digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-20 13:50:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

RSA Lab

Browse Source
This commit is contained in:
thomashaw
2023-09-27 12:03:18 +01:00
parent 45398f0120
commit ff4035e656
19 changed files with 1224 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/bases/kali_light_msf/secgen_metadata.xml
View File

@@ -17,7 +17,7 @@
<url>https://app.vagrantup.com/secgen/boxes/kali_light_msf/versions/1.0/providers/virtualbox.box</url>
<esxi_url></esxi_url>
<ovirt_template>kali_linux_msf_20230615</ovirt_template>
<proxmox_template>kali-linux-msf-20230615</ovirt_template>
<proxmox_template>kali-linux-msf-20230615</proxmox_template>
<reference>https://app.vagrantup.com/secgen</reference>

0
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/asymmetric_enc_rsa.pp Normal file
View File

0
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/manifests/.no_puppet Normal file
View File

71
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/secgen_local/local.rb Normal file
View File

@@ -0,0 +1,71 @@
#!/usr/bin/ruby
require_relative '../../../../../../lib/objects/local_hackerbot_config_generator.rb'
class AsymmetricEncRSA < HackerbotConfigGenerator
attr_accessor :desktop_ip
attr_accessor :hackerbot_server_ip
attr_accessor :chall_3_msg
def initialize
super
self.module_name = 'Hackerbot Config Generator Asymmetric/RSA'
self.title = 'Public-Key Cryptography with RSA'
self.local_dir = File.expand_path('../../', __FILE__)
self.templates_path = "#{self.local_dir}/templates/"
self.config_template_path = "#{self.local_dir}/templates/asymmetric_enc_rsa_lab.xml.erb"
self.html_template_path = "#{self.local_dir}/templates/labsheet.html.erb"
self.desktop_ip = ''
self.hackerbot_server_ip = ''
self.chall_3_msg = ''
end
def get_options_array
super + [['--desktop_ip', GetoptLong::REQUIRED_ARGUMENT],
['--hackerbot_server_ip', GetoptLong::REQUIRED_ARGUMENT],
['--chall_3_msg', GetoptLong::REQUIRED_ARGUMENT]]
end
def process_options(opt, arg)
super
case opt
when '--desktop_ip'
self.desktop_ip << arg;
when '--hackerbot_server_ip'
self.hackerbot_server_ip << arg;
when '--chall_3_msg'
self.chall_3_msg << arg;
end
end
end
def encrypt_rsa(message, e, n)
ciphertext = ''
message_split = message.split('')
message_split.each_with_index do |char, i|
ciphertext << encrypt_rsa_byte(char.ord, e, n)
unless message.length == i + 1
ciphertext << ' '
end
end
return ciphertext
end
def decrypt_rsa(ciphertext, d, n)
message = ''
ct_split = ciphertext.split(' ')
ct_split.each do |byte|
int_byte = byte.to_i
message << (((int_byte ** d) % n))
end
return message
end
def encrypt_rsa_byte(message, e, n)
ciphertext = ((message ** e) % n).to_s
return ciphertext
end
AsymmetricEncRSA.new.run

53
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/secgen_metadata.xml Normal file
View File

@@ -0,0 +1,53 @@
<?xml version="1.0"?>
<generator xmlns="http://www.github/cliffe/SecGen/generator"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
<name>Hackerbot config for an RSA asymmetric encryption lab</name>
<author>Thomas Shaw</author>
<author>Mo Hassan</author>
<module_license>GPLv3</module_license>
<description>Generates a config file for a hackerbot for an asymmetric encryption lab.
Topics covered: Asymmetric Encryption; Public-Key Cryptography; RSA.</description>
<type>hackerbot_config</type>
<platform>linux</platform>
<read_fact>chall_3_msg</read_fact>
<read_fact>keys</read_fact>
<read_fact>flags</read_fact>
<read_fact>root_password</read_fact>
<read_fact>desktop_ip</read_fact>
<read_fact>hackerbot_server_ip</read_fact>
<default_input into="accounts">
<generator type="account">
<input into="username">
<value>vagrant</value>
</input>
</generator>
</default_input>
<default_input into="chall_3_msg">
<generator type="weak_password_generator"/>
</default_input>
<default_input into="flags">
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
<generator type="flag_generator"/>
</default_input>
<output_type>hackerbot</output_type>
</generator>

29
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/shared/labsheet.html.erb Normal file
View File

