digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-20 13:50:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1e1bcdce57198cf1d70860cf966c8ad7d77b00fc
SecGen/scenarios/labs/systems_security/1_authentication.xml
Z. Cliffe Schreuders 1b55df6ee2 Introduce new base Debian Bookworm - major update, fixes #326
2024-07-19 13:28:48 +01:00

467 lines
16 KiB
XML
Raw Blame History

<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Authentication lab</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
Authentication is the process of verifying a user's identity, ensuring that individuals are who they claim to be before granting them access to systems and resources. This lab will provide you with hands-on experience, enabling you to explore the intricacies of user accounts and identity on Unix/Linux systems, gain insights into password storage and hashing, and even attempt to crack passwords using dictionary attacks. By the end of this lab, you will have a deeper understanding of how authentication works, the role of password security, and the importance of safeguarding user identities.
Throughout this lab, you will learn about user accounts, their attributes, and their association with user and group IDs. You'll also explore the concept of salts in password hashing, understand the strengths and weaknesses of different passwords, and attempt to crack passwords using tools like John the Ripper. Practical tasks include examining the system's /etc/passwd and /etc/group files, changing user identities, and analyzing the /etc/shadow file to understand password storage. By actively engaging in these activities, you will gain a comprehensive understanding of authentication processes and the key factors that contribute to securing user identities in Unix/Linux systems.
# Hackerbot and CTF challenges
This is a Hackerbot lab. The labsheet is available once you claim a set of VMs. Work through the labsheet, then when prompted interact with Hackerbot.
The Hackerbot tasks in this lab involve configuring new users and group membership. Then you will attempt to crack the passwords of users on the desktop VM whose user IDs (UIDs) are higher than 1001. After successfully cracking passwords, you will use these credentials to SSH into the separate server VM, where you will discover flags. This task showcases the practical implications of password security and cracking.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/1718/ADS_slides_out_week_6/WNS_ADS_Lectures_5_Authentication.html)
# Reading
[Chapter 11 "Authentication": Bishop, M. (2004), Introduction to Computer Security, Addison-Wesley. (ISBN-10: 0321247442)](https://my.leedsbeckett.ac.uk/bbcswebdav/pid-2221598-dt-content-rid-4451698_1/institution/Online%20Learning/AET/CT/MSc%20Computer%20Security/Principles%20of%20Digital%20Security/Readings/Week%205/DCS-85139%20%281%29.pdf)
</description>
<type>ctf-lab</type>
<type>hackerbot-lab</type>
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="AAA" topic="Authentication">
<keyword>identity management</keyword>
<keyword>user authentication</keyword>
<keyword>facets of authentication</keyword>
<keyword>Cryptography and authentication (hashes and attacks against authentication schemes / passwords)</keyword>
</CyBOK>
<CyBOK KA="OSV" topic="Primitives for Isolation and Mediation">
<keyword>authentication and identification</keyword>
<keyword>Linux authentication</keyword>
<keyword>Types of user accounts</keyword>
</CyBOK>
<video>
<title>User accounts and Linux</title>
<by>Z. Cliffe Schreuders</by>
<url>https://youtu.be/2I_JSdTu-oI</url>
<type>lecture-prerecorded</type>
<CyBOK KA="AAA" topic="Authentication">
<keyword>user authentication</keyword>
</CyBOK>
<CyBOK KA="OSV" topic="Primitives for Isolation and Mediation">
<keyword>authentication and identification</keyword>
<keyword>Linux authentication</keyword>
<keyword>Types of user accounts</keyword>
</CyBOK>
</video>
<video>
<title>Passwords Part 1 Hashing and salt</title>
<by>Z. Cliffe Schreuders</by>
<url>https://youtu.be/pGcJEML1mRo</url>
<type>lecture-prerecorded</type>
<CyBOK KA="AAA" topic="Authentication">
<keyword>user authentication</keyword>
<keyword>Cryptography and authentication (hashes and attacks against authentication schemes / passwords)</keyword>
</CyBOK>
<CyBOK KA="OSV" topic="Primitives for Isolation and Mediation">
<keyword>authentication and identification</keyword>
<keyword>Linux authentication</keyword>
</CyBOK>
</video>
<video>
<title>Passwords Part 2 Attacks and Countermeasures</title>
<by>Z. Cliffe Schreuders</by>
<url>https://youtu.be/icC2Zrno_uM</url>
<type>lecture-prerecorded</type>
<CyBOK KA="AAA" topic="Authentication">
<keyword>user authentication</keyword>
<keyword>Cryptography and authentication (hashes and attacks against authentication schemes / passwords)</keyword>
</CyBOK>
<CyBOK KA="OSV" topic="Primitives for Isolation and Mediation">
<keyword>authentication and identification</keyword>
<keyword>Linux authentication</keyword>
</CyBOK>
</video>
<video>
<title>Password cracking with Johnny</title>
<by>Z. Cliffe Schreuders</by>
<url>https://youtu.be/Wrg6XZu6Luw</url>
<type>demo-prerecorded</type>
<CyBOK KA="AAA" topic="Authentication">
<keyword>user authentication</keyword>
<keyword>Cryptography and authentication (hashes and attacks against authentication schemes / passwords)</keyword>
</CyBOK>
<CyBOK KA="OSV" topic="Primitives for Isolation and Mediation">
<keyword>authentication and identification</keyword>
<keyword>Linux authentication</keyword>
</CyBOK>
</video>
<system>
<system_name>desktop</system_name>
<base distro="Debian 12" type="desktop" name="KDE"/>
<input into_datastore="IP_addresses">
<!-- 0 desktop -->
<value>172.16.0.2</value>
<!-- 1 server -->
<value>172.16.0.3</value>
<!-- 2 hackerbot_server -->
<value>172.16.0.4</value>
<!-- 3 kali_cracker -->
<value>172.16.0.5</value>
</input>
<!-- generate some usernames to use -->
<input into_datastore="usernames">
<!-- main user -->
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
<!-- 4 other users -->
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<!-- generate some passwords to be cracked -->
<input into_datastore="weak_passwords">
