Parameterised 'Start here!' tab

2026-02-22 03:38:01 +00:00 · 2017-05-01 13:21:25 +01:00
parent 4d34a7a89d
commit c7047e4e12
3 changed files with 39 additions and 12 deletions
--- a/modules/vulnerabilities/unix/webapp/parameterised_website/manifests/install.pp
+++ b/modules/vulnerabilities/unix/webapp/parameterised_website/manifests/install.pp
@@ -62,11 +62,13 @@ class parameterised_website::install {

  # Create visible tab html files
  $visible_tabs.each |$counter, $visible_tab| {
-    $n = $counter + 1
+    if $counter != 0 {
+      $n = $counter

-    file { "$docroot/tab_$n.html":
-      ensure  => file,
-      content => $visible_tab,
+      file { "$docroot/tab_$n.html":
+        ensure  => file,
+        content => $visible_tab,
+      }
    }
  }

@@ -75,7 +77,7 @@ class parameterised_website::install {
    if $counter == 0 {
      $n = 0
    } else {
-      $n = $counter + $visible_tabs.length
+      $n = $counter + $visible_tabs.length - 1  # minus one accounts for the information tab
    }

    file { "$docroot/tab_$n.html":
--- a/modules/vulnerabilities/unix/webapp/parameterised_website/templates/subtemplates/tab_panel.html.erb
+++ b/modules/vulnerabilities/unix/webapp/parameterised_website/templates/subtemplates/tab_panel.html.erb
@@ -1,12 +1,14 @@
 <div id="tabs">
  <ul class="nav nav-tabs">
-    <li class="nav-item active"><a class="nav-link active" data-toggle="tab" href="#tabs-1">Start here!</a></li>
-    <% @visible_tabs.each_with_index { |_, counter| -%>
+    <li class="nav-item active"><a class="nav-link active" data-toggle="tab" href="#start_tab">Start here!</a></li>
+    <% @visible_tabs.each_with_index { |_, counter|  -%>
+     <% if counter != 0 && counter != @visible_tabs.length -%>
        <li class="nav-item">
-          <a class="nav-link" data-toggle="tab" href="tab_<%= counter + 1 %>.html"><%= counter + 1 %></a></li>
-    <% } -%>
+          <a class="nav-link" data-toggle="tab" href="tab_<%= counter %>.html"><%= counter %></a></li>
+      <% end -%>
+    <% } %>
  </ul>
-  <div id="tabs-1">
-
+  <div id="start_tab">
+    <%= @visible_tabs[0] %>
  </div>
 </div>
--- a/scenarios/ctf/edge_hill_scenario.xml
+++ b/scenarios/ctf/edge_hill_scenario.xml
@@ -6,13 +6,22 @@

 	<!--some basic decoding challenges-->
 	<system>
-		<system_name>decode_me</system_name>
+		<system_name>nw_cyber_games</system_name>
 		<base platform="linux"/>

 		<!-- comment describes using pseudo code (C#-like methods with named optional arguments) -->
 		<!-- vulnerability_nfs_share_leak(strings_to_leak: encoder_flag_generator() CONCAT encoder_ascii_reversable(strings_to_encode: encoder_flag_generator()) CONCAT ...) -->
 		<vulnerability name="Random Parameterised Website">
 			<input into="visible_tabs">
+				<generator type="html_snippet_generator" >
+					<input into="heading">
+						<value>Welcome to the North West Cyber Games!</value>
+					</input>
+					<input into="paragraphs" unique_module_list="unique_encoders">
+						<value>Hunt down the flags. Good luck, have fun!</value>
+					</input>
+				</generator>
+
 				<generator type="html_snippet_generator" >
 					<input into="heading">
 						<value>Challenge 1</value>
@@ -115,6 +124,20 @@
 			</input>
 		</vulnerability>

+		<!-- Remote privilege escalation -->
+		<vulnerability read_fact="strings_to_leak" access="remote" privilege="user_rwx">
+			<input into="strings_to_leak">
+				<generator type="flag_generator" />
+			</input>
+		</vulnerability>
+
+		<vulnerability read_fact="strings_to_leak" access="local" privilege="root_rwx">
+			<input into="strings_to_leak">
+				<generator type="flag_generator" />
+			</input>
+		</vulnerability>
+
+
 		<network module_path=".*private_network_1"/>
 		<!--<build type="cleanup">-->
 			<!--<input into="root_password">-->