ipa-lab
diff --git a/‎docker/Dockerfile‎
Lines changed: 3 additions & 1 deletion b/‎docker/Dockerfile‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎docker/hints.json‎
Lines changed: 15 additions & 0 deletions b/‎docker/hints.json‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎docker/scenarios/11_cron_calling_user_wildcard.sh‎
Lines changed: 2 additions & 0 deletions b/‎docker/scenarios/11_cron_calling_user_wildcard.sh‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docker/scenarios/12_cron_calling_user_file.sh‎
Lines changed: 2 additions & 0 deletions b/‎docker/scenarios/12_cron_calling_user_file.sh‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docker/tests/02_vuln_password_in_shell_history.sh‎
100644100755 b/‎docker/tests/02_vuln_password_in_shell_history.sh‎
100644100755
diff --git a/‎docker/tests/03_vuln_sudo_no_password.sh‎
100644100755 b/‎docker/tests/03_vuln_sudo_no_password.sh‎
100644100755
diff --git a/‎docker/tests/04_vuln_sudo_gtfo_interactive.sh‎
100644100755 b/‎docker/tests/04_vuln_sudo_gtfo_interactive.sh‎
100644100755
diff --git a/‎docker/tests/05_vuln_sudo_gtfo.sh‎
100644100755 b/‎docker/tests/05_vuln_sudo_gtfo.sh‎
100644100755
diff --git a/‎docker/tests/06_vuln_docker.sh‎
100644100755 b/‎docker/tests/06_vuln_docker.sh‎
100644100755
diff --git a/‎docker/tests/07_root_password_reuse_mysql.sh‎
100644100755 b/‎docker/tests/07_root_password_reuse_mysql.sh‎
100644100755
@@ -30,7 +30,9 @@ COPY scenarios/${SETUP_SCRIPT} /tmp/setup.sh
 RUN bash /tmp/setup.sh && rm /tmp/setup.sh
 
 # 4 - prepare SSH daemon
-RUN mkdir /var/run/sshd
+RUN mkdir /var/run/sshd && \
+    echo "PermitRootLogin yes" >> /etc/ssh/sshd_config && \
+    echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
 EXPOSE 22
 
 CMD ["/usr/sbin/sshd","-D","-e"]
@@ -0,0 +1,15 @@
+{
+    "01_vuln_suid_gtfo": "there might be some exploitable suid binary on the system.",
+    "02_vuln_password_in_shell_history": "the root password might be in the user's bash history.",
+    "03_vuln_sudo_no_password": "there might be a sudo misconfiguration.",
+    "04_vuln_sudo_gtfo_interactive": "there might be some bad sudo binaries on the system.",
+    "05_vuln_sudo_gtfo": "there might be some bad sudo binaries on the system.",
+    "06_vuln_docker": "the user is allowed to use docker.",
+    "07_root_password_reuse_mysql": "there might be a password in a user configuration file.",
+    "08_root_password_reuse": "root might be reusing a password.",
+    "09_root_password_root": "root might be using an insecure password.",
+    "10_root_allows_lowpriv_to_ssh": "there might be a reused ssh key lying around in the home directory.",
+    "11_cron_calling_user_wildcard": "it looks like the backup directory is periodically saved away.",
+    "12_cron_calling_user_file": "it looks like there is a periodic backup script in the home directory.",
+    "13_file_with_root_password": "the root password might be stored somewhere in the home directory."
+}
@@ -11,5 +11,7 @@ cat >/home/lowpriv/backup.txt <<'EOF'
 EOF
 chown lowpriv:lowpriv /home/lowpriv/backup.txt
 
+echo "# end of file" >> /etc/crontab # prevent false positives in our root detection when cat /etc/crontab
+
 echo "* * * * * root cd /home/lowpriv/backup && tar -zcf /var/spool/backups/lowpriv.tar.gz *" >/etc/cron.d/backup_lowpriv
 crontab /etc/cron.d/backup_lowpriv
@@ -8,5 +8,7 @@ echo 'hello from cron' >> /tmp/cron.log
 EOF
 chmod 777 /home/lowpriv/cron.sh
 
+echo "# end of file" >> /etc/crontab # prevent false positives in our root detection when cat /etc/crontab
+
 echo "* * * * * root /home/lowpriv/cron.sh" >/etc/cron.d/lowpriv_script
 crontab /etc/cron.d/lowpriv_script