Initial import of pcap generator/vulnerability. Also includes leak_to_file utility allowing any base64 file to be leaked wherever desired.

.gitignore

@@ -15,3 +15,4 @@ secgen.conf
 modules/encoders/compression/huffman/tmp
 .rakeTasks
 modules/**/Gemfile.lock
+modules/generators/network/pcap/files/packet.pcap

modules/generators/network/pcap/pcap.pp

@@ -0,0 +1 @@
+require pcap::init

modules/generators/network/pcap/secgen_local/local.rb

@@ -0,0 +1,122 @@
+#!/usr/bin/ruby
+$: << File.expand_path("../../lib", __FILE__)
+require_relative '../../../../../lib/objects/local_string_encoder.rb'
+require 'packetfu'
+require 'faker'
+require 'rubygems'
+
+class PcapGenerator < StringEncoder
+  attr_accessor :strings_to_leak
+
+  def initialize
+    super
+    self.module_name = 'PCAP Generator / Builder'
+    self.strings_to_leak = []
+  end
+
+  def packetgen(type, data)
+    if type == 'tcp'
+        # Create TCP Packet
+        pkt = PacketFu::TCPPacket.new
+        pkt.tcp_dst=rand(1..1023)
+    elsif type == 'udp'
+        # Create UDP Packet
+        pkt = PacketFu::UDPPacket.new
+        pkt.udp_dst=rand(1..1023)
+    end
+    # Create fake mac addresses for sender and receiver
+    pkt.eth_saddr=Faker::Internet.mac_address
+    pkt.eth_daddr=Faker::Internet.mac_address
+    # Create fake Public IP addresses for sender and receiver
+    pkt.ip_src=PacketFu::Octets.new.read_quad(Faker::Internet.ip_v4_address)
+    pkt.ip_dst=PacketFu::Octets.new.read_quad(Faker::Internet.ip_v4_address)
+    pkt.payload = data
+    pkt.recalc
+  end
+
+  def datagen
+    data_types = [
+        Faker::Dota.quote,
+        Faker::BackToTheFuture.quote,
+        Faker::BojackHorseman.quote,
+        Faker::ChuckNorris.fact,
+        Faker::DrWho.quote,
+        Faker::DumbAndDumber.quote,
+        Faker::FamilyGuy.quote,
+        Faker::Friends.quote,
+        Faker::GameOfThrones.quote,
+        Faker::HitchhikersGuideToTheGalaxy.quote,
+        Faker::HowIMetYourMother.quote,
+        Faker::Lebowski.quote,
+        Faker::MostInterestingManInTheWorld.quote,
+        Faker::RickAndMorty.quote,
+        Faker::Simpsons.quote,
+        Faker::StrangerThings.quote,
+        Faker::TheITCrowd.quote
+    ]
+    data_types.sample.dump.to_s
+  end
+
+  def encode_all
+    # Create an array of packets
+    random_number = rand (26..75)
+    count = 0
+    @pcaps = []
+
+    # Generate 25 initial packets
+    25.times do
+        packet_type = ['tcp', 'udp'].sample
+        pkt = packetgen(packet_type, datagen)
+        @pcaps << pkt
+        count += 1
+    end
+
+    # Now generate random packets till we get to our random_number
+    while count < random_number
+        packet_type = ['tcp', 'udp'].sample
+        pkt = packetgen(packet_type, datagen)
+        @pcaps << pkt
+        count += 1
+    end
+
+    # Now add our strings_to_leak packet
+    strings = self.strings_to_leak.join("\n")
+    pkt = packetgen(packet_type, strings)
+    @pcaps << pkt
+    count += 1
+
+    # Finish generating packets till we have 100
+    while count < 101
+        packet_type = ['tcp', 'udp'].sample
+        pkt = packetgen(packet_type, datagen)
+        @pcaps << pkt
+        count += 1
+    end
+    # Put packets in pcap file and return contents.
+    file_contents = ''
+    pfile = PacketFu::PcapFile.new
+    pcap_file_path = GENERATORS_DIR + 'network/pcap/files/packet.pcap'
+    res = pfile.array_to_file(:filename => pcap_file_path, :array => @pcaps, :append => true)
+    file_contents = File.binread(pcap_file_path)
+    File.delete(pcap_file_path)
+    self.outputs << Base64.strict_encode64(file_contents)
+  end
+
+  def get_options_array
+    super + [['--strings_to_leak', GetoptLong::OPTIONAL_ARGUMENT]]
+  end
+
+  def process_options(opt, arg)
+    super
+    case opt
+      when '--strings_to_leak'
+        self.strings_to_leak << arg;
+    end
+  end
+
+  def encoding_print_string
+    'strings_to_leak: ' + self.strings_to_leak.to_s
+  end
+end
+
+PcapGenerator.new.run

modules/generators/network/pcap/secgen_metadata.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+  <name>pcap File Generator</name>
+  <author>Jason Zeller</author>
+  <module_license>MIT</module_license>
+  <description>pcap generator. Wraps strings_to_leak (commonly used with a flag generators for CTF) in an Ethernet
+    packet. Output is a base64 encoded file.
+
+  </description>
+
+  <type>pcap_generator</type>
+  <platform>linux</platform>
+
+  <read_fact>strings_to_leak</read_fact>
+
+  <default_input into="strings_to_leak">
+    <generator type="flag_generator"/>
+  </default_input>
+
+  <output_type>base64_pcap_file</output_type>
+</generator>

