digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 11:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure all nic IP addresses are defined sequentially in scenarios so we can detect them reliably

Browse Source
This commit is contained in:
Z. Cliffe Schreuders
2023-06-01 16:48:35 +01:00
parent c3c936d804
commit 7b11d7eb60
20 changed files with 477 additions and 567 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
lib/test/check_nic_sequences.rb Normal file
View File

@@ -0,0 +1,78 @@
puts "SecGen nic definitions that use the special IP_addresses datastore should define networks in the same sequence, so that we can automatically identify IP addrs for VMs"
directory_path = ARGV[0]
# Ensure directory path is provided
if directory_path.nil?
puts "Please provide as an argument the directory path to recursively test scenario xml files."
exit
end
# Retrieve all XML files in the directory
xml_files = Dir.glob("#{directory_path}/**/*.xml")
# Regular expression pattern to match network sections
network_regex = /<network\b[^>]*>(.*?)<\/network>/m
# Initialize counters
processed_files_count = 0
out_of_sequence_count = 0
# Iterate over each XML file
xml_files.each do |file_path|
puts "Processing file: #{file_path}"
processed_files_count += 1
begin
file_contents = File.read(file_path)
# Check for sequential access numbers across all the network sections
sequential = true
last_access = -1
lines_with_access_numbers = []
file_contents.scan(network_regex) do |network_match|
network_section = network_match[0]
network_lines = network_section.split("\n")
network_lines.each do |line|
match = line.match(/<datastore\s+access="(\d+)">.*?<\/datastore>/)
next unless match
access_number = match[1].to_i
lines_with_access_numbers << line.strip
if access_number != last_access + 1
puts " \e[31mWarning:\e[0m Access numbers are not sequential in #{file_path}. Expected #{last_access + 1}, got #{access_number}"
sequential = false
out_of_sequence_count += 1
break
end
last_access = access_number
end
if !sequential
break
end
end
if sequential
lines_with_access_numbers = []
end
unless lines_with_access_numbers.empty?
puts "Lines with access numbers:"
lines_with_access_numbers.each { |line| puts " #{line}" }
end
rescue StandardError => e
puts "Error processing file #{file_path}: #{e.message}"
end
puts "-" * 40
end
puts "Processed files: #{processed_files_count}"
puts "Out of sequence files: #{out_of_sequence_count}"

21
scenarios/ctf/administration_woes.xml
View File

@@ -45,6 +45,14 @@
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
<input into_datastore="IP_addresses">
<!-- 0 attack_vm -->
<value>172.16.0.2</value>
<!-- 1 hackme_server -->
<value>172.16.0.3</value>
</input>
<vulnerability module_path=".*/jenkins_cli">
<input into="strings_to_leak">
<generator type="flag_generator" />
@@ -62,7 +70,7 @@
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
@@ -71,13 +79,6 @@
<system_name>attack_vm</system_name>
<base distro="Kali" name="MSF" />
<input into_datastore="IP_addresses">
<!-- 0 attack_vm -->
<value>172.16.0.2</value>
<!-- 1 hackme_server -->
<value>172.16.0.3</value>
</input>
<utility module_path=".*/iceweasel">
<input into="accounts">
<value>
@@ -95,9 +96,9 @@
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>
</scenario>

56
scenarios/ctf/catching_sparks.xml
View File

@@ -37,32 +37,6 @@
<keyword>cyber kill chain</keyword>
</CyBOK>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
<vulnerability module_path=".*/apache_spark_rce">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="strings_to_pre_leak">
<encoder type="^(ascii|alpha)_reversible$" difficulty="low">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</vulnerability>
<vulnerability module_path="*./chkrootkit"></vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>attack_vm</system_name>
<base distro="Kali" name="MSF" />
@@ -95,5 +69,33 @@
</input>
</network>
</system>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
</scenario>
<vulnerability module_path=".*/apache_spark_rce">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="strings_to_pre_leak">
<encoder type="^(ascii|alpha)_reversible$" difficulty="low">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</vulnerability>
<vulnerability module_path="*./chkrootkit"></vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

