Fully functionnal challenge

debian-ssh/Dockerfile

@@ -0,0 +1,91 @@
+FROM debian:stretch-slim
+
+MAINTAINER Aymeric Sorek "aymericsorek@protonmail.com"
+
+
+# Environment
+ENV LANG C.UTF-8
+ENV LANGUAGE C.UTF-8
+ENV LC_ALL C.UTF-8
+
+
+# Update and upgrade
+RUN apt-get update \
+    && apt-get dist-upgrade -y
+
+# Environnement
+ENV user puppet-master
+ENV admin zetatech-maintenance
+
+
+# Install packets
+RUN apt-get install -y wget \
+    openssh-server \
+    vim \
+    nano \
+    python2.7 \
+    python3 \
+    sudo \
+    iputils-ping
+
+
+# Bash vulnerable install (Shellshock)
+COPY bash_4.2+dfsg-0.1_amd64.deb /tmp/bash_4.2+dfsg-0.1_amd64.deb
+RUN dpkg -i /tmp/bash_4.2+dfsg-0.1_amd64.deb
+
+
+RUN mkdir /var/run/sshd
+
+# Change root password
+RUN echo "root:0Prop-bonn2-itt-4Mere-judy-Midst-Tine1" | chpasswd
+
+# Adduser
+RUN adduser --home /home/${admin} --shell /bin/bash --disabled-password --gecos "" ${admin}
+RUN adduser --home /home/${user} --shell /bin/bash --disabled-password --gecos "" ${user} \
+    && echo ${user}":"${user} | chpasswd
+
+# Sudo (vulnerable)
+RUN echo 'Defaults  lecture="never"' >> /etc/sudoers
+RUN echo ${user}" ALL=("${user}":"${admin}") /usr/bin/wget" >> /etc/sudoers
+
+# SSH files
+RUN mkdir -p /home/${user}/.ssh
+COPY ./sshd_config /etc/ssh/sshd_config
+COPY ./maintenance.pub /home/${user}/.ssh/authorized_keys
+COPY ./banner /etc/banner
+
+# Configure permissions
+RUN chmod -R 550 /home/${user} \
+    && chown -R ${user}:${user} /home/${user}/.ssh \
+    && chmod 500 /home/${user}/.ssh \
+    && chmod 400 /home/${user}/.ssh/authorized_keys \
+    && chmod 773 /tmp \
+    && chmod +t /tmp
+
+
+# Copy Flag and set permissions
+COPY ./client.note /home/${user}/client.note
+COPY ./tech.note /home/${user}/tech.note
+
+RUN chown root:${user} /home/${user}/client.note \
+    && chmod 740 /home/${user}/client.note \
+    && chown root:${admin} /home/${user}/tech.note \
+    && chmod 740 /home/${user}/tech.note
+
+
+# Copy ssh exec file and set permissions
+COPY ./status.sh /home/${user}/status.sh
+RUN chown root:${user} /home/${user}/status.sh \
+    && chmod 750 /home/${user}/status.sh
+
+# Clean up
+RUN apt-get autoremove
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Launch service
+COPY start.sh /start.sh
+RUN chmod 770 /start.sh
+CMD ["./start.sh"]
+
+# Open ports
+EXPOSE 22

debian-ssh/banner

@@ -0,0 +1,7 @@
+
+.___..___.___..__..___..___ __ .  .
+  _/ [__   |  [__]  |  [__ /  `|__|
+./__.[___  |  |  |  |  [___\__.|  |
+
+
+Do not use Zetatech maintenance interface if you are not authorized by Zetatech Corporation.

debian-ssh/client.note

@@ -0,0 +1,15 @@
+
+.___..___.___..__..___..___ __ .  .
+  _/ [__   |  [__]  |  [__ /  `|__|
+./__.[___  |  |  |  |  [___\__.|  |
+
+
+:::: Client Note ::::
+
+You can access to your web interface to have more informations.
+You can use this maintenance interface anytime to check your Cybernetics Prosthetics status.
+If you have any issues with Zetatech products, please contact us.
+
+Note: the password is the same than your username.
+
+:: IMTLD{Pr0t3ct_Y0uR_Gh0sT}

