WiP

lib/objects/local_ruby_challenge_generator.rb

@@ -9,7 +9,14 @@ class RubyChallengeGenerator < ScriptChallengeGenerator
   end
 
   def pre_challenge_setup
-    "Dir.chdir(ARGV[0])\n"
+    "flag_path = ''
+     if ARGV[0] and File.directory? ARGV[0]
+       flag_path = ARGV.shift
+       if flag_path[-1] != '/'
+         flag_path += '/'
+       end
+     end
+     flag_path += 'flag'\n"
   end
 
   def interpreter_path

modules/build/puppet/secgen_functions/manifests/install_setgid_script.pp

@@ -10,7 +10,7 @@ define secgen_functions::install_setgid_script (
   $group, # Name of group
   $account, # User account
   $flag, # ctf flag string
-  $flag_name, # ctf flag name
+  $flag_name = 'flag', # ctf flag name
   $port, # Optional: script will be run on network port using xinetd
   $storage_dir     = '', # Optional: Storage directory (takes precedent if supplied, e.g. nfs / smb share dir)
   $strings_to_leak = [''], # Optional: strings to leak (could contain instructions or a message)

modules/build/puppet/secgen_functions/manifests/install_setuid_root_script.pp

@@ -1,64 +0,0 @@
-# Install function for setgid binaries
-# -- Modules calling this function must provide a Makefile and any .c files within it's <module_name>/files directory
-
-define secgen_functions::install_setuid_root_script (
-  $challenge_name, # Challenge name, used for the wrapper-directory
-  $script_name, # Script filename
-  $script_data, # Script data
-  $source_module_name, # Name of the module that calls this function
-  $account, # User account
-  $flag, # ctf flag string
-  $flag_name, # ctf flag name
-  $storage_dir     = '', # Optional: Storage directory (takes precedent if supplied, e.g. nfs / smb share dir)
-  $strings_to_leak = [''], # Optional: strings to leak (could contain instructions or a message)
-) {
-
-  if $account {
-    $username = $account['username']
-
-    ::accounts::user { $username:
-      shell      => '/bin/bash',
-      password   => pw_hash($account['password'], 'SHA-512', 'mysalt'),
-      managehome => true,
-      home_mode  => '0755',
-    }
-
-    $storage_directory = "/home/$username"
-
-  } elsif $storage_dir {
-    $storage_directory = $storage_dir
-
-  } else {
-    err('install: either account or storage_dir is required')
-    fail
-  }
-
-  $compile_directory = "$storage_directory/tmp"
-  $challenge_directory = "$storage_directory/$challenge_name"
-  $modules_source = "puppet:///modules/$source_module_name"
-
-  # Create challenge directory
-  ::secgen_functions::create_directory { "create_$challenge_directory":
-    path   => $challenge_directory,
-    notify => File["$challenge_directory/$script_name"],
-  }
-
-  # Move the compiled binary into the challenge directory
-  file { "$challenge_directory/$script_name":
-    ensure  => present,
-    owner   => 'root',
-    mode    => '4775',
-    content => $script_data,
-  }
-
-  # Drop the flag file on the box and set permissions
-  ::secgen_functions::leak_files { "$username-file-leak":
-    storage_directory => "$challenge_directory",
-    leaked_filenames  => [$flag_name],
-    strings_to_leak   => [$flag],
-    owner             => 'root',
-    mode              => '0400',
-    leaked_from       => "$source_module_name-$module_name",
-  }
-
-}

modules/generators/challenges/misc/programming/ruby_example/secgen_local/local.rb

@@ -9,7 +9,7 @@ class ExampleRubyScriptGenerator < RubyChallengeGenerator
   end
 
   def challenge_content
-    "puts File.read('flag')"
+    "puts File.read(flag_path)"
   end
 
 end

modules/vulnerabilities/unix/ctf/ruby_challenge_example/manifests/install.pp

@@ -1,8 +1,17 @@
 class ruby_challenge_example::install {
   $secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
-  $group = $secgen_params['group']
+  $challenge_name = $secgen_params['challenge_name'][0]
   $script_data = $secgen_params['script_data']
 
