mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-21 11:18:06 +00:00
143 lines
4.5 KiB
XML
143 lines
4.5 KiB
XML
<?xml version="1.0"?>
|
|
|
|
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
|
|
|
|
<name>Decode Me</name>
|
|
<author>Z. Cliffe Schreuders</author>
|
|
<author>Thomas Shaw</author>
|
|
<description>Find the encoded messages and decode them.
|
|
</description>
|
|
|
|
<type>ctf</type>
|
|
<type>attack-ctf</type>
|
|
<type>pwn-ctf</type>
|
|
<difficulty>intermediate</difficulty>
|
|
|
|
<CyBOK KA="AC" topic="Symmetric Cryptography">
|
|
<keyword>symmetric encryption and authentication</keyword>
|
|
</CyBOK>
|
|
<CyBOK KA="F" topic="Artifact Analysis">
|
|
<keyword>cryptographic hashing</keyword>
|
|
<keyword>Encoding and alternative data formats</keyword>
|
|
</CyBOK>
|
|
|
|
<system>
|
|
<system_name>attack_vm</system_name>
|
|
<base distro="Kali" name="MSF"/>
|
|
|
|
|
|
<input into_datastore="IP_addresses">
|
|
<value>172.16.0.2</value>
|
|
<value>172.16.0.3</value>
|
|
<value>172.16.0.4</value>
|
|
<value>172.16.0.5</value>
|
|
</input>
|
|
|
|
<utility module_path=".*/parameterised_accounts">
|
|
<input into="accounts">
|
|
<value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
|
|
</input>
|
|
</utility>
|
|
|
|
<!-- This is a decryption lab so CyberChef is needed -->
|
|
<utility module_path=".*/cyberchef"/>
|
|
|
|
<utility module_path=".*/iceweasel">
|
|
<input into="accounts">
|
|
<value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
|
|
</input>
|
|
<input into="autostart">
|
|
<value>true</value>
|
|
</input>
|
|
<input into="start_page">
|
|
<value>file:///opt/cyberchef/CyberChef.html</value>
|
|
</input>
|
|
</utility>
|
|
|
|
<utility module_path=".*/kali_top10"/>
|
|
<utility module_path=".*/kali_web"/>
|
|
|
|
<network type="private_network">
|
|
<input into="IP_address">
|
|
<datastore access="0">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
<input into_datastore="spoiler_admin_pass">
|
|
<generator type="strong_password_generator"/>
|
|
</input>
|
|
<build type="cleanup">
|
|
<input into="root_password">
|
|
<datastore>spoiler_admin_pass</datastore>
|
|
</input>
|
|
</build>
|
|
</system>
|
|
|
|
<!--some basic decoding challenges-->
|
|
<system>
|
|
<system_name>decode_me</system_name>
|
|
<base distro="Debian 12" type="desktop" name="KDE"/>
|
|
|
|
<!-- comment describes using pseudo code (C#-like methods with named optional arguments) -->
|
|
<!-- vulnerability_nfs_share_leak(strings_to_leak: encoder_flag_generator() CONCAT encoder_ascii_reversible(strings_to_encode: encoder_flag_generator()) CONCAT ...) -->
|
|
<vulnerability module_path=".*/nfs_overshare">
|
|
<input into="strings_to_leak" unique_module_list="unique_encoders">
|
|
<generator type="flag_generator" />
|
|
<encoder type="ascii_reversible">
|
|
<input into="strings_to_encode">
|
|
<generator type="flag_generator" />
|
|
</input>
|
|
</encoder>
|
|
<encoder type="alpha_reversible">
|
|
<input into="strings_to_encode">
|
|
<generator type="flag_generator" />
|
|
</input>
|
|
</encoder>
|
|
<encoder type="ascii_reversible">
|
|
<input into="strings_to_encode">
|
|
<generator type="flag_generator" />
|
|
</input>
|
|
</encoder>
|
|
<encoder type="ascii_reversible">
|
|
<input into="strings_to_encode">
|
|
<generator type="flag_generator" />
|
|
</input>
|
|
</encoder>
|
|
<encoder type="ascii_reversible">
|
|
<input into="strings_to_encode">
|
|
<generator type="flag_generator" />
|
|
</input>
|
|
</encoder>
|
|
<encoder type="ascii_reversible">
|
|
<input into="strings_to_encode">
|
|
<encoder type="ascii_reversible">
|
|
<input into="strings_to_encode">
|
|
<generator type="flag_generator" />
|
|
</input>
|
|
</encoder>
|
|
</input>
|
|
</encoder>
|
|
<encoder type="alpha_reversible">
|
|
<input into="strings_to_encode">
|
|
<generator type="flag_generator" />
|
|
</input>
|
|
</encoder>
|
|
</input>
|
|
</vulnerability>
|
|
|
|
<network type="private_network">
|
|
<input into="IP_address">
|
|
<datastore access="1">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
<build type="cleanup">
|
|
<input into="root_password">
|
|
<datastore>spoiler_admin_pass</datastore>
|
|
</input>
|
|
</build>
|
|
</system>
|
|
|
|
|
|
</scenario>
|