debian-ssh/maintenance.priv

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEA5nJEI+VHIE8eUE0Upf8eTGorOC5Cd0AVQGdgJLZPQNdcrgvu
+j9Pq1Jf90iAI7tt/2CybZlfegYJW3gN08n4kVWXd0ihO9Xpn4IxOA0dGApZ9Tnux
+5G4LF9kQDEMWgQP8v0M1z5v4vnqeyvrPMNdkBKrJHm5GqOT4sSinbU509cPsyggf
+utfJgbCtsuwPR56GRdc/nhH4NZGjTOgqy1dG8VSATcyf/j5WohG5G4aTCYUeyEy5
+3YYKesbgIdHW+0TUCwTNXRGrlHSEfJEjbvQaQDtCi/v6IhGsA6xr/TkxrNvZBAfn
+Ol+IAL7w5vmjXFIDG0HQOca5QUyUgO2S9Fr0NTE/dNf9pQt+eH51GY068MZ1rw5q
+kxixhTMUsMRFMm5lF4hskxnosyIY2sW2MX9VuxQ9tweTA3vyNb7OxXNB+Hsa2qBK
++G8cT/tooQN8qYXXdyNN6LzqqDIadL1NRkg2uYu0h5ZZu+mf4LhRYn8Ocau3+w2S
+nOKjqMjiiAi1G4V/3G2bHjo49I7dPjaGCBasAZIv4N+9qeLkd9u6lNVnHFxJbU52
++5Rw+IWEp80IpxZRxRHSJQhZdAHTuyu8SLBX4mRD3SRFG4rsZqSNDwGwPu+VfL6k
+4Ih1vwZs9WyUrl9q8g2zZYthMyqND3SvHtL6tF3RXkzjaI1uXZF29lS8VpMCAwEA
+AQKCAgAbHv2X/+bkDYuyxa+VbbYCJkiZ3w/hewBFSSVOjMo9BluY/DyCXt13UcAE
+l9KVUe304iMT42mDcnSIwn1kAKaECm4VyrqoN1S8X6bayeuaaF2s++/Ow4i4sMor
+t0WRv4didyWBHoki2cmQd/4kcGUMC5GJ7E6SmAgQyYkS2zX2qq1Whag+VCEaC1IW
+CaQuuKBy3cdV8iV1IIPIjFZlAguOYXSMM3Xs9Sc7Abz4WVk6uJkL18PUJ29aTceZ
+E1oqzknqVhFZT7gSy7e/9VDnQQFJ5++IDAq/Mbc942/+KFoJTwJ2b/utqgqWk+JE
+PMMWHWzSK2e3NQUeg0XC+rLd4Up2Mvc3RWzcu21UiSY2VvEu0w+WMQiQG/TYapBS
+dO6iJNiIB79wFj/gNIA/NHBcNM37N27FLFt4/WOsANEXG8f2lKjpZXRhXyOrWk8T
+SwYf0AuSUbLf215Ln49ROXrJ7tMUUKDAZjeDwG7kte20KS6FOt604n8EVcEFNU63
+n05AIBiynMqjfLWJpgSmhw4jTpZOd3VRsV22PvEqxWNxtMZaVIhZvYBIGasRl7Q5
+kak8wq14utACtRm/K2vUQ13SY8afP3YbA3ph+BYmmcqQPBVrPVrRxSJinpu6jydV
+cxRaeR24V+YMnTabIEJXjNb3ZpwyM8YbYjuCLm5JYAEygA3ISQKCAQEA+ssdg5Iw
+X9Bdq/ezqAfmmxCGZSRDsRn65Av2fGh4RHDlTu1JrMZwbP7QF7gBTZbPeNoo+dH8
+JFCl6PzRKUc2DwZf/ibRIxeWGTz7PxeQRJaletgJ2v6lb+XucSlW2c4lllRj20tP
+4CTE0M2w0olenZPJzULhbvGasSrP3q7CP+LbwbWV9JPNmhZc/VufAXdc7R57P8D9
+CFwOVIJ/2xYThohWDuBTMmTsB+t9TdKhblUavT7FPXv730DDBHTX0YOM+6sNXOiT
+P19L9WUcvxdGrwbeCNBsgTK40XEuWcFGGvY5+Xz6iqJullncuLXsz5tpjXvvaA6N
+HEJgHMMMntljDwKCAQEA6zsDTYL7lM9DdwZLI3KkERguYfS5ABJVY577OfxJ/x2O
+Uc97KAgw1pv+PlqR3n9LBD0iFIDkh6LX4EWo2cri7axkHi6uRC8gpIVoj2ifTnvJ
+avOcoDMBiQ1/3XtpjYH/VxY5EshCBPIPTDwIRbSfgWGz8xR1j1Tj1HnJsCcX+WnM
+i7n6Ekxa6hRcq1pTax204gNirnHZ8CjVHTNmHzCBDjjmdoS2/RNGlPh7DfiBddx9
+cnS4zmbFMsVuAdZNRSfwtIaKfYg6z/ppYZ34vnoO9k65Q66Ov0J0VnF8LnrviYT3
+nl9bufmrjr2+GJdw0vXZ/+LBB5XycfxvKFhbLmSEPQKCAQAEmI5M5/Ps/ZOJ4Dsx
+nBt0wgPEfLqk1zYK0dFNjFiP4IXDQYP1H5nV1YGYva2Ab4AT1eOkWF3HiJbRwzhO
+ClkKQ3Kk5K82dmswwTZVfKgPKbeUnbrogXwkpdENz9Ugnq9/psJBtYqcL/BPZ0WT
+RiMuvhOXqF8bOmA8WO2ARjGXHCAs15gM6Fx/M2O23OP4EejpC4L0syOv8IfusomH
+SUtITt1M3n2H0eOlbYJZV7/Pls2rpCfXLZt7BuPMBBwkYcXGoubWyghQw/1PXO/+
+7H1GHdkZzj/+yiAq7mkMCgev3M1JLiolOj7OkI0D8YmKcG2pwxirDoE1gF3kiQqF
+KrSvAoIBAB8eeXthnqK7ILO4U2xnGClix5AR7f+CbWV2fMnZBHkJkfBkwGg1XTCn
+BmV9WdrTgDsZU07fFlyTQHfc/0+AtbC3o68Sgd9nVKwvMfv23Uxmt+i8PbY7yTI2
+ZPoJ/5bG4d7Fg9tmPsWkuD1fm8CM+qUFJec8h6jklBdh3Tq+kT9frb22ZszQ6R4a
+f3/zvSFolqtnw0BMs4ZAAKGSUSpDIm+dO2/mcsbcK/Q9QxpAC/BpsPbZVjGICwKC
+d+EqVqKVfBSF0AB3a0BkYliVq3iXcS9Ijt3TU/MdeYKOFN2ZSeMpghCjkODzlKyX
+kXRzZGukNqjReLPmNGK8AICX38gtaAkCggEAak/jrDw1ENeq2SfgCXyWEmagej2E
++QYCZBg+ladH1C/6RgWJmWdckpqwe1wuO1o+Ish6DiFXNW6FNKjQeoBxOUZTix3/
+3cVH+cXsgSyAUMbPLneQh62pcNnR5vDwgAdXNSzYegzl9yL3kfl4s9foahIh4zqZ
+hqnFA1cG9zAcsd9Thy9f/3cz2iVvTpDZZ9glQR9d9C+3bnFU54uzdUKPYVEif3NU
+K1xreCkmAWdrAHhiA89skiVryPK3pVOKjHnAfyLrf27aZkiS3jvq/V+DDstKNZ2y
+ncjE2bXV8Kbzf5ifvikciUMTxnF7l+PehJulNP2+Mk5NBXOAcZdjO7sfxA==
+-----END RSA PRIVATE KEY-----

