as the title. too lazy to install a VirtualBox...

Here is some suggested language for the README file for including a link to the CTF project repo; feel free to use, modify, or not use at your discretion. Here's a direct link the project in case it's helpful: https://github.com/cole-wustl/seed-labs-ctf

Suggested language:

Open-Source CTF Project

A set of Capture The Flag (CTF) challenges corresponding to individual
SEED Labs has been developed separately from the main SEED Labs project
and is maintained in the following GitHub repository:
https://github.com/cole-wustl/seed-labs-ctf.
Please visit the repository for details and instructions on how to
download/use the CTF platform.

Is the image "handsonsecurity/seed-ubuntu" used in certain labs working on Mac M1 laptops? I am having problems running a lab on Mac M1 and I think the image is not updated to support M1 architecture. If possible update all docker images to support multiple cpu architectures including Mac M1. Thanks.

The lab used handsonsecurity/seed-ubuntu:medium to be the client machine and requires to run dig command in Task 1.c.
However, dnsutils is not installed in this docker image.

Problem with docker compose up
Apple M2 Pro
MacOs 14.2.1
seed_postgres | 2024-01-11 20:45:00.168 UTC [1] LOG: listening on IPv6 address "::", port 5432
seed_postgres | 2024-01-11 20:45:00.170 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/seed/docker/start_celery_docker.sh": stat /seed/docker/start_celery_docker.sh: no such file or directory: unknown

My co-instructor and I have a student group in an Intro to Security class who, for a class project, are designing a password-cracking lab after the model of the SEED labs we've done in class. Is this a topic of potential interest for a SEED Lab? If so, what would be the best way to collaborate and see whether the SEED Project would be interested in including their work? Happy to connect the group and discuss midstream or wait until the assignment is fully functional and present it then for a look.

Crypto PKI is a prerequisite of Crypto TLS.
However, the Crypto TLS lab has been tested on 20.04 VM, while the Crypto PKI has only 16.04 VM.

Hi,

I've just found that there's Packer which can be used to build VM image from a configuration file. It supports Amazon EC2, Google Cloud, Virtual Box, etc.
On the one hand, this may improve the workflow and take one step to continuous integration. On the other hand, it exports ova or ovf which is easier for students to import to Virtual Box.
Please look into the possibility to introduce Packer to this project.

Describe the bug
It's unable to change PROMISC model sometimes.
cat /sys/class/net/br-xxx/flags should be used to check PROMISC model rather than ifconfig, since command ifconfig cannot accurately feedback the status of PROMISC model.
By the way, 0x1003 means down, 0x1103 means the opposite.

Expected behavior
I found it easy to resolve this problem by rebuilding containers. But I'm curious about the reason why it went wrong.

Screenshots

According to md5_firsttime.sh, you've installed md5collgen into /usr/bin instead of /home/seed/bin

Hi! I'm about to run the XSS lab and in my setup it appears that Elgg (running on 10.9.0.5) cannot connect to the database (10.9.0.6). I attached to the DB container and confirmed that I cannot connect to mysql via the CLI with username seed or username root when using the password dees that is hardcoded into the elgg-settings.php file:

Can you confirm on your end? What other credentials might work for this lab?

Hi,

I was trying to run the XSS lab and found the seed-server.com domain used by the first 3 tasks is parked. Is there a new domain name or how can I have access to the experiment website soon?

Many thanks,

Environment
First of all, I think it's necessary to explain my situation to show the one-sidedness of my problems.
Based on the reference Kevin gave last time, I built my own SEED VM on the cloud because my machine is based on M1. Therefore, I have no conditions to test the problem on the pre-built SEED VM. I think this may be a distraction, although I think it doesn't matter.

Problem
According to the code on page 8 of 《SEED Labs – Packet Sniffing and Spoofing Lab》.

