WIP: data_to_leak

modules/build/puppet/secgen_functions/manifests/leak_files.pp

@@ -1,4 +1,14 @@
-define secgen_functions::leak_files($leaked_filenames=[], $storage_directory, $strings_to_leak=[], $images_to_leak=[], $owner = 'root', $group = 'root', $mode = '0660', $leaked_from) {
+define secgen_functions::leak_files($leaked_filenames=[], $storage_directory, $strings_to_leak=[], $data_to_leak=[], $owner = 'root', $group = 'root', $mode = '0660', $leaked_from) {
+
+  # Have a check on $data_to_leak for whether the file is a string or json with {"secgen_leaked_data": {}}
+  $data_to_leak.each |$i, $data| {
+    if parsejson($data){
+      $json = parsejson($data)
+      notice ("[$i] Data to leak: $json")
+    } else {
+      notice("[$i] Data to leak: $data")
+    }
+  }
 
   # $leaked_from is a mandatory resource specifying where the file was being leaked (i.e. which module / user leaked it.)
   # This is to avoid resource clashes if two users get the same 'leaked_filenames' results

modules/generators/structured_content/account/secgen_local/local.rb

@@ -4,7 +4,7 @@ class AccountGenerator < StringEncoder
   attr_accessor :username
   attr_accessor :password
   attr_accessor :super_user
-  attr_accessor :strings_to_leak
+  attr_accessor :data_to_leak
   attr_accessor :leaked_filenames
 
   def initialize
@@ -13,7 +13,7 @@ class AccountGenerator < StringEncoder
     self.username = ''
     self.password = ''
     self.super_user = ''
-    self.strings_to_leak = []
+    self.data_to_leak = []
     self.leaked_filenames = []
   end
 
@@ -22,14 +22,14 @@ class AccountGenerator < StringEncoder
     account_hash['username'] = self.username
     account_hash['password'] = self.password
     account_hash['super_user'] = self.super_user
-    account_hash['strings_to_leak'] = self.strings_to_leak
+    account_hash['data_to_leak'] = self.data_to_leak
     account_hash['leaked_filenames'] = self.leaked_filenames
 
     self.outputs << account_hash.to_json
   end
 
   def get_options_array
-    super + [['--strings_to_leak', GetoptLong::OPTIONAL_ARGUMENT],
+    super + [['--data_to_leak', GetoptLong::OPTIONAL_ARGUMENT],
              ['--leaked_filenames', GetoptLong::OPTIONAL_ARGUMENT],
              ['--username', GetoptLong::REQUIRED_ARGUMENT],
              ['--password', GetoptLong::REQUIRED_ARGUMENT],
@@ -45,8 +45,8 @@ class AccountGenerator < StringEncoder
         self.password << arg;
       when '--super_user'
         self.super_user << arg;
-      when '--strings_to_leak'
-        self.strings_to_leak << arg;
+      when '--data_to_leak'
+        self.data_to_leak << arg;
       when '--leaked_filenames'
         self.leaked_filenames << arg;
     end
@@ -56,7 +56,7 @@ class AccountGenerator < StringEncoder
     'username: ' + self.username.to_s + print_string_padding +
     'password: ' + self.password.to_s  + print_string_padding +
     'super_user: ' + self.super_user.to_s + print_string_padding +
-    'strings_to_leak: ' + self.strings_to_leak.to_s + print_string_padding +
+    'data_to_leak: ' + self.data_to_leak.to_s + print_string_padding +
     'leaked_filenames: ' + self.leaked_filenames.to_s
   end
 end

modules/utilities/unix/system/parameterised_accounts/manifests/account.pp

@@ -1,4 +1,9 @@
-define parameterised_accounts::account($username, $password, $super_user, $strings_to_leak, $leaked_filenames) {
+define parameterised_accounts::account (
+  $username,
+  $password,
+  $super_user,
+  $data_to_leak
+) {
   # ::accounts::user changes permissions on group, passwd, shadow etc. so needs to run before
   if defined('writable_groups::config') {
     include ::writable_groups::config
@@ -44,7 +49,7 @@ define parameterised_accounts::account($username, $password, $super_user, $strin
   ::secgen_functions::leak_files { "$username-file-leak":
     storage_directory => "/home/$username/",
     leaked_filenames  => $leaked_filenames,
-    strings_to_leak   => $strings_to_leak,
+    data_to_leak      => $data_to_leak,
     owner             => $username,
     leaked_from       => "accounts_$username",
   }

modules/utilities/unix/system/parameterised_accounts/manifests/init.pp

@@ -10,8 +10,7 @@ class parameterised_accounts::init {
         username        => $username,
         password        => $account['password'],
         super_user      => str2bool($account['super_user']),
-        strings_to_leak => $account['strings_to_leak'],
-        leaked_filenames => $account['leaked_filenames']
+        data_to_leak    => $account['data_to_leak'],
       }
     }
   }

scenarios/ctf/encoding_challenges.xml

@@ -17,9 +17,13 @@
 
   <system>
     <system_name>system</system_name>
-    <base platform="linux" type="desktop"/>
+    <base platform="linux" type="desktop" distro="Stretch"/>
 
-    <!-- 5x challenges per student -->
+    <input into_datastore="IP_addresses">
+      <value>172.16.0.12</value>
+    </input>
+
+    <!-- 6x challenges per student -->
     <!--1: random encoder -->
     <!--2: random encoder -->
     <!--3: random encoder -->
@@ -70,7 +74,7 @@
                 </encoder>
               </input>
             </encoder>
-            <encoder module_path=".*huffman.*" difficulty="high">
+            <encoder difficulty="high">
               <input into="strings_to_encode">
                 <generator type="flag_generator"/>
               </input>
@@ -81,7 +85,12 @@
     </utility>
 
     <!--TODO-->
-    <network module_path=".*private_network_1"/>
+    <network type="private_network">
+      <input into="IP_address">
+        <datastore access="0">IP_addresses</datastore>
+      </input>
+    </network>
+
     <!--<build type="cleanup">-->
     <!--<input into="root_password">-->
     <!--<generator type="strong_password_generator"/>-->