55
scenarios/ctf/erlang_explosion.xml
View File

@@ -42,33 +42,6 @@
<keyword>Attacks against SUID</keyword>
</CyBOK>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
<vulnerability module_path=".*/apache_couchdb">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="strings_to_pre_leak">
<encoder type="^(ascii|alpha)_reversible$" difficulty="low">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</vulnerability>
<vulnerability module_path=".*/sudo_root_vi"></vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>attack_vm</system_name>
<base distro="Kali" name="MSF" />
@@ -102,4 +75,30 @@
</network>
</system>
</scenario>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
<vulnerability module_path=".*/apache_couchdb">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="strings_to_pre_leak">
<encoder type="^(ascii|alpha)_reversible$" difficulty="low">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</vulnerability>
<vulnerability module_path=".*/sudo_root_vi"></vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

53
scenarios/ctf/eventful_data.xml
View File

@@ -41,31 +41,6 @@
<keyword>Attacks against SUDO</keyword>
</CyBOK>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
<vulnerability module_path=".*/apache_druid_rce">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="strings_to_pre_leak">
<encoder type="^(ascii|alpha)_reversible$" difficulty="low">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</vulnerability>
<vulnerability module_path=".*/sudo_root_more"></vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>attack_vm</system_name>
@@ -100,4 +75,30 @@
</network>
</system>
</scenario>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
<vulnerability module_path=".*/apache_druid_rce">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="strings_to_pre_leak">
<encoder type="^(ascii|alpha)_reversible$" difficulty="low">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</vulnerability>
<vulnerability module_path=".*/sudo_root_more"></vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

4
scenarios/ctf/ff_in_the_wild.xml
View File

@@ -44,8 +44,6 @@
<input into_datastore="IP_addresses">
<value>172.16.0.2</value>
<value>172.16.0.3</value>
<value>172.16.0.4</value>
<value>172.16.0.5</value>
</input>
<utility module_path=".*/iceweasel">
@@ -130,7 +128,7 @@
<network type="private_network">
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">

4
scenarios/ctf/ff_that_escalated_quickly.xml
View File

@@ -45,8 +45,6 @@
<input into_datastore="IP_addresses">
<value>172.16.0.2</value>
<value>172.16.0.3</value>
<value>172.16.0.4</value>
<value>172.16.0.5</value>
</input>
<utility module_path=".*/iceweasel">
@@ -101,7 +99,7 @@
<network type="private_network">
<input into="IP_address">
<datastore access="3">IP_addresses</datastore>
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">

6
scenarios/ctf/hackme_crackme.xml
View File

@@ -47,10 +47,8 @@
<value>172.16.0.2</value>
<!-- 1 server -->
<value>172.16.0.3</value>
<!-- 2 hackerbot_server -->
<value>172.16.0.4</value>
<!-- 3 kali_cracker -->
<value>172.16.0.5</value>
<value>172.16.0.4</value>
</input>
<!-- generate some usernames to use -->
@@ -319,7 +317,7 @@
<network type="private_network" >
<input into="IP_address">
<datastore access="3">IP_addresses</datastore>
<datastore access="2">IP_addresses</datastore>
</input>
</network>
</system>

52
scenarios/ctf/manage_this.xml
View File

@@ -34,31 +34,6 @@
<keyword>FILE - TRANSFER PROTOCOL (FTP)</keyword>
</CyBOK>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
<vulnerability module_path=".*/glpi_php_injection">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="strings_to_pre_leak">
<encoder type="^(ascii|alpha)_reversible$" difficulty="low">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</vulnerability>
<vulnerability module_path=".*/vsftpd_234_backdoor" />
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>attack_vm</system_name>
@@ -93,4 +68,31 @@
</network>
</system>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
<vulnerability module_path=".*/glpi_php_injection">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="strings_to_pre_leak">
<encoder type="^(ascii|alpha)_reversible$" difficulty="low">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</vulnerability>
<vulnerability module_path=".*/vsftpd_234_backdoor" />
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

