From 1f131438c0be7fe7a7c558530d32f24d3696686a Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 3 Aug 2017 11:55:53 -0400 Subject: [PATCH] the first mission --- ShiftOS.Frontend/Commands.cs | 9 +- ShiftOS.Frontend/Desktop/Desktop.cs | 2 +- ShiftOS.Frontend/Hacking/PayloadFunc.cs | 24 +++++ ShiftOS.Frontend/Resources/Payloads.txt | 3 +- ShiftOS.Frontend/Stories/BeginTutorials.cs | 118 +++++++++++++++++++++ 5 files changed, 151 insertions(+), 5 deletions(-) diff --git a/ShiftOS.Frontend/Commands.cs b/ShiftOS.Frontend/Commands.cs index 7218802..67bf94f 100644 --- a/ShiftOS.Frontend/Commands.cs +++ b/ShiftOS.Frontend/Commands.cs @@ -254,15 +254,18 @@ namespace ShiftOS.Frontend var missionattrib = mth.GetCustomAttributes(false).FirstOrDefault(x => x is MissionAttribute) as MissionAttribute; if(missionattrib != null) { - found = true; - Console.WriteLine(); - Console.WriteLine($@"{missionattrib.Name} (id {missionattrib.StoryID}) + if (!Shiftorium.UpgradeInstalled(missionattrib.StoryID)) + { + found = true; + Console.WriteLine(); + Console.WriteLine($@"{missionattrib.Name} (id {missionattrib.StoryID}) ------------------------------------ assigner: {missionattrib.Assigner} cp reward: {missionattrib.CodepointAward} {missionattrib.Description}"); + } } } } diff --git a/ShiftOS.Frontend/Desktop/Desktop.cs b/ShiftOS.Frontend/Desktop/Desktop.cs index 43bbf79..352c764 100644 --- a/ShiftOS.Frontend/Desktop/Desktop.cs +++ b/ShiftOS.Frontend/Desktop/Desktop.cs @@ -333,7 +333,7 @@ namespace ShiftOS.Frontend.Desktop int initialGap = LoadedSkin.PanelButtonHolderFromLeft; int offset = initialGap; - foreach(var pbtn in PanelButtons) + foreach(var pbtn in PanelButtons.ToArray()) { offset += LoadedSkin.PanelButtonFromLeft.X; diff --git a/ShiftOS.Frontend/Hacking/PayloadFunc.cs b/ShiftOS.Frontend/Hacking/PayloadFunc.cs index 5252db4..642b138 100644 --- a/ShiftOS.Frontend/Hacking/PayloadFunc.cs +++ b/ShiftOS.Frontend/Hacking/PayloadFunc.cs @@ -18,6 +18,30 @@ namespace ShiftOS.Frontend case 1: Hacking.CurrentHackable.DoConnectionTimeout = false; break; + case 2: + new System.Threading.Thread(() => + { + Console.WriteLine("FTP File Puller - Version 1.01"); + foreach (var loot in Hacking.CurrentHackable.ServerFTPLoot) + { + var bytes = Hacking.GetLootBytes(loot.ID); + System.Threading.Thread.Sleep(4 * bytes.Length); + string localPath = "0:/home/documents/" + loot.LootName; + int count = 0; + while (Objects.ShiftFS.Utils.FileExists(localPath)) + { + count++; + string truename = loot.LootName.Insert(loot.LootName.LastIndexOf('.'), $"-{count}"); + localPath = $"0:/home/documents/{truename}"; + } + Console.WriteLine($" --> from {Hacking.CurrentHackable.Data.SystemName}:21/home/documents/{loot.LootName} to {localPath}: {bytes.Length} bytes written"); + Objects.ShiftFS.Utils.WriteAllBytes(localPath, bytes); + } + Console.WriteLine("Disconnecting from server..."); + Hacking.EndHack(); + TerminalBackend.SetShellOverride(""); + }).Start(); + break; } } } diff --git a/ShiftOS.Frontend/Resources/Payloads.txt b/ShiftOS.Frontend/Resources/Payloads.txt index 7e74ba8..efc43c8 100644 --- a/ShiftOS.Frontend/Resources/Payloads.txt +++ b/ShiftOS.Frontend/Resources/Payloads.txt @@ -6,10 +6,11 @@ [ { - FriendlyName: "FTP Payload", + FriendlyName: "FTP File Puller Payload", PayloadName: "ftpull", EffectiveAgainstFirewall: 1, EffectiveAgainst: "FileServer", + Function: 2 }, { FriendlyName: "Force Heartbeat", diff --git a/ShiftOS.Frontend/Stories/BeginTutorials.cs b/ShiftOS.Frontend/Stories/BeginTutorials.cs index 6cb4a08..f5e1905 100644 --- a/ShiftOS.Frontend/Stories/BeginTutorials.cs +++ b/ShiftOS.Frontend/Stories/BeginTutorials.cs @@ -139,5 +139,123 @@ namespace ShiftOS.Frontend.Stories Story.Context.MarkComplete(); TerminalBackend.PrintPrompt(); } + + [RequiresUpgrade("tutorial1")] + [Mission("tutorial_hacking_basics", "Hacking Basics", "Welcome to ShiftOS. You know how to use your terminal, so let's teach you the sploitset shell and how to use OTHERS' terminals.", 250, "root")] + public static void HackingBasics() + { + var term = AppearanceManager.OpenForms.FirstOrDefault(x => x.ParentWindow is Apps.Terminal); + if(term == null) + { + AppearanceManager.SetupWindow(new Apps.Terminal()); + } + + Console.WriteLine(""); + Story.Context.AutoComplete = false; + Thread.Sleep(2000); + Console.WriteLine("Hello there. I see you've come for more learning."); + Thread.Sleep(2000); + Console.WriteLine("In the Digital Society, if you're going to survive, the ability to breach and not get breached is paramount."); + Thread.Sleep(2000); + Console.WriteLine("First, let's teach you how to breach others using the sploitset tool."); + Thread.Sleep(2000); + Console.WriteLine("Start by running \"sploitset\". Also, any time you are assigned an objective, you can see it by typing \"status\" or in the System Status window."); + Story.PushObjective("Open the sploitset shell.", "Open the sploitset shell to begin your first hack.", + () => { return TerminalBackend.ShellOverride == "sploitset> "; }, + () => + { + Console.WriteLine("Sploitset tool started - objective complete."); + Console.WriteLine("Next, type \"devicescan\" to see a list of systems near you on the Digital Society."); + bool devicescanrun = false; + TerminalBackend.CommandFinished += (cmd, args) => + { + if (cmd == "devicescan") + devicescanrun = true; + }; + Story.PushObjective("Scan for nearby devices.", "Use sploitset's devicescan command to scan for devices near yours on the Digital Society.", + () => { return devicescanrun; }, + () => + { + Console.WriteLine("Alright, one device - shiftsyndicate_main. Let's try breaching it."); + Console.WriteLine("To breach a system, we first need to initiate a TCP handshake. Sploitset can do this with the \"connect\" command."); + Console.WriteLine("This is where your knowledge on Terminal's syntax comes in handy!"); + bool connectrun = false; + TerminalBackend.CommandFinished += (cmd, args) => + { + if (cmd == "connect") + if (args.ContainsKey("id")) + if (args["id"] as string == "shiftsyndicate_main") + connectrun = true; + }; + Story.PushObjective("Initiate a TCP handshake towards shiftsyndicate_main.", "We need to start a TCP handshake on this system if we wanna be able to do anything with it. You can do this with sploitset's \"connect\" command.", + () => connectrun, + () => + { + Console.WriteLine("Connection started? Alright. This one's a feisty one. You have a limited amount of time to connect and use the system."); + Console.WriteLine("Because this is a tutorial, when you've established the connection, I'll apply a force heartbeat payload to keep the connection alive."); + Console.WriteLine(); + Console.WriteLine("Next, we need to find out the ports that are being listened to on this device. You can do this by running \"listports\"."); + bool listedports = false; + TerminalBackend.CommandFinished += (cmd, args) => + { + if (cmd == "listports") + listedports = true; + }; + + Story.PushObjective("List the online ports.", "Use sploitset to list the open ports on the remote system. It should give us an idea on what could be on the other side...", + () => listedports, + () => + { + Console.WriteLine("This one looks like an FTP server, with SSH open for administration. The SSH one won't be much use as you don't have an SSH client, but let's see what's on that FTP server."); + Console.WriteLine("Before we can connect, we need to use an FTP exploit to gain access to the remote server without needing to brute-force a username or password."); + Console.WriteLine("Of course, you CAN do it the brute-force way, but it'll take a long time, and we don't have much time to do that, so it's better to let a program do it."); + Console.WriteLine("You already have an FTP exploitation program installed on sploitset, called ftpwn. You can use it with the exploit command - \"exploit ftpwn --port 21\"."); + Console.WriteLine("You can also run \"exploits\" to see a list of all your exploit programs."); + bool exploitrun = false; + TerminalBackend.CommandFinished += (cmd, args) => + { + if (cmd == "exploit") + if (args.ContainsKey("id") && args.ContainsKey("port")) + if (args["id"] as string == "ftpwn" && Convert.ToInt32(args["port"].ToString()) == 21) + exploitrun = true; + }; + Story.PushObjective("Run the ftpwn exploit.", "It's time we get onto that port. This server's firewall isn't very strong but the port requires authentication. ftpwn will bypass the authentication and the pitiful firewall software on this device.", + () => exploitrun, + () => + { + Console.WriteLine("Exploitation of insecure FTP server successful? Alright. Deploying the force-heartbeat payload."); + Console.WriteLine(" connection timeout deactivated."); + Hacking.CurrentHackable.DoConnectionTimeout = false; + Thread.Sleep(200); + Console.WriteLine("Done. Now, we may be connected to the remote FTP server, but we can't really do much with it."); + Console.WriteLine("Let's inject a payload that'll dump the contents of the remote system's home directory to yours."); + Console.WriteLine("The payload is called ftpull. You can inject it using the \"inject ftpull\" command."); + bool ftpull = false; + TerminalBackend.CommandFinished += (cmd, args) => + { + if (cmd == "inject") + if (args.ContainsKey("id")) + if (args["id"] as string == "ftpull") + ftpull = true; + }; + Story.PushObjective("Inject the ftpull payload.", "You're connected to FTP, but you can't really do many things with a sploitset shell. Let's grab a list of users on the server so we can dump some useful files.", + () => ftpull && Hacking.CurrentHackable == null, + () => + { + Console.WriteLine("The payload's done, and the connection's been dropped. You should've been booted out of sploitset. Check your Documents directory in File Skimmer!"); + + Console.WriteLine("You just looted an FTP server. This is a quick and easy way to gain new programs and other files for your system."); + Console.WriteLine("Look out for .stp files - they can be opened and contain new programs, upgrades, or additional features."); + Console.WriteLine("The harder the server is to crack, the more useful the loot will be."); + Console.WriteLine("This concludes the ShiftOS hacking tutorial!"); + Story.Context.MarkComplete(); + }); + }); + + }); + }); + }); + }); + } } }