@@ -0,0 +1,29 @@
<html>
<head>
<title><%= self.title %></title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/github-markdown.css">
<style>
.markdown-body {
box-sizing: border-box;
min-width: 200px;
margin: 0 auto;
padding: 45px;
}
@media (max-width: 767px) {
.markdown-body {
padding: 15px;
}
}
</style>
<article class="markdown-body">
<%= self.html_rendered %>
</article>
<script src="js/code-prettify/loader/run_prettify.js"></script>
</body>
</html>

4
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/shared/license.md.erb Normal file
View File

@@ -0,0 +1,4 @@
## License
This lab by [*Z. Cliffe Schreuders*](http://z.cliffe.schreuders.org) at Leeds Beckett University is licensed under a [*Creative Commons Attribution-ShareAlike 3.0 Unported License*](http://creativecommons.org/licenses/by-sa/3.0/deed.en_GB).
Included software source code is also licensed under the GNU General Public License, either version 3 of the License, or (at your option) any later version.

480
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/templates/asymmetric_enc_rsa_lab.xml.erb Normal file
View File

@@ -0,0 +1,480 @@
<%
require 'json'
require 'securerandom'
require 'digest/sha1'
require 'fileutils'
require 'erb'
require 'openssl'
if self.accounts.empty?
abort('Sorry, you need to provide an account')
end
$first_account = JSON.parse(self.accounts.first)
$main_user = $first_account['username'].to_s
$root_password = self.root_password
$desktop_ip = self.desktop_ip
$hackerbot_server_ip = self.hackerbot_server_ip
$flags = self.flags
$chall_1_path = "/home/#{$main_user}/challenge_1"
$chall_2_path = "/home/#{$main_user}/challenge_2"
$chall_2_msg = SecureRandom.hex(4)
$chall_3_message = self.chall_3_msg
$chall_3_ciphertext = encrypt_rsa($chall_3_message, 5, 161)
$chall_4_message = SecureRandom.hex(2)
$chall_4_ciphertext = encrypt_rsa($chall_4_message, 5, 161)
$chall_5_message = rand(1..9)
$chall_5_ciphertext = encrypt_rsa_byte($chall_5_message, 3, 15)
$chall_6_message = rand(1..9)
$chall_6_ciphertext = encrypt_rsa_byte($chall_6_message, 3, 15)
$chall_7_message = rand(1..9)
$chall_7_ciphertext = encrypt_rsa_byte($chall_7_message, 11, 7*17)
$chall_8_message = rand(1..9)
$chall_8_ciphertext = encrypt_rsa_byte($chall_8_message, 11, 7*17)
$chall_9_message = rand(1..9)
$chall_9_ciphertext = encrypt_rsa_byte($chall_9_message, 17, 47*59)
$chall_10_message = rand(1..9)
$chall_10_ciphertext = encrypt_rsa_byte($chall_10_message, 17, 47*59)
REQUIRED_FLAGS = 12
while $flags.length < REQUIRED_FLAGS
$flags << "flag{#{SecureRandom.hex}}"
Print.err "Warning: Not enough flags provided to hackerbot_config generator, some flags won't be tracked/marked!"
end
def get_binding
binding
end
-%>
<?xml version="1.0"?>
<hackerbot
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/hackerbot">
<!--<hackerbot xmlns="http://www.github/cliffe/SecGen/hackerbotz"-->
<name>Hackerbot</name>
<AIML_chatbot_rules>config/AIML</AIML_chatbot_rules>
<!--Method for gaining shell access, can be overwritten per-attack-->
<!--<get_shell>bash</get_shell>-->
<get_shell>sshpass -p <%= $root_password %> ssh -oStrictHostKeyChecking=no root@{{chat_ip_address}} /bin/bash</get_shell>
<!-- <get_shell>false</get_shell>-->
<messages>
<show_attack_numbers />
<greeting>Your system is about to be hacked. I'll do what I can hold them off, but you are going to have to work with me to protect yourself. I'll cough up some flags if you work with me.</greeting>
<!--Must provide alternatives for each message-->
<say_ready>Let me know when you are 'ready', if you want to move on to another attack, say 'next', or 'previous' and I'll move things along.</say_ready>
<say_ready>When you are ready, simply say 'ready'.</say_ready>
<say_ready>'Ready'?</say_ready>
<say_ready>Better hurry, the attack is imminent... Let me know when you're 'ready'.</say_ready>
<next>Ok, I'll do what I can to move things along...</next>
<next>Moving things along to the next attack...</next>
<next>Ok, next attack...</next>
<previous>Ok, I'll do what I can to back things up...</previous>
<previous>Ok, previous attack...</previous>
<previous>Ok, backing up.</previous>
<goto>Ok, skipping it along.</goto>
<goto>Let me see what I can do to goto that attack.</goto>
<last_attack>That was the last attack for now. You can rest easy, until next time... (End.)</last_attack>
<last_attack>That was the last attack. Game over?</last_attack>
<first_attack>You are back to the beginning!</first_attack>
<first_attack>This is where it all began.</first_attack>
<getting_shell>Ok. Gaining shell access, and running post command...</getting_shell>
<getting_shell>Hacking in progress...</getting_shell>
<getting_shell>Attack underway...</getting_shell>
<getting_shell>Here we go...</getting_shell>
