Merge pull request #382 from commjoen/keyspec-fun

Added crypto challenge 24 for (solution for #377) And updated wrongsecrets Desktop

Dockerfile.webdesktop

@@ -2,11 +2,14 @@ FROM lscr.io/linuxserver/webtop:latest
 
 RUN \
   echo "**** install packages ****" && \
-  apk add --no-cache keepassxc radare2 && \
+  apk add --no-cache keepassxc radare2 aws-cli geany && \
   echo "**** cleanup ****" && \
   rm -rf \
     /tmp/*
 
-RUN mkdir /home/wrongsecrets
-COPY src/main/resources/executables/ /home/wrongsecrets/
+RUN mkdir ~/Desktop
+COPY src/main/resources/executables/ /config/Desktop/wrongsecrets
 COPY src/test/resources/alibabacreds.kdbx /var/tmp/helpers
+COPY src/test/resources/alibabacreds.kdbx /config/Desktop/wrongsecrets
+COPY wrongsecret-desktop-resources/welcome.md /config/Desktop
+COPY wrongsecret-desktop-resources/welcome.md /config/Desktop/wrongsecrets

config/.lycheeignore

@@ -4,3 +4,4 @@ file://.*
 # This is used as an example when creating a pull request
 https://github.com/Your_Github_Handle.*
 https://wrongsecrets-ctf.herokuapp.com/api/Challenges
+https://wrongsecrets.herokuapp.com

src/main/java/org/owasp/wrongsecrets/challenges/ChallengeTechnology.java

@@ -0,0 +1,20 @@
+package org.owasp.wrongsecrets.challenges;
+
+import java.util.Arrays;
+
+public class ChallengeTechnology {
+
+    public enum Tech {
+
+        GIT("Git"), DOCKER("Docker"), CONFIGMAPS("Configmaps"), SECRETS("Secrets"), VAULT("Vault"), LOGGING("Logging"), TERRAFORM("Terraform"), CSI("CSI-Driver"), CICD("CI/CD"), PASSWORD_MANAGER("Password Manager"), CRYPTOGRAPHY("Cryptography"), BINARY("Binary"), FRONTEND("Front-end"), IAM("IAM privilege escalation");
+        public final String id;
+
+        Tech(String id) {
+            this.id = id;
+        }
+
+        static ChallengeTechnology.Tech fromId(String id) {
+            return Arrays.stream(ChallengeTechnology.Tech.values()).filter(e -> e.id.equalsIgnoreCase(id)).findAny().get();
+        }
+    }
+}

src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge10.java

@@ -4,6 +4,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -64,6 +65,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "CSI-Driver";
+        return ChallengeTechnology.Tech.CSI.id;
     }
 }

src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java

@@ -8,6 +8,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -99,7 +100,7 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "IAM Privilege escalation";
+        return ChallengeTechnology.Tech.IAM.id;
     }
 
     private String getChallenge11Value(RuntimeEnvironment runtimeEnvironment) {

src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge9.java

@@ -4,6 +4,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -64,6 +65,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Terraform";
+        return ChallengeTechnology.Tech.TERRAFORM.id;
     }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge1.java

@@ -4,6 +4,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
@@ -41,6 +42,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Git";
+        return ChallengeTechnology.Tech.GIT.id;
     }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -49,7 +50,7 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Docker";
+        return ChallengeTechnology.Tech.DOCKER.id;
     }
 
     private String getActualData() {

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -55,7 +56,7 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "CI/CD";
+        return ChallengeTechnology.Tech.CICD.id;
     }
 
     private boolean isKeyCorrect(String base64EncodedKey) {

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge14.java

@@ -11,6 +11,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -61,7 +62,7 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Password manager";
+        return ChallengeTechnology.Tech.PASSWORD_MANAGER.id;
     }
 
     private String findAnswer() {

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java

@@ -4,6 +4,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -56,7 +57,7 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Git";
+        return ChallengeTechnology.Tech.GIT.id;
     }
 
     private String quickDecrypt(String cipherText) {

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -49,7 +50,7 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Front-end";
+        return ChallengeTechnology.Tech.FRONTEND.id;
     }
 
     public String getActualData() {

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge17.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -49,7 +50,7 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Docker";
+        return ChallengeTechnology.Tech.DOCKER.id;
     }
 
     public String getActualData() {

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge18.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -73,6 +74,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Cryptography";
+        return ChallengeTechnology.Tech.CRYPTOGRAPHY.id;
     }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge19.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
@@ -47,6 +48,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Binary";
+        return ChallengeTechnology.Tech.BINARY.id;
     }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge2.java

@@ -4,6 +4,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -45,6 +46,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Git";
+        return ChallengeTechnology.Tech.GIT.id;
     }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge20.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
@@ -47,6 +48,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Binary";
+        return ChallengeTechnology.Tech.BINARY.id;
     }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge21.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
@@ -47,6 +48,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Binary";
+        return ChallengeTechnology.Tech.BINARY.id;
     }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge22.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
@@ -46,6 +47,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Binary";
+        return ChallengeTechnology.Tech.BINARY.id;
     }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge23.java

@@ -5,6 +5,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.spongycastle.util.encoders.Base64;
 import org.spongycastle.util.encoders.Hex;
@@ -45,7 +46,7 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Front-end";
+        return ChallengeTechnology.Tech.FRONTEND.id;
     }
 
     public String getActualData() {

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge24.java

@@ -0,0 +1,54 @@
+package org.owasp.wrongsecrets.challenges.docker;
+
+
+import lombok.extern.slf4j.Slf4j;
+import org.owasp.wrongsecrets.RuntimeEnvironment;
+import org.owasp.wrongsecrets.ScoreCard;
+import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
+import org.owasp.wrongsecrets.challenges.Spoiler;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+@Slf4j
+@Component
+@Order(24)
+public class Challenge24 extends Challenge {
+
+    public Challenge24(ScoreCard scoreCard) {
+        super(scoreCard);
+    }
+
+    @Override
+    public Spoiler spoiler() {
+        return new Spoiler(getActualData());
+    }
+
+    @Override
+    public boolean answerCorrect(String answer) {
+        log.info("challenge 24, actualdata: {}, answer: {}", getActualData(), answer);
+        return getActualData().equals(answer);
+    }
+
+    @Override
+    public List<RuntimeEnvironment.Environment> supportedRuntimeEnvironments() {
+        return List.of(RuntimeEnvironment.Environment.DOCKER);
+    }
+
+    @Override
+    public int difficulty() {
+        return 2;
+    }
+
+    @Override
+    public String getTech() {
+        return ChallengeTechnology.Tech.CRYPTOGRAPHY.id;
+    }
+
+    public String getActualData() {
+        return "00010203 04050607 08090A0B 0C0D0E0F 10111213 14151617 18191A1B 1C1D1E1F 20212223 24252627 28292A2B 2C2D2E2F 30313233 34353637 38393A3B 3C3D3E3F";
+
+    }
+}

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge3.java

@@ -4,6 +4,7 @@
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -45,6 +46,6 @@ public int difficulty() {
 
     @Override
     public String getTech() {
-        return "Docker";
+        return ChallengeTechnology.Tech.DOCKER.id;
     }
 }