Create example scenarios for pcap and zip.

2026-02-21 11:18:06 +00:00 · 2019-03-13 18:07:48 -05:00
parent 8e6055c80f
commit adb0c6fa86
6 changed files with 104 additions and 2 deletions
--- a/1
+++ b/1
@@ -33,6 +33,7 @@ gem 'ruby-graphviz'
 gem 'rsa'
 gem 'gpgmeh'
 gem 'digest-sha3', :git => "http://github.com/izetex/digest-sha3-ruby"
+gem 'packetfu'

 #development only gems go here
 group :test, :development do
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -91,6 +91,9 @@ GEM
    nori (2.6.0)
    ovirt-engine-sdk (4.2.4)
      json (>= 1, < 3)
+    packetfu (1.1.11)
+      pcaprub (~> 0.12)
+    pcaprub (0.12.4)
    pg (1.1.3)
    process_helper (0.1.2)
    puppet (6.0.0)
@@ -162,6 +165,7 @@ DEPENDENCIES
  nokogiri
  nori
  ovirt-engine-sdk
+  packetfu
  pg
  process_helper
  programr!
--- a/modules/vulnerabilities/unix/ctf/pcap_file/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/ctf/pcap_file/secgen_metadata.xml
@@ -6,7 +6,9 @@
  <name>pcap file</name>
  <author>Jason Zeller</author>
  <module_license>MIT</module_license>
-  <description>Release a pcap file with a flag generated somewhere.</description>
+  <description>Release a pcap file with a flag, into storage_directory.
+    Can specify an account file is owned by or defaults to root.
+  </description>

  <type>pcap</type>
  <type>system</type>
--- a/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml
@@ -6,7 +6,9 @@
  <name>Zip File</name>
  <author>Jason Zeller</author>
  <module_license>MIT</module_license>
-  <description>Release a zip file with a flag. Password optional.</description>
+  <description>Release a zip file with a flag. Password optional.
+  Can specify an account file is owned by or defaults to root.
+  </description>

  <type>zip_file</type>
  <type>system</type>
--- a/scenarios/examples/vulnerability_examples/ctf_module_examples/pcap_file.xml
+++ b/scenarios/examples/vulnerability_examples/ctf_module_examples/pcap_file.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<name>pcap_file Example</name>
+	<author>Jason Zeller</author>
+
+	<description>
+		This scenario demonstrates leaking a pcap file with a flag embedded and cleartext.
+	</description>
+
+	<type>ctf</type>
+	<difficulty>easy</difficulty>
+
+	<system>
+		<system_name>server</system_name>
+		<base platform="linux" type="server"/>
+
+    <!-- Release pcap file -->
+		<vulnerability type="pcap">
+			<input into="base64_file">
+				<generator type="pcap_generator">
+					<input into="strings_to_leak">
+						<generator type="flag_generator"/>
+						<value>
+							******SECRET*******From now on, make sure that all network traffic is properly encrypted.******SECRET******
+						</value>
+					</input>
+    		</generator>
+			</input>
+			<input into="leaked_filename">
+				<value>capture.pcap</value>
+			</input>
+      <input into="storage_directory">
+        <value>/var/log</value>
+      </input>
+		</vulnerability>
+
+  </system>
+
+</scenario>
--- a/scenarios/examples/vulnerability_examples/ctf_module_examples/zip_file.xml
+++ b/scenarios/examples/vulnerability_examples/ctf_module_examples/zip_file.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<name>zip_file Example</name>
+	<author>Jason Zeller</author>
+
+	<description>
+		This scenario demonstrates leaking a zip file with a flag embedded and zip can be password protected.
+	</description>
+
+	<type>ctf</type>
+	<difficulty>easy</difficulty>
+
+	<system>
+		<system_name>server</system_name>
+		<base platform="linux" type="server"/>
+
+		<!-- Release zip file -->
+		<vulnerability type="zip_file">
+			<input into="base64_file">
+				<generator type="zip_file_generator">
+      		<input into="password">
+						<generator type="custom_list_password">
+        			<input into="list_name">
+          			<value>jtrpassword.lst</value>
+        			</input>
+      			</generator>
+      		</input>
+					<input into="strings_to_leak">
+						<generator type="flag_generator"/>
+						<value>
+							Congratulations you have cracked our protected zip file. We wish there was more information here but we are just not that smart. Here is a flag for your troubles.
+						</value>
+					</input>
+    		</generator>
+			</input>
+			<input into="leaked_filename">
+				<value>protected.zip</value>
+			</input>
+			<input into="storage_directory">
+        <value>/var/log</value>
+      </input>
+		</vulnerability>
+
+  </system>
+
+</scenario>