From 831c322827fbe582624ed532390da24ceefe9975 Mon Sep 17 00:00:00 2001
From: Rosie <rosiejfletch@gmail>
Date: Mon, 10 Nov 2025 18:56:37 +0000
Subject: [PATCH 1/4] Scenario update: Analyse_this lab fixed for Debian 12
 base

 - added cyberchef (decryption lab)

 - changed base from Debian 10 => 12

 - fully tested and working
---
 scenarios/ctf/analyse_this.xml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/scenarios/ctf/analyse_this.xml b/scenarios/ctf/analyse_this.xml
index 231b2ff15..01ef5ec70 100644
--- a/scenarios/ctf/analyse_this.xml
+++ b/scenarios/ctf/analyse_this.xml
@@ -5,6 +5,7 @@
           xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
 
   <name>Putting it together</name>
+  <author>Rosie Fletcher</author>
   <author>Z. Cliffe Schreuders</author>
   <description>Analyse the files on the server from kali.
     Username: analyse
@@ -58,18 +59,22 @@
       </input>
     </utility>
 
+    <utility module_path=".*/kali_top10"/>
+    <utility module_path=".*/kali_web"/>
+    <utility module_path=".*/cyberchef"/>
+
     <utility module_path=".*/iceweasel">
       <input into="accounts">
         <value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
       </input>
       <input into="autostart">
-        <value>false</value>
+        <value>true</value>
+      </input>
+      <input into="start_page">
+        <value>file:///opt/cyberchef/CyberChef.html</value>
       </input>
     </utility>
 
-    <utility module_path=".*/kali_top10"/>
-    <utility module_path=".*/kali_web"/>
-
     <network type="private_network">
       <input into="IP_address">
         <datastore access="0">IP_addresses</datastore>
@@ -87,7 +92,7 @@
 
   <system>
     <system_name>server</system_name>
-    <base distro="Debian 10" type="desktop" name="KDE"/>
+    <base distro="Debian 12" type="desktop" name="KDE"/>
 
     <!-- strong password -->
     <input into_datastore="username">

From bd53c25f05fac234c84b7ec99dd154eac7070610 Mon Sep 17 00:00:00 2001
From: Rosie <rosiejfletch@gmail>
Date: Mon, 10 Nov 2025 19:16:48 +0000
Subject: [PATCH 2/4] Module fix: pcap generator updated for current Faker gem

- Fixed deprecated Faker modules (Dota, HitchhikersGuideToTheGalaxy, Lebowski, etc.)

- Updated to use correct namespaces: Faker::Movies::, Faker::TvShows::, Faker::Games::

- Changed pcap file path from GENERATORS_DIR to TMP_DIR with unique filename

- Prevents file conflicts and removes dependency on /files/ directory
---
 .../network/pcap/secgen_local/local.rb        | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/modules/generators/network/pcap/secgen_local/local.rb b/modules/generators/network/pcap/secgen_local/local.rb
index b98b3b900..abf819555 100644
--- a/modules/generators/network/pcap/secgen_local/local.rb
+++ b/modules/generators/network/pcap/secgen_local/local.rb
@@ -36,23 +36,22 @@ def packetgen(type, data)
 
   def datagen
     data_types = [
-        Faker::Dota.quote,
-        Faker::BackToTheFuture.quote,
-        Faker::BojackHorseman.quote,
+        Faker::Games::Dota.quote,
+        Faker::Movies::BackToTheFuture.quote,
+        Faker::TvShows::BojackHorseman.quote,
         Faker::ChuckNorris.fact,
-        Faker::DrWho.quote,
-        Faker::DumbAndDumber.quote,
-        Faker::FamilyGuy.quote,
-        Faker::Friends.quote,
-        Faker::GameOfThrones.quote,
-        Faker::HitchhikersGuideToTheGalaxy.quote,
-        Faker::HowIMetYourMother.quote,
-        Faker::Lebowski.quote,
-        Faker::MostInterestingManInTheWorld.quote,
-        Faker::RickAndMorty.quote,
-        Faker::Simpsons.quote,
-        Faker::StrangerThings.quote,
-        Faker::TheITCrowd.quote
+        Faker::TvShows::DrWho.quote,
+        Faker::TvShows::FamilyGuy.quote,
+        Faker::TvShows::Friends.quote,
+        Faker::TvShows::GameOfThrones.quote,
+        Faker::Movies::HitchhikersGuideToTheGalaxy.quote,
+        Faker::TvShows::HowIMetYourMother.quote,
+        Faker::Movies::Lebowski.quote,
+        Faker::Quote.most_interesting_man_in_the_world,
+        Faker::TvShows::RickAndMorty.quote,
+        Faker::TvShows::Simpsons.quote,
+        Faker::TvShows::StrangerThings.quote,
+        Faker::TvShows::TheITCrowd.quote
     ]
     data_types.sample.dump.to_s
   end
@@ -95,7 +94,8 @@ def encode_all
     # Put packets in pcap file and return contents.
     file_contents = ''
     pfile = PacketFu::PcapFile.new
-    pcap_file_path = GENERATORS_DIR + 'network/pcap/files/packet.pcap'
+    # Use temp directory and create a unique filename to avoid conflicts
+    pcap_file_path = "#{TMP_DIR}/packet_#{Process.pid}_#{Time.now.to_i}.pcap"
     res = pfile.array_to_file(:filename => pcap_file_path, :array => @pcaps, :append => true)
     file_contents = File.binread(pcap_file_path)
     File.delete(pcap_file_path)