71
scenarios/ctf/performance_peril.xml
View File

@@ -48,6 +48,41 @@
<keyword>cyber kill chain</keyword>
</CyBOK>
<system>
<system_name>attack_vm</system_name>
<base distro="Kali" name="MSF" />
<input into_datastore="IP_addresses">
<!-- 0 attack_vm -->
<value>172.16.0.2</value>
<!-- 1 hackme_server -->
<value>172.16.0.3</value>
</input>
<utility module_path=".*/iceweasel">
<input into="accounts">
<value>
{"username":"root","password":"toor","super_user":"","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
<input into="autostart">
<value>false</value>
</input>
</utility>
<utility module_path=".*/kali_web" />
<utility module_path=".*/metasploit_framework" />
<utility module_path=".*/nmap" />
<utility module_path=".*/handy_cli_tools" />
<utility module_path=".*/kali_pwtools" />
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop" name="KDE" />
@@ -86,38 +121,4 @@
</network>
</system>
<system>
<system_name>attack_vm</system_name>
<base distro="Kali" name="MSF" />
<input into_datastore="IP_addresses">
<!-- 0 attack_vm -->
<value>172.16.0.2</value>
<!-- 1 hackme_server -->
<value>172.16.0.3</value>
</input>
<utility module_path=".*/iceweasel">
<input into="accounts">
<value>
{"username":"root","password":"toor","super_user":"","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
<input into="autostart">
<value>false</value>
</input>
</utility>
<utility module_path=".*/kali_web" />
<utility module_path=".*/metasploit_framework" />
<utility module_path=".*/nmap" />
<utility module_path=".*/handy_cli_tools" />
<utility module_path=".*/kali_pwtools" />
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>
</scenario>

6
scenarios/labs/introducing_attacks/8_vulnerability_analysis.xml
View File

@@ -34,10 +34,8 @@ It is important for organisations to manage the security of their systems and fo
<input into_datastore="IP_addresses">
<!-- 0 linux server -->
<value>172.16.0.2</value>
<!-- 1 not used -->
<value>172.16.0.3</value>
<!-- 1 kali -->
<value>172.16.0.4</value>
<value>172.16.0.3</value>
</input>
<!-- DirtyCOW vulnerability module leaves the debian 7 bases unpatched by default. -->
@@ -93,7 +91,7 @@ It is important for organisations to manage the security of their systems and fo
<network type="private_network" >
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>

48
scenarios/labs/response_and_investigation/1_integrity_protection.xml
View File

@@ -198,34 +198,18 @@ Diner's Club 3000 0000 0000 04</value>
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<!--<system>-->
<!--<system_name>server</system_name>-->
<!--<base platform="linux" distro="Debian 7.8"/>-->
<!--<utility module_path=".*/parameterised_accounts">-->
<!--<input into="accounts">-->
<!--<datastore>accounts</datastore>-->
<!--</input>-->
<!--</utility>-->
<!--<vulnerability module_path=".*/ssh_root_login">-->
<!--<input into="root_password">-->
<!--<value>randompassword</value>-->
<!--</input>-->
<!--</vulnerability>-->
<!--&lt;!&ndash;TODO: parameterise with business details&ndash;&gt;-->
<!--&lt;!&ndash;TODO: weechat config&ndash;&gt;-->
<!--<utility module_path=".*/weechat"/>-->
<!--<service module_path="services/unix/http/parameterised_website"/>-->
<!--<service type="ftp"/>-->
<!--<network type="private_network" range="172.16.0.0"/>-->
<!--</system>-->
<system>
<system_name>hackerbot_server</system_name>
<base distro="Kali" name="MSF"/>
@@ -251,15 +235,15 @@ Diner's Club 3000 0000 0000 04</value>
</input>
</utility>
<network type="private_network" >
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<network type="private_network" >
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<generator type="strong_password_generator"/>
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>

