forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathff_decode_me.xml
136 lines (120 loc) · 4.28 KB
/
ff_decode_me.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Decode Me</name>
<author>Z. Cliffe Schreuders</author>
<author>Thomas Shaw</author>
<description>Find the encoded messages and decode them.
</description>
<type>ctf</type>
<type>attack-ctf</type>
<type>pwn-ctf</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="AC" topic="Symmetric Cryptography">
<keyword>symmetric encryption and authentication</keyword>
</CyBOK>
<CyBOK KA="F" topic="Artifact Analysis">
<keyword>cryptographic hashing</keyword>
<keyword>Encoding and alternative data formats</keyword>
</CyBOK>
<system>
<system_name>attack_vm</system_name>
<base distro="Kali" name="MSF"/>
<input into_datastore="IP_addresses">
<value>172.16.0.2</value>
<value>172.16.0.3</value>
<value>172.16.0.4</value>
<value>172.16.0.5</value>
</input>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
</utility>
<utility module_path=".*/iceweasel">
<input into="accounts">
<value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
<input into="autostart">
<value>false</value>
</input>
</utility>
<utility module_path=".*/kali_top10"/>
<utility module_path=".*/kali_web"/>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<!--some basic decoding challenges-->
<system>
<system_name>decode_me</system_name>
<base distro="Debian 10" type="desktop" name="KDE"/>
<!-- comment describes using pseudo code (C#-like methods with named optional arguments) -->
<!-- vulnerability_nfs_share_leak(strings_to_leak: encoder_flag_generator() CONCAT encoder_ascii_reversible(strings_to_encode: encoder_flag_generator()) CONCAT ...) -->
<vulnerability module_path=".*/nfs_overshare">
<input into="strings_to_leak" unique_module_list="unique_encoders">
<generator type="flag_generator" />
<encoder type="ascii_reversible">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
<encoder type="alpha_reversible">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
<encoder type="ascii_reversible">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
<encoder type="ascii_reversible">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
<encoder type="ascii_reversible">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
<encoder type="ascii_reversible">
<input into="strings_to_encode">
<encoder type="ascii_reversible">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</encoder>
<encoder type="alpha_reversible">
<input into="strings_to_encode">
<generator type="flag_generator" />
</input>
</encoder>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>