cliffe · mission-deny-the-mission · Feb 15, 2023 · Feb 15, 2023 · Feb 15, 2023
diff --git a/modules/vulnerabilities/unix/wifi_mouse_linux/files/mouseserver-sourcecode-Linux.zip b/modules/vulnerabilities/unix/wifi_mouse_linux/files/mouseserver-sourcecode-Linux.zip
diff --git a/modules/vulnerabilities/unix/wifi_mouse_linux/files/wifi_mouse.service b/modules/vulnerabilities/unix/wifi_mouse_linux/files/wifi_mouse.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Vulnerable remote mouse software.
+
+[Service]
+ExecStart=/usr/bin/mouseserver
+
+[Install]
+WantedBy=multi-user.target
diff --git a/modules/vulnerabilities/unix/wifi_mouse_linux/manifests/install.pp b/modules/vulnerabilities/unix/wifi_mouse_linux/manifests/install.pp
@@ -0,0 +1,48 @@
+class wifi_mouse_linux::install {
+  Exec {
+    path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin']
+  }
+
+  exec {'apt-update':
+    command => 'apt update',
+  } ->
+  exec {'install-requirements':
+    command => 'apt install -y build-essential cmake libavahi-client-dev libgtk-3-dev libglade2-dev',
+  } ->
+  file {'/root/mouseserver-sourcecode-Linux.zip':
+    source => 'puppet:///modules/wifi_mouse_linux/mouseserver-sourcecode-Linux.zip',
+  } ->
+  exec {'extract-remote-mouse-source':
+    command => 'unzip /root/mouseserver-sourcecode-Linux.zip; rm mouseserver-sourcecode-Linux.zip',
+    cwd => '/root',
+    creates => '/root/mouseserver-sourcecode-Linux',
+  } ->
+  exec {'configure-remote-mouse-build':
+    command => 'bash -c "export CFLAGS=$(pkg-config --cflags --libs gtk+-3.0 pango); export CXXFLAGS=$(pkg-config --cflags --libs gtk+-3.0 pango); cmake ."',
+    cwd => '/root/mouseserver-sourcecode-Linux',
+  } ->
+  exec {'build-remote-mouse-build':
+    command => 'make',
+    cwd => '/root/mouseserver-sourcecode-Linux',
+  } ->
+  exec {'install-remote-mouse-build':
+    command => 'make install',
+    cwd => '/root/mouseserver-sourcecode-Linux',
+  } ->
+  file { '/etc/systemd/system/wifi_mouse.service':
+    source => 'puppet:///modules/wifi_mouse_linux/wifi_mouse.service'
+  } ->
+  exec {'enable-wifi-mouse-service':
+    command => 'systemctl enable --now wifi_mouse'
+  }
+
+  $leaked_filenames = ["wifi_mouse_linux_flag.txt"]
+  $strings_to_leak = ["that's one insecure remote"]
+
+  ::secgen_functions::leak_files { 'wifi_mouse_linux':
+    storage_directory => "/root",
+    leaked_filenames  => $leaked_filenames,
+    strings_to_leak   => $strings_to_leak,
+    leaked_from       => 'wifi_mouse_linux',
+  }
+}
diff --git a/modules/vulnerabilities/unix/wifi_mouse_linux/secgen_metadata.xml b/modules/vulnerabilities/unix/wifi_mouse_linux/secgen_metadata.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0"?>
+<vulnerability xmlns="http://github.com/cliffe/SecGen/vulnerability"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://github.com/cliffe/SecGen/vulnerability">
+  <name>WiFi Mouse Linux</name>
+  <author>Harry J. Hall</author>
+  <module_license>MIT</module_license>
+  <description>The Linux version of WiFi Mouse 1.7.8.5 which contains an authentication vulnerability.
+    WiFi Mouse is a tool for controlling a computer using a smartphone. </description>
+
+  <type>Remote control software</type>
+  <privilege>user_rwx</privilege>
+  <access>remote</access>
+  <platform>linux</platform>
+  <difficulty>hard</difficulty>
+
+  <read_fact>server_name</read_fact>
+  <read_fact>strings_to_leak</read_fact>
+  <read_fact>leaked_filenames</read_fact>
+
+  <default_input into="string_to_leak">
+    <generator type="message_generator"/>
+  </default_input>
+
+  <default_input into="leaked_filenames">
+    <generator type="filename_generator">
+  </default_input>
+</vulnerability>
diff --git a/modules/vulnerabilities/unix/wifi_mouse_linux/wifi_mouse_linux.pp b/modules/vulnerabilities/unix/wifi_mouse_linux/wifi_mouse_linux.pp
@@ -0,0 +1 @@
+include wifi_mouse_linux::install