<got_shell>We are in to your system.</got_shell>
<got_shell>You are pwned.</got_shell>
<got_shell>We have shell.</got_shell>
<repeat>Let me know when you are 'ready', if you want to move on to another attack, say 'next', or 'previous' and I'll move things along.</repeat>
<repeat>Say 'ready', 'next', or 'previous'.</repeat>
<!--Single responses:-->
<help>I am waiting for you to say 'ready', 'next', 'previous', 'list', 'goto *X*', or 'answer *X*'</help>
<say_answer>Say "The answer is *X*".</say_answer>
<no_quiz>There is no question to answer</no_quiz>
<correct_answer>Correct</correct_answer>
<incorrect_answer>Incorrect</incorrect_answer>
<invalid>That's not possible.</invalid>
<non_answer>Wouldn't you like to know.</non_answer>
<!--can be overwritten per-attack-->
<shell_fail_message>Oh no. Failed to get shell... You need to let us in.</shell_fail_message>
</messages>
<tutorial_info>
<title>Public-key Cryptography - Asymmetric Key Encryption with RSA</title>
<tutorial><%= ERB.new(File.read self.templates_path + 'intro.md.erb').result(self.get_binding) %></tutorial>
<footer>
<%= File.read self.templates_path + 'resources.md.erb' %>
|
<%= File.read self.templates_path + 'license.md.erb' %>
Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%= Time.new.to_s %>)
</footer>
<provide_tutorial>true</provide_tutorial>
</tutorial_info>
<attack>
<prompt>Create a public and private RSA key pair within the <%= $chall_1_path %> directory using the file names key.pub and key.priv for the public and private key respectively.</prompt>
<post_command>grep 'BEGIN RSA PRIVATE KEY' <%=$chall_1_path %>/key.priv > /dev/null; priv=$?; grep 'BEGIN PUBLIC KEY' <%=$chall_1_path %>/key.pub > /dev/null; pub=$?; echo $priv$pub</post_command>
<suppress_command_output_feedback/>
<condition>
<output_matches>22</output_matches>
<message>You have not created a public and private RSA key in the specified directory using the file names provided.</message>
</condition>
<condition>
<output_matches>02</output_matches>
<message>You created your private key file, but not the public key file.</message>
</condition>
<condition>
<output_matches>10</output_matches>
<mesage>Something was not quite right with your private key file</mesage>
</condition>
<condition>
<output_matches>01</output_matches>
<mesage>Something was not quite right with your public key file</mesage>
</condition>
<condition>
<output_matches>00</output_matches>
<message>Well done :) <%= $flags.pop %></message>
<trigger_next_attack>true</trigger_next_attack>
</condition>
<else_condition>
<message>Something was not quite right...</message>
</else_condition>
<tutorial><%= ERB.new(File.read self.templates_path + 'rsa_openssl_example.md.erb').result(self.get_binding) %></tutorial>
</attack>
<attack>
<prompt>Create another public and private RSA key pair within the <%= $chall_2_path %> directory using the file names key.pub and key.priv for the public and private key respectively. Encrypt a message file containing "<%= $chall_2_msg %>" using the public key and store the encrypted message within <%= $chall_2_path %>/message.enc</prompt>
<post_command>grep 'BEGIN RSA PRIVATE KEY' <%=$chall_2_path %>/key.priv > /dev/null; priv=$?; grep 'BEGIN PUBLIC KEY' <%=$chall_2_path %>/key.pub > /dev/null; pub=$?; ls <%= $chall_2_path %>/message.enc 2> /dev/null; mfile=$?; msg_decrypt=`openssl pkeyutl -in <%= $chall_2_path %>/message.enc -decrypt -inkey <%= $chall_2_path %>/key.priv 2>/dev/null`; echo $priv$pub$mfile$msg_decrypt</post_command>
<suppress_command_output_feedback/>
<condition>
<output_matches>222</output_matches>
<message>You have not created a public and private RSA key in the specified directory using the file names provided, or encrypted a message with RSA. Double check that you're working within the specified directory.</message>
</condition>
<condition>
<output_matches>022</output_matches>
<message>You created your private key file, but not the public key file.</message>
</condition>
<condition>
<output_matches>002</output_matches>
<message>You created your public and private key file, but the encrypted message cannot be found at the specified location.</message>
</condition>
<condition>
<output_matches>000<%= $chall_2_msg %></output_matches>
<message>Well done :) <%= $flags.pop %></message>
<trigger_next_attack>true</trigger_next_attack>
</condition>
<condition>
<output_matches>000</output_matches>
<message>Something was not quite right. There was an error decrypting your encrypted message file with the private key.</message>
</condition>
<else_condition>
<message>Something was not quite right...</message>