40
scenarios/labs/response_and_investigation/2_integrity_detection.xml
View File

@@ -215,34 +215,18 @@ Diner's Club 3000 0000 0000 04</value>
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<!--<system>-->
<!--<system_name>server</system_name>-->
<!--<base platform="linux" distro="Debian 7.8"/>-->
<!--<utility module_path=".*/parameterised_accounts">-->
<!--<input into="accounts">-->
<!--<datastore>accounts</datastore>-->
<!--</input>-->
<!--</utility>-->
<!--<vulnerability module_path=".*/ssh_root_login">-->
<!--<input into="root_password">-->
<!--<value>randompassword</value>-->
<!--</input>-->
<!--</vulnerability>-->
<!--&lt;!&ndash;TODO: parameterise with business details&ndash;&gt;-->
<!--&lt;!&ndash;TODO: weechat config&ndash;&gt;-->
<!--<utility module_path=".*/weechat"/>-->
<!--<service module_path="services/unix/http/parameterised_website"/>-->
<!--<service type="ftp"/>-->
<!--<network type="private_network" range="172.16.0.0"/>-->
<!--</system>-->
<system>
<system_name>hackerbot_server</system_name>
<base distro="Kali" name="MSF"/>
@@ -274,11 +258,13 @@ Diner's Club 3000 0000 0000 04</value>
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<build type="cleanup">
<input into="root_password">
<generator type="strong_password_generator"/>
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>

24
scenarios/labs/response_and_investigation/3_backups_and_recovery.xml
View File

@@ -212,6 +212,16 @@
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
@@ -230,14 +240,18 @@
</input>
</vulnerability>
<!-- TODO: weechat config -->
<!-- <utility module_path=".*/weechat"/> -->
<network type="private_network" >
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
@@ -274,11 +288,13 @@
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<build type="cleanup">
<input into="root_password">
<generator type="strong_password_generator"/>
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>

29
scenarios/labs/response_and_investigation/4_ids.xml
View File

@@ -227,6 +227,16 @@
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
@@ -266,6 +276,13 @@
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
@@ -280,8 +297,6 @@
<vulnerability module_path=".*/distcc_exec"/>
<!--TODO: FIXME ftp modules are currently broken-->
<!--<service module_path=".*/vsftpd"/>-->
<!--TODO: Fix the apache module -->
<service type="httpd" module_path=".*/apache.*"/>
@@ -303,6 +318,13 @@
<datastore access="2">IP_addresses</datastore>
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
@@ -345,9 +367,10 @@
</input>
</network>
<!-- an admin account only for spoilers/administration of the challenge -->
<build type="cleanup">
<input into="root_password">
<generator type="strong_password_generator"/>
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>

