Move session 6 enum-recon to new format

Signed-off-by: Andreea Iacob <[email protected]>

recon-enumeration/activities/lamer-login/src/index-template.php → chapters/network-and-communication-security/enumeration-and-recon/drills/tasks/lamer-login/src/index-template.php

@@ -1,49 +1,49 @@
-<?php
-
-$flag = '__TEMPLATE__';
-$error = '';
-
-if (isset($_POST['submit'])) {
-	if (isset($_POST['username']) && isset($_POST['password'])) {
-		if ($_POST['username'] === 'abel' && $_POST['password'] === 'whatever') {
-			die($flag);
-		} else if ($_POST['username'] === 'abel') {
-			$error = 'Wrong password!';
-		} else {
-			$error = 'Invalid credentials!';
-		}
-	}
-}
-
-?>
-
-<html>
-	<head>
-		<title></title>
-		<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
-	</head>
-	<body>
-		<section>
-			<div class="card mt-5" style="width: 28rem; margin: auto;">
-				<div class="card-body">
-					<?php if ($error != ''): ?>
-						<div class="alert alert-danger" role="alert">
-							<?php echo $error; ?>
-						</div>
-					<?php endif; ?>
-					<form method="POST">
-						<div class="form-group">
-							<label for="username">Username</label>
-							<input type="text" name="username" class="form-control" id="username">
-						</div>
-						<div class="form-group">
-							<label for="password">Password</label>
-							<input type="password" name="password" class="form-control" id="password">
-						</div>
-						<input type="submit" class="btn btn-primary" name="submit" value="Login" />
-					</form>
-				</div>
-			</div>
-		</section>
-	</body>
-</html>
+<?php
+
+$flag = '__TEMPLATE__';
+$error = '';
+
+if (isset($_POST['submit'])) {
+	if (isset($_POST['username']) && isset($_POST['password'])) {
+		if ($_POST['username'] === 'abel' && $_POST['password'] === 'whatever') {
+			die($flag);
+		} else if ($_POST['username'] === 'abel') {
+			$error = 'Wrong password!';
+		} else {
+			$error = 'Invalid credentials!';
+		}
+	}
+}
+
+?>
+
+<html>
+	<head>
+		<title></title>
+		<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
+	</head>
+	<body>
+		<section>
+			<div class="card mt-5" style="width: 28rem; margin: auto;">
+				<div class="card-body">
+					<?php if ($error != ''): ?>
+						<div class="alert alert-danger" role="alert">
+							<?php echo $error; ?>
+						</div>
+					<?php endif; ?>
+					<form method="POST">
+						<div class="form-group">
+							<label for="username">Username</label>
+							<input type="text" name="username" class="form-control" id="username">
+						</div>
+						<div class="form-group">
+							<label for="password">Password</label>
+							<input type="password" name="password" class="form-control" id="password">
+						</div>
+						<input type="submit" class="btn btn-primary" name="submit" value="Login" />
+					</form>
+				</div>
+			</div>
+		</section>
+	</body>
+</html>

recon-enumeration/activities/not-so-random/src/index-template.php → chapters/network-and-communication-security/enumeration-and-recon/drills/tasks/not-so-random/src/index-template.php

@@ -1,9 +1,9 @@
-<?php
-	$flag = '__TEMPLATE__';
-
-	if (isset($_GET['random_numberrr']) && intval($_GET['random_numberrr']) === 49999) {
-		echo $flag;
-	} else {
-		echo 'Nothing to see here';
-	}
-?>
+<?php
+	$flag = '__TEMPLATE__';
+
+	if (isset($_GET['random_numberrr']) && intval($_GET['random_numberrr']) === 49999) {
+		echo $flag;
+	} else {
+		echo 'Nothing to see here';
+	}
+?>

recon-enumeration/activities/not-so-random/src/source.bak → chapters/network-and-communication-security/enumeration-and-recon/drills/tasks/not-so-random/src/source.bak

@@ -1,3 +1,3 @@
-if (isset($_GET['random_numberrr']) && intval($_GET['random_numberrr']) === $random_number) {
-	echo $flag;
-}
+if (isset($_GET['random_numberrr']) && intval($_GET['random_numberrr']) === $random_number) {
+	echo $flag;
+}

recon-enumeration/index.md → chapters/network-and-communication-security/enumeration-and-recon/reading/index.md

@@ -22,7 +22,7 @@ A standard penetration testing flow implies 5 stages:
 1. **maintaining access** - planting hidden programs (like Trojan horses) that make a future attack easier
 1. **covering tracks** - cleaning up all the signs that may lead to thinking that an attack happened
 
-![Penetration testing phases](./assets/pentest_phases.png)
+![Penetration testing phases](../media/pentest_phases.png)
 
 Next, we introduce some popular tools that may help in the first three phases, to gather information about a target.
 Exploiting Tools/ Security Testing Tools/ Penetration Testing Tools are used for the discovery of vulnerabilities without attempting to actually exploit them.
@@ -47,7 +47,7 @@ Once we know which ports are open, we can then look at _enumerating_ which servi
 
 Typing the simple command `nmap` will display all of its options for scanning, while `nmap <target>` will convert the hostname to an IP address and scan the top 1000 TCP ports, displaying their state and the service running on it:
 
-![Nmap output](./assets/nmap_output.png)
+![Nmap output](../media/nmap_output.png)
 
 You can see the full example [here](https://nmap.org/book/port-scanning-tutorial.html) and practice more Nmap options [here](https://tryhackme.com/room/rpnmap).
 
