From e3053ac4555209f020320ab01d1c3b9f32aa90fa Mon Sep 17 00:00:00 2001
From: ts <thomashaw@localhost.localdomain>
Date: Tue, 30 Oct 2018 15:48:48 +0000
Subject: [PATCH] Builds, moves and configures metactf src_angr challenges as
 setgid challenges. Test the file read for 00_angr_find (should read a flag
 file as setgid instead of returning 'well done')

---
 .../00_angr_find/00_angr_find.c.templite      |  1 +
 .../unix/ctf/metactf/manifests/configure.pp   | 49 +++++++++++++++
 .../unix/ctf/metactf/manifests/install.pp     | 59 +++----------------
 modules/utilities/unix/ctf/metactf/metactf.pp |  3 +-
 .../unix/ctf/metactf/secgen_metadata.xml      |  1 +
 .../ctf_challenge_examples/metactf.xml        | 19 ++++--
 secgen.rb                                     |  4 +-
 7 files changed, 77 insertions(+), 59 deletions(-)
 create mode 100644 modules/utilities/unix/ctf/metactf/manifests/configure.pp

diff --git a/modules/utilities/unix/ctf/metactf/files/repository/src_angr/00_angr_find/00_angr_find.c.templite b/modules/utilities/unix/ctf/metactf/files/repository/src_angr/00_angr_find/00_angr_find.c.templite
index 5cc4ee404..1fa2ddc3c 100644
--- a/modules/utilities/unix/ctf/metactf/files/repository/src_angr/00_angr_find/00_angr_find.c.templite
+++ b/modules/utilities/unix/ctf/metactf/files/repository/src_angr/00_angr_find/00_angr_find.c.templite
@@ -8,6 +8,7 @@ userdef = ''.join(random.choice(userdef_charset) for _ in range(8))
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <fcntl.h>
 
 #define USERDEF "${ userdef }$"
 #define LEN_USERDEF ${ write(len(userdef)) }$
diff --git a/modules/utilities/unix/ctf/metactf/manifests/configure.pp b/modules/utilities/unix/ctf/metactf/manifests/configure.pp
new file mode 100644
index 000000000..0419fa326
--- /dev/null
+++ b/modules/utilities/unix/ctf/metactf/manifests/configure.pp
@@ -0,0 +1,49 @@
+class metactf::configure {
+  $secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
+  $install_dir = '/opt/metactf'
+  $challenge_list = $secgen_params['challenge_list']
+  $flags = $secgen_params['flags']
+  $groups = $secgen_params['groups']
+
+  $raw_account = $secgen_params['account'][0]
+  $account = parsejson($raw_account)
+  $username = $account['username']
+
+  # TODO : Test me with dynamic challenge directory...
+  # if $secgen_params['challenge_directory'][0] != undef {
+  #   $challenge_directory = $secgen_params['challenge_directory'][0]
+  # } else {
+  $storage_dir = "/home/$username/challenges"
+  # }
+
+  Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
+
+  # Move the challenges based on account name and challenge name.
+
+  $challenge_pairs = zip($challenge_list, $flags)
+
+  $challenge_pairs.each |$counter, $challenge_pair| {
+    $challenge_path = $challenge_pair[0]
+    $flag = $challenge_pair[1]
+    $split_challenge = split($challenge_path, '/')
+    $metactf_challenge_dir = $split_challenge[0]
+    $metactf_challenge_type = split($metactf_challenge_dir, '_')[1]
+    $challenge_name = $split_challenge[1]
+    $group = $groups[$counter]
+
+    $binary_path = "$install_dir/$metactf_challenge_dir/obj/secgen/$metactf_challenge_type/$challenge_name"
+
+    ::secgen_functions::install_setgid_binary { "metactf_$challenge_name":
+      source_module_name => $module_name,
+      challenge_name     => $challenge_name,
+      group              => $group,
+      account            => $account,
+      flag               => $flag,
+      flag_name          => 'flag',
+      binary_path        => $binary_path,
+      storage_dir        => $storage_dir,
+      strings_to_leak    => $secgen_params['strings_to_leak'],
+    }
+  }
+
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/ctf/metactf/manifests/install.pp b/modules/utilities/unix/ctf/metactf/manifests/install.pp
index b07f1883e..8e3f0cf66 100644
--- a/modules/utilities/unix/ctf/metactf/manifests/install.pp
+++ b/modules/utilities/unix/ctf/metactf/manifests/install.pp
@@ -1,23 +1,12 @@
 class metactf::install {
   $secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
   $install_dir = '/opt/metactf'
-  $challenge_list = $secgen_params['challenge_list']
-  $flags = $secgen_params['flags']
-  $groups = $secgen_params['groups']
-
-  $raw_account = $secgen_params['account'][0]
-  $account = parsejson($raw_account)
-  $username = $account['username']
-
-  # TODO : Test me with dynamic challenge directory...
-  # if $secgen_params['challenge_directory'][0] != undef {
-  #   $challenge_directory = $secgen_params['challenge_directory'][0]
-  # } else {
-    $storage_dir = "/home/$username/challenges"
-  # }
 
   Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
 
+  ensure_packages('build-essential')
+  ensure_packages('gcc-multilib')
+
   file { $install_dir:
     ensure  => directory,
     recurse => true,
@@ -33,44 +22,12 @@ class metactf::install {
   }
 