188
scenarios/labs/response_and_investigation/7_live_analysis.xml
View File

@@ -182,100 +182,6 @@
</network>
</system>
<system>
<system_name>compromised_server</system_name>
<base distro="Debian 10" type="desktop" name="KDE"/>
<input into_datastore="hidden_string">
<generator module_path=".*/random_hex"/>
</input>
<input into_datastore="accounts_compromised">
<generator type="account">
<input into="username">
<datastore>main_username</datastore>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>true</value>
</input>
<input into="leaked_filenames">
<value>u_r_powned-hme</value>
<value>.a_hidden_flag-hme</value>
<datastore>hidden_string</datastore>
</input>
<input into="strings_to_leak">
<generator type="random_line_generator">
<input into="linelist">
<value>powned_messages</value>
</input>
</generator>
<generator type="flag_generator" />
<generator type="flag_generator" />
</input>
</generator>
</input>
<!-- Install LiME as /proc/kcore dump doesn't work with 64-bit bases since Linux 4.8 -->
<utility module_path=".*./lime"/>
<vulnerability module_path=".*/nc_backdoor">
<input into="port" into_datastore="nc_port">
<generator module_path=".*/random_unregistered_port" />
</input>
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
</vulnerability>
<!-- rootkit has to be defined before accounts are created -->
<utility module_path=".*/alias_rootkit">
<input into="hidden_ports">
<datastore>nc_port</datastore>
</input>
<input into="hidden_strings">
<value>ncat</value>
<value>hme</value>
<datastore>hidden_string</datastore>
</input>
</utility>
<!-- TODO: these executables don't work on Stretch -->
<utility module_path=".*/adore_rootkit_static"/>
<!-- required for chkrootkit -->
<utility module_path=".*/binary_tools"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>accounts_compromised</datastore>
</input>
</utility>
<service module_path=".*/vsftpd"/>
<service type="pop3"/>
<service module_path="services/unix/http/parameterised_website">
<!-- <input into="organisation">
<datastore>organisation</datastore>
</input> -->
</service>
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>hackerbot_access_root_password</datastore>
</input>
</vulnerability>
<network type="private_network" >
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>hackerbot_server</system_name>
@@ -328,4 +234,98 @@
</system>
<system>
<system_name>compromised_server</system_name>
<base distro="Debian 10" type="desktop" name="KDE"/>
<input into_datastore="hidden_string">
<generator module_path=".*/random_hex"/>
</input>
<input into_datastore="accounts_compromised">
<generator type="account">
<input into="username">
<datastore>main_username</datastore>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>true</value>
</input>
<input into="leaked_filenames">
<value>u_r_powned-hme</value>
<value>.a_hidden_flag-hme</value>
<datastore>hidden_string</datastore>
</input>
<input into="strings_to_leak">
<generator type="random_line_generator">
<input into="linelist">
<value>powned_messages</value>
</input>
</generator>
<generator type="flag_generator" />
<generator type="flag_generator" />
</input>
</generator>
</input>
<!-- Install LiME as /proc/kcore dump doesn't work with 64-bit bases since Linux 4.8 -->
<utility module_path=".*./lime"/>
<vulnerability module_path=".*/nc_backdoor">
<input into="port" into_datastore="nc_port">
<generator module_path=".*/random_unregistered_port" />
</input>
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
</vulnerability>
<!-- rootkit has to be defined before accounts are created -->
<utility module_path=".*/alias_rootkit">
<input into="hidden_ports">
<datastore>nc_port</datastore>
</input>
<input into="hidden_strings">
<value>ncat</value>
<value>hme</value>
<datastore>hidden_string</datastore>
</input>
</utility>
<!-- TODO: these executables don't work on Stretch -->
<utility module_path=".*/adore_rootkit_static"/>
<!-- required for chkrootkit -->
<utility module_path=".*/binary_tools"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>accounts_compromised</datastore>
</input>
</utility>
<service module_path=".*/vsftpd"/>
<service type="pop3"/>
<service module_path="services/unix/http/parameterised_website">
<!-- <input into="organisation">
<datastore>organisation</datastore>
</input> -->
</service>
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>hackerbot_access_root_password</datastore>
</input>
</vulnerability>
<network type="private_network" >
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

25
scenarios/labs/response_and_investigation/hacker_vs_hackerbot_2.xml
View File

@@ -251,29 +251,6 @@
</network>
</system>
<!--<system>-->
<!--<system_name>backup_server</system_name>-->
<!--<base platform="linux" distro="Debian 7.8"/>-->
<!--<utility module_path=".*/parameterised_accounts">-->
<!--<input into="accounts">-->
<!--<datastore>accounts</datastore>-->
<!--</input>-->
<!--</utility>-->
<!--<vulnerability module_path=".*/ssh_root_login">-->
<!--<input into="root_password">-->
<!--<datastore>hackerbot_access_root_password</datastore>-->
<!--</input>-->
<!--</vulnerability>-->
<!--<network type="private_network" >-->
<!--<input into="IP_address">-->
<!--<datastore access="1">IP_addresses</datastore>-->
<!--</input>-->
<!--</network>-->
<!--</system>-->
<system>
<system_name>web_server</system_name>
@@ -287,8 +264,6 @@
<vulnerability module_path=".*/distcc_exec"/>
<!--TODO: FIXME ftp modules are currently broken-->
<!--<service module_path=".*/vsftpd"/>-->
<service type="pop3"/>

