From 907b4aade2d68ffb74e50d6de7fce9fca437d35c Mon Sep 17 00:00:00 2001
From: "Z. Cliffe Schreuders" <code.cliffe@schreuders.org>
Date: Tue, 27 Oct 2020 18:31:41 +0000
Subject: [PATCH] live malware samples from repo

---
 .../live_malware_samples.pp                   |  1 +
 .../live_malware_samples/manifests/install.pp | 17 +++++
 .../live_malware_samples/secgen_metadata.xml  | 19 ++++++
 .../version_control/git/manifests/install.pp  |  2 +-
 .../version_control/git/secgen_metadata.xml   |  6 +-
 .../6_ghidra_with_live_malware_samples.xml    | 62 +++++++++++++++++++
 6 files changed, 101 insertions(+), 6 deletions(-)
 create mode 100644 modules/utilities/unix/live_malware_samples/live_malware_samples.pp
 create mode 100644 modules/utilities/unix/live_malware_samples/manifests/install.pp
 create mode 100644 modules/utilities/unix/live_malware_samples/secgen_metadata.xml
 create mode 100644 scenarios/labs/software_and_malware_analysis/6_ghidra_with_live_malware_samples.xml

diff --git a/modules/utilities/unix/live_malware_samples/live_malware_samples.pp b/modules/utilities/unix/live_malware_samples/live_malware_samples.pp
new file mode 100644
index 000000000..9bb2fcc26
--- /dev/null
+++ b/modules/utilities/unix/live_malware_samples/live_malware_samples.pp
@@ -0,0 +1 @@
+include live_malware_samples::install
diff --git a/modules/utilities/unix/live_malware_samples/manifests/install.pp b/modules/utilities/unix/live_malware_samples/manifests/install.pp
new file mode 100644
index 000000000..bdf23fcf5
--- /dev/null
+++ b/modules/utilities/unix/live_malware_samples/manifests/install.pp
@@ -0,0 +1,17 @@
+class live_malware_samples::install{
+  # Pip install triggers a 404, so just use git to grab the files
+  # without the python frontend
+  
+  # ensure_packages(['python-pip'], { ensure => 'present' })
+  # exec { 'git clone https://github.com/cliffe/theZoo.git':
+  #   cwd     => '/opt/',
+  #   creates => '/opt/theZoo',
+  #   path    => ['/usr/bin', '/usr/sbin',],
+  # } ->
+
+  exec { 'pip install --user -r requirements.txt':
+    cwd     => '/opt/theZoo',
+    path    => ['/usr/bin', '/usr/sbin',],
+  }
+
+}
diff --git a/modules/utilities/unix/live_malware_samples/secgen_metadata.xml b/modules/utilities/unix/live_malware_samples/secgen_metadata.xml
new file mode 100644
index 000000000..91d3c3fe7
--- /dev/null
+++ b/modules/utilities/unix/live_malware_samples/secgen_metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+
+<utility xmlns="http://www.github/cliffe/SecGen/utility"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
+  <name>Live malware samples (LIVE MALWARE!)</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>Apache v2</module_license>
+  <description>Installs a collection of live malware samples for analysis from theZoo malware repository.
+    This downloads the entire sample library via Git (large download).
+  </description>
+
+  <type>audit_tools</type>
+  <platform>linux</platform>
+
+  <requires>
+    <module_path>.*/git$</typemodule_path>
+  </requires>
+</utility>
diff --git a/modules/utilities/unix/version_control/git/manifests/install.pp b/modules/utilities/unix/version_control/git/manifests/install.pp
index bf48a62b9..ae7cbe3e1 100644
--- a/modules/utilities/unix/version_control/git/manifests/install.pp
+++ b/modules/utilities/unix/version_control/git/manifests/install.pp
@@ -2,4 +2,4 @@ class git::install {
   package { 'git':
     ensure => installed,
   }
-}
\ No newline at end of file
+}
diff --git a/modules/utilities/unix/version_control/git/secgen_metadata.xml b/modules/utilities/unix/version_control/git/secgen_metadata.xml
index 5d6438a32..18a6cc880 100644
--- a/modules/utilities/unix/version_control/git/secgen_metadata.xml
+++ b/modules/utilities/unix/version_control/git/secgen_metadata.xml
@@ -15,12 +15,8 @@
   <reference>https://git-scm.com/</reference>
   <software_name>git</software_name>
 
-  <conflict>
-    <name>Stretch</name>
-  </conflict>
-
   <requires>
     <type>update</type>
   </requires>
 
-</utility>
\ No newline at end of file
+</utility>
diff --git a/scenarios/labs/software_and_malware_analysis/6_ghidra_with_live_malware_samples.xml b/scenarios/labs/software_and_malware_analysis/6_ghidra_with_live_malware_samples.xml
new file mode 100644
index 000000000..8160be86d
--- /dev/null
+++ b/scenarios/labs/software_and_malware_analysis/6_ghidra_with_live_malware_samples.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<name>Ghidra lab with LIVE MALWARE SAMPLES</name>
+	<author>Z. Cliffe Schreuders</author>
+  <description>You will find live malware samples in /opt/theZoo.
+	</description>
+
+  <type>lab-sheet</type>
+  <difficulty>intermediate</difficulty>
+
+  <system>
+    <system_name>metactf</system_name>
+    <base platform="linux" type="desktop" distro="Buster"/>
+
+    <utility module_path=".*/reversing_tools"/>
+		<utility module_path=".*/ghidra"/>
+
+    <utility module_path=".*/parameterised_accounts">
+      <input into="accounts" into_datastore="account">
+        <generator type="account">
+					<input into="username">
+						<generator type="random_sanitised_word">
+							<input into="wordlist">
+								<value>mythical_creatures</value>
+							</input>
+						</generator>
+					</input>
+					<input into="password">
+						<value>tiaspbiqe2r</value>
+					</input>
+					<input into="super_user">
+						<value>false</value>
+					</input>
+        </generator>
+      </input>
+    </utility>
+
+
+		<utility module_path=".*/kde_minimal">
+			<input into="autologin_user">
+				<datastore access="0" access_json="['username']">account</datastore>
+			</input>
+			<input into="accounts">
+				<datastore>account</datastore>
+			</input>
+			<input into="autostart_konsole">
+				<value>true</value>
+			</input>
+		</utility>
+		<utility module_path=".*/handy_cli_tools"/>
+		<utility module_path=".*/hash_tools"/>
+
+		<utility module_path=".*/live_malware_samples"/>
+
+    <network type="private_network" range="dhcp"/>
+  </system>
+
+</scenario>