scenarios/labs/labtainers/sql-inject.xml

<?xml version="1.0"?>

<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">

  <name>Labtainers lab: sql-inject</name>
  <author>Z. Cliffe Schreuders</author>
  <description>A Labtainers lab.</description>

  <type>ctf-lab</type>
  <type>lab-sheet</type>
  <difficulty>intermediate</difficulty>

  <CyBOK KA="SS" topic="Categories of Vulnerabilities">
    <keyword>Web vulnerabilities / OWASP Top 10</keyword>
    <keyword>API vulnerabilities</keyword>
  </CyBOK>
  <CyBOK KA="SS" topic="Prevention of Vulnerabilities">
    <keyword>coding practices</keyword>
    <keyword>Protecting against session management attacks, XSS, SQLi, CSRF</keyword>
    <keyword>API design</keyword>
  </CyBOK>
  <CyBOK KA="WAM" topic="Server-Side Vulnerabilities and Mitigations">
    <keyword>injection vulnerabilities</keyword>
    <keyword>server-side misconfiguration and vulnerable components</keyword>
    <keyword>SQL-INJECTION</keyword>
  </CyBOK>


  <system>
    <system_name>desktop</system_name>
    <base distro="Debian 9" type="desktop" name="KDE"/>

    <input into_datastore="IP_addresses">
      <value>172.16.0.2</value>
      <value>172.16.0.3</value>
    </input>

    <input into_datastore="accounts">
      <generator type="account">
        <input into="username">
          <generator type="random_sanitised_word">
            <input into="wordlist">
              <value>mythical_creatures</value>
            </input>
          </generator>
        </input>
        <input into="password">
          <value>tiaspbiqe2r</value>
        </input>
        <input into="super_user">
          <value>true</value>
        </input>
        <input into="groups">
					<value>docker</value>
				</input>
        <input into="leaked_filenames">
          <value></value>
        </input>
        <input into="strings_to_leak">
          <value></value>
        </input>
      </generator>
    </input>

    <input into_datastore="desktop_root_password">
      <generator type="strong_password_generator"/>
    </input>

    <!--Create the groups-->
		<utility module_path=".*/groups">
			<input into="groups">
				<value>docker</value>
			</input>
		</utility>
    <!--Create the users-->
    <utility module_path=".*/parameterised_accounts">
      <input into="accounts">
        <datastore>accounts</datastore>
      </input>
    </utility>

    <utility module_path=".*/kde_minimal">
      <input into="autologin_user">
        <datastore access="0" access_json="['username']">accounts</datastore>
      </input>
      <input into="accounts">
        <datastore>accounts</datastore>
      </input>
      <input into="autostart_konsole">
        <value>false</value>
      </input>
    </utility>
    <utility module_path=".*/handy_cli_tools"/>

    <vulnerability module_path=".*/ssh_root_login">
      <input into="root_password">
        <datastore>desktop_root_password</datastore>
      </input>
    </vulnerability>

    <utility module_path=".*/labtainers">
      <input into="lab">
        <value>sql-inject</value>
      </input>

      <input into="accounts">
        <datastore>accounts</datastore>
      </input>
    </utility>

    <network type="private_network">
      <input into="IP_address">
        <datastore access="0">IP_addresses</datastore>
      </input>
    </network>
    <input into_datastore="spoiler_admin_pass">
      <generator type="strong_password_generator"/>
    </input>
    <build type="cleanup">
      <input into="root_password">
        <datastore>spoiler_admin_pass</datastore>
      </input>
    </build>
  </system>


</scenario>