192
scenarios/labs/systems_security/3_ss_conf.xml
View File

@@ -88,15 +88,6 @@
</input>
</utility>
<!-- <utility module_path=".*/pidgin">
<input into="server_ip">
<datastore access="2">IP_addresses</datastore>
</input>
<input into="accounts">
<datastore access="0">user_accounts</datastore>
</input>
</utility> -->
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>desktop_root_password</datastore>
@@ -112,65 +103,6 @@
</network>
</system>
<system>
<system_name>staff_desktop</system_name>
<base distro="Debian 10" type="desktop" name="KDE"/>
<!--Create the users-->
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>user_accounts</datastore>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="accounts">
<datastore>user_accounts</datastore>
</input>
<input into="autostart_konsole">
<value>true</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/hash_tools"/>
<utility module_path=".*/pam_modules"/>
<utility module_path=".*/iceweasel">
<input into="accounts">
<datastore>user_accounts</datastore>
</input>
<input into="autostart">
<value>true</value>
</input>
<input into="start_page">
<datastore access="1">IP_addresses</datastore>
</input>
</utility>
<!-- <utility module_path=".*/pidgin">
<input into="server_ip">
<datastore access="2">IP_addresses</datastore>
</input>
<input into="accounts">
<datastore access="0">user_accounts</datastore>
</input>
</utility> -->
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>desktop_root_password</datastore>
</input>
</vulnerability>
<vulnerability type="access_control_misconfiguration"/>
<network type="private_network">
<input into="IP_address">
<datastore access="3">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>server</system_name>
<base distro="Debian 10" type="desktop"/>
@@ -216,6 +148,72 @@
</network>
</system>
<system>
<system_name>staff_desktop</system_name>
<base distro="Debian 10" type="desktop" name="KDE"/>
<!--Create the users-->
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>user_accounts</datastore>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="accounts">
<datastore>user_accounts</datastore>
</input>
<input into="autostart_konsole">
<value>true</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/hash_tools"/>
<utility module_path=".*/pam_modules"/>
<utility module_path=".*/iceweasel">
<input into="accounts">
<datastore>user_accounts</datastore>
</input>
<input into="autostart">
<value>true</value>
</input>
<input into="start_page">
<datastore access="1">IP_addresses</datastore>
</input>
</utility>
<system>
<system_name>win7_desktop</system_name>
<base platform="windows" distro="7"/>
<utility module_path=".*/parameterised_accounts" platform="windows">
<input into="accounts">
<datastore>user_accounts</datastore>
</input>
</utility>
<network type="private_network">
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
</input>
</network>
</system>
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>desktop_root_password</datastore>
</input>
</vulnerability>
<vulnerability type="access_control_misconfiguration"/>
<network type="private_network">
<input into="IP_address">
<datastore access="3">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>auth_server</system_name>
<base distro="Debian 10" type="desktop"/>
@@ -255,62 +253,4 @@
</network>
</system>
<system>
<system_name>win7_desktop</system_name>
<base platform="windows" distro="7"/>
<utility module_path=".*/parameterised_accounts" platform="windows">
<input into="accounts">
<datastore>user_accounts</datastore>
</input>
</utility>
<network type="private_network">
<input into="IP_address">
<datastore access="6">IP_addresses</datastore>
</input>
</network>
</system>
<!-- <system>
<system_name>sec_spec_server</system_name>
<base distro="Kali" name="MSF"/>
<service type="ircd"/>
<utility module_path=".*/metasploit_framework"/>
<utility module_path=".*/nmap"/>
<utility module_path=".*/handy_cli_tools"/>
<service type="httpd"/>
<utility module_path=".*/hackerbot">
<input into="hackerbot_configs" into_datastore="hackerbot_instructions">
<generator module_path=".*/hb_assignment_spec">
<input into="accounts">
<datastore>user_accounts</datastore>
</input>
<input into="root_password">
<datastore>desktop_root_password</datastore>
</input>
<input into="server_ip">
<datastore access="1">IP_addresses</datastore>
</input>
</generator>
</input>
</utility>
<network type="private_network" >
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<generator type="strong_password_generator"/>
</input>
</build>
</system> -->
</scenario>

4
scenarios/labs/web_security/websec_lab.xml
View File

@@ -55,8 +55,6 @@
<input into_datastore="IP_addresses">
<value>172.16.0.2</value>
<value>172.16.0.3</value>
<value>172.16.0.4</value>
</input>
<input into_datastore="kali_root_account">
@@ -92,7 +90,7 @@
<network type="private_network" >
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>