</else_condition>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Using the given values in the example above (p = 7, q = 23, N = 161, phiN = 132, e = (5,161), d = 53), decrypt the following ciphertext: "<%= $chall_3_ciphertext %>"</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What was the encrypted message?</question>
<answer><%= $chall_3_message %></answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
<trigger_next_attack>true</trigger_next_attack>
</quiz>
<tutorial><%= ERB.new(File.read self.templates_path + 'rsa_python3_example.md.erb').result(self.get_binding) %></tutorial>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Using the given values in the example above (p = 7, q = 23, N = 161, phiN = 132, e = (5,161), d = 53), encrypt the following message: "<%= $chall_4_message %>"</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What is the encrypted ciphertext?</question>
<answer><%= $chall_4_ciphertext %></answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
<trigger_next_attack>true</trigger_next_attack>
</quiz>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Perform encryption using the RSA algorithm with the following values: p = 3, q = 5, e = 3, message = <%=$chall_5_message%> (the integer, not the ASCII character).</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What is the ciphertext?</question>
<answer><%=$chall_5_ciphertext %></answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
<trigger_next_attack>true</trigger_next_attack>
</quiz>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Perform decryption using the RSA algorithm with the following values: p = 3, q = 5, e = 3, ciphertext = <%= $chall_6_ciphertext %> (raw value)</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What is the message?</question>
<answer><%= $chall_6_message %></answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
<trigger_next_attack>true</trigger_next_attack>
</quiz>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Perform encryption using the RSA algorithm with the following values: p = 7, q = 17, e = 11, message = <%= $chall_7_message %> (the integer, not the ASCII character).</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What is the ciphertext?</question>
<answer><%=$chall_7_ciphertext %></answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
<trigger_next_attack>true</trigger_next_attack>
</quiz>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Perform decryption using the RSA algorithm with the following values: p = 7, q = 17, e = 11, ciphertext = <%= $chall_8_ciphertext %> (raw value)</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What is the message?</question>
<answer><%= $chall_8_message %></answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
<trigger_next_attack>true</trigger_next_attack>
</quiz>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Perform encryption using the RSA algorithm with the following values: p = 47, q = 59, e = 17, message = <%= $chall_9_message %> (the integer, not the ASCII character).</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What is the ciphertext?</question>
<answer><%=$chall_9_ciphertext %></answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
<trigger_next_attack>true</trigger_next_attack>
</quiz>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Perform decryption using the RSA algorithm with the following values: p = 7, q = 17, d = 157, ciphertext = "<%= $chall_10_ciphertext%>"</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What is the message?</question>
<answer><%= $chall_10_message %></answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
<trigger_next_attack>true</trigger_next_attack>
</quiz>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Given these values, what would be the suitable values for e?: p = 7, q = 11</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What are the suitable values for e? (include spaces in your response and ensure the values are in ascending order, e.g. "The answer is 1 2 3")</question>
<answer>13 17 19 23 29 31 37 41 43 47 53 59</answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
<trigger_next_attack>true</trigger_next_attack>
</quiz>
</attack>
<attack>
<pre_shell>echo 'OK'</pre_shell>
<get_shell>false</get_shell>
<post_command></post_command>
<prompt>Given these values, what is d?: p = 7, q = 11, e = 13</prompt>
<condition>
<output_matches>OK</output_matches>
<message>OK...</message>
<trigger_quiz/>
</condition>
<condition>
<output_matches>ok</output_matches>
<mesage>ok... your turn.</mesage>
<trigger_quiz/>
</condition>
<else_condition>
<message>else..</message>
<trigger_quiz />
</else_condition>
<quiz>
<question>What is d?</question>
<answer>37</answer>
<correct_answer_response> :) <%= $flags.pop %></correct_answer_response>
</quiz>
</attack>
</hackerbot>