@@ -92,25 +92,25 @@ Customizing attacks requires that we specify one or more payloads and the positi
 * I navigated to https://sss-ctf.security.cs.pub.ro/home and tried to log in using the email **[email protected]** and the password **abc123**.
 * The POST request can be found in HTTP history. Right click on it to send it to Intruder.
 
-![Send request to Burp Intruder](./assets/send_to_intruder.png)
+![Send request to Burp Intruder](../media/send_to_intruder.png)
 
 * Let's say we want to try all the passwords from **abc1**, **abc3**, **abc5**... to **abc100**. Navigate to the **Positions** tab - the payload position is specified with a pair of these characters: **§** called **payload markers**.
 
 **Note!** By default, Burp surrounds by default some parameter values which might be candidates for enumeration, such as cookie values, or POST data values.
 Remove the extra **§** characters, leaving it like in the picture below.
 
-![Set payload position](./assets/payload_position.png)
+![Set payload position](../media/payload_position.png)
 
 1. Our payload type (wordlist) is a sequence of numbers which can be automatically generated in Burp. Go to the **Payloads** tab and select **Numbers** as the **Payload type**.
 1. Fill in the Payload options to generate all the numbers from 1 to 100, with step 2 (1, 3, 5...).
 1. Finally, launch the attack.
 
-![Set payload type](./assets/payload_type.png)
+![Set payload type](../media/payload_type.png)
 
 A new window opens and you can see all the requests Burp is making, with the payloads you specified.
 For example, you can check the request corresponding to the payload 7, with the resulting password being **abc7**, and you can observe the response, its status code, or even open it in the browser.
 
-![Attack example](./assets/attack_example.png)
+![Attack example](../media/attack_example.png)
 
 There are many ways in which you can customize this process according to your needs.
 You can have multiple payload positions and select from four attack types, specifying how to insert the payloads (one different wordlist for each position, or combinations of them).
@@ -212,7 +212,7 @@ For each filename, it checks the existence on the web server and returns the res
 
 Usage example: `./dirb <url_base> [<wordlist_file(s)>] [options]`
 
-![DIRB example](./assets/dirb_example.png)
+![DIRB example](../media/dirb_example.png)
 
 The output lines with the results found (not 404) start with a `+` and give details about status code and page size.
 

recon-enumeration/slides/slides.md → chapters/network-and-communication-security/enumeration-and-recon/slides/slides.md

@@ -40,7 +40,7 @@ penetration testing / pentester
 
 ## Nmap
 
-<img data-src="../assets/nmap_output.png" />
+<img data-src="../media/nmap_output.png" />
 
 ----
 

config.yaml

@@ -22,7 +22,7 @@ make_assets:
       # - chapters/system-and-data-security/privilege-escalation/slides
       # - chapters/system-and-data-security/end-to-end-attack/slides
       # - chapters/system-and-data-security/overview/slides
-      # - chapters/network-and-communication-security/enumeration-and-recon/slides
+      - chapters/network-and-communication-security/enumeration-and-recon/slides
       - chapters/network-and-communication-security/securing-communication/slides
       # - chapters/network-and-communication-security/overview/slides
     args:
@@ -39,7 +39,7 @@ embed_reveal:
       securing-communication: securing-communication
       sql-injection: sql-injection
       cross-site-scripting: cross-site-scripting
-      # enumeration-and-recon: enumeration-and-recon
+      enumeration-and-recon: enumeration-and-recon
       # framework-api-vulnerabilities: framework-api-vulnerabilities
       # exotic-attacks: exotic-attacks
       # privilege-escalation: privilege-escalation
@@ -85,7 +85,7 @@ docusaurus:
       # - privilege-escalation: /build/make_assets/chapters/system-and-data-security/privilege-escalation/slides/_site
       # - end-to-end-attack: /build/make_assets/chapters/system-and-data-security/end-to-end-attack/slides/_site
 
-      # - enumeration-and-recon: /build/make_assets/chapters/network-and-communication-security/enumeration-and-recon/slides/_site
+      - enumeration-and-recon: /build/make_assets/chapters/network-and-communication-security/enumeration-and-recon/slides/_site
       - securing-communication: /build/make_assets/chapters/network-and-communication-security/securing-communication/slides/_site
     config_meta:
       title: Web Security