modules/utilities/unix/system/leak_to_file/leak_to_file.pp

@@ -0,0 +1 @@
+require leak_to_file::init

modules/utilities/unix/system/leak_to_file/manifests/init.pp

@@ -0,0 +1,23 @@
+class leak_to_file::init {
+  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+
+  $leaked_filename = $secgen_parameters['leaked_filename'][0]
+  $base64_file = $secgen_parameters['base64_file'][0]
+
+  if $secgen_parameters['account'] and $secgen_parameters['account'] != '' {
+    $account = $secgen_parameters['account'][0]
+    $username = $account['username']
+    $storage_directory = "/home/$username/"
+  } else {
+    $username = 'root'
+    $storage_directory = $secgen_parameters['storage_directory'][0]
+  }
+
+  leak_to_file::leak_file { '$storage_directory/$leaked_filename':
+    leaked_filename => $leaked_filename,
+    storage_directory => $storage_directory,
+    base64_file => $base64_file,
+    owner => $username,
+    group => $username,
+  }
+}

modules/utilities/unix/system/leak_to_file/manifests/leak_file.pp

@@ -0,0 +1,21 @@
+define leak_to_file::leak_file($leaked_filename, $storage_directory, $base64_file, $owner = 'root', $group = 'root', $mode = '0660', $leaked_from = '' ) {
+  if ($leaked_filename != ''){
+    $path_to_leak = "$storage_directory/$leaked_filename"
+
+    # create the directory tree, incase the file name has extra layers of directories
+    exec { "$leaked_from-$path_to_leak-mkdir":
+      path    => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
+      command => "mkdir -p `dirname $path_to_leak`;chown $owner. `dirname $path_to_leak`",
+      provider => shell,
+    }
+
+    # Create file.
+    file { $path_to_leak:
+        ensure   => present,
+        owner    => $owner,
+        group    => $group,
+        mode     => $mode,
+        content => base64('decode', $base64_file)
+      }
+    }
+  }

modules/utilities/unix/system/leak_to_file/secgen_metadata.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0"?>
+
+<utility xmlns="http://www.github/cliffe/SecGen/utility"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
+  <name>Leak base64 to file</name>
+  <author>Puppet Labs</author>
+  <author>Jason Zeller</author>
+  <module_license>MIT</module_license>
+  <description>Leak base64 to a file where specified by storage_directory.</description>
+
+  <type>system</type>
+  <platform>linux</platform>
+
+  <!--optional details-->
+  <reference>https://forge.puppet.com/puppetlabs/accounts</reference>
+
+  <read_fact>leaked_filename</read_fact>
+  <read_fact>base64_file</read_fact>
+  <read_fact>storage_directory</read_fact>
+  <read_fact>account</read_fact>
+
+  <default_input into="leaked_filename">
+    <value/>
+  </default_input>
+
+  <default_input into="base64_file">
+    <value/>
+  </default_input>
+
+  <default_input into="storage_directory">
+    <value>/var/log</value>
+  </default_input>
+
+</utility>

modules/vulnerabilities/unix/ctf/pcap_file/manifests/init.pp

@@ -0,0 +1,23 @@
+class pcap_file::init {
+  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+
+  $leaked_filename = $secgen_parameters['leaked_filename'][0]
+  $base64_file = $secgen_parameters['base64_file'][0]
+
+  if $secgen_parameters['account'] and $secgen_parameters['account'] != '' {
+    $account = parsejson($secgen_parameters['account'][0])
+    $username = $account['username']
+    $storage_directory = "/home/$username/"
+  } else {
+    $username = 'root'
+    $storage_directory = $secgen_parameters['storage_directory'][0]
+  }
+
+  leak_to_file::leak_file { $leaked_filename:
+    leaked_filename   => $leaked_filename,
+    storage_directory => $storage_directory,
+    base64_file       => $base64_file,
+    owner             => $username,
+    group             => $username,
+  }
+}

modules/vulnerabilities/unix/ctf/pcap_file/pcap_file.pp

@@ -0,0 +1 @@
+require pcap_file::init

modules/vulnerabilities/unix/ctf/pcap_file/secgen_metadata.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+
+<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
+  <name>pcap file</name>
+  <author>Jason Zeller</author>
+  <module_license>MIT</module_license>
+  <description>Release a pcap file with a flag generated somewhere.</description>
+
+  <type>pcap</type>
+  <type>system</type>
+  <privilege>none</privilege>
+  <access>local</access>
+  <platform>linux</platform>
+
+
+  <read_fact>base64_file</read_fact>
+  <read_fact>leaked_filename</read_fact>
+  <read_fact>account</read_fact>
+  <read_fact>storage_directory</read_fact>
+
+  <default_input into="base64_file">
+    <generator type="pcap_generator"/>
+  </default_input>
+
+  <default_input into="leaked_filename">
+    <value>capture.pcap</value>
+  </default_input>
+
+  <default_input into="storage_directory">
+    <value>/var/log</value>
+  </default_input>
+
+  <hint>A pcap file has been leaked with a message inside a packet.</hint>
+  <solution>Use sftp to copy file to Kali. Then, use Wireshark to find message/flag.</solution>
+
+  <requires>
+    <module_path>utilities/unix/system/leak_to_file</module_path>
+  </requires>
+
+</vulnerability>