108
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/templates/intro.md.erb Normal file
View File

@@ -0,0 +1,108 @@
# Public-key Cryptography - Asymmetric Key Encryption with RSA
## Getting started
### VMs in this lab
==Start these VMs== (if you haven't already):
- hackerbot_server (leave it running, you don't log into this)
- desktop
### Your login details for the "desktop" VM
User: <%= $main_user %>
Password: tiaspbiqe2r (**t**his **i**s **a** **s**ecure **p**assword **b**ut **i**s **q**uite **e**asy **2** **r**emember)
You won't login to the hackerbot_server, but the VM needs to be running to complete the lab.
### For marks in the module
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Submit your flags in Hacktivity to register your progress in the lab.
2. **You need to provide evidence of your flag solutions in your Log Book**. Make sure to include screenshots documenting the way you solved the challenges within your Log Book.
3. **You need to document answers to Log Book questions**. The Log Book will be submitted later in the semester.
## Meet Hackerbot!
![small-right](images/skullandusb.svg)
This exercise involves Hackerbot, a chatbot who will interact with you and your system. If you satisfy Hackerbot by completing the challenges she will reveal flags to you.
**On the desktop VM:**
==Open Pidgin and send some messages to Hackerbot:==
- Try asking Hackerbot some questions
- Send "help"
- Send "list"
- Send "hello"
Work through the following exercises, completing the Hackerbot challenges as noted, evidencing your solutions within your Log Book.
---
# Purpose
The purpose of this lab is to understand public key cryptography, specifically the RSA[^1] cipher.
# RSA and PKI[^2] in a nutshell
RSA is considered to be the most popular asymmetric cipher out there, which has been used for many years and still stands. RSA is also part of a bigger picture called Public Key Infrastructure or PKI in short.
The problem with establishing a secure communication is the trust:
- How can we confirm the identity of each party would like communicate securely (using cryptography)?
- How can we validate the data being transferred?
- How can we confirm this is x person/entity/website's public key?
Let's go back to our example as per the video associated with this lab, Alice wants to send a message to Bob, she got Bob's public key, great.. Who can confirm Bob is really Bob?! It could be anyone else impersonate Bob (perhaps a Man In The Middle)..
Here where it comes a Certification Authority or CA we assume this CA is a trusted, independent entity (usually a company) who will sign (and confirm the identity) the public key of any one wants to communicate securely. CA is part of PKI alongside hardware, software, management (and control), standards such as PKCS[^3].
There is a reading selection related to PKI and managing trust in public key cryptosystems provided at the end of the labsheet (References \[1\] to \[5\]).
[^1]: RSA named after the three creators (Ron **R**ivest, Adi **S**hamir and Leonard **A**dleman)
[^2]: Public Key Infrastructure
[^3]: Public Key Cryptography Standards (developed by RSA security LLC) - https://en.wikipedia.org/wiki/PKCS
---
## A Summary of RSA Cipher
1. Choose two large prime numbers *p* and *q*
2. Compute **N (the modulus):**
N = p . q
3. Compute **phi(N):**
phi(N) = (p-1)(q-1)
4. Choose the encryption (exponent) key (public key) **e** (**e** must satisfy two conditions):
- a number in between 1 and phi(N)
- a co-prime with N and phi(N)
5. Choose the decryption key (private key) **d:**
(e . d) mod phi(N) = 1
We can compute **d** by using **extended Euclidean algorithm** to get the inverse of **e**
d = (e^-1) mod phi(N)
**Encryption/Decryption operations:**
Encryption:
(M^e) mod N
Decryption:
(C^d) mod N
Where:
- **M** is the message (clear/plain text)
- **e** is the public key (the encryption key)
- **N** is the modulus
- **C** is the ciphertext, and
- **d** is the private key (decryption key)

114
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/templates/labsheet.html.erb Normal file
View File