   # For now just build all of the binaries.
-  exec { 'build ctf_angr binaries':
-    command => "/bin/make /opt/metactf/src_angr/"
+  exec { 'build src_angr binaries':
+    cwd     => "$install_dir/src_angr/",
+    command => "/usr/bin/make",
   }
 
-  # Move the challenges based on account name and challenge name.
-
-  $challenge_pairs = zip($challenge_list, $flags)
-
-  $challenge_pairs.each |$counter, $challenge_pair| {
-    $challenge_path = $challenge_pair[0]
-    $flag = $challenge_pair[1]
-    $split_challenge = split($challenge_path, '/')
-    $metactf_challenge_type = $split_challenge[0]
-    $challenge_name = $split_challenge[1]
-    $group = $groups[$counter]
-
-    if $group {
-      ::secgen_functions::install_setgid_binary { "metactf_$challenge_name":
-        source_module_name => $module_name,
-        challenge_name     => $challenge_name,
-        group              => $group,
-        account            => $account,
-        flag               => $flag,
-        flag_name          => 'flag',
-        storage_dir        => $storage_dir,
-        strings_to_leak    => $secgen_params['strings_to_leak'],
-      }
-    } else {  # TODO : Refactor so that this works well with a default account ? (should we make it so that if we just include metactf it will throw out 1 random challenge with a default account or just not bother?)
-      ::secgen_functions::install_setuid_root_binary { "metactf_$challenge_name":
-        source_module_name => $module_name,
-        challenge_name     => $secgen_params['challenge_name'][0],
-        account            => $account,
-        flag               => $secgen_params['flag'][0],
-        flag_name          => 'flag',
-        storage_dir        => $storage_dir,
-        strings_to_leak    => $secgen_params['strings_to_leak'],
-      }
-    }
-  }
+  # TODO: Build src_csp
+  # TODO: Build src_malware
 
 }
\ No newline at end of file
diff --git a/modules/utilities/unix/ctf/metactf/metactf.pp b/modules/utilities/unix/ctf/metactf/metactf.pp
index 24070a35e..4eed3bff8 100644
--- a/modules/utilities/unix/ctf/metactf/metactf.pp
+++ b/modules/utilities/unix/ctf/metactf/metactf.pp
@@ -1 +1,2 @@
-require metactf::install
\ No newline at end of file
+require metactf::install
+require metactf::configure
\ No newline at end of file
diff --git a/modules/utilities/unix/ctf/metactf/secgen_metadata.xml b/modules/utilities/unix/ctf/metactf/secgen_metadata.xml
index 487f6c1af..c6e82ca5e 100644
--- a/modules/utilities/unix/ctf/metactf/secgen_metadata.xml
+++ b/modules/utilities/unix/ctf/metactf/secgen_metadata.xml
@@ -19,6 +19,7 @@
   <!-- Note - Scenarios must provide the same number of flags as challenges and groups in the challenge_list -->
   <read_fact>challenge_list</read_fact>
   <read_fact>flags</read_fact>
+  <read_fact>groups</read_fact>
   <read_fact>account</read_fact>
 
   <default_input into="challenge_list">
diff --git a/scenarios/examples/ctf_challenge_examples/metactf.xml b/scenarios/examples/ctf_challenge_examples/metactf.xml
index f806d3fdf..34f34104d 100644
--- a/scenarios/examples/ctf_challenge_examples/metactf.xml
+++ b/scenarios/examples/ctf_challenge_examples/metactf.xml
@@ -8,12 +8,16 @@
     <system_name>metactf</system_name>
     <base platform="linux" type="server" distro="Stretch"/>
 
-
-    <!--<utility module_path=".*metactf"/>-->
-
     <utility module_path=".*parameterised_accounts">
-      <input into="account" into_datastore="account">
-        <generator type="account"/>
+      <input into="accounts" into_datastore="account">
+        <generator type="account">
+          <input into="username">
+            <value>challenger</value>
+          </input>
+          <input into="password">
+            <value>password</value>
+          </input>
+        </generator>
       </input>
     </utility>
 
@@ -28,6 +32,11 @@
         <value>challenge02</value>
         <value>challenge03</value>
       </input>
+      <input into="flags">
+        <generator type="flag_generator"/>
+        <generator type="flag_generator"/>
+        <generator type="flag_generator"/>
+      </input>
       <input into="account">
         <datastore>account</datastore>
       </input>
diff --git a/secgen.rb b/secgen.rb
index 8a897d08a..96a189676 100644
--- a/secgen.rb
+++ b/secgen.rb
@@ -170,11 +170,11 @@ def build_vms(scenario, project_dir, options)
           end
         else   # TODO:  elsif vagrant_output[:exception].type == ProcessHelper::TimeoutError   >destroy individually broken vms as above?
           Print.err 'Vagrant up timeout, destroying VMs and retrying...'
-          GemExec.exe('vagrant', project_dir, 'destroy -f')
+          # GemExec.exe('vagrant', project_dir, 'destroy -f')
         end
       else
         Print.err 'Error provisioning VMs, destroying VMs and exiting SecGen.'
-        GemExec.exe('vagrant', project_dir, 'destroy -f')
+        # GemExec.exe('vagrant', project_dir, 'destroy -f')
         exit 1
       end
     end