From e0cf7ae2fff20af2fdcbced2e31dbcd6735e9bb9 Mon Sep 17 00:00:00 2001 From: "Z. Cliffe Schreuders" Date: Sat, 5 Apr 2025 00:10:03 +0100 Subject: [PATCH] Add 'mode' input to encrypted zip file and update init.pp to handle mode parameter --- modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp | 4 +++- .../vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp b/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp index dda075e30..63e84b05d 100644 --- a/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp +++ b/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp @@ -3,6 +3,7 @@ class zip_file::init { $leaked_filename = $secgen_parameters['leaked_filename'][0] $base64_file = $secgen_parameters['base64_file'][0] + $mode = $secgen_parameters['mode'][0] # default is 0600 if $secgen_parameters['account'] and $secgen_parameters['account'] != '' { $account = parsejson($secgen_parameters['account'][0]) @@ -19,5 +20,6 @@ class zip_file::init { base64_file => $base64_file, owner => $username, group => $username, + mode => $mode, } -} \ No newline at end of file +} diff --git a/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml b/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml index b0e908645..4671b358a 100644 --- a/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml +++ b/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml @@ -21,6 +21,7 @@ leaked_filename account storage_directory + mode @@ -42,6 +43,10 @@ /var/log + + 0600 + + A zip file has been leaked with a flag. If using a password, use the default dictionary from '/usr/share/john/password.lst'. Use the following command: fcrackzip -u -D -p /usr/share/john/password.lst filename.zip