@@ -0,0 +1,114 @@
<html>
<head>
<title><%= self.title %></title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/github-markdown.css">
<style>
.markdown-body {
box-sizing: border-box;
min-width: 200px;
margin: 0 auto;
padding: 45px;
}
.markdown-body h4[id^='hackerbot']:after {
display: inline-block;
float: right;
content: url("images/skullandusb.svg");
width: 30px;
}
article {
float: right;
width: calc(100% - 300px);
}
.toc {
float: left;
font-size: smaller;
color: #1a1d22;
width: 300px;
position: fixed;
height: calc(100% - 56px);
overflow-y: scroll;
font-family: sans-serif;
margin-top: 50px;
}
.toc ul {
list-style-type: none;
padding: 0;
margin-left: 1em;
}
.toc li { /* Space between menu items*/
margin: 1em 0;
}
.toc a {
color: #1a1d22;
text-decoration: none;
}
.toc a:hover {
color: #6c036d;
text-decoration: none;
}
.toc a:visited {
color: #1a1d22;
text-decoration: none;
}
.markdown-body pre, .markdown-body code {
background-color: #570138;
color: whitesmoke;
}
.markdown-body img[alt="small-left"] {
max-width: 100px;
float: left;
}
.markdown-body img[alt="small-right"] {
max-width: 100px;
float: right;
}
.markdown-body img[alt="tiny-right"] {
max-width: 30px;
float: right;
}
.markdown-body img[alt="small"] {
max-width: 100px;
display: block;
margin-left: auto;
margin-right: auto;
padding: 15px;
}
mark {
background-color: white;
color: #5b29bd;
font-weight: bolder;
}
@media (max-width: 767px) {
.markdown-body {
padding: 15px;
min-width: 200px;
}
.toc {
float: none;
width: 100%;
position: relative;
overflow: auto;
height: auto;
}
article {
float: none;
width: 100%;
}
}
</style>
<div class="toc">
<%= self.html_TOC_rendered %>
</div>
<article class="markdown-body">
<%= self.html_rendered %>
</article>
<script src="js/code-prettify/loader/run_prettify.js?autoload=true&amp;skin=sunburst&amp;lang=css"></script>
</body>
</html>

6
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/templates/license.md.erb Normal file
View File

@@ -0,0 +1,6 @@
## License
This lab by [*Z. Cliffe Schreuders*](http://z.cliffe.schreuders.org) at Leeds Beckett University is licensed under a [*Creative Commons Attribution-ShareAlike 3.0 Unported License*](http://creativecommons.org/licenses/by-sa/3.0/deed.en_GB).
Included software source code is also licensed under the GNU General Public License, either version 3 of the License, or (at your option) any later version.
![small](images/leedsbeckett-logo.png)

10
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/templates/resources.md.erb Normal file
View File

@@ -0,0 +1,10 @@
## Resources
[1] Terence Spies. "Chapter 39 - Public Key Infrastructure". In: *Computer and Information Security Handbook (Second Edition).* Ed. by John R. Vacca. Second Edition. Boston: Morgan Kaufmann, 2013, p. 703. ISBN: 978-0-12-394397-2. DOI: https://doi.org/10.1016/B978-0-12-394397-2.00039- 8. URL: https://www.sciencedirect.com/science/article/pii/B9780123943972000398
[2] Tiffany Hyun-Jin Kim et al. "Accountable key infrastructure (AKI) a proposal for a public-key validation infrastructure". In: *Proceedings of the 22nd international conference on World Wide Web.* 2013, pp. 679-690.
[3] Johannes Buchmann et al. *Introduction to public key infrastructures.* Vol. 36. Springer, 2013.
[4] Aysha Albarqi et al. "Public key infrastructure: A survey". In: *Journal of Information Security* 6.01 (2014), p. 31.
[5] Dimitrios Lekkas. "Establishing and managing trust within the public key infrastructure". In: *Computer Communications* 26.16 (2003), pp. 1815-1825.
[6] S. Stinson Douglas and B. Paterson Maura. *Cryptography Theory and Practice*. 4th edition. CRC Press, 2019.
[7] Bruce Schneier. *Applied Cryptography*. 2nd edition. John Wiley & Sons, 1996.
[8] Keith M. Martin. *Everyday Cryptography*. 2nd edition. Oxford University Press, 2017.

14
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/templates/rsa_manual_lab_tasks.md.erb Normal file
View File

@@ -0,0 +1,14 @@
==Complete the following Log Book task:==
Encryption/decryption techniques are methods that help with confusion and diffusion in a cryptosystem.
You may highlight the mathematics behind the reviewed algorithms/cipher if you would like to do so;
however, this is not required unless necessary as part of your discussion/review.
A) The Security of RSA cryptosystem.
B) Diffie-Hellman algorithm and its security.
### Requirements for Log Book Task
1. Provide a clear explanation of the reviewed cipher/algorithm (how it works).
2. Include illustrations, flow charts, digrams to underpin your arguments.
3. Critically evaluate the cipher/algorithm (strengths, weaknesses, efficiency, etc..).
4. Cryptanalysis techniques against the given cipher/algorithm.