From 5eaf466c9fe6116de2fdb16d3abe36ee894d4bd6 Mon Sep 17 00:00:00 2001
From: Rosie <rosiejfletch@gmail>
Date: Mon, 10 Nov 2025 19:17:29 +0000
Subject: [PATCH 3/4] Scenario update: analyse_this additional fixes for pcap
 and hidden_file

- Changed pcap vulnerability to use account parameter instead of storage_directory

- Changed hidden_file vulnerability to use account parameter

- Added challenge_name and leaked_filenames parameters to hidden_file

- Fixes permission issues with /home/analyse/ directory access
---
 scenarios/ctf/analyse_this.xml | 42 +++++++++++++++++++++++-----------
 1 file changed, 29 insertions(+), 13 deletions(-)

diff --git a/scenarios/ctf/analyse_this.xml b/scenarios/ctf/analyse_this.xml
index 01ef5ec70..c4cfe10bc 100644
--- a/scenarios/ctf/analyse_this.xml
+++ b/scenarios/ctf/analyse_this.xml
@@ -59,22 +59,18 @@
       </input>
     </utility>
 
-    <utility module_path=".*/kali_top10"/>
-    <utility module_path=".*/kali_web"/>
-    <utility module_path=".*/cyberchef"/>
-
     <utility module_path=".*/iceweasel">
       <input into="accounts">
         <value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
       </input>
       <input into="autostart">
-        <value>true</value>
-      </input>
-      <input into="start_page">
-        <value>file:///opt/cyberchef/CyberChef.html</value>
+        <value>false</value>
       </input>
     </utility>
 
+    <utility module_path=".*/kali_top10"/>
+    <utility module_path=".*/kali_web"/>
+
     <network type="private_network">
       <input into="IP_address">
         <datastore access="0">IP_addresses</datastore>
@@ -145,6 +141,16 @@
 
     <!-- Release pcap file -->
     <vulnerability type="pcap">
+      <input into="account">
+        <generator type="account">
+          <input into="username">
+            <datastore>username</datastore>
+          </input>
+          <input into="password">
+            <datastore>password</datastore>
+          </input>
+        </generator>
+      </input>
       <input into="base64_file">
         <generator type="pcap_generator">
           <input into="strings_to_leak">
@@ -158,18 +164,28 @@
       <input into="leaked_filename">
         <value>capture.pcap</value>
       </input>
-      <input into="storage_directory">
-        <value>/home/analyse/</value>
-      </input>
     </vulnerability>
 
     <vulnerability module_path=".*hidden_file.*">
-      <input into="storage_directory">
-        <value>/home/analyse/</value>
+      <input into="account">
+        <generator type="account">
+          <input into="username">
+            <datastore>username</datastore>
+          </input>
+          <input into="password">
+            <datastore>password</datastore>
+          </input>
+        </generator>
       </input>
       <input into="strings_to_leak">
         <generator type="flag_generator"/>
       </input>
+      <input into="leaked_filenames">
+        <value>secret</value>
+      </input>
+      <input into="challenge_name">
+        <value>find_it</value>
+      </input>
     </vulnerability>
 
     <network type="private_network" >

From 0655a8697c9874d7642470d773a51510efcfe422 Mon Sep 17 00:00:00 2001
From: Rosie <rosiejfletch@gmail>
Date: Mon, 10 Nov 2025 22:48:36 +0000
Subject: [PATCH 4/4] Scenario update: analyse_this added CyberChef to Kali VM

- Added cyberchef utility module to attack_vm

- Configured iceweasel to autostart with CyberChef as start page
---
 scenarios/ctf/analyse_this.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scenarios/ctf/analyse_this.xml b/scenarios/ctf/analyse_this.xml
index c4cfe10bc..06f4aa38d 100644
--- a/scenarios/ctf/analyse_this.xml
+++ b/scenarios/ctf/analyse_this.xml
@@ -59,17 +59,22 @@
       </input>
     </utility>
 
+<!-- This is a decryption lab so CyberChef is needed -->
     <utility module_path=".*/iceweasel">
       <input into="accounts">
         <value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
       </input>
       <input into="autostart">
-        <value>false</value>
+        <value>true</value>
+      </input>
+      <input into="start_page">
+        <value>file:///opt/cyberchef/CyberChef.html</value>
       </input>
     </utility>
 
     <utility module_path=".*/kali_top10"/>
     <utility module_path=".*/kali_web"/>
+    <utility module_path=".*/cyberchef"/>
 
     <network type="private_network">
       <input into="IP_address">