#include <pcap.h>
#include <stdio.h>
/* This function will be invoked by pcap for each captured packet.
We can process each packet inside the function.
*/
void got_packet(u_char *args, const struct pcap_pkthdr *header,
            const u_char *packet)
{
    printf("Got a packet\n");
}
int main()
{
    pcap_t *handle;
    char errbuf[PCAP_ERRBUF_SIZE];
    struct bpf_program fp;
    char filter_exp[] = "icmp";
    bpf_u_int32 net;

    // Step 1: Open live pcap session on NIC with name eth3
    // Students needs to change "eth3" to the name
    // found on their own machines (using ifconfig).
    handle = pcap_open_live("eth3", BUFSIZ, 1, 1000, errbuf);

    // Step 2: Compile filter_exp into BPF psuedo-code
    pcap_compile(handle, &fp, filter_exp, 0, net);
    if (pcap_setfilter(handle, &fp) !=0) {
        pcap_perror(handle, "Error:");
        exit(EXIT_FAILURE);
    }

    // Step 3: Capture packets
    pcap_loop(handle, -1, got_packet, NULL);
    pcap_close(handle); //Close the handle
    return 0;
}

Of course, I replaced "eth3" to my NIC, but when compiling, it reported an error.

It's easy to fix this problem for adding "#include <stdlib.h>" in front of the code, but I still want to remind it.
In order to verify the existence of my problem, I fixed it and checked the result as follows.

If this question is just a grin, I am sorry that it took up your precious inspection time

The Crypto_PKI Lab uses hostname SEEDPKILab2020.com but sometimes calls it SEEDPKILab2018.com. The lab should be modified to only refer to one of the two hostnames.

The entire procedure and script files for building the next SEED VM (Ubuntu 20.04) can be found in the lab-setup folder. This is still a work in progress, and help will be greatly appreciated. You can find more concrete tasks in the README file.

A newly built Ubuntu 20.04 can be found here (still in beta): https://seed.nyc3.cdn.digitaloceanspaces.com/SEEDUbuntu-20.04-v1.vdi.zip

Task 6.3. Common Mistake: Use a Predictable IV

I'm thinking about adding a docker container which does the encryption with given IV and key.
The daemon can be written in C++ with Openssl and distributed to students in binary format.
Students may interact with the container by command line or socket.
This may help to protect the IV and key from being known by students.

Based on this, it's also possible to develop a padding oracle attack lab against CBC mode.

https://github.com/seed-labs/seed-labs/blob/master/category-crypto/Crypto_TLS/Crypto_TLS.tex#L219-L244

The directory for our own certificate store has inconsistent names.

https://github.com/seed-labs/seed-labs/blob/master/category-crypto/Crypto_Encryption/Crypto_Encryption.tex#L163

fro seems to be from

Most of the SEED labs in the network security category requires multiple VMs, some, such as VPN, requires 3 to 4 VMs. While this is doable for most of the computers, it does put stress on many computers, especially those with limited amount of RAM and cores. Containers can be used to solve this problem.

For these labs, I would like to create a container version (we will keep the VM version). This will only affect the lab environment setup usually put at the beginning of each lab. The task is to add instructions to the lab description to help students easily setup the environment. We will use docker.

I have created a few new labs based on containers. These labs do not work for the VM, because they need 6 to 10 machines, some may need up to 20. Container is good for them (we just need one VM). These labs serve as an example of how the container technology is used in the SEED labs. These two labs are "DNS in a Box" and "DNSSEC" (in the network category). They are both working in progress, and have not been officially released.

I would like to help. I'll look at the open issues in SEED labs/simulator and see if I can contribute.

https://github.com/seed-labs/seed-labs/blob/master/category-web/Web_XSS_Elgg/Web_XSS_Elgg.tex#L315

... since a GET request has no request body.

My co-instructor and I have a student group in an Intro to Security class who, for a class project, are designing a clickjacking lab after the model of the SEED labs we've done in class. What would be the best way to collaborate and see whether the SEED Project would be interested in including their work? Happy to connect the group and discuss midstream or wait until the assignment is fully functional and present it then for a look.