30
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/templates/rsa_openssl_example.md.erb Normal file
View File

@@ -0,0 +1,30 @@
# An example of RSA using OpenSSL
Let's create a new message "msg.txt" as per the command below.
`echo '"All paid jobs absorb and degrade the mind." - Aristotle' > msg.txt`[^4]
Nice one from Aristotle, but no one will work then :)
The below is just an example of using openssl to encrypt and decrypt a message, but of course private key should never be shared and/or exported in plaintext.
```bash
# *** Generate a 4096-byte RSA private key using openssl
openssl genrsa -out bobs-private-key.private 4096
# *** Check Bob's private key ***
cat bobs-private-key.private
# * it should start with -----BEGIN RSA PRIVATE KEY-----
# *** Generate a public key from the private key ***
openssl rsa -in bobs-private-key.private -pubout -out bobs-public-key.pub
# *** Check Bob's public key ***
cat bobs-public-key.pub
# * it should start with -----BEGIN PUBLIC KEY-----
# *** Encrypt msg.txt ***
openssl pkeyutl -in msg.txt -encrypt -pubin -inkey bobs-public-key.pub > msg-rsa.enc
# *** Decrypt msg-rsa.enc ***
# *** Step 2 - Decrypt msg-rsa.enc
openssl pkeyutl -in msg-rsa.enc -decrypt -inkey bobs-private-key.private | tee msg-decrypted.txt
```
[^4]: https://www.quoteambition.com/aristotle-quotes/

95
modules/generators/structured_content/hackerbot_config/asymmetric_enc_rsa/templates/rsa_python3_example.md.erb Normal file
View File

@@ -0,0 +1,95 @@
# An example of RSA using Python3
In this example we will go through the following steps:
- Pick 2 prime numbers, *p* and *q*
- Calculate *N*
- Calculate *phi(N)*
- Select exponent *e* (used for encryption)
- Select *d* (used for decryption)
From your Linux shell prompt open the python3 REPL to begin:
`python3`
### Pick 2 prime numbers p and q
```
>>> p = 7
>>> q = 23
```
### Calculate N
```
>>> N = p * q
```
### Calculate phi(N)
```
>>> phiN = (p-1)*(q-1)
>>> print(p, q, N, phiN)
```
So far we have calculated: *p* = 7, *q* = 23, *N* = 161 and *phiN* = 132
### Find e (exponent / encryption key / public key)
- *e* must be between 1 and 132 (1 and *phi(N)*)
- Also, *e* must be a co-prime with *n* and *phi(N)*
1. Check all of the numbers in the ring (1-132), once the above conditions are met, select *e*
2. Let's keep it simple and choose 5 as e (as it satisfies both conditions)
3. For this example, the public key (e, N) is (5, 161)
### Find d (decryption key / private key)
- *d* must satisfy this condition (*d*.*e*) mod phi(N) = 1
- *d* will always be within the 1-132 ring of integers
To find the decryption key, multiply each number of the ring (modulo 132) until you reach 1
- Such that (d * 5) mod 132 = 1
Let's select *d* as 53
- Such that d = 53
(53 * 5) % 132 = 1
### Encryption
RSA works using numbers, so let's find the integer representation of this message: "The Hobbit"
Python's built in ord() function takes in a character as an argument and returns the integer that represents the character in [ASCII](https://www.rapidtables.com/code/text/ascii-table.html).
e.g. ord('Z') will return 90.
```
>>> ord('T')
>>> ord('h')
>>> ord('e')
>>> ord('')
>>> ord('H')
>>> ord('o')
>>> ord('b')
>>> ord('i')
>>> ord('t')
>>> ord('t')
*** 84 104 101 32 72 111 98 105 116 116 ***
(84 ** e) % N
(104 ** e) % N
(101 ** e) % N
(32 ** e) % N
(72 ** e) % N
(111 ** e) % N
(98 ** e) % N
(105 ** e) % N
(116 ** e) % N
(116 ** e) % N
*** Ciphertext: 7 41 54 100 151 34 140 119 93 93 ***
*** To decrypt ***
(7 ** d) % N
(41 ** d) % N
... etc ...
... etc ...
```

5
modules/utilities/unix/system/python_crypto_libs/manifests/install.pp Normal file
View File

@@ -0,0 +1,5 @@
class python_crypto_libs::install{
package { ['python3-pip', 'python3-numpy', 'python3-pycryptodome']:
ensure => 'installed',
}
}

1
modules/utilities/unix/system/python_crypto_libs/python_crypto_libs.pp Normal file
View File

@@ -0,0 +1 @@
include python_crypto_libs::install

17
modules/utilities/unix/system/python_crypto_libs/secgen_metadata.xml Normal file
View File

