forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pcapanalysis.xml
126 lines (110 loc) · 3.4 KB
/
pcapanalysis.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Labtainers lab: pcapanalysis</name>
<author>Z. Cliffe Schreuders</author>
<description>A Labtainers lab.</description>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="F" topic="Main Memory Forensics">
<keyword>network connections</keyword>
</CyBOK>
<CyBOK KA="NS" topic="OSI (OPEN SYSTEM INTERCONNECT) MODEL">
<keyword>APPLICATION LAYER</keyword>
<keyword>DATA LINK LAYER</keyword>
<keyword>NETWORK LAYER</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
<keyword>PCAP</keyword>
<keyword>network traffic</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>
<input into_datastore="IP_addresses">
<value>172.16.0.2</value>
<value>172.16.0.3</value>
</input>
<input into_datastore="accounts">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>true</value>
</input>
<input into="groups">
<value>docker</value>
</input>
<input into="leaked_filenames">
<value></value>
</input>
<input into="strings_to_leak">
<value></value>
</input>
</generator>
</input>
<input into_datastore="desktop_root_password">
<generator type="strong_password_generator"/>
</input>
<!--Create the groups-->
<utility module_path=".*/groups">
<input into="groups">
<value>docker</value>
</input>
</utility>
<!--Create the users-->
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>accounts</datastore>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="autologin_user">
<datastore access="0" access_json="['username']">accounts</datastore>
</input>
<input into="accounts">
<datastore>accounts</datastore>
</input>
<input into="autostart_konsole">
<value>false</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>desktop_root_password</datastore>
</input>
</vulnerability>
<utility module_path=".*/labtainers">
<input into="lab">
<value>pcapanalysis</value>
</input>
<input into="accounts">
<datastore>accounts</datastore>
</input>
</utility>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>