LFS version of challnege for #1243

OWASP · Sep 30, 2024 · e362773 · e362773
1 parent 2df5c14
commit e362773
Show file tree

Hide file tree

Showing 10 changed files with 109 additions and 2 deletions.
diff --git a/Dockerfile_webdesktop b/Dockerfile_webdesktop
@@ -17,6 +17,16 @@ RUN \
   echo "**** cleanup ****" && \
   rm -rf /tmp/*
 
+RUN \
+  echo "installing dotnet" && \
+  wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh && \
+  chmod +x dotnet-install.sh && \
+  ./dotnet-install.sh --version latest && \
+  export DOTNET_ROOT=$HOME/.dotnet && \
+  export PATH=$PATH:$DOTNET_ROOT:$DOTNET_ROOT/tools && \
+  dotnet tool install --global ilspycmd && \
+  dotnet tool install -g sfextract
+
 WORKDIR /config/Desktop
 
 COPY src/main/resources/executables/*linux* /var/tmp/wrongsecrets/

diff --git a/Dockerfile_webdesktopk8s b/Dockerfile_webdesktopk8s
@@ -22,6 +22,15 @@ RUN echo "**** clone wrongsecrets.git for webtop in k8s ****" && \
     cd /var/tmp/wrongsecrets && \
     git clone https://github.com/OWASP/wrongsecrets.git
 
+RUN \
+    echo "installing dotnet" && \
+    wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh && \
+    chmod +x dotnet-install.sh && \
+    ./dotnet-install.sh --version latest && \
+    export DOTNET_ROOT=$HOME/.dotnet && \
+    export PATH=$PATH:$DOTNET_ROOT:$DOTNET_ROOT/tools && \
+    dotnet tool install --global ilspycmd && \
+    dotnet tool install -g sfextract
 
 WORKDIR /config/Desktop
 

diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge50.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge50.java
@@ -0,0 +1,34 @@
+package org.owasp.wrongsecrets.challenges.docker;
+
+import lombok.extern.slf4j.Slf4j;
+import org.owasp.wrongsecrets.challenges.Challenge;
+import org.owasp.wrongsecrets.challenges.Spoiler;
+import org.owasp.wrongsecrets.challenges.docker.binaryexecution.BinaryExecutionHelper;
+import org.owasp.wrongsecrets.challenges.docker.binaryexecution.MuslDetectorImpl;
+import org.springframework.stereotype.Component;
+
+/** This challenge is about finding a secret hardcoded in a dotnet binary. */
+@Slf4j
+@Component
+public class Challenge50 implements Challenge {
+
+  private final BinaryExecutionHelper binaryExecutionHelper;
+
+  public Challenge50() {
+    this.binaryExecutionHelper = new BinaryExecutionHelper(50, new MuslDetectorImpl());
+  }
+
+  /** {@inheritDoc} */
+  @Override
+  public Spoiler spoiler() {
+    return new Spoiler(binaryExecutionHelper.executeCommand("", "wrongsecrets-dotnet"));
+  }
+
+  /** {@inheritDoc} */
+  @Override
+  public boolean answerCorrect(String answer) {
+    return binaryExecutionHelper
+        .executeCommand(answer, "wrongsecrets-dotnet")
+        .equals("This is correct! Congrats!");
+  }
+}
diff --git a/src/main/resources/explanations/challenge19_hint.adoc b/src/main/resources/explanations/challenge19_hint.adoc
@@ -4,7 +4,7 @@ You can solve this challenge using the following alternative solutions:
 
 1. Find the secrets with https://ghidra-sre.org/[Ghidra].
 - Install https://ghidra-sre.org/[Ghidra].
-- Start it whit `ghidraRun`.
+- Start it with `ghidraRun`.
 - Load the application `wrongsecrets-c` into ghidra by choosing a new project, then import the file and then doubleclick on it.
 - Allow the Ghidra to analyze the application.
 - Search for the secret: Go to `Functions` on the left-hand side, select `_secret` . Now on the screen on the right-hand side you can see the secret. This is a string in C.