@@ -0,0 +1,17 @@
<?xml version="1.0"?>
<utility xmlns="http://www.github/cliffe/SecGen/utility"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
<name>Numpy for Python3</name>
<author>Thomas Shaw</author>
<module_license>Apache v2</module_license>
<description>Installs numpy for python3.</description>
<type>library</type>
<platform>linux</platform>
<requires>
<type>update</type>
</requires>
</utility>

186
scenarios/labs/cyber_security_landscape/7_asymmetric_enc_rsa.xml Normal file
View File

@@ -0,0 +1,186 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Asymmetric Encryption with RSA</name>
<author>Z. Cliffe Schreuders</author>
<description>A Hackerbot lab. Work through the labsheet, then when prompted interact with Hackerbot. Topics covered: Asymmetric Encryption, RSA</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<!-- TODO: Update CyBOK -->
<CyBOK KA="AAA" topic="Authorisation">
<keyword>access control</keyword>
<keyword>Protecting integrity</keyword>
</CyBOK>
<CyBOK KA="OSV" topic="Primitives for Isolation and Mediation">
<keyword>Linux read only protections: ro mounts, file attributes</keyword>
</CyBOK>
<!-- /TODO: Update CyBOK -->
<!-- TODO: Update Videos -->
<video>
<title>The CIA Triad</title>
<by>Z. Cliffe Schreuders</by>
<url>https://www.youtube.com/watch?v=sv1pHuuoW9g</url>
<type>lecture-prerecorded</type>
<CyBOK KA="IC" topic="Foundational Concepts">
<keyword>objectives of cyber security</keyword>
</CyBOK>
</video>
<video>
<title>Protecting Integrity</title>
<by>Z. Cliffe Schreuders</by>
<url>https://www.youtube.com/watch?v=grISRv-CuHE</url>
<type>lecture-prerecorded</type>
<CyBOK KA="AAA" topic="Authorisation">
<keyword>access control</keyword>
<keyword>Protecting integrity</keyword>
</CyBOK>
<CyBOK KA="OSV" topic="Primitives for Isolation and Mediation">
<keyword>Linux read only protections: ro mounts, file attributes</keyword>
</CyBOK>
</video>
<!-- /TODO: Update Videos -->
<system>
<system_name>desktop</system_name>
<base distro="Debian 10" type="desktop" name="KDE"/>
<input into_datastore="IP_addresses">
<value>172.16.0.2</value>
<value>172.16.0.3</value>
</input>
<!--generate two accounts, YOU and someone else-->
<input into_datastore="accounts">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>true</value>
</input>
</generator>
</input>
<input into_datastore="desktop_root_password">
<!-- TODO: Uncomment when ready <generator type="strong_password_generator"/>-->
<value>test</value>
</input>
<!--Create the users-->
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>accounts</datastore>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="autologin_user">
<datastore access="0" access_json="['username']">accounts</datastore>
</input>
<input into="accounts">
<datastore>accounts</datastore>
</input>
<input into="autostart_konsole">
<value>true</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/hash_tools"/>
<utility module_path=".*/python_crypto_libs"/>
<utility module_path=".*/iceweasel">
<input into="accounts">
<datastore>accounts</datastore>
</input>
<input into="autostart">
<value>true</value>
</input>
<input into="start_page">
<datastore access="1">IP_addresses</datastore>
</input>
</utility>
<utility module_path=".*/pidgin">
<input into="server_ip">
<datastore access="1">IP_addresses</datastore>
</input>
<input into="accounts">
<datastore access="0">accounts</datastore>
</input>
</utility>
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>desktop_root_password</datastore>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>hb_server</system_name>
<base distro="Kali" name="MSF"/>
<service type="ircd"/>
<utility module_path=".*/metasploit_framework"/>
<utility module_path=".*/nmap"/>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/python_crypto_libs"/>
<service type="httpd"/>
<utility module_path=".*/hackerbot">
<input into="hackerbot_configs">
<generator module_path=".*/asymmetric_enc_rsa">
<input into="accounts">
<datastore>accounts</datastore>
</input>
<input into="root_password">
<datastore>desktop_root_password</datastore>
</input>
<input into="desktop_ip">
<datastore access="0">IP_addresses</datastore>
</input>
<input into="hackerbot_server_ip">
<datastore access="1">IP_addresses</datastore>
</input>
</generator>
</input>
</utility>
<network type="private_network" >
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<!-- <generator type="strong_password_generator"/>-->
<value>toor</value>
</input>
</build>
</system>
</scenario>