mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-20 13:50:45 +00:00
150 lines
4.6 KiB
XML
150 lines
4.6 KiB
XML
<?xml version="1.0"?>
|
|
|
|
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
|
|
|
|
<name>All moin</name>
|
|
<author>Z. Cliffe Schreuders</author>
|
|
<description>Hack the web_server from kali.
|
|
</description>
|
|
|
|
<type>ctf</type>
|
|
<type>attack-ctf</type>
|
|
<type>pwn-ctf</type>
|
|
<difficulty>medium</difficulty>
|
|
|
|
<!-- MoinMoin -->
|
|
<CyBOK KA="WAM" topic="Server-Side Vulnerabilities and Mitigations">
|
|
<keyword>server-side misconfiguration and vulnerable components</keyword>
|
|
<keyword>Directory traversal</keyword>
|
|
</CyBOK>
|
|
<CyBOK KA="MAT" topic="Attacks and exploitation">
|
|
<keyword>EXPLOITATION</keyword>
|
|
<keyword>EXPLOITATION FRAMEWORKS</keyword>
|
|
<keyword>DIRECTORY TRAVERSAL</keyword>
|
|
</CyBOK>
|
|
<CyBOK KA="SS" topic="Categories of Vulnerabilities">
|
|
<keyword>CVEs and CWEs</keyword>
|
|
</CyBOK>
|
|
<CyBOK KA="SOIM" topic="PENETRATION TESTING">
|
|
<keyword>PENETRATION TESTING - SOFTWARE TOOLS</keyword>
|
|
<keyword>PENETRATION TESTING - ACTIVE PENETRATION</keyword>
|
|
</CyBOK>
|
|
|
|
<!-- escalate to user and to root via sudo -->
|
|
<CyBOK KA="AAA" topic="Authorisation">
|
|
<keyword>access control</keyword>
|
|
<keyword>Elevated privileges</keyword>
|
|
<keyword>Vulnerabilities and attacks on access control misconfigurations</keyword>
|
|
</CyBOK>
|
|
<CyBOK KA="OSV" topic="Primitives for Isolation and Mediation">
|
|
<keyword>Access controls and operating systems</keyword>
|
|
<keyword>Linux security model</keyword>
|
|
<keyword>Attacks against SUDO</keyword>
|
|
</CyBOK>
|
|
|
|
<CyBOK KA="AB" topic="Models">
|
|
<keyword>kill chains</keyword>
|
|
</CyBOK>
|
|
<CyBOK KA="MAT" topic="Malicious Activities by Malware">
|
|
<keyword>cyber kill chain</keyword>
|
|
</CyBOK>
|
|
|
|
<!-- stegonography or metadata, or otherwise encoded -->
|
|
<CyBOK KA="F" topic="Artifact Analysis">
|
|
<keyword>STEGANOGRAPHY</keyword>
|
|
<keyword>METADATA</keyword>
|
|
</CyBOK>
|
|
<CyBOK KA="POR" topic="Privacy Technologies and Democratic Values">
|
|
<keyword>STEGANOGRAPHY</keyword>
|
|
<keyword>METADATA</keyword>
|
|
</CyBOK>
|
|
|
|
<system>
|
|
<system_name>attack_vm</system_name>
|
|
<base distro="Kali" name="MSF"/>
|
|
|
|
|
|
<input into_datastore="IP_addresses">
|
|
<!-- 0 attack_vm -->
|
|
<value>172.16.0.2</value>
|
|
<!-- 1 hackme_server -->
|
|
<value>172.16.0.3</value>
|
|
</input>
|
|
|
|
<utility module_path=".*/iceweasel">
|
|
<input into="accounts">
|
|
<value>{"username":"root","password":"toor","super_user":"","strings_to_leak":[],"leaked_filenames":[]}</value>
|
|
</input>
|
|
<input into="autostart">
|
|
<value>false</value>
|
|
</input>
|
|
</utility>
|
|
|
|
<utility module_path=".*/kali_top10"/>
|
|
<utility module_path=".*/kali_web"/>
|
|
|
|
<network type="private_network">
|
|
<input into="IP_address">
|
|
<datastore access="0">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
</system>
|
|
|
|
<system>
|
|
<system_name>web_server</system_name>
|
|
<base distro="Debian 10" type="desktop" name="KDE"/>
|
|
|
|
<input into_datastore="organisation">
|
|
<encoder type="line_selector">
|
|
<input into="file_path">
|
|
<value>lib/resources/structured_content/organisations/json_organisations</value>
|
|
</input>
|
|
</encoder>
|
|
</input>
|
|
|
|
|
|
<vulnerability module_path=".*/moinmoin_195">
|
|
<input into="organisation">
|
|
<datastore>organisation</datastore>
|
|
</input>
|
|
<input into="strings_to_leak">
|
|
<generator type="flag_generator"/>
|
|
</input>
|
|
<input into="strings_to_pre_leak">
|
|
<generator type="flag_generator"/>
|
|
</input>
|
|
<input into="images_to_leak">
|
|
<generator read_fact="strings_to_leak" type="image_generator" >
|
|
<input into="strings_to_leak">
|
|
<generator type="flag_generator" />
|
|
</input>
|
|
</generator>
|
|
<generator read_fact="strings_to_leak" type="image_generator" >
|
|
<input into="strings_to_leak">
|
|
<generator type="flag_generator" />
|
|
</input>
|
|
</generator>
|
|
</input>
|
|
</vulnerability>
|
|
|
|
<vulnerability module_path=".*/sudo_root_apt_get">
|
|
<input into="strings_to_leak">
|
|
<generator type="flag_generator"/>
|
|
</input>
|
|
<input into="strings_to_pre_leak">
|
|
<generator type="flag_generator"/>
|
|
</input>
|
|
</vulnerability>
|
|
|
|
|
|
<network type="private_network">
|
|
<input into="IP_address">
|
|
<datastore access="1">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
</system>
|
|
<!-- TODO: further testing, more stego modules -->
|
|
</scenario>
|