Skip to content

Commit

Permalink
Merge pull request #1654 from OWASP/web-dotnetchallenge
Browse files Browse the repository at this point in the history
Challenge50: dotnet
  • Loading branch information
commjoen authored Oct 7, 2024
2 parents c07bb6d + 088b8c9 commit 0133bfd
Show file tree
Hide file tree
Showing 20 changed files with 307 additions and 153 deletions.
18 changes: 18 additions & 0 deletions .github/scripts/docker-create.sh
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,18 @@ generate_test_data() {
fi
}

download_dot_net_binaries() {
BINARY_VERSION=0.1.0
echo "downloading dotnet binaries, version $BINARY_VERSION"
rm ../../src/main/resources/executables/wrongsecrets-dotne*
curl -L -o ../../src/main/resources/executables/wrongsecrets-dotnet https://github.com/OWASP/wrongsecrets-binaries/releases/download/$BINARY_VERSION/wrongsecrets-dotnet
curl -L -o ../../src/main/resources/executables/wrongsecrets-dotnet-arm https://github.com/OWASP/wrongsecrets-binaries/releases/download/$BINARY_VERSION/wrongsecrets-dotnet-arm
curl -L -o ../../src/main/resources/executables/wrongsecrets-dotnet-linux https://github.com/OWASP/wrongsecrets-binaries/releases/download/$BINARY_VERSION/wrongsecrets-dotnet-linux
curl -L -o ../../src/main/resources/executables/wrongsecrets-dotnet-linux-arm https://github.com/OWASP/wrongsecrets-binaries/releases/download/$BINARY_VERSION/wrongsecrets-dotnet-linux-arm
curl -L -o ../../src/main/resources/executables/wrongsecrets-dotnet-linux-musl https://github.com/OWASP/wrongsecrets-binaries/releases/download/$BINARY_VERSION/wrongsecrets-dotnet-linux-musl
curl -L -o ../../src/main/resources/executables/wrongsecrets-dotnet-linux-musl-arm https://github.com/OWASP/wrongsecrets-binaries/releases/download/$BINARY_VERSION/wrongsecrets-dotnet-linux-musl-arm
}

build_update_pom() {
echo "Building new license overview"
cd ../.. && ./mvnw license:add-third-party -Dlicense.excludedScopes=test
Expand All @@ -314,6 +326,11 @@ build_update_pom() {
echo "Building and updating pom.xml file so we can use it in our docker"
cd ../.. && ./mvnw clean && ./mvnw --batch-mode release:update-versions -DdevelopmentVersion=${tag}-SNAPSHOT && ./mvnw spotless:apply && ./mvnw install -DskipTests
cd .github/scripts
echo "Removing unnecessary binaries from the jar file"
zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-dotnet
zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-dotnet-arm
zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-dotnet-linux
zip -d ../../target/*.jar BOOT-INF/classes/executables/wrongsecrets-dotnet-linux-arm
docker buildx create --name mybuilder
docker buildx use mybuilder
}
Expand Down Expand Up @@ -424,6 +441,7 @@ check_correct_launch_location
check_os
check_required_install
generate_test_data
download_dot_net_binaries
build_update_pom
create_containers
restore_temp_change
Expand Down
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,10 @@ yourkey.txt
src/main/resources/executables/.gdb_history
src/main/resources/executables/decrypt/decrypt

# Challenge 50
src/main/resources/executables/wrongsecrets-dotnet
src/main/resources/executables/wrongsecrets-dotnet*

# Node JS
js/node/
js/node_modules/
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ RUN echo "2vars"
RUN echo "$ARG_BASED_PASSWORD"
RUN echo "$argBasedPassword"

RUN apk add --no-cache libstdc++
RUN apk add --no-cache libstdc++ icu-libs

#RUN useradd -u 2000 -m wrongsecrets
RUN adduser -u 2000 -D wrongsecrets
Expand All @@ -24,7 +24,7 @@ USER wrongsecrets
COPY --chown=wrongsecrets target/wrongsecrets-${argBasedVersion}-SNAPSHOT.jar /application.jar
COPY --chown=wrongsecrets .github/scripts/ /var/tmp/helpers
COPY --chown=wrongsecrets .github/scripts/.bash_history /home/wrongsecrets/
COPY --chown=wrongsecrets src/main/resources/executables/ /home/wrongsecrets/
COPY --chown=wrongsecrets src/main/resources/executables/*linux-musl* /home/wrongsecrets/
COPY --chown=wrongsecrets src/test/resources/alibabacreds.kdbx /var/tmp/helpers
COPY --chown=wrongsecrets src/test/resources/RSAprivatekey.pem /var/tmp/helpers/
USER wrongsecrets
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile.web
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
FROM jeroenwillemsen/wrongsecrets:1.9.1-no-vault
ARG argBasedVersion="1.9.1-no-vault"
FROM jeroenwillemsen/wrongsecrets:1.9.1beta6-no-vault
ARG argBasedVersion="1.9.2beta6-no-vault"
ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
ARG CTF_ENABLED=false
ARG HINTS_ENABLED=true
Expand Down
12 changes: 11 additions & 1 deletion Dockerfile_webdesktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,24 @@ RUN \

