search

NSX-Threat-Analysis-Unit / CVEX

CVEX is a framework for the reproducible exploitation of CVE vulnerabilities
0 stars 0 forks source link

Detach infrastructure from infrastructure.yml #17

Closed olegbck closed 1 month ago

olegbck commented 2 months ago

Currently infrastructure.yml is looking like this:

cve: "CVE-000000-01"
ports: 443
vms:
  linux:
    image: "bento/ubuntu-22.04"
    version: "202404.23.0"
    type: "linux"
    playbook: "linux.yml"
    trace: "nginx"
  linux2:
    image: "bento/ubuntu-22.04"
    version: "202404.23.0"
    type: "linux"
exploit:
  vm: "linux2"
  command: "curl -k 'https://linux/index.html?cat=(select*from(select(sleep(15)))a)'"

We need to detach the vms part so that infrastructure.yml is looking similar to this:

cve: "CVE-000000-01"
ports: 443
infrastructure: "linux-linux"
exploit:
  vm: "linux2"
  command: "curl -k 'https://linux/index.html?cat=(select*from(select(sleep(15)))a)'"

I'd suggest moving the vms part of infrastructure.yml to a separate yml file where we'd keep all infrastructure presets.

TheNewJavaman commented 2 months ago

The proposed solution lacks transparency about which distribution is being used, which affects Ansible scripts greatly. How about using a dictionary of vm_name -> distribution:

cve: "CVE-000000-01"
ports: 443
infrastructure:
  server: ubuntu-2204
  client: windows-10-2203
exploit:
  vm: "linux2"
  command: "curl -k 'https://linux/index.html?cat=(select*from(select(sleep(15)))a)'"
olegbck commented 1 month ago

Introduced the concept of blueprints: https://github.com/NSX-Threat-Analysis-Unit/CVEX/commit/5a43dcfed3dcbd515541aba5a5d78abdfb61612f