I find there is no place for using container on Lab Setup, so I fork seed-labs to look for a guide. But I didn't understand whether container had done or not on lab-setup

Is there any specific steps for container lab-setup on my macOS?

thanks in advance.

Our current firewall lab is quite simple, mostly because it is hard to set up a complicated network environment using virtual machines. We are limited on the number of VMs that can be used in the lab. With the container technology, this limitation is lifted. We are also limited to the industry experience, so a person who has real-world experience on firewalls can help us a lot.

I would like to design a new firewall lab (or a series of them) that has the following features.

• A quite sophisticated network topology that emulates a setup for a small company. We will use docker container to set this up. In this setup, we will have hosts, routers, and firewalls, each running as a separate container. We may even provide multiple topologies for students.

• Design lab tasks for students to do the following (this is not a complete list, ):

  • Placing the firewall in the right places.
  • Setting up firewall rules (using iptables) for various requirements. It will be great if these requirements emulate what is in
    the real world.
  • Intentionally creating loopholes in some of the firewall configuration, so students' job is to evade the firewall using the
    loopholes.
  • Incorporating real-world problems into this lab.

Note: Details of this issue can be found in TODO.md. Further thoughts will be added to this TODO file.

These are the two new labs developed on the newly built Ubuntu 20.04 VM. In this lab, we put the DNS infrastructure inside a single VM (using the container technology), and then ask students to configure the DNS and DNSSEC infrastructure. They are both in the category-network folder. Help is needed to test these two labs (you can find the links to the VM in the README file of these two labs). Feedbacks are greatly appreciated.

This is an issue raised by one of the students in my class.
For those using Mac with M1 chipset, VMware and VirtualBox won't work because M1 uses ARM, and the SEED VM uses x86. After a lot of searching, the student reported that parallels (free for MAC m1 users) works. Here is the link:
https://b2b.parallels.com/apple-silicon/?gclid=Cj0KCQiApY6BBhCsARIsAOI_GjaBYUxRXDG3pXcZQcDQJDF0mukuABeqz5fI_xxsc-6g1LWpGOqTLekaArbAEALw_wcB. We will see how it goes for this semester, and then revise the VM manual accordingly.

\begin{lstlisting}[language=C]

Adding a [language=C] enables the syntax highlight feature of lstlisting, and this may make the code clearer.
It's like this

I will be rewriting the buffer-overflow labs (both 32-bit and 64-bit), so if you are translating these two labs, please put a hold on that, until this issue is closed. My goal is to merge the 32-bit and 64-bit into one lab. I will still create two versions for this lab:

• The Setuid version: the vulnerable program is a setuid program. One VM is needed for this version. There will be tasks for 32-bit binary and 64-bit binary.

• The server version: the vulnerable program is a server program. We will use 4 containers for this version, each container runs one vulnerable server program (with different configuration, 2 for 32-bit, and 2 for 64-bit).

I have uploaded the md5collgen file in my Google VM but the:
"md5collgen -p prefix.txt -o out1.bin out2.bin" command results in:
"md5collgen: command not found". I am not sure how to run this lab and my professor does not either. I am at a loss.

In the TCP/IP Attack Lab task 3.1, you're launching an SYN flooding attack. One observation you made was that the SYN flood was only successful if no previous TCP connections were made (not only telnet). This is due to a mitigation of the Kernel. The TCP/IP stack will reserve 1/4 of the backlog for "proven destinations" if SYN Cookies are disabled. We can flush those IPs on the server:

sudo ip tcp_metrics flush

Afterward, the attack will be successful again - without a reboot.

When I try DNS lab and follow the instruction, there is no rndc in the handsonsecurity/seed-ubuntu docker image.

So I suggest adding this command in the docker image for convenience.

