diff --git a/modules/build/puppet/secgen_functions/manifests/leak_files.pp b/modules/build/puppet/secgen_functions/manifests/leak_files.pp index 817ac4742..4d708ed41 100644 --- a/modules/build/puppet/secgen_functions/manifests/leak_files.pp +++ b/modules/build/puppet/secgen_functions/manifests/leak_files.pp @@ -1,4 +1,14 @@ -define secgen_functions::leak_files($leaked_filenames=[], $storage_directory, $strings_to_leak=[], $images_to_leak=[], $owner = 'root', $group = 'root', $mode = '0660', $leaked_from) { +define secgen_functions::leak_files($leaked_filenames=[], $storage_directory, $strings_to_leak=[], $data_to_leak=[], $owner = 'root', $group = 'root', $mode = '0660', $leaked_from) { + + # Have a check on $data_to_leak for whether the file is a string or json with {"secgen_leaked_data": {}} + $data_to_leak.each |$i, $data| { + if parsejson($data){ + $json = parsejson($data) + notice ("[$i] Data to leak: $json") + } else { + notice("[$i] Data to leak: $data") + } + } # $leaked_from is a mandatory resource specifying where the file was being leaked (i.e. which module / user leaked it.) # This is to avoid resource clashes if two users get the same 'leaked_filenames' results diff --git a/modules/generators/structured_content/account/secgen_local/local.rb b/modules/generators/structured_content/account/secgen_local/local.rb index e6d98abf0..dedf70493 100644 --- a/modules/generators/structured_content/account/secgen_local/local.rb +++ b/modules/generators/structured_content/account/secgen_local/local.rb @@ -4,7 +4,7 @@ class AccountGenerator < StringEncoder attr_accessor :username attr_accessor :password attr_accessor :super_user - attr_accessor :strings_to_leak + attr_accessor :data_to_leak attr_accessor :leaked_filenames def initialize @@ -13,7 +13,7 @@ class AccountGenerator < StringEncoder self.username = '' self.password = '' self.super_user = '' - self.strings_to_leak = [] + self.data_to_leak = [] self.leaked_filenames = [] end @@ -22,14 +22,14 @@ class AccountGenerator < StringEncoder account_hash['username'] = self.username account_hash['password'] = self.password account_hash['super_user'] = self.super_user - account_hash['strings_to_leak'] = self.strings_to_leak + account_hash['data_to_leak'] = self.data_to_leak account_hash['leaked_filenames'] = self.leaked_filenames self.outputs << account_hash.to_json end def get_options_array - super + [['--strings_to_leak', GetoptLong::OPTIONAL_ARGUMENT], + super + [['--data_to_leak', GetoptLong::OPTIONAL_ARGUMENT], ['--leaked_filenames', GetoptLong::OPTIONAL_ARGUMENT], ['--username', GetoptLong::REQUIRED_ARGUMENT], ['--password', GetoptLong::REQUIRED_ARGUMENT], @@ -45,8 +45,8 @@ class AccountGenerator < StringEncoder self.password << arg; when '--super_user' self.super_user << arg; - when '--strings_to_leak' - self.strings_to_leak << arg; + when '--data_to_leak' + self.data_to_leak << arg; when '--leaked_filenames' self.leaked_filenames << arg; end @@ -56,7 +56,7 @@ class AccountGenerator < StringEncoder 'username: ' + self.username.to_s + print_string_padding + 'password: ' + self.password.to_s + print_string_padding + 'super_user: ' + self.super_user.to_s + print_string_padding + - 'strings_to_leak: ' + self.strings_to_leak.to_s + print_string_padding + + 'data_to_leak: ' + self.data_to_leak.to_s + print_string_padding + 'leaked_filenames: ' + self.leaked_filenames.to_s end end diff --git a/modules/utilities/unix/system/parameterised_accounts/manifests/account.pp b/modules/utilities/unix/system/parameterised_accounts/manifests/account.pp index 2ffd3b68c..983c420be 100644 --- a/modules/utilities/unix/system/parameterised_accounts/manifests/account.pp +++ b/modules/utilities/unix/system/parameterised_accounts/manifests/account.pp @@ -1,4 +1,9 @@ -define parameterised_accounts::account($username, $password, $super_user, $strings_to_leak, $leaked_filenames) { +define parameterised_accounts::account ( + $username, + $password, + $super_user, + $data_to_leak +) { # ::accounts::user changes permissions on group, passwd, shadow etc. so needs to run before if defined('writable_groups::config') { include ::writable_groups::config @@ -44,7 +49,7 @@ define parameterised_accounts::account($username, $password, $super_user, $strin ::secgen_functions::leak_files { "$username-file-leak": storage_directory => "/home/$username/", leaked_filenames => $leaked_filenames, - strings_to_leak => $strings_to_leak, + data_to_leak => $data_to_leak, owner => $username, leaked_from => "accounts_$username", } diff --git a/modules/utilities/unix/system/parameterised_accounts/manifests/init.pp b/modules/utilities/unix/system/parameterised_accounts/manifests/init.pp index cc98fd3eb..429373ff2 100644 --- a/modules/utilities/unix/system/parameterised_accounts/manifests/init.pp +++ b/modules/utilities/unix/system/parameterised_accounts/manifests/init.pp @@ -10,8 +10,7 @@ class parameterised_accounts::init { username => $username, password => $account['password'], super_user => str2bool($account['super_user']), - strings_to_leak => $account['strings_to_leak'], - leaked_filenames => $account['leaked_filenames'] + data_to_leak => $account['data_to_leak'], } } } diff --git a/scenarios/ctf/encoding_challenges.xml b/scenarios/ctf/encoding_challenges.xml index 3179be85a..f17b7e413 100644 --- a/scenarios/ctf/encoding_challenges.xml +++ b/scenarios/ctf/encoding_challenges.xml @@ -17,9 +17,13 @@ system - + - + + 172.16.0.12 + + + @@ -70,7 +74,7 @@ - + @@ -81,7 +85,12 @@ - + + + IP_addresses + + +