+  # TODO: Do we move the if populated checks (below) inside the install function? Might be worthwhile.
+  # TODO: It would result in reduced boilerplate for script / binary challenge install modules.
+
+  if $secgen_params['group'] and $secgen_params['group'][0]{
+    $group = $secgen_params['group'][0]
+  } else {
+    $group = $challenge_name
+  }
+
   if $secgen_params['account'][0] and $secgen_params['account'][0] != '' {
     $account = parsejson($secgen_params['account'][0])
   } else {
@@ -17,38 +26,21 @@ class ruby_challenge_example::install {
 
   if $secgen_params['port'] and $secgen_params['port'][0] {
     $port = $secgen_params['port'][0]
+    notice("$module_name - running on port: $port")
   } else {
     $port = undef
   }
 
-  notice ("running on port: $port")
-
-  if $group {
-    ::secgen_functions::install_setgid_script { 'ruby_challenge_example':
-      source_module_name => $module_name,
-      challenge_name     => $secgen_params['challenge_name'][0],
-      script_name        => 'test.rb',
-      script_data        => $script_data[0],
-      group              => $group[0],
-      account            => $account,
-      flag               => $secgen_params['flag'][0],
-      flag_name          => 'flag',
-      port               => $port,
-      storage_dir        => $storage_dir,
-      strings_to_leak    => $secgen_params['strings_to_leak'],
-    }
-  } else {
-    ::secgen_functions::install_setuid_root_script { 'ruby_challenge_example':
-      source_module_name => $module_name,
-      challenge_name     => $secgen_params['challenge_name'][0],
-      script_name        => 'test.rb',
-      script_data        => $script_data[0],
-      account            => $account,
-      flag               => $secgen_params['flag'][0],
-      flag_name          => 'flag',
-      storage_dir        => $storage_dir,
-      strings_to_leak    => $secgen_params['strings_to_leak'],
-    }
+  ::secgen_functions::install_setgid_script { 'ruby_challenge_example':
+    source_module_name => $module_name,
+    challenge_name     => $challenge_name,
+    script_name        => 'test.rb',
+    script_data        => $script_data[0],
+    group              => $group,
+    account            => $account,
+    flag               => $secgen_params['flag'][0],
+    port               => $port,
+    storage_dir        => $storage_dir,
+    strings_to_leak    => $secgen_params['strings_to_leak'],
   }
-
 }

modules/vulnerabilities/unix/ctf/ruby_challenge_example/secgen_metadata.xml

@@ -19,15 +19,15 @@
   <read_fact>script_data</read_fact>
   <read_fact>account</read_fact>
   <read_fact>flag</read_fact>
+  <!-- group: Blank by default. Uses challenge name as group name unless explicitly provided. -->
+  <read_fact>group</read_fact>
   <!-- storage_directory: Blank by default. If supplied, store the files here. e.g. NFS or SMB storage location -->
   <read_fact>storage_directory</read_fact>
-  <!--  group: Blank by default. If supplied install script challenge as setgid  -->
-  <read_fact>group</read_fact>
   <!--  port: Blank by default. If supplied install script challenge as xinetd program running on given port -->
   <read_fact>port</read_fact>
 
   <default_input into="challenge_name">
-    <value>ruby_script_example</value>
+    <value>ruby_challenge_example</value>
   </default_input>
   <default_input into="script_data">
     <generator module_path=".*ruby_example"/>
@@ -45,9 +45,6 @@
   <default_input into="flag">
     <generator type="flag_generator"/>
   </default_input>
-  <default_input into="challenge_name">
-    <value>ruby_script_example</value>
-  </default_input>
 
   <requires>
     <module_path>utilities/unix/system/accounts</module_path>

scenarios/examples/xinetd_script_example.xml

@@ -12,9 +12,6 @@
 			<input into="port">
 				<value>1337</value>
 			</input>
-			<input into="group">
-				<value>test</value>
-			</input>
 		</vulnerability>
 
 	</system>