diff --git a/chef/cookbooks/metasploitable/recipes/flags.rb b/chef/cookbooks/metasploitable/recipes/flags.rb index b1ce096..6b89564 100644 --- a/chef/cookbooks/metasploitable/recipes/flags.rb +++ b/chef/cookbooks/metasploitable/recipes/flags.rb @@ -7,30 +7,30 @@ # 10 of Clubs directory '/home/artoo_detoo/music' do owner 'artoo_detoo' - mode 700 + mode '700' end cookbook_file '/home/artoo_detoo/music/10_of_clubs.wav' do source 'flags/10_of_clubs.wav' owner 'artoo_detoo' - mode 400 + mode '400' end # 7 of Diamonds include_recipe 'metasploitable::docker' directory '/opt/docker' do - mode 700 + mode '700' end cookbook_file '/opt/docker/Dockerfile' do source '/flags/Dockerfile' - mode 700 + mode '700' end cookbook_file '/opt/docker/7_of_diamonds.zip' do source '/flags/7_of_diamonds.zip' - mode 700 + mode '700' end bash 'build docker image for 7 of diamonds' do @@ -50,17 +50,17 @@ if ENV['MS3_LINUX_HARD'] include_recipe 'metasploitable::knockd' directory '/opt/knock_knock' do - mode 0700 + mode '700' end cookbook_file '/opt/knock_knock/five_of_diamonds' do source 'flags/five_of_diamonds' - mode 0700 + mode '700' end cookbook_file '/etc/init/five_of_diamonds_srv.conf' do source 'flags/five_of_diamonds_srv' - mode 777 + mode '777' end service 'five_of_diamonds_srv' do @@ -71,7 +71,7 @@ if ENV['MS3_LINUX_HARD'] cookbook_file '/home/leia_organa/2_of_spades.pcapng' do source 'flags/2_of_spades.pcapng' owner 'leia_organa' - mode 600 + mode '600' end # 8 of Hearts @@ -89,7 +89,7 @@ if ENV['MS3_LINUX_HARD'] # Joker - red cookbook_file '/etc/joker.png' do source 'flags/joker.png' - mode 600 + mode '600' end else # 10 of Spades @@ -97,7 +97,7 @@ else cookbook_file '/opt/readme_app/public/images/10_of_spades.png' do source 'flags/flag_images/10 of spades.png' - mode 644 + mode '644' end # 8 of Clubs @@ -106,30 +106,36 @@ else random_directories.each do |dir| directory File.join('home', 'anakin_skywalker', prev_dirs.join('/'), dir.to_s) do - mode 600 + mode '600' + owner 'anakin_skywalker' + group 'users' end prev_dirs << dir end cookbook_file File.join('home', 'anakin_skywalker', random_directories.join('/'), '8_of_clubs.png') do source 'flags/flag_images/8 of clubs.png' - mode 644 + mode '644' end # 3 of Hearts cookbook_file '/lost+found/3_of_hearts.png' do source 'flags/flag_images/3 of hearts.png' - mode 600 + mode '600' end # 9 of Diamonds directory '/home/kylo_ren/.secret_files/' do - mode 600 + mode '600' + owner 'kylo_ren' + group 'users' end cookbook_file '/home/kylo_ren/.secret_files/my_recordings_do_not_open.iso' do source 'flags/my_recordings_do_not_open.iso' - mode 600 + mode '600' + owner 'kylo_ren' + group 'users' end end diff --git a/chef/cookbooks/metasploitable/test/linux/flags.rb b/chef/cookbooks/metasploitable/test/linux/flags.rb index 885baa6..cede3bf 100644 --- a/chef/cookbooks/metasploitable/test/linux/flags.rb +++ b/chef/cookbooks/metasploitable/test/linux/flags.rb @@ -2,31 +2,7 @@ require '../helpers/chat_test.rb' # Inspec Tests for Linux Flags -describe file('/opt/knock_knock/five_of_diamonds') do - it { should be_file } - it { should be_executable } - it { should be_owned_by 'root' } - its('mode') { should cmp '0700' } - its('md5sum') { should eq 'b4542ea3449e164df583f39319e66655' } -end - -describe file('/etc/init/five_of_diamonds_srv.conf') do - it { should be_file } - it { should be_executable } - it { should be_owned_by 'root' } - its('mode') { should cmp '777' } - its('md5sum') { should eq 'dccf7f60af61f3a25afcd27040d6c486' } -end - -describe port('8989') do - it { should be_listening } -end - -describe service('five_of_diamonds_srv') do - it { should be_enabled } - it { should be_running } -end - +# 10 of clubs tests describe file('/home/artoo_detoo/music/10_of_clubs.wav') do it { should be_file } it { should be_owned_by 'artoo_detoo' } @@ -34,30 +10,10 @@ describe file('/home/artoo_detoo/music/10_of_clubs.wav') do its('md5sum') { should eq '5b97f084aa90c4b9504725519cf5204e' } end -describe file('/etc/joker.png') do - it { should be_file } - it { should be_owned_by 'root' } - its('mode') { should cmp '644' } - its('md5sum') { should eq '1fe82fcb96be25ef155f741811d58dac' } -end - describe command('docker cp 7_of_diamonds:/home/7_of_diamonds.zip .') do its('exit_status') { should eq 0 } end -describe file('/home/leia_organa/2_of_spades.pcapng') do - it { should be_file } - it { should be_owned_by 'leia_organa' } - its('mode') { should cmp '600' } - its('md5sum') { should eq 'bbbd4b738b5521cb3df8a78b1f3214d7' } -end - -# 8 of Hearts tests -describe command('mysql -h 127.0.0.1 --user="root" --password="sploitme" --database="super_secret_db" --execute="USE super_secret_db; SELECT \'8_of_hearts\' FROM flags;"') do - its('exit_status') { should eq 0 } - its('stdout') { should match /8_of_hearts/ } # TODO: This test just makes sure the SQL output contains '8_of_hearts'. It doesnt actually verify the correct flag image is present -end - # King of Spades tests describe file('/opt/unrealircd/Unreal3.2/ircd.motd') do it { should be_file } @@ -69,7 +25,7 @@ describe command('curl http://localhost/drupal/?q=node/2') do its('stdout') { should match /5_of_hearts\.png/ } # Make sure it has the icon end -# Ace of Clubs test +# Ace of Clubs tests # NOTE: The chatbot can get a little laggy if there is a lot of data in the log. # This can cause this test to fail incorrectly. # To remedy, clear the /var/www/log.html file on metasploitable and restart the chatbot service. @@ -81,3 +37,86 @@ describe 'ace_of_clubs' do expect(ct.check_chat_bot).to eq true #TODO: Make this output more meaningful. e.g. output what was returned and what was expected. end end + +# Tests for "Hard mode" flags +if ENV['MS3_LINUX_HARD'] + + # Red Joker tests + describe file('/etc/joker.png') do + it { should be_file } + it { should be_owned_by 'root' } + its('mode') { should cmp '644' } + its('md5sum') { should eq '1fe82fcb96be25ef155f741811d58dac' } + end + + # 2 of Spades tests + describe file('/home/leia_organa/2_of_spades.pcapng') do + it { should be_file } + it { should be_owned_by 'leia_organa' } + its('mode') { should cmp '600' } + its('md5sum') { should eq 'bbbd4b738b5521cb3df8a78b1f3214d7' } + end + + # 8 of Hearts tests + describe command('mysql -h 127.0.0.1 --user="root" --password="sploitme" --database="super_secret_db" --execute="USE super_secret_db; SELECT \'8_of_hearts\' FROM flags;"') do + its('exit_status') { should eq 0 } + its('stdout') { should match /8_of_hearts/ } # TODO: This test just makes sure the SQL output contains '8_of_hearts'. It doesnt actually verify the correct flag image is present + end + + # 5 of Diamonds tests + describe file('/opt/knock_knock/five_of_diamonds') do + it { should be_file } + it { should be_executable } + it { should be_owned_by 'root' } + its('mode') { should cmp '0700' } + its('md5sum') { should eq 'b4542ea3449e164df583f39319e66655' } + end + + describe file('/etc/init/five_of_diamonds_srv.conf') do + it { should be_file } + it { should be_executable } + it { should be_owned_by 'root' } + its('mode') { should cmp '777' } + its('md5sum') { should eq 'dccf7f60af61f3a25afcd27040d6c486' } + end + + describe port('8989') do + it { should be_listening } + end + + describe service('five_of_diamonds_srv') do + it { should be_enabled } + it { should be_running } + end + +else + # Tests for "Easy mode" flags + + # 10 of Spades tests + describe file('/opt/readme_app/public/images/10_of_spades.png') do + it { should be_file } + its('mode') { should cmp '644'} + end + + # 8 of Clubs tests + describe command('find /home/anakin_skywalker -name "*clubs*"') do + its('exit_status') { should eq 0 } + its('stdout') { should match /8_of_clubs\.png/} + end + + # 3 of Hearts tests + describe file('/lost+found/3_of_hearts.png') do + it { should be_file } + its('mode') { should cmp '600' } + its('owner') { should eq 'root' } + its('group') { should eq 'root' } + end + + # 9 of Diamonds tests + describe file('/home/kylo_ren/.secret_files/my_recordings_do_not_open.iso') do + it { should be_file } + its('mode') { should cmp '600' } + its('owner') { should eq 'kylo_ren' } + its('group') { should eq 'users' } + end +end \ No newline at end of file