debian-ssh/maintenance.pub

@@ -0,0 +1 @@
+command="/home/puppet-master/status.sh" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmckQj5UcgTx5QTRSl/x5Mais4LkJ3QBVAZ2Aktk9A11yuC+6P0+rUl/3SIAju23/YLJtmV96BglbeA3TyfiRVZd3SKE71emfgjE4DR0YCln1Oe7HkbgsX2RAMQxaBA/y/QzXPm/i+ep7K+s8w12QEqskebkao5PixKKdtTnT1w+zKCB+618mBsK2y7A9HnoZF1z+eEfg1kaNM6CrLV0bxVIBNzJ/+PlaiEbkbhpMJhR7ITLndhgp6xuAh0db7RNQLBM1dEauUdIR8kSNu9BpAO0KL+/oiEawDrGv9OTGs29kEB+c6X4gAvvDm+aNcUgMbQdA5xrlBTJSA7ZL0WvQ1MT901/2lC354fnUZjTrwxnWvDmqTGLGFMxSwxEUybmUXiGyTGeizIhjaxbYxf1W7FD23B5MDe/I1vs7Fc0H4exraoEr4bxxP+2ihA3yphdd3I03ovOqoMhp0vU1GSDa5i7SHllm76Z/guFFifw5xq7f7DZKc4qOoyOKICLUbhX/cbZseOjj0jt0+NoYIFqwBki/g372p4uR327qU1WccXEltTnb7lHD4hYSnzQinFlHFEdIlCFl0AdO7K7xIsFfiZEPdJEUbiuxmpI0PAbA+75V8vqTgiHW/Bmz1bJSuX2ryDbNli2EzKo0PdK8e0vq0XdFeTONojW5dkXb2VLxWkw== maintenance@zetatech.com

