mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-22 19:58:03 +00:00
297 lines
8.7 KiB
XML
297 lines
8.7 KiB
XML
<?xml version="1.0"?>
|
|
|
|
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
|
|
|
|
<name>Lab workshop 1</name>
|
|
<author>Z. Cliffe Schreuders</author>
|
|
<description>A not-so-random example for giving a walk through tutorial.
|
|
|
|
Start as kali, scan the web_server, find distcc, exploit using Armitage/MSF.
|
|
Leaked username and password for log into desktop gui.
|
|
Desktop contains sensitive list of clients under main user's home directory,
|
|
and another user also has a list of clients (sudo to access).</description>
|
|
|
|
<type>workshop</type>
|
|
<difficulty>easy</difficulty>
|
|
|
|
<!--
|
|
|
|
-->
|
|
<system>
|
|
<system_name>desktop</system_name>
|
|
<base distro="Debian 7.8" type="desktop" name="KDE"/>
|
|
|
|
<input into_datastore="IP_addresses">
|
|
<value>172.16.0.2</value>
|
|
<value>172.16.0.3</value>
|
|
<value>172.16.0.4</value>
|
|
<value>172.16.0.5</value>
|
|
</input>
|
|
|
|
<input into_datastore="organisation">
|
|
<generator type="realistic_organisation"/>
|
|
</input>
|
|
|
|
<!--generate two accounts, YOU and someone else-->
|
|
<input into_datastore="accounts">
|
|
<generator type="account">
|
|
<input into="username" into_datastore="desktop_username">
|
|
<generator type="random_word_generator">
|
|
<input into="wordlist">
|
|
<value>mythical_creatures</value>
|
|
</input>
|
|
</generator>
|
|
</input>
|
|
<input into="password" into_datastore="desktop_password">
|
|
<generator type="weak_password_generator"/>
|
|
</input>
|
|
<input into="super_user">
|
|
<value>true</value>
|
|
</input>
|
|
<input into="leaked_filenames">
|
|
<value>trade_secrets/code.pl</value>
|
|
<value>personal_secrets/private</value>
|
|
<value>trade_secrets/my_clients.csv</value>
|
|
</input>
|
|
<input into="strings_to_leak" into_datastore="sensitive_code">
|
|
<value>no warnings; `$=`;$_=\%!;($_)=/(.)/;$==++$|;($.,$/,$,,$\,$",$;,$^,$#,$~,$*,$:,@%)=($!=~/(.)(.).(.)(.)(.)(.)..(.)(.)(.)..(.)......(.)/,$"),$=++;$.++;$.++;$_++;$_++;($_,$\,$,)=($~.$"."$;$/$%[$?]$_$\$,$:$%[$?]",$"&$~,$#,);$,++;$,++;$^|=$";`$_$\$,$/$:$;$~$*$%[$?]$.$~$*${#}$%[$?]$;$\$"$^$~$*.>&$=`</value>
|
|
<generator type="personal_sensitive" />
|
|
<encoder type="csv">
|
|
<input into="strings_to_encode" into_datastore="clients">
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
</input>
|
|
</encoder>
|
|
</input>
|
|
</generator>
|
|
<generator type="account">
|
|
<input into="username">
|
|
<generator type="random_word_generator">
|
|
<input into="wordlist">
|
|
<value>mythical_creatures</value>
|
|
</input>
|
|
</generator>
|
|
</input>
|
|
<input into="password">
|
|
<value>test</value>
|
|
</input>
|
|
<input into="super_user">
|
|
<value>false</value>
|
|
</input>
|
|
<input into="leaked_filenames">
|
|
<value>trade_secrets/my_clients.csv</value>
|
|
</input>
|
|
<input into="strings_to_leak">
|
|
<encoder type="csv">
|
|
<input into="strings_to_encode">
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
<generator type="person" />
|
|
</input>
|
|
</encoder>
|
|
</input>
|
|
</generator>
|
|
<generator type="account">
|
|
<input into="username">
|
|
<generator type="random_word_generator">
|
|
<input into="wordlist">
|
|
<value>mythical_creatures</value>
|
|
</input>
|
|
</generator>
|
|
</input>
|
|
<input into="password">
|
|
<generator type="weak_password_generator"/>
|
|
</input>
|
|
<input into="super_user">
|
|
<value>false</value>
|
|
</input>
|
|
<input into="leaked_filenames">
|
|
<value></value>
|
|
</input>
|
|
<input into="strings_to_leak">
|
|
<value></value>
|
|
</input>
|
|
</generator>
|
|
</input>
|
|
|
|
<input into_datastore="hackerbot_access_root_password">
|
|
<generator type="strong_password_generator"/>
|
|
</input>
|
|
|
|
<!--Create the users-->
|
|
<utility module_path=".*parameterised_accounts">
|
|
<input into="accounts">
|
|
<datastore>accounts</datastore>
|
|
</input>
|
|
<input into="strings_to_leak">
|
|
<value></value>
|
|
</input>
|
|
</utility>
|
|
|
|
<utility module_path=".*kde_minimal">
|
|
<!--<input into="autologin_user">-->
|
|
<!--<datastore access="0" access_json="['username']">accounts</datastore>-->
|
|
<!--</input>-->
|
|
<input into="accounts">
|
|
<datastore>accounts</datastore>
|
|
</input>
|
|
<input into="autostart_konsole">
|
|
<value>true</value>
|
|
</input>
|
|
</utility>
|
|