Just apt install bind9utils

https://github.com/seed-labs/seed-labs/blob/master/category-crypto/Crypto_PKI/Crypto_PKI.tex#L378

I think it's the generated certificate, instead of the key, which should be printed

The "SEED Website" link on this page (https://github.com/seed-labs/seed-labs/blob/master/manuals/vm/seedvm-manual.md#preparation) does not appear to have the SEED-Ubuntu20.04.zip file, but the instructions suggest otherwise.

Hello there, professor.

I'm doing this lab using the ubuntu 20.04 VM provided as a pre-built image on https://seedsecuritylabs.org/labsetup.html, and when I try to compile the Set-UID vulp.c program, the GNU compiler complains that renameat2 doesn't exist:

#define _GNU_SOURCE_
  
#include <stdio.h>
#include <unistd.h>
#include <string.h>

int main()
{
    unsigned int flags = RENAME_EXCHANGE;
    char * fn = "/tmp/XYZ";
    char buffer[60];
    FILE *fp;
    /* get user input */
    scanf("%50s", buffer );

    if(!access(fn, W_OK)){
        fp = fopen(fn, "a+");
        unlink("/tmp/XYZ"); symlink("/dev/null", "/tmp/XYZ");
        unlink("/tmp/ABC"); symlink("/etc/passwd", "/tmp/ABC");
        //Does not work!
        renameat2(0, "/tmp/XYZ", 0, "/tmp/ABC", flags);
        fwrite("\n", sizeof(char), 1, fp);
        fwrite(buffer, sizeof(char), strlen(buffer), fp);
        fclose(fp);
    }
    else printf("No permission\n");
}

The linked file on the XSS page on seed-labs seems to be incomplete/wrong. SHA256SUM: 085e023d87371d0131364d9d36c8186adba6c668491f5d87af82380d58ec07e7.

As I tried using it(on the Ubuntu 20.04 seed VM), the website was incorrectly built, and all HTTP requests made to it were taking too long to process, even though the containers were correctly built.

One of the problems in that setup folder seems to be the fact that it pulls from handsonsecurity/seed-elgg:original instead of handsonsecurity/seed-elgg:xss(in the image_www/Dockerfile file), so it may leave incomplete configurations for the 20.04 version of the lab.

The following link returns a 404. Maybe it should be removed/replaced?

😶‍🌫️When I execute the following command

Run the script that generates the container The output is in the output folder in the current directory

python3 simple-peering.py
🙌An error occurs:
]Traceback (most recent call last):
File "simple-peering.py", line 4, in
from seedemu.layers import Base, Routing, Ebgp
File "/home/leoncoolgirl/桌面/seed-emulator/seedemu/init.py", line 2, in
from .layers import *
File "/home/leoncoolgirl/桌面/seed-emulator/seedemu/layers/init.py", line 6, in
from .Dnssec import Dnssec
File "/home/leoncoolgirl/桌面/seed-emulator/seedemu/layers/Dnssec.py", line 4, in
from seedemu.services import DomainNameServer, DomainNameService
File "/home/leoncoolgirl/桌面/seed-emulator/seedemu/services/init.py", line 11, in
from .EthereumService import *
File "/home/leoncoolgirl/桌面/seed-emulator/seedemu/services/EthereumService/init.py", line 8, in
from .EthUtil import Genesis, AccountStructure, SmartContract, EthAccount
File "/home/leoncoolgirl/桌面/seed-emulator/seedemu/services/EthereumService/EthUtil.py", line 8, in
from web3 import Web3
ModuleNotFoundError: No module named 'web3'

We have not ported the Meltdown and Spectre Labs to Ubuntu 20.04. Our initial attempts failed, but we have not invested much time to figure out why. The issues were placed on the back burner. Recently, I got a message from a professor from University of Connecticut, who shed some light on the problem. I am posting his email here, hoping somebody can further look into this:

-------------------- email from the professor -----------------
I tested Spectre Attacks on Ubuntu 20.04 VM. Initially, SpectreAttack and SpectreAttackImproved did not work while the program retreiving the long string worked (a sort). Later I found that if printf() is called before the attack, all programs, including SpectreAttack and SpectreAttackImproved, work very well.