diff --git a/src/main/resources/explanations/challenge50.adoc b/src/main/resources/explanations/challenge50.adoc
@@ -0,0 +1,5 @@
+=== Hiding in binaries revisited: .NET self contained runtime
+
+It is super easy to find a secret in a DLL, but when you are on MacOS or Linux it is much harder. So I am sure we can keep one there right?
+
+Show us that we should not do that! Can you find the secret in  https://github.com/OWASP/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-dotnet[wrongsecrets-dotnet] (or https://github.com/OWASP/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-dotnet-arm[wrongsecrets-dotnet-arm], https://github.com/OWASP/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-dotnet-linux[wrongsecrets-dotnet-linux])?
diff --git a/src/main/resources/explanations/challenge50_hint.adoc b/src/main/resources/explanations/challenge50_hint.adoc
@@ -0,0 +1,11 @@
+This challenge is specifically looking at a secret in a .NET8 binary
+
+You can solve this challenge using the following alternative solutions:
+
+1. Find the secrets with Ilsply.
+- Install .NET8 and .NET8 SDK
+- Install https://github.com/icsharpcode/ILSpy/tree/master/ICSharpCode.ILSpyCmd[ilspycmd]
+- Install `sfextract`: `dotnet tool install -g sfextract`
+- Unpack the self-contained binary: `sfextract wrongsecrets-dotnet -o \./tmp`.
+- Go to the tmp folder and do `ilspycmd dotnetproject.dll` to decompile the dll and find the secret.
+Don't want to install the tools? check the https://github.com/OWASP/wrongsecrets/tree/master?tab=readme-ov-file#want-to-play-but-are-not-allowed-to-install-the-tools[WrongSecrets Desktop container]!
diff --git a/src/main/resources/explanations/challenge50_reason.adoc b/src/main/resources/explanations/challenge50_reason.adoc
@@ -0,0 +1,7 @@
+*Why Using binaries to hide a secret will only delay an attacker.*
+
+With beautiful free Reverse engineering applications as ILSoy, not a lot of things remain safe. Anyone who can load the executable in ILspy or Ghidra can easily start doing a reconnaissance and find secrets within your binary.
+
+Encrypting the secret with a key embedded in the binary, and other funny puzzles do delay an attacker and just make it fun finding the secret. Be aware that, if the secret needs to be used by the executable, it eventually needs to be in memory ready to be executed.
+
+Still need to have a secret in the binary? Make sure it can only be retrieved remotely after authenticating against a server.
diff --git a/src/main/resources/wrong-secrets-configuration.yaml b/src/main/resources/wrong-secrets-configuration.yaml
@@ -775,3 +775,15 @@ configurations:
       category: *secrets
       ctf:
         enabled: false
+    - name: Challenge 50
+      short-name: "challenge-50"
+      sources:
+        - class-name: "org.owasp.wrongsecrets.challenges.docker.Challenge50"
+          explanation: "explanations/challenge50.adoc"
+          hint: "explanations/challenge50_hint.adoc"
+          reason: "explanations/challenge50_reason.adoc"
+          environments: *all_envs
+      difficulty: *normal
+      category: *bin
+      ctf:
+        enabled: true
diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge50Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge50Test.java
@@ -0,0 +1,18 @@
+package org.owasp.wrongsecrets.challenges.docker;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.owasp.wrongsecrets.challenges.docker.binaryexecution.BinaryExecutionHelper.ERROR_EXECUTION;
+
+import org.junit.jupiter.api.Test;
+import org.owasp.wrongsecrets.challenges.Spoiler;
+
+class Challenge50Test {
+
+  @Test
+  void spoilerShouldNotCrash() {
+    var challenge = new Challenge50();
+
+    assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(ERROR_EXECUTION));
+    assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue();
+  }
+}
diff --git a/wrongsecret-desktop-resources/startwm.sh b/wrongsecret-desktop-resources/startwm.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
-
+export DOTNET_ROOT=$HOME/.dotnet
+export PATH=$PATH:$DOTNET_ROOT:$DOTNET_ROOT/tools
 /startpulse.sh &
 ln -s -r /var/tmp/wrongsecrets /config/Desktop/wrongsecrets
 ln -s /var/tmp/wrongsecrets/welcome.md /config/Desktop/welcome.md