<utility module_path=".*handy_cli_tools"/>
|
|
<utility module_path=".*nmap"/>
|
|
|
|
<!--<utility module_path=".*iceweasel">-->
|
|
<!--<input into="accounts">-->
|
|
<!--<datastore>accounts</datastore>-->
|
|
<!--</input>-->
|
|
<!--<input into="autostart">-->
|
|
<!--<value>true</value>-->
|
|
<!--</input>-->
|
|
<!--<input into="start_page">-->
|
|
<!--<datastore access="3">IP_addresses</datastore>-->
|
|
<!--</input>-->
|
|
<!--</utility>-->
|
|
|
|
<!--<utility module_path=".*pidgin">-->
|
|
<!--<input into="server_ip">-->
|
|
<!--<datastore access="3">IP_addresses</datastore>-->
|
|
<!--</input>-->
|
|
<!--<input into="accounts">-->
|
|
<!--<datastore access="0">accounts</datastore>-->
|
|
<!--</input>-->
|
|
<!--</utility>-->
|
|
|
|
<!--<vulnerability module_path=".*ssh_root_login">-->
|
|
<!--<input into="root_password">-->
|
|
<!--<datastore>hackerbot_access_root_password</datastore>-->
|
|
<!--</input>-->
|
|
<!--</vulnerability>-->
|
|
|
|
<network type="private_network" >
|
|
<input into="IP_address">
|
|
<datastore access="0">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
</system>
|
|
|
|
<system>
|
|
<system_name>web_server</system_name>
|
|
<base platform="linux" distro="Debian 7.8" name="Server"/>
|
|
|
|
<!--<utility module_path=".*parameterised_accounts">-->
|
|
<!--<input into="accounts">-->
|
|
<!--<datastore>accounts</datastore>-->
|
|
<!--</input>-->
|
|
<!--</utility>-->
|
|
|
|
<vulnerability module_path=".*unrealirc_3281_backdoor">
|
|
<input into="strings_to_leak">
|
|
<datastore>desktop_username</datastore>
|
|
<datastore>desktop_password</datastore>
|
|
</input>
|
|
<input into="leaked_filenames">
|
|
<value>desktop_username</value>
|
|
<value>desktop_password</value>
|
|
</input>
|
|
|
|
</vulnerability>
|
|
|
|
<service module_path="services/unix/http/parameterised_website">
|
|
<input into="organisation">
|
|
<datastore>organisation</datastore>
|
|
</input>
|
|
</service>
|
|
|
|
<!--<vulnerability module_path=".*ssh_root_login">-->
|
|
<!--<input into="root_password">-->
|
|
<!--<datastore>hackerbot_access_root_password</datastore>-->
|
|
<!--</input>-->
|
|
<!--</vulnerability>-->
|
|
|
|
<network type="private_network" >
|
|
<input into="IP_address">
|
|
<datastore access="1">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
</system>
|
|
|
|
<!--<system>-->
|
|
<!--<system_name>hackerbot_server</system_name>-->
|
|
<!--<base distro="Kali" name="MSF"/>-->
|
|
|
|
<!--<service type="ircd"/>-->
|
|
|
|
<!--<utility module_path=".*metasploit_framework"/>-->
|
|
<!--<utility module_path=".*handy_cli_tools"/>-->
|
|
<!--<utility module_path=".*nmap"/>-->
|
|
|
|
<!--<service type="httpd"/>-->
|
|
|
|
<!--<utility module_path=".*hackerbot">-->
|
|
<!--<input into="hackerbot_configs">-->
|
|
<!--<generator module_path=".*ids_exfiltration">-->
|
|
<!--<input into="accounts">-->
|
|
<!--<datastore>accounts</datastore>-->
|
|
<!--</input>-->
|
|
<!--<input into="root_password">-->
|
|
<!--<datastore>hackerbot_access_root_password</datastore>-->
|
|
<!--</input>-->
|
|
<!--<input into="ids_server_ip">-->
|
|
<!--<datastore access="1">IP_addresses</datastore>-->
|
|
<!--</input>-->
|
|
<!--<input into="web_server_ip">-->
|
|
<!--<datastore access="2">IP_addresses</datastore>-->
|
|
<!--</input>-->
|
|
<!--<input into="hackerbot_server_ip">-->
|
|
<!--<datastore access="3">IP_addresses</datastore>-->
|
|
<!--</input>-->
|
|
<!--</generator>-->
|
|
<!--</input>-->
|
|
<!--</utility>-->
|
|
|
|
<!--<network type="private_network" >-->
|
|
<!--<input into="IP_address">-->
|
|
<!--<datastore access="3">IP_addresses</datastore>-->
|
|
<!--</input>-->
|
|
<!--</network>-->
|
|
|
|
<!--<build type="cleanup">-->
|
|
<!--<input into="root_password">-->
|
|
<!--<generator type="strong_password_generator"/>-->
|
|
<!--</input>-->
|
|
<!--</build>-->
|
|
<!--</system>-->
|
|
|
|
<system>
|
|
<system_name>kali</system_name>
|
|
<base distro="Kali" name="MSF"/>
|
|
|
|
<utility module_path=".*metasploit_framework"/>
|
|
<utility module_path=".*handy_cli_tools"/>
|
|
<utility module_path=".*nmap"/>
|
|
|
|
<utility module_path=".*armitage"/>
|
|
|
|
<!--TODO: REMOVE ME - THIS SHOULD BE IN THE KALI TEMPLATE-->
|
|
<utility module_path=".*ovirt_agents"/>
|
|
|
|
<network type="private_network" >
|
|
<input into="IP_address">
|
|
<datastore access="2">IP_addresses</datastore>
|
|
</input>
|
|
</network>
|
|
</system>
|
|
|
|
</scenario>
|