mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-21 11:18:06 +00:00
141 lines
6.0 KiB
Ruby
141 lines
6.0 KiB
Ruby
require 'nokogiri'
|
|
|
|
# Convert systems objects into xml
|
|
class XmlMarkerGenerator
|
|
|
|
# @param [Object] systems the list of systems
|
|
# @param [Object] scenario the scenario file used to generate
|
|
# @param [Object] time the current time as a string
|
|
def initialize(systems, scenario, time)
|
|
@systems = systems
|
|
@scenario = scenario
|
|
@time = time
|
|
end
|
|
|
|
# outputs a XML marker file that can be used to mark flags and provide hints
|
|
# @return [Object] xml string
|
|
def output
|
|
ns = {
|
|
'xmlns' => "http://www.github/cliffe/SecGen/marker",
|
|
'xmlns:xsi' => "http://www.w3.org/2001/XMLSchema-instance",
|
|
'xsi:schemaLocation' => "http://www.github/cliffe/SecGen/marker"
|
|
}
|
|
builder = Nokogiri::XML::Builder.new do |xml|
|
|
xml.scenario (ns) {
|
|
xml.comment 'This file was generated by SecGen'
|
|
xml.comment "#{@time}"
|
|
xml.comment "Based on a fulfilment of scenario: #{@scenario}"
|
|
@systems.each { |system|
|
|
xml.system {
|
|
xml.system_name system.name
|
|
xml.platform system.module_selections.first.attributes['platform'].first
|
|
|
|
system.module_selections.each { |selected_module|
|
|
|
|
# start by finding a flag, and work the way back providing hints
|
|
selected_module.output.each { |output_value|
|
|
if output_value.match(/^flag{.*$/)
|
|
xml.challenge{
|
|
xml.flag(output_value)
|
|
|
|
system.module_selections.each { |search_module|
|
|
if search_module.unique_id == selected_module.write_to_module_with_id
|
|
module_hints(search_module, xml, system.module_selections)
|
|
end
|
|
}
|
|
|
|
# add_hint("Remember, search for text in the format of flag{SOMETHING}, and submit it for points", "flaggyflag", "normal", xml)
|
|
}
|
|
end
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
end
|
|
builder.to_xml
|
|
|
|
end
|
|
|
|
def module_hints(search_module, xml, all_module_selections)
|
|
|
|
if search_module.write_to_module_with_id != ""
|
|
# recursion -- show hints for any parent modules
|
|
all_module_selections.each { |search_module_recursive|
|
|
if search_module_recursive.unique_id == search_module.write_to_module_with_id
|
|
module_hints(search_module_recursive, xml, all_module_selections)
|
|
end
|
|
}
|
|
end
|
|
|
|
case search_module.module_type
|
|
when "vulnerability"
|
|
case search_module.attributes['access'].first
|
|
when "remote"
|
|
add_hint("A vulnerability that can be accessed/exploited remotely. Perhaps try scanning the system/network?", "#{search_module.unique_id}remote", "normal", xml)
|
|
when "local"
|
|
add_hint("A vulnerability that can only be accessed/exploited with local access. You need to first find a way in...", "#{search_module.unique_id}local", "normal", xml)
|
|
end
|
|
type = search_module.attributes['type'].first
|
|
unless type == 'system' or type == 'misc' or type == 'ctf' or type == 'local' or type == 'ctf_challenge'
|
|
add_hint("The system is vulnerable in terms of its #{search_module.attributes['type'].first}", "#{search_module.unique_id}firsttype", "big_hint", xml)
|
|
end
|
|
add_hint("The system is vulnerable to #{search_module.attributes['name'].first}", "#{search_module.unique_id}name", "big_hint", xml)
|
|
if search_module.attributes['hint']
|
|
search_module.attributes['hint'].each_with_index { |hint, i|
|
|
add_hint(clean_hint(hint), "#{search_module.unique_id}hint#{i}", "big_hint", xml) # .gsub(/\s+/, ' ')
|
|
}
|
|
end
|
|
if search_module.attributes['solution']
|
|
solution = search_module.attributes['solution'].first
|
|
add_hint(clean_hint(solution), "#{search_module.unique_id}solution", "big_hint", xml)
|
|
end
|
|
if search_module.attributes['msf_module']
|
|
add_hint("Can be exploited using the Metasploit module: #{search_module.attributes['msf_module'].first}", "#{search_module.unique_id}msf_module", "big_hint", xml)
|
|
end
|
|
|
|
when "service"
|
|
add_hint("The flag is hosted using #{search_module.attributes['type'].first}", "#{search_module.unique_id}type", "normal", xml)
|
|
when "encoder"
|
|
add_hint("The flag is encoded/hidden somewhere", "#{search_module.unique_id}itsanencoder", "normal", xml)
|
|
if search_module.attributes['type'].include? 'string_encoder'
|
|
add_hint("There is a layer of encoding using a standard encoding method, look for an unusual string of text and try to figure out how it was encoded, and decode it", "#{search_module.unique_id}stringencoder", "normal", xml)
|
|
end
|
|
if search_module.attributes['solution'] == nil
|
|
add_hint("The flag is encoded using a #{search_module.attributes['name'].first}", "#{search_module.unique_id}name", "big_hint", xml)
|
|
end
|
|
if search_module.attributes['hint']
|
|
search_module.attributes['hint'].each_with_index { |hint, i|
|
|
add_hint(clean_hint(hint), "#{search_module.unique_id}hint#{i}", "big_hint", xml)
|
|
}
|
|
end
|
|
if search_module.attributes['solution']
|
|
solution = search_module.attributes['solution'].first
|
|
add_hint(clean_hint(solution), "#{search_module.unique_id}solution", "big_hint", xml)
|
|
end
|
|
when "generator"
|
|
if search_module.attributes['hint']
|
|
search_module.attributes['hint'].each_with_index { |hint, i|
|
|
add_hint(clean_hint(hint), "#{search_module.unique_id}hint#{i}", "big_hint", xml)
|
|
}
|
|
end
|
|
if search_module.attributes['solution']
|
|
solution = search_module.attributes['solution'].first
|
|
add_hint(clean_hint(solution), "#{search_module.unique_id}solution", "big_hint", xml)
|
|
end
|
|
end
|
|
|
|
end
|
|
end
|
|
|
|
def add_hint(hint_text, hint_id, hint_type, xml)
|
|
xml.hint {
|
|
xml.hint_text(hint_text)
|
|
xml.hint_type(hint_type)
|
|
xml.hint_id(hint_id)
|
|
}
|
|
end
|
|
|
|
def clean_hint str
|
|
str.tr("\n",'').gsub(/\s+/, ' ')
|
|
end |