mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-21 19:28:02 +00:00
155 lines
4.9 KiB
XML
155 lines
4.9 KiB
XML
<?xml version="1.0"?>
|
|
|
|
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
|
|
|
|
<name>Experiment: Flags</name>
|
|
<author>Thomas Shaw</author>
|
|
<description>
|
|
</description>
|
|
|
|
<type>ctf</type>
|
|
<difficulty>easy</difficulty>
|
|
|
|
<!-- 4 user account level flags: -->
|
|
<!-- Distcc [x,x] -->
|
|
<!-- Readable shadow file [x,] -->
|
|
<!-- Hidden file [x,] -->
|
|
<!-- Password Cracking [x,]
|
|
(user account, via readable shadow) -->
|
|
|
|
<!-- 2 systems: -->
|
|
<!-- Kali -->
|
|
<!-- Debian victim -->
|
|
|
|
<system>
|
|
<system_name>attack_vm</system_name>
|
|
<base distro="Kali" name="MSF"/>
|
|
|
|
<input into_datastore="IP_addresses">
|
|
<!-- 0 attack_vm -->
|
|
<value>172.16.0.2</value>
|
|
<!-- 1 hackme_desktop -->
|
|
<value>172.16.0.3</value>
|
|
</input>
|
|
|
|
<utility module_path=".*/kali_top10"/>
|
|
|
|
<network type="private_network">
|
|
<input into="IP_address">
|
|
<datastore access="0">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
</system>
|
|
|
|
<system>
|
|
<system_name>hackme_desktop</system_name>
|
|
<base distro="Debian 10" type="desktop"/>
|
|
|
|
<utility module_path=".*/parameterised_accounts">
|
|
<input into="accounts" into_datastore="accounts">
|
|
<!-- Default account -->
|
|
<generator type="account">
|
|
<input into="username">
|
|
<value>challenger</value>
|
|
</input>
|
|
<input into="password">
|
|
<value>tiaspbiqe2r</value>
|
|
</input>
|
|
<input into="super_user">
|
|
<value>false</value>
|
|
</input>
|
|
</generator>
|
|
<!-- Crackable account -->
|
|
<generator type="account">
|
|
<input into="username">
|
|
<value>crackme</value>
|
|
</input>
|
|
<input into="password" into_datastore="server_crackme_password">
|
|
<generator type="weak_password_generator"/>
|
|
</input>
|
|
<!-- this flag is available to root -->
|
|
<input into="leaked_filenames">
|
|
<value>flag</value>
|
|
</input>
|
|
<input into="strings_to_leak">
|
|
<generator type="flag_generator"/>
|
|
</input>
|
|
</generator>
|
|
</input>
|
|
</utility>
|
|
|
|
<vulnerability module_path="vulnerabilities/unix/misc/distcc_exec">
|
|
<input into="strings_to_leak">
|
|
<generator type="flag_generator"/>
|
|
</input>
|
|
<input into="leaked_filenames">
|
|
<value>flag</value>
|
|
</input>
|
|
</vulnerability>
|
|
|
|
<vulnerability module_path="vulnerabilities/unix/access_control_misconfigurations/readable_shadow">
|
|
<input into="strings_to_leak">
|
|
<generator type="flag_generator"/>
|
|
</input>
|
|
</vulnerability>
|
|
<vulnerability module_path=".*/hidden_file">
|
|
<input into="file_path_to_leak">
|
|
<value>/home/challenger/.top_secret_file</value>
|
|
</input>
|
|
<input into="strings_to_leak">
|
|
<value>no warnings;
|
|
`$=`;$_=\%!;($_)=/(.)/;$==++$|;($.,$/,$,,$\,$",$;,$^,$#,$~,$*,$:,@%)=($!=~/(.)(.).(.)(.)(.)(.)..(.)(.)(.)..(.)......(.)/,$"),$=++;$.++;$.++;$_++;$_++;($_,$\,$,)=($~.$"."$;$/$%[$?]$_$\$,$:$%[$?]",$"&$~,$#,);$,++;$,++;$^|=$";`$_$\$,$/$:$;$~$*$%[$?]$.$~$*${#}$%[$?]$;$\$"$^$~$*.>&$=`
|
|
</value>
|
|
<generator type="personal_sensitive"/>
|
|
<encoder type="csv">
|
|
<input into="strings_to_encode" into_datastore="clients">
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
</input>
|
|
</encoder>
|
|
<encoder type="csv">
|
|
<input into="strings_to_encode">
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
<generator type="person"/>
|
|
</input>
|
|
</encoder>
|
|
<generator type="flag_generator"/>
|
|
</input>
|
|
</vulnerability>
|
|
|
|
<utility module_path=".*/kde_minimal">
|
|
<input into="autologin_user">
|
|
<datastore access="0" access_json="['username']">accounts</datastore>
|
|
</input>
|
|
<input into="accounts">
|
|
<datastore>accounts</datastore>
|
|
</input>
|
|
<input into="autostart_konsole">
|
|
<value>true</value>
|
|
</input>
|
|
</utility>
|
|
|
|
<build type="cleanup">
|
|
<input into="root_password">
|
|
<generator type="strong_password_generator"/>
|
|
</input>
|
|
</build>
|
|
|
|
<network type="private_network">
|
|
<input into="IP_address">
|
|
<datastore access="1">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
</system>
|
|
|
|
</scenario> |