From 7b11d7eb60a879f72e86b3bd67e0ff7449ea01a6 Mon Sep 17 00:00:00 2001 From: "Z. Cliffe Schreuders" Date: Thu, 1 Jun 2023 16:48:35 +0100 Subject: [PATCH] Ensure all nic IP addresses are defined sequentially in scenarios so we can detect them reliably --- lib/test/check_nic_sequences.rb | 78 +++++++ scenarios/ctf/administration_woes.xml | 21 +- scenarios/ctf/catching_sparks.xml | 56 ++--- scenarios/ctf/erlang_explosion.xml | 55 +++-- scenarios/ctf/eventful_data.xml | 53 ++--- scenarios/ctf/ff_in_the_wild.xml | 4 +- scenarios/ctf/ff_that_escalated_quickly.xml | 4 +- scenarios/ctf/hackme_crackme.xml | 6 +- scenarios/ctf/manage_this.xml | 52 ++--- scenarios/ctf/performance_peril.xml | 71 +++---- .../8_vulnerability_analysis.xml | 6 +- .../1_integrity_protection.xml | 48 ++--- .../2_integrity_detection.xml | 40 ++-- .../3_backups_and_recovery.xml | 24 ++- .../labs/response_and_investigation/4_ids.xml | 29 ++- .../7_live_analysis.xml | 188 ++++++++--------- .../hacker_vs_hackerbot_2.xml | 25 --- scenarios/labs/systems_security/3_ss_conf.xml | 192 ++++++------------ scenarios/labs/web_security/websec_lab.xml | 4 +- scenarios/labs/workshops/lab_workshop.xml | 88 -------- 20 files changed, 477 insertions(+), 567 deletions(-) create mode 100644 lib/test/check_nic_sequences.rb diff --git a/lib/test/check_nic_sequences.rb b/lib/test/check_nic_sequences.rb new file mode 100644 index 000000000..92841554b --- /dev/null +++ b/lib/test/check_nic_sequences.rb @@ -0,0 +1,78 @@ +puts "SecGen nic definitions that use the special IP_addresses datastore should define networks in the same sequence, so that we can automatically identify IP addrs for VMs" + +directory_path = ARGV[0] + +# Ensure directory path is provided +if directory_path.nil? + puts "Please provide as an argument the directory path to recursively test scenario xml files." + exit +end + +# Retrieve all XML files in the directory +xml_files = Dir.glob("#{directory_path}/**/*.xml") + +# Regular expression pattern to match network sections +network_regex = /]*>(.*?)<\/network>/m + +# Initialize counters +processed_files_count = 0 +out_of_sequence_count = 0 + +# Iterate over each XML file +xml_files.each do |file_path| + puts "Processing file: #{file_path}" + processed_files_count += 1 + + begin + file_contents = File.read(file_path) + + # Check for sequential access numbers across all the network sections + sequential = true + last_access = -1 + lines_with_access_numbers = [] + + file_contents.scan(network_regex) do |network_match| + network_section = network_match[0] + network_lines = network_section.split("\n") + + network_lines.each do |line| + match = line.match(/.*?<\/datastore>/) + next unless match + + access_number = match[1].to_i + + lines_with_access_numbers << line.strip + + if access_number != last_access + 1 + puts " \e[31mWarning:\e[0m Access numbers are not sequential in #{file_path}. Expected #{last_access + 1}, got #{access_number}" + sequential = false + out_of_sequence_count += 1 + break + end + + last_access = access_number + end + + if !sequential + break + end + end + + if sequential + lines_with_access_numbers = [] + end + + unless lines_with_access_numbers.empty? + puts "Lines with access numbers:" + lines_with_access_numbers.each { |line| puts " #{line}" } + end + + rescue StandardError => e + puts "Error processing file #{file_path}: #{e.message}" + end + + puts "-" * 40 +end + +puts "Processed files: #{processed_files_count}" +puts "Out of sequence files: #{out_of_sequence_count}" diff --git a/scenarios/ctf/administration_woes.xml b/scenarios/ctf/administration_woes.xml index c52ac8a21..8eb2f4372 100644 --- a/scenarios/ctf/administration_woes.xml +++ b/scenarios/ctf/administration_woes.xml @@ -45,6 +45,14 @@ server + + + 172.16.0.2 + + 172.16.0.3 + + + @@ -62,7 +70,7 @@ - IP_addresses + IP_addresses @@ -71,13 +79,6 @@ attack_vm - - - 172.16.0.2 - - 172.16.0.3 - - @@ -95,9 +96,9 @@ - IP_addresses + IP_addresses - \ No newline at end of file + diff --git a/scenarios/ctf/catching_sparks.xml b/scenarios/ctf/catching_sparks.xml index 0bdfe6b1d..c64e03734 100644 --- a/scenarios/ctf/catching_sparks.xml +++ b/scenarios/ctf/catching_sparks.xml @@ -37,32 +37,6 @@ cyber kill chain - - server - - - - - - - - - - - - - - - - - - - - IP_addresses - - - - attack_vm @@ -95,5 +69,33 @@ + + + server + - \ No newline at end of file + + + + + + + + + + + + + + + + + + IP_addresses + + + + + + + diff --git a/scenarios/ctf/erlang_explosion.xml b/scenarios/ctf/erlang_explosion.xml index 0e4975248..aa9578740 100644 --- a/scenarios/ctf/erlang_explosion.xml +++ b/scenarios/ctf/erlang_explosion.xml @@ -42,33 +42,6 @@ Attacks against SUID - - - server - - - - - - - - - - - - - - - - - - - - IP_addresses - - - - attack_vm @@ -102,4 +75,30 @@ - \ No newline at end of file + + server + + + + + + + + + + + + + + + + + + + + IP_addresses + + + + + diff --git a/scenarios/ctf/eventful_data.xml b/scenarios/ctf/eventful_data.xml index d8c29077f..425f8001e 100644 --- a/scenarios/ctf/eventful_data.xml +++ b/scenarios/ctf/eventful_data.xml @@ -41,31 +41,6 @@ Attacks against SUDO - - server - - - - - - - - - - - - - - - - - - - - IP_addresses - - - attack_vm @@ -100,4 +75,30 @@ - \ No newline at end of file + + server + + + + + + + + + + + + + + + + + + + + IP_addresses + + + + + diff --git a/scenarios/ctf/ff_in_the_wild.xml b/scenarios/ctf/ff_in_the_wild.xml index 227c699c8..0241e5a71 100644 --- a/scenarios/ctf/ff_in_the_wild.xml +++ b/scenarios/ctf/ff_in_the_wild.xml @@ -44,8 +44,6 @@ 172.16.0.2 172.16.0.3 - 172.16.0.4 - 172.16.0.5 @@ -130,7 +128,7 @@ - IP_addresses + IP_addresses diff --git a/scenarios/ctf/ff_that_escalated_quickly.xml b/scenarios/ctf/ff_that_escalated_quickly.xml index e03edcf21..072a92c99 100644 --- a/scenarios/ctf/ff_that_escalated_quickly.xml +++ b/scenarios/ctf/ff_that_escalated_quickly.xml @@ -45,8 +45,6 @@ 172.16.0.2 172.16.0.3 - 172.16.0.4 - 172.16.0.5 @@ -101,7 +99,7 @@ - IP_addresses + IP_addresses diff --git a/scenarios/ctf/hackme_crackme.xml b/scenarios/ctf/hackme_crackme.xml index c6902132e..d5d1d2a96 100644 --- a/scenarios/ctf/hackme_crackme.xml +++ b/scenarios/ctf/hackme_crackme.xml @@ -47,10 +47,8 @@ 172.16.0.2 172.16.0.3 - - 172.16.0.4 - 172.16.0.5 + 172.16.0.4 @@ -319,7 +317,7 @@ - IP_addresses + IP_addresses diff --git a/scenarios/ctf/manage_this.xml b/scenarios/ctf/manage_this.xml index e8409dfb6..af36cb2f3 100644 --- a/scenarios/ctf/manage_this.xml +++ b/scenarios/ctf/manage_this.xml @@ -34,31 +34,6 @@ FILE - TRANSFER PROTOCOL (FTP) - - server - - - - - - - - - - - - - - - - - - - - IP_addresses - - - attack_vm @@ -93,4 +68,31 @@ + + server + + + + + + + + + + + + + + + + + + + + IP_addresses + + + + + diff --git a/scenarios/ctf/performance_peril.xml b/scenarios/ctf/performance_peril.xml index 27cc27565..17ee14ce5 100644 --- a/scenarios/ctf/performance_peril.xml +++ b/scenarios/ctf/performance_peril.xml @@ -48,6 +48,41 @@ cyber kill chain + + + attack_vm + + + + + 172.16.0.2 + + 172.16.0.3 + + + + + + {"username":"root","password":"toor","super_user":"","strings_to_leak":[],"leaked_filenames":[]} + + + false + + + + + + + + + + + + IP_addresses + + + + server @@ -86,38 +121,4 @@ - - attack_vm - - - - - 172.16.0.2 - - 172.16.0.3 - - - - - - {"username":"root","password":"toor","super_user":"","strings_to_leak":[],"leaked_filenames":[]} - - - false - - - - - - - - - - - - IP_addresses - - - - - \ No newline at end of file + diff --git a/scenarios/labs/introducing_attacks/8_vulnerability_analysis.xml b/scenarios/labs/introducing_attacks/8_vulnerability_analysis.xml index be966e080..4d317edab 100644 --- a/scenarios/labs/introducing_attacks/8_vulnerability_analysis.xml +++ b/scenarios/labs/introducing_attacks/8_vulnerability_analysis.xml @@ -34,10 +34,8 @@ It is important for organisations to manage the security of their systems and fo 172.16.0.2 - - 172.16.0.3 - 172.16.0.4 + 172.16.0.3 @@ -93,7 +91,7 @@ It is important for organisations to manage the security of their systems and fo - IP_addresses + IP_addresses diff --git a/scenarios/labs/response_and_investigation/1_integrity_protection.xml b/scenarios/labs/response_and_investigation/1_integrity_protection.xml index 6dfd063d7..59d6f39d6 100644 --- a/scenarios/labs/response_and_investigation/1_integrity_protection.xml +++ b/scenarios/labs/response_and_investigation/1_integrity_protection.xml @@ -198,34 +198,18 @@ Diner's Club 3000 0000 0000 04 IP_addresses + + + + + + + + spoiler_admin_pass + + - - - - - - - - - - - - - - - - - - - - - - - - - - hackerbot_server @@ -251,15 +235,15 @@ Diner's Club 3000 0000 0000 04 - - - IP_addresses - - + + + IP_addresses + + - + spoiler_admin_pass diff --git a/scenarios/labs/response_and_investigation/2_integrity_detection.xml b/scenarios/labs/response_and_investigation/2_integrity_detection.xml index 19ced7a8f..bfa49ffda 100644 --- a/scenarios/labs/response_and_investigation/2_integrity_detection.xml +++ b/scenarios/labs/response_and_investigation/2_integrity_detection.xml @@ -215,34 +215,18 @@ Diner's Club 3000 0000 0000 04 IP_addresses + + + + + + + + spoiler_admin_pass + + - - - - - - - - - - - - - - - - - - - - - - - - - - hackerbot_server @@ -274,11 +258,13 @@ Diner's Club 3000 0000 0000 04 + - + spoiler_admin_pass + diff --git a/scenarios/labs/response_and_investigation/3_backups_and_recovery.xml b/scenarios/labs/response_and_investigation/3_backups_and_recovery.xml index 440265eea..751f3a377 100644 --- a/scenarios/labs/response_and_investigation/3_backups_and_recovery.xml +++ b/scenarios/labs/response_and_investigation/3_backups_and_recovery.xml @@ -212,6 +212,16 @@ IP_addresses + + + + + + + + spoiler_admin_pass + + @@ -230,14 +240,18 @@ - - - IP_addresses + + + + + spoiler_admin_pass + + @@ -274,11 +288,13 @@ + - + spoiler_admin_pass + diff --git a/scenarios/labs/response_and_investigation/4_ids.xml b/scenarios/labs/response_and_investigation/4_ids.xml index ae333e0d7..541ae3f32 100644 --- a/scenarios/labs/response_and_investigation/4_ids.xml +++ b/scenarios/labs/response_and_investigation/4_ids.xml @@ -227,6 +227,16 @@ IP_addresses + + + + + + + + spoiler_admin_pass + + @@ -266,6 +276,13 @@ IP_addresses + + + + + spoiler_admin_pass + + @@ -280,8 +297,6 @@ - - @@ -303,6 +318,13 @@ IP_addresses + + + + + spoiler_admin_pass + + @@ -345,9 +367,10 @@ + - + spoiler_admin_pass diff --git a/scenarios/labs/response_and_investigation/7_live_analysis.xml b/scenarios/labs/response_and_investigation/7_live_analysis.xml index c88e65f49..4dfe7755d 100644 --- a/scenarios/labs/response_and_investigation/7_live_analysis.xml +++ b/scenarios/labs/response_and_investigation/7_live_analysis.xml @@ -182,100 +182,6 @@ - - compromised_server - - - - - - - - - - main_username - - - tiaspbiqe2r - - - true - - - u_r_powned-hme - .a_hidden_flag-hme - hidden_string - - - - - powned_messages - - - - - - - - - - - - - - - - - - - - - - - - nc_port - - - ncat - hme - hidden_string - - - - - - - - - - - accounts_compromised - - - - - - - - - - - - - - hackerbot_access_root_password - - - - - - IP_addresses - - - - hackerbot_server @@ -328,4 +234,98 @@ + + compromised_server + + + + + + + + + + main_username + + + tiaspbiqe2r + + + true + + + u_r_powned-hme + .a_hidden_flag-hme + hidden_string + + + + + powned_messages + + + + + + + + + + + + + + + + + + + + + + + + nc_port + + + ncat + hme + hidden_string + + + + + + + + + + + accounts_compromised + + + + + + + + + + + + + + hackerbot_access_root_password + + + + + + IP_addresses + + + + diff --git a/scenarios/labs/response_and_investigation/hacker_vs_hackerbot_2.xml b/scenarios/labs/response_and_investigation/hacker_vs_hackerbot_2.xml index 82e543bc9..4241d9649 100644 --- a/scenarios/labs/response_and_investigation/hacker_vs_hackerbot_2.xml +++ b/scenarios/labs/response_and_investigation/hacker_vs_hackerbot_2.xml @@ -251,29 +251,6 @@ - - - - - - - - - - - - - - - - - - - - - - - web_server @@ -287,8 +264,6 @@ - - diff --git a/scenarios/labs/systems_security/3_ss_conf.xml b/scenarios/labs/systems_security/3_ss_conf.xml index f5d9dc074..f9e3840a6 100644 --- a/scenarios/labs/systems_security/3_ss_conf.xml +++ b/scenarios/labs/systems_security/3_ss_conf.xml @@ -88,15 +88,6 @@ - - desktop_root_password @@ -112,65 +103,6 @@ - - - staff_desktop - - - - - - user_accounts - - - - - - user_accounts - - - true - - - - - - - - - user_accounts - - - true - - - IP_addresses - - - - - - - - desktop_root_password - - - - - - - IP_addresses - - - - server @@ -216,6 +148,72 @@ + + staff_desktop + + + + + + user_accounts + + + + + + user_accounts + + + true + + + + + + + + + user_accounts + + + true + + + IP_addresses + + + + + win7_desktop + + + + + user_accounts + + + + + + IP_addresses + + + + + + + desktop_root_password + + + + + + + IP_addresses + + + + auth_server @@ -255,62 +253,4 @@ - - - win7_desktop - - - - - user_accounts - - - - - - IP_addresses - - - - - diff --git a/scenarios/labs/web_security/websec_lab.xml b/scenarios/labs/web_security/websec_lab.xml index a8b033c0a..6d9b61aab 100644 --- a/scenarios/labs/web_security/websec_lab.xml +++ b/scenarios/labs/web_security/websec_lab.xml @@ -55,8 +55,6 @@ 172.16.0.2 - 172.16.0.3 - 172.16.0.4 @@ -92,7 +90,7 @@ - IP_addresses + IP_addresses diff --git a/scenarios/labs/workshops/lab_workshop.xml b/scenarios/labs/workshops/lab_workshop.xml index fd27fba19..cde473d53 100644 --- a/scenarios/labs/workshops/lab_workshop.xml +++ b/scenarios/labs/workshops/lab_workshop.xml @@ -151,33 +151,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - IP_addresses @@ -189,12 +162,6 @@ web_server - - - - - - desktop_username @@ -213,11 +180,6 @@ - - - - - @@ -226,53 +188,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - kali @@ -283,9 +198,6 @@ - - - IP_addresses