Get SSH Login Credentials
Example using in-class information:
python get_ssh.py -t 220.127.116.11 -u firstname.lastname@example.org -p password
pip install -r requirements.txt
- manage_exploits.py - @kanak
- Manage custom written exploits and ensure that they are used to exploit their specific services against each host, each tick, and then submit the retrieved flags.
- Exploits are dynamically loaded in from exploits.py, which is where our custom exploits are generically written given a remote_connection and flag_id to return a flag, possibly using features from pwntools.
- monitor_flag_traffic - @rang1, @tcrosenk, @mohseen
- getPcap.bash Log all network traffic using tcpdump NOTE: should be run on the actual VM.
- uploadPcap.bash Upload every pcap file generated by getPcap.bash. This should be run simultaneously with getPcap.bash (starting this script first). NOTE: should be run on the actual VM.
- downloadPcap.bash This script will monitor this repository for any new changes (these changes should be from new pcap files being pushed). It will then pull and run the readPcap.py script on the newly pulled pcap file. NOTE: this should be run on a LOCAL machine.
- readPcap.py Read packet captures, and log all tcp conversations in which a flag was sent out using scapy
- Also stores tcp conversations in a database, not just files
- Perform analysis on these conversations to identify those that are unique in order to quickly reverse engineer exploits sent at us.
- analyze_service.py - @vc0622, @lzbaer, @eboderas
- Analyze a service for potential vulnerabilities both statically and dynamically.
- Statically report calls to unsafe system/library calls such as printf, strcpy, etc.
- Dynamically try to determine unsafe code paths using angr and report them.
- Produce a hardened service, if possible.
- get_ssh.py - @kanak
- Conveniently generate bash scripts that allow us to ssh into our game vm.