</input>
</generator>
</input>
<input into_datastore="2_murdered_timestamp">
<generator type="date_generator">
<input into="format">
<value>mysql_datetime</value>
</input>
</generator>
</input>
<!-- Murder flags: 1x murderer, 2x murdered w/ timestamp -->
<input into="murderer_flag">
<generator type="concat_flag.*">
<input into="strings_to_join">
<datastore>murderer_name</datastore>
</input>
</generator>
</input>
<input into="murdered_flags">
<generator type="concat_flag.*">
<input into="strings_to_join">
<datastore>1_murdered_name</datastore>
<datastore>1_murdered_timestamp</datastore>
</input>
</generator>
<generator type="concat_flag.*">
<input into="strings_to_join">
<datastore>2_murdered_name</datastore>
<datastore>2_murdered_timestamp</datastore>
</input>
</generator>
</input>
<!-- DATASTORE SETUP END. -->
<utility module_path=".*parameterised_accounts">
<input into="accounts">
<datastore>1_account</datastore>
</input>
</utility>
<vulnerability module_path=".*hidden_file">
<input into="account">
<datastore>1_account</datastore>
</input>
<input into="strings_to_leak">
<generator type="flag_generator"/>
<value>Make a note of the technique used to solve this challenge as it will come in handy again soon.</value>
</input>
</vulnerability>
<vulnerability module_path=".*passwordless_user_account.*">
<input into="accounts">
<datastore>2_account</datastore>
</input>
</vulnerability>
<service name="Random Parameterised Website">
<input into="main_page_paragraph_content">
<generator type="html_snippet_generator">
<input into="heading">
<value>We need your help!</value>
</input>
<input into="paragraphs" unique_module_list="unique_encoders">
<value>You have received a strange message. Can you decode it to read the contents?</value>
<!--<encoder type="string_encoder">-->
<encoder type="caesar_cipher">
<input into="strings_to_encode">
<value>Log into the server and check your mail.</value>
<value>Username:</value>
<datastore>1_username</datastore>
<value>Password:</value>
<datastore>1_password</datastore>
<value>Here's a flag for your efforts.</value>
<generator type="flag_generator"/>
</input>
</encoder>
</input>
</generator>
</input>
<input into="strings_to_leak">
<generator type="flag_generator"/>
<value>&lt;a href="oops.html"/&gt;</value>
</input>
<input into="additional_page_filenames">
<value>oops.html</value>
</input>
<input into="additional_pages">
<generator type="html_snippet_generator">
<input into="heading">
<value/>
</input>
<input into="paragraphs">
<generator type="flag_generator"/>
</input>
</generator>
</input>
<input into="white_text">
<generator type="flag_generator"/>
</input>
<input into="visible_tabs">
<value/>
</input>
<input into="images_to_leak">
<value/>
</input>
<!-- No business facts. -->
<input into="business_name">
<value/>
</input>
<input into="business_motto">
<value/>
</input>
<input into="manager_profile">
<value/>
</input>
<input into="business_address">
<value/>
</input>
<input into="office_telephone">
<value/>
</input>
<input into="office_email">
<value/>
</input>
<input into="industry">
<value/>
</input>
<input into="employees">
<value/>
</input>
<input into="product_name">
<value/>
</input>
</service>
<utility module_path=".*mail.*">
<input into="mail">
<generator type="mail_message">
<input into="sender_user">
<value>detective_jones</value>
</input>
<input into="sender_domain">
<value>police.gov.uk</value>
</input>
<input into="recipient_user">
<datastore>1_username</datastore>
</input>
<input into="subject">
<value>Investigation Information</value>
</input>
<input into="content">
<value>To whom this may concern,</value>
<value>Now that you're on the server, we need your help with our investigation.</value>
<value>We've managed to hide this account on the server for you. Criminal activity has been taking place, particularly over port 1337.</value>
<value>Our initial examinations lead us to believe that the perpetrators use poor security practices.</value>
<value>Find out if the suspects have user accounts on this server and see if you can break in.</value>
<value>We need all the evidence we can get. In the form of flags. The more you collect the stronger our case will be.</value>
<value>Godspeed,</value>
<value>Detective Jones.</value>
</input>
<input into="sent_datetime">
<generator type="date_generator">
<input into="date">
<value>12/06/2017 14:51:03</value>
</input>
<input into="format">
<value>mail</value>
</input>
</generator>
</input>
</generator>
<generator type="mail_message">
<input into="sender_user">
<datastore>3_username</datastore>
</input>
<input into="sender_domain">
<datastore>store_domain</datastore>
</input>
<input into="recipient_user">
<datastore>2_username</datastore>
</input>
<input into="subject">
<value>New order required</value>
</input>
<input into="content">
<value>Good news, I've been getting rid of loads of gear lately. The customers are mad for it.</value>
<value>We're going to need a new order ASAP!</value>
</input>
<input into="sent_datetime">
<generator type="date_generator">
<input into="date">
<value>17/06/2017 20:12:35</value>
</input>
<input into="format">
<value>mail</value>
</input>
</generator>
</input>
</generator>
<generator type="mail_message">
<input into="sender_user">
<!--<datastore>murderer_username</datastore>-->
<value>hitman</value>
</input>
<input into="sender_domain">
<datastore>store_domain</datastore>
</input>
<input into="recipient_user">
<datastore>3_username</datastore>
</input>
<input into="subject">
<value>Offed the last one</value>
</input>
<input into="content">
<value>Job done! The last one on the list is now swimming with the fishes.</value>
<value>It wasn't clean though, I think I saw someone watching in the distance.</value>
<value>Not that it matters. They'll never catch us!</value>
</input>
<input into="sent_datetime">
<generator type="date_generator">
<input into="date">
<value>19/06/2017 23:58:12</value>
</input>
<input into="format">
<value>mail</value>
</input>
</generator>
</input>
</generator>
</input>
</utility>
<!-- Get onto user account 3!! -->
<vulnerability module_path="modules/vulnerabilities/unix/system/ssh_leaked_keys">
<input into="accounts">
<datastore>3_account</datastore>
</input>
</vulnerability>
<vulnerability module_path=".*onlinestore.*">
<input into="port">
<datastore>store_port</datastore>
</input>
<input into="domain">
<datastore>store_domain</datastore>
</input>
<input into="accounts">
<datastore>2_person</datastore>
<datastore>3_person</datastore>
<datastore>1_store_person</datastore>
<datastore>2_store_person</datastore>
<datastore>3_store_person</datastore>
</input>
<input into="dealer_id">
<datastore>dealer_id</datastore>
</input>
<input into="murderer_id">
<datastore>murderer_id</datastore>
</input>
<input into="murdered_on">
<datastore>1_murdered_timestamp</datastore>
<datastore>2_murdered_timestamp</datastore>
</input>
<input into="murdered_ids">
<datastore>1_murdered_id</datastore>
<datastore>2_murdered_id</datastore>
</input>
</vulnerability>
<utility module_path=".*sqlmap.*"/>
<network module_path=".*private_network_1"/>
<build type="cleanup">
<input into="root_password">
<value>tiaspbiqe2r</value>
</input>
</build>
</system>
</scenario>