Comments (6)
thomashaw
commented on August 30, 2024
Hi @kanoble88,
If you comment out the following block in the scenario.xml file you're using, SecGen will not change the default password on the VM.
<build type="cleanup">
<input into="root_password">
<generator type="strong_password_generator"/>
</input>
</build>
I have reverted a recent commit which broke the basic_narrative.xml scenario, if you update your branch it should generate now.
Thanks for the info and have fun!
from secgen.
kanoble88
commented on August 30, 2024
Awesome thanks! This program is fantastic for those of us new to CTF events and putting them together.
from secgen.
kanoble88
commented on August 30, 2024
Is it supposed to create 3 VMs at a time? When I look at my virtualbox after it says the VMs were created I have one for the decode me, one for into the wild and another for that escalated quickly.
from secgen.
thomashaw
commented on August 30, 2024
Yes the flawed_fortress.xml scenario will generate 3 VMs. You can see how many VMs each scenario will create by looking at the number of <system> tags in the scenario xml file.
The reason we have multiple VMs is because one box has a privilege escalation to root vulnerability. If that vulnerability is exploited successfully a bunch of the flags would be accessible without solving the other challenges.
from secgen.
kanoble88
commented on August 30, 2024
Ohh I get it now. Is is possible to export the flags for a VM to a CTF program like the Facebook CTF? I have been using that lately and was debating on copying the information from the XML to the facebook CTF using their json template.
from secgen.
cliffe
commented on August 30, 2024
Hi @kanoble88
It would be great if when outputting the project, SecGen also output the files in Facebook CTF format (and other front ends, such as CTFd).
Currently we have been focussing on our own CTF frontend.
We currently have multiple hints per flag, and even shared hints among flags where the flag requires multiple shared steps. We support this in our front end, where submitting a flag will unlock any shared hints (for example, two flags encoded different ways behind the same software vulnerability, share hints regarding the vulnerability). Also because of the nature of having a VM, means that you might find a flag, without knowing what challenge the flag was from.
Not sure how compatible all that is with Facebook CTF, but the hints could be removed or simplified, and hopefully there is a way of making a single flag submission. Feel free to investigate and report back :)
Cheers.
from secgen.
Related Issues (20)
- How you merge the CTFd_importable.zip into an existing CTFd instance?
- Issue setting up SecGen HOT 2
- Issues finding the Kali Repo when building CTF Scenario
- The following SSH command responded with a non-zero exit status. HOT 2
- Distcc Error HOT 3
- Base box root password HOT 1
- secgen's VM build process fails with "hostonlyif" message HOT 16
- Stderr: VBoxManage: error: VT-x is not available (VERR_VMX_NO_VMX) HOT 1
- ESXi fail to build, Vagrantfile error HOT 4
- Builder conflicting requirements HOT 5
- Bundler unable to install digest-whirpool [Windows, Ruby 2.7.6, Bundler 2.1.4] HOT 4
- syntax error: "rescue StandardError" HOT 16
- gitlist_040--1-/home/git/repositories/secret_files/-append HOT 1
- unable to build vm(Solved) HOT 1
- Module modules/generators/content/password_file missing required puppet module manifests folder HOT 3
- Problem starting a virtual machine HOT 1
- virtualbox issues using ubuntu 2004 on wsl2 HOT 10
- /usr/bin/apt-get update --fix-missing returned 100 instead of one of [0] HOT 3
- Im having trouble with VBoxManage HOT 2
- Puppet Moduel Problem HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secgen.