RUN \
echo "**** install packages ****" && \
apk add --no-cache shadow keepassxc radare2 aws-cli geany git build-base && \
apk add --no-cache shadow keepassxc radare2 aws-cli geany git build-base icu-libs icu-data-full&& \
echo "**** adding abc user to root for Docker ****" && \
usermod -aG root abc && \
touch /var/run/docker.sock && \
chown abc:abc /var/run/docker.sock && \
echo "**** cleanup ****" && \
rm -rf /tmp/*

RUN \
echo "installing dotnet" && \
wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh && \
chmod +x dotnet-install.sh && \
./dotnet-install.sh --version latest && \
export DOTNET_ROOT=$HOME/.dotnet && \
export PATH=$PATH:$DOTNET_ROOT:$DOTNET_ROOT/tools && \
dotnet tool install --global ilspycmd && \
dotnet tool install -g sfextract

WORKDIR /config/Desktop

COPY src/main/resources/executables/*linux* /var/tmp/wrongsecrets/
Expand Down
11 changes: 10 additions & 1 deletion Dockerfile_webdesktopk8s
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ RUN \

RUN \
echo "**** install packages ****" && \
apk add --no-cache shadow keepassxc radare2 aws-cli geany git build-base && \
apk add --no-cache shadow keepassxc radare2 aws-cli geany git build-base icu-libs icu-data-full && \
echo "**** adding abc user to root for Docker ****" && \
usermod -aG root abc && \
touch /var/run/docker.sock && \
Expand All @@ -22,6 +22,15 @@ RUN echo "**** clone wrongsecrets.git for webtop in k8s ****" && \
cd /var/tmp/wrongsecrets && \
git clone https://github.com/OWASP/wrongsecrets.git

RUN \
echo "installing dotnet" && \
wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh && \
chmod +x dotnet-install.sh && \
./dotnet-install.sh --version latest && \
export DOTNET_ROOT=$HOME/.dotnet && \
export PATH=$PATH:$DOTNET_ROOT:$DOTNET_ROOT/tools && \
dotnet tool install --global ilspycmd && \
dotnet tool install -g sfextract

WORKDIR /config/Desktop

Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/owasp/wrongsecrets/Challenges.java
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ public static final class ErrorResponses {
public static final String DECRYPTION_ERROR = "Error Decrypting";
public static final String EXECUTION_ERROR = "Error Executing executable";
public static final String FILE_MOUNT_ERROR = "Error reading secret";
// if_you_see_this_please_fix_the_keepass_setup
public static final String DOWNLOAD_DOTNET_ERROR =
"Error, please add the dotnet binary to the challenges file.";
}

public Challenges(ChallengeDefinitionsConfiguration definitions, List<Challenge> challenges) {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
package org.owasp.wrongsecrets.challenges.docker;

import com.google.api.client.util.Strings;
import lombok.extern.slf4j.Slf4j;
import org.owasp.wrongsecrets.challenges.Challenge;
import org.owasp.wrongsecrets.challenges.Spoiler;
import org.owasp.wrongsecrets.challenges.docker.binaryexecution.BinaryExecutionHelper;
import org.owasp.wrongsecrets.challenges.docker.binaryexecution.MuslDetectorImpl;
import org.springframework.stereotype.Component;

/** challenge about dotnet binaries. Please download them from the wrongsecrets-binaries release. */
@Slf4j
@Component
public class Challenge50 implements Challenge {
private final BinaryExecutionHelper binaryExecutionHelper;
private String correctAnswer;

public Challenge50() {
this.binaryExecutionHelper = new BinaryExecutionHelper(50, new MuslDetectorImpl());
}

/** {@inheritDoc} */
@Override
public Spoiler spoiler() {
if (Strings.isNullOrEmpty(correctAnswer)) {
this.correctAnswer = binaryExecutionHelper.executeCommand("", "wrongsecrets-dotnet");
}
return new Spoiler(correctAnswer);
}

