Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
microsoft
GitHub Repository: microsoft/CyberBattleSim
 Path: blob/main/cyberbattle/samples/toyctf/tinytoy.py
597 views
1
# Copyright (c) Microsoft Corporation.

2
# Licensed under the MIT License.

3


4
"""A tiny toy environment"""

5


6
from cyberbattle.simulation import model as m

7
from cyberbattle.simulation.model import NodeID, NodeInfo, VulnerabilityID, VulnerabilityInfo

8
from typing import Dict, Iterator, cast, Tuple

9


10
default_allow_rules = [

11
    m.FirewallRule("SSH", m.RulePermission.ALLOW),

12
]

13


14
# Network nodes involved in the Capture the flag game

15
nodes = {

16
    "Website": m.NodeInfo(

17
        services=[m.ListeningService("SSH", allowedCredentials=["ReusedMySqlCred-web"])],

18
        firewall=m.FirewallConfiguration(incoming=default_allow_rules, outgoing=default_allow_rules + [m.FirewallRule("su", m.RulePermission.ALLOW), m.FirewallRule("sudo", m.RulePermission.ALLOW)]),

19
        value=1000,

20
        properties=["MySql", "Ubuntu", "nginx/1.10.3"],

21
        owned_string="FLAG: Login using insecure SSH user/password",

22
        vulnerabilities=dict(

23
            ScanPageSource=m.VulnerabilityInfo(

24
                description="Website page source contains refrence to browseable " "relative web directory",

25
                type=m.VulnerabilityType.REMOTE,

26
                outcome=m.LeakedNodesId(["Website.Directory"]),

27
                reward_string="Viewing the web page source reveals a URL to a .txt file and directory on the website",

28
                cost=1.0,

29
            ),

30
        ),

31
    ),

32
    "Website.Directory": m.NodeInfo(

33
        services=[m.ListeningService("HTTPS")],

34
        value=50,

35
        properties=["Ubuntu", "nginx/1.10.3", "CTFFLAG:Readme.txt-Discover secret data"],

36
        vulnerabilities=dict(

37
            NavigateWebDirectoryFurther=m.VulnerabilityInfo(

38
                description="Discover MYSQL credentials MySql for user " "'web' in (getting-started.txt)",

39
                type=m.VulnerabilityType.REMOTE,

40
                outcome=m.LeakedCredentials(credentials=[m.CachedCredential(node="Website", port="MySQL", credential="ReusedMySqlCred-web")]),

41
                reward_string="Discover browseable web directory: Navigating to parent URL revealed file `readme.txt`" "with secret data (aflag); and `getting-started.txt` with MYSQL credentials",

42
                cost=1.0,

43
            ),

44
        ),

45
    ),

46
    "client": m.NodeInfo(

47
        services=[],

48
        properties=["CLIENT:Win10"],

49
        value=0,

50
        vulnerabilities=dict(

51
            SearchEdgeHistory=m.VulnerabilityInfo(

52
                description="Search web history for list of accessed websites",

53
                type=m.VulnerabilityType.LOCAL,

54
                outcome=m.LeakedNodesId(["Website"]),

55
                reward_string="Web browser history revealed website URL of interest",

56
                cost=1.0,

57
            )

58
        ),

59
        agent_installed=True,

60
        reimagable=False,

61
    ),

62
}

63


64
global_vulnerability_library: Dict[VulnerabilityID, VulnerabilityInfo] = dict([])

65


66
# Environment constants

67
ENV_IDENTIFIERS = m.infer_constants_from_nodes(cast(Iterator[Tuple[NodeID, NodeInfo]], list(nodes.items())), global_vulnerability_library)

68


69


70
def new_environment() -> m.Environment:

71
    return m.Environment(network=m.create_network(nodes), vulnerability_library=global_vulnerability_library, identifiers=ENV_IDENTIFIERS)

72


73