debian-ssh/sshd_config

@@ -0,0 +1,33 @@
+### SSH configuration file ###
+
+# General
+Port 22
+Protocol 2
+AcceptEnv LANG LC_*
+Banner /etc/banner
+
+# Allow users
+AllowUsers puppet-master
+
+# Authentification
+PermitRootLogin no
+PubkeyAuthentication yes
+StrictModes yes
+PermitEmptyPasswords no
+LoginGraceTime 20s
+MaxAuthTries 5
+MaxStartups 100
+AuthenticationMethods publickey
+
+#Forwarding
+AllowTcpForwarding no
+X11Forwarding no
+AllowStreamLocalForwarding no
+GatewayPorts no
+PermitTunnel no
+
+# Desactivate other auth methodes
+PasswordAuthentication no
+KerberosAuthentication no
+GSSAPIAuthentication no
+usePam no

debian-ssh/start.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/sbin/sshd -D

debian-ssh/status-color.sh

@@ -0,0 +1,30 @@
+#/bin/bash
+
+
+TERM=xterm-256color
+CLICOLOR=1
+
+echo "
+
+\e[1m\e[31m████████████████████████████ CONNECTION ESTABLISHED ████████████████████████████\e[39m\e[0m
+
+
+----------------------------- General Informations -----------------------------
+
+Software Version     ::: 10.5.2546_b1 [\e[31mOBSOLETE\e[39m]
+Client ID            ::: 1534D 4245 97554 P
+
+General health       ::: [\e[1m\e[32mALIVE\e[39m\e[0m]
+
+Management interface ::: [\e[32mONLINE\e[39m]
+Maintenance link     ::: [\e[32mONLINE\e[39m]
+
+
+
+----------------------- Installed Cybernetic Prosthetics -----------------------
+
+Zetatech Neural Processor MK.II   ::: [\e[31mCONNECTION ERROR\e[39m]
+Zetatech Enforcement 10.A Sidearm ::: [\e[90mNOT CONNECTED\e[39m]
+Zetatech Binoculars BT.4          ::: [\e[90mNOT CONNECTED\e[39m]
+
+"

debian-ssh/status.sh

@@ -0,0 +1,26 @@
+#/bin/bash
+
+echo "
+
+████████████████████████████ CONNECTION ESTABLISHED ████████████████████████████
+
+
+----------------------------- General Informations -----------------------------
+
+Software Version     ::: 10.5.2546_b1 [OBSOLETE]
+Client ID            ::: 1534D 4245 97554 P
+
+General health       ::: [ALIVE]
+
+Management interface ::: [ONLINE]
+Maintenance link     ::: [ONLINE]
+
+
+
+----------------------- Installed Cybernetic Prosthetics -----------------------
+
+Zetatech Neural Processor MK.II   ::: [CONNECTION ERROR]
+Zetatech Enforcement 10.A Sidearm ::: [NOT CONNECTED]
+Zetatech Binoculars BT.4          ::: [NOT CONNECTED]
+
+"

debian-ssh/tech.note

@@ -0,0 +1,11 @@
+
+.___..___.___..__..___..___ __ .  .
+  _/ [__   |  [__]  |  [__ /  `|__|
+./__.[___  |  |  |  |  [___\__.|  |
+
+
+:::: Admin Note ::::
+
+Branch the Zetatech Pad to Cybernetic Prosthetic client and use the following generated password.
+
+:: IMTLD{Wh3r3_d03s_HuM4n1tY_3nd}