<generator type="custom_list_password">
<input into="list_name">
<value>jtrpassword.lst</value>
</input>
</generator>
<generator type="custom_list_password">
<input into="list_name">
<value>jtrpassword.lst</value>
</input>
</generator>
<generator type="custom_list_password">
<input into="list_name">
<value>jtrpassword.lst</value>
</input>
</generator>
<generator type="medium_password_generator"/>
</input>
<!-- accounts on the desktop, with the main user as a sudoer, with no flags -->
<input into_datastore="user_accounts_desktop">
<!-- main user, sudoer -->
<generator type="account">
<input into="username">
<datastore access="0">usernames</datastore>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>true</value>
</input>
</generator>
<!-- other users, with weak passwords, no flags -->
<generator type="account">
<input into="username">
<datastore access="next">usernames</datastore>
</input>
<input into="password">
<datastore access="0">weak_passwords</datastore>
</input>
</generator>
<generator type="account">
<input into="username">
<datastore access="next">usernames</datastore>
</input>
<input into="password">
<datastore access="next">weak_passwords</datastore>
</input>
</generator>
<generator type="account">
<input into="username">
<datastore access="next">usernames</datastore>
</input>
<input into="password">
<datastore access="next">weak_passwords</datastore>
</input>
</generator>
<generator type="account">
<input into="username">
<datastore access="next">usernames</datastore>
</input>
<input into="password">
<datastore access="next">weak_passwords</datastore>
</input>
</generator>
</input>
<!-- an admin account used for hackerbot access to the desktop and also spoilers/administration of the challenge -->
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<!--Create the users-->
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>user_accounts_desktop</datastore>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="autologin_user">
<datastore access="0">usernames</datastore>
</input>
<input into="accounts">
<datastore>user_accounts_desktop</datastore>
</input>
<input into="autostart_konsole">
<value>true</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/hash_tools"/>
<utility module_path=".*/iceweasel">
<input into="accounts">
<datastore>user_accounts_desktop</datastore>
</input>
<input into="autostart">
<value>true</value>
</input>
<input into="start_page">
<datastore access="2">IP_addresses</datastore>
</input>
</utility>
<utility module_path=".*/pidgin">
<input into="server_ip">
<datastore access="2">IP_addresses</datastore>
</input>
<input into="accounts">
<datastore access="0">user_accounts_desktop</datastore>
</input>
</utility>
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>server</system_name>
<base distro="Debian 12" type="desktop" name="KDE"/>
<!-- user accounts on the server, with matching usernames and passwords, but with flags to find -->
<input into_datastore="user_accounts_server">
<!-- main user, NOT sudoer -->
<generator type="account">
<input into="username">
<datastore access="0">usernames</datastore>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>false</value>
</input>
</generator>
<!-- other users, with the SAME weak passwords, WITH flags -->
<generator type="account">
<input into="username">
<datastore access="next">usernames</datastore>
</input>
<input into="password">
<datastore access="0">weak_passwords</datastore>
</input>
<input into="leaked_filenames">
<value>flag</value>
</input>
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
</generator>
<generator type="account">
<input into="username">
<datastore access="next">usernames</datastore>
</input>
<input into="password">
<datastore access="next">weak_passwords</datastore>
</input>
<input into="leaked_filenames">
<value>flag</value>
</input>
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
</generator>
<generator type="account">
<input into="username">
<datastore access="next">usernames</datastore>
</input>
<input into="password">
<datastore access="next">weak_passwords</datastore>
</input>
<input into="leaked_filenames">
<value>flag</value>
</input>
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
</generator>
<generator type="account">
<input into="username">
<datastore access="next">usernames</datastore>
</input>
<input into="password">
<datastore access="next">weak_passwords</datastore>
</input>
<input into="leaked_filenames">
<value>flag</value>
</input>
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
</generator>
</input>
<!--Create the users-->
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>user_accounts_server</datastore>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>hackerbot_server</system_name>
<base distro="Kali" name="MSF"/>
<service type="ircd"/>
<utility module_path=".*/metasploit_framework"/>
<utility module_path=".*/nmap"/>
<utility module_path=".*/handy_cli_tools"/>
<service type="httpd"/>
<utility module_path=".*/hackerbot">
<input into="hackerbot_configs" into_datastore="hackerbot_instructions">
<generator module_path=".*/hbauthentication">
<input into="accounts">
<datastore>user_accounts_desktop</datastore>
</input>
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
<input into="server_ip">
<datastore access="1">IP_addresses</datastore>
</input>
</generator>
</input>
</utility>
<network type="private_network" >
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>kali_cracker</system_name>
<base distro="Kali" name="MSF"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
</utility>
<utility module_path=".*/kali_pwtools"/>
<utility module_path=".*/metasploit_framework"/>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/nmap"/>
<utility module_path=".*/iceweasel">
<input into="accounts">
<value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
<input into="autostart">
<value>true</value>
</input>
<input into="start_page">
<datastore access="2">IP_addresses</datastore>
</input>
</utility>
<network type="private_network" >
<input into="IP_address">
<datastore access="3">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>
Reference in New Issue View Git Blame Copy Permalink