88
scenarios/labs/workshops/lab_workshop.xml
View File

@@ -151,33 +151,6 @@
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/nmap"/>
<!--<utility module_path=".*/iceweasel">-->
<!--<input into="accounts">-->
<!--<datastore>accounts</datastore>-->
<!--</input>-->
<!--<input into="autostart">-->
<!--<value>true</value>-->
<!--</input>-->
<!--<input into="start_page">-->
<!--<datastore access="3">IP_addresses</datastore>-->
<!--</input>-->
<!--</utility>-->
<!--<utility module_path=".*/pidgin">-->
<!--<input into="server_ip">-->
<!--<datastore access="3">IP_addresses</datastore>-->
<!--</input>-->
<!--<input into="accounts">-->
<!--<datastore access="0">accounts</datastore>-->
<!--</input>-->
<!--</utility>-->
<!--<vulnerability module_path=".*/ssh_root_login">-->
<!--<input into="root_password">-->
<!--<datastore>hackerbot_access_root_password</datastore>-->
<!--</input>-->
<!--</vulnerability>-->
<network type="private_network" >
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
@@ -189,12 +162,6 @@
<system_name>web_server</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>
<!--<utility module_path=".*/parameterised_accounts">-->
<!--<input into="accounts">-->
<!--<datastore>accounts</datastore>-->
<!--</input>-->
<!--</utility>-->
<vulnerability module_path=".*/unrealirc_3281_backdoor">
<input into="strings_to_leak">
<datastore>desktop_username</datastore>
@@ -213,11 +180,6 @@
</input>
</service>
<!--<vulnerability module_path=".*/ssh_root_login">-->
<!--<input into="root_password">-->
<!--<datastore>hackerbot_access_root_password</datastore>-->
<!--</input>-->
<!--</vulnerability>-->
<network type="private_network" >
<input into="IP_address">
@@ -226,53 +188,6 @@
</network>
</system>
<!--<system>-->
<!--<system_name>hackerbot_server</system_name>-->
<!--<base distro="Kali" name="MSF"/>-->
<!--<service type="ircd"/>-->
<!--<utility module_path=".*/metasploit_framework"/>-->
<!--<utility module_path=".*/handy_cli_tools"/>-->
<!--<utility module_path=".*/nmap"/>-->
<!--<service type="httpd"/>-->
<!--<utility module_path=".*/hackerbot">-->
<!--<input into="hackerbot_configs" into_datastore="hackerbot_instructions">-->
<!--<generator module_path=".*/ids_exfiltration">-->
<!--<input into="accounts">-->
<!--<datastore>accounts</datastore>-->
<!--</input>-->
<!--<input into="root_password">-->
<!--<datastore>hackerbot_access_root_password</datastore>-->
<!--</input>-->
<!--<input into="ids_server_ip">-->
<!--<datastore access="1">IP_addresses</datastore>-->
<!--</input>-->
<!--<input into="web_server_ip">-->
<!--<datastore access="2">IP_addresses</datastore>-->
<!--</input>-->
<!--<input into="hackerbot_server_ip">-->
<!--<datastore access="3">IP_addresses</datastore>-->
<!--</input>-->
<!--</generator>-->
<!--</input>-->
<!--</utility>-->
<!--<network type="private_network" >-->
<!--<input into="IP_address">-->
<!--<datastore access="3">IP_addresses</datastore>-->
<!--</input>-->
<!--</network>-->
<!--<build type="cleanup">-->
<!--<input into="root_password">-->
<!--<generator type="strong_password_generator"/>-->
<!--</input>-->
<!--</build>-->
<!--</system>-->
<system>
<system_name>kali</system_name>
<base distro="Kali" name="MSF"/>
@@ -283,9 +198,6 @@
<utility module_path=".*/armitage"/>
<!--TODO: REMOVE ME - THIS SHOULD BE IN THE KALI TEMPLATE-->
<!-- <utility module_path=".*/ovirt_agents"/> -->
<network type="private_network" >
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>