/** {@inheritDoc} */
@Override
public boolean answerCorrect(String answer) {
if (Strings.isNullOrEmpty(correctAnswer)) {
this.correctAnswer = binaryExecutionHelper.executeCommand("", "wrongsecrets-dotnet");
}
return correctAnswer.equals(answer);
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package org.owasp.wrongsecrets.challenges.docker.binaryexecution;

import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DOWNLOAD_DOTNET_ERROR;
import static org.owasp.wrongsecrets.Challenges.ErrorResponses.EXECUTION_ERROR;

import com.google.common.annotations.VisibleForTesting;
Expand Down Expand Up @@ -57,6 +58,9 @@ public String executeGoCommand(String guess) {
return result;
} catch (Exception e) {
log.warn("Error executing:", e);
if (challengeNumber == 50) {
return DOWNLOAD_DOTNET_ERROR;
}
return ERROR_EXECUTION;
}
}
Expand Down Expand Up @@ -84,9 +88,18 @@ public String executeCommand(String guess, String fileName) {
"stdout challenge {}: {}",
challengeNumber,
result.lines().collect(Collectors.joining("")));
if (!Strings.isNullOrEmpty(result) && result.contains("command not found")) {
if (challengeNumber == 50) {
return DOWNLOAD_DOTNET_ERROR;
}
return ERROR_EXECUTION;
}
return result;
} catch (Exception e) {
log.warn("Error executing:", e);
if (challengeNumber == 50) {
return DOWNLOAD_DOTNET_ERROR;
}
executionException = e;
return ERROR_EXECUTION;
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/explanations/challenge19_hint.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ You can solve this challenge using the following alternative solutions:

1. Find the secrets with https://ghidra-sre.org/[Ghidra].
- Install https://ghidra-sre.org/[Ghidra].
- Start it whit `ghidraRun`.
- Start it with `ghidraRun`.
- Load the application `wrongsecrets-c` into ghidra by choosing a new project, then import the file and then doubleclick on it.
- Allow the Ghidra to analyze the application.
- Search for the secret: Go to `Functions` on the left-hand side, select `_secret` . Now on the screen on the right-hand side you can see the secret. This is a string in C.
Expand Down
5 changes: 5 additions & 0 deletions src/main/resources/explanations/challenge50.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
=== Hiding in binaries revisited: .NET self contained runtime

It is super easy to find a secret in a DLL, but when you are on MacOS or Linux it is much harder. So I am sure we can keep one there right?

Show us that we should not do that! Can you find the secret in https://github.com/OWASP/wrongsecrets-binaries/releases/download/0.1.0/wrongsecrets-dotnet[wrongsecrets-dotnet] (or https://github.com/OWASP/wrongsecrets-binaries/releases/download/0.1.0/wrongsecrets-dotnet-arm[wrongsecrets-dotnet-arm], https://github.com/OWASP/wrongsecrets-binaries/releases/download/0.1.0/wrongsecrets-dotnet-linux[wrongsecrets-dotnet-linux])?
14 changes: 14 additions & 0 deletions src/main/resources/explanations/challenge50_hint.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
This challenge is specifically looking at a secret in a .NET8 binary

You can solve this challenge using the following alternative solutions:

1. Find the secrets with ILSpy.
- obtain the wrongsecrets-dotnet-<platform> binary, for this you can:
- retrieve it from the Docker image
- download it from the https://github.com/OWASP/wrongsecrets-binaries/releases[Wrongsecrets Binaries]
- Install .NET8 and .NET8 SDK
- Install https://github.com/icsharpcode/ILSpy/tree/master/ICSharpCode.ILSpyCmd[ilspycmd]
- Install `sfextract`: `dotnet tool install -g sfextract`
- Unpack the self-contained binary: `sfextract wrongsecrets-dotnet -o \./tmp`.
- Go to the tmp folder and do `ilspycmd dotnetproject.dll` to decompile the dll and find the secret.
Don't want to install the tools? check the https://github.com/OWASP/wrongsecrets/tree/master?tab=readme-ov-file#want-to-play-but-are-not-allowed-to-install-the-tools[WrongSecrets Desktop container]!
7 changes: 7 additions & 0 deletions src/main/resources/explanations/challenge50_reason.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
*Why Using binaries to hide a secret will only delay an attacker.*

With beautiful free Reverse engineering applications like ILSpy, not a lot of things remain safe. Anyone who can load the executable in such tools can easily do reconnaissance and find secrets within your binary.

Encrypting the secret with a key embedded in the binary, and other funny puzzles do delay an attacker and just make it fun finding the secret. Be aware that, if the secret needs to be used by the executable, it eventually needs to be in memory ready to be executed.

Still need to have a secret in the binary? Make sure it can only be retrieved remotely after authenticating against a server.
Loading

0 comments on commit 0133bfd

Please sign in to comment.