For example, I added printf() in SpectreAttack.c.

  printf("here\n");
  spectreAttack(larger_x);

Without the printf, I cannot get 83. With printf, the chance of seeing 83 is pretty high.

I have only tested the workaround in 20.04 VM on two computers. Probably some other system calls can make it work, too.

I also tested the lab in WSL. Since we are not really dealing with kernel data in this lab, it works in WSL, too.

Hope the information could be helpful to migrate the lab to Ubuntu 20.04 officially.

To help bring the SEED labs to non-English speaking countries, help is needed to translate the SEED labs into other languages. The entire translation task is huge, but if we can get more people to work together, it is quite doable. We will create a separate github repository for each language (the Chinese translation is currently under way).

Follow: #83
Bug description
It would be unsafe with the index out of range [5] with length 5.

Reproduce
Just print the random name which attack.c generated.

Additional text

• I'm sorry for my irresponsible operations since it was when I began to take a part in open-source.
• And It's my bad for forgetting to maintain #83 when other important things came.

I'll reopen another PR to fix this. ;)

Where can I fins the openssl.cnf file used in the lab? It is not on the VM, my computer, or zip folder.

https://github.com/seed-labs/seed-labs/tree/master/category-crypto/Crypto_Hash_Length_Ext

I find that there's a copy in Code directory, and another copy in Labsetup/image_flask.
Why are there two copies?

Right now, the Heartbleed lab can only be conducted on our Ubuntu 12.04, because the versions of the OpenSSL in newer Ubuntu OSes have already fixed the problem. I really want to port this lab to our newest VM, Ubuntu 20.04. In theory this should be doable, because all we need to do is to install the older OpenSSL library, which is quite easy to do. However, we haven't succeeded yet in making this lab work for Ubuntu 16.04. Since we will soon migrate all our labs to Ubuntu 20.04, we will directly do it in 20.04. Help is needed to make this work. I added some details in the TODO.md file inside the Heartbleed lab folder.

I ran the vulp.c code snippet as below.

Before I setuid on vulp, it can normally modify the tmpfile. However, after I setuid, it fails with a segmentation fault.
I looked into the program and find that it passed the check of access but fails to open the file because of 'Permission denied'.
Is this an expected behaviour? Do you think we should check if fopen succeed and add a perro?

1. VirtualBox software highly recommend using Version 6.1.16 or higher. Copy and paste function is disabled on Version 6.0.*
2. In MacOS, when you configure cpu, "Enable Nested VT-x/AMD-v" can't be selected. But for now, functionality is fine.
   
3. When you are creating a Shared Folder, if you create a folder on your local computer, the folder can only be written by owner. like this
   
   In this case, when you mount it to the home directory as a folder Share, you can't write file into Share folder. i.e you can't share files from VM to host machine.
   
   To solve this issue, you may need to use "chmod 777 Share" to give permission to seed user.
   

It seems that writing the aliases in a separate file like ~/.bash_aliases could be better than directly adding them to .bashrc.
Because it's easier for the users to turn to zsh or other shells and import to the file directly.

The work to port the SEED labs to Ubuntu 20.04 is currently under way. A new branch ubuntu20.04 is created for this purpose. A summary of the changes can be found from the README file in each category folder.

This is where we need a lot of help. There are two ways to help:

• Take one of the labs and try it on the Ubuntu 20.04 VM provided by us, make changes to the lab description if needed, and then submit the changes to the ubuntu20.04 branch. If you don't want to modify the lab description, you can always submit issues so somebody else will do the writing.

• Test the labs that were already ported to Ubuntu 20.04, and submit issues if you find any problem.