Skip to content

Instantly share code, notes, and snippets.

@D4stiny
Created March 3, 2019 03:54
Show Gist options
  • Save D4stiny/2b0ef7ddb8375205de120c9146290265 to your computer and use it in GitHub Desktop.
Save D4stiny/2b0ef7ddb8375205de120c9146290265 to your computer and use it in GitHub Desktop.
<?xml version="1.0" encoding="utf-8"?>
<CyberPatriotResource>
<ResourceID>Win7_TR</ResourceID>
<Tier/>
<Branding>CyberPatriot</Branding>
<Title>CP-X Windows 7 Training Image</Title>
<TeamKey>CyberPatriot9</TeamKey>
<ScoringUrl>http://54.243.223.132/ccs/upload</ScoringUrl>
<ScoreboardUrl>http://54.235.154.203</ScoreboardUrl>
<HideScoreboard>true</HideScoreboard>
<ReadmeUrl/>
<SupportUrl/>
<TimeServers>
<Primary>http://54.235.154.203/message.php</Primary>
<Secondary>http://time.is/UTC</Secondary>
<Secondary>http://nist.time.gov/</Secondary>
<Secondary>http://www.zulutime.net/</Secondary>
<Secondary>http://time1.ucla.edu/home.php</Secondary>
<Secondary>http://viv.ebay.com/ws/eBayISAPI.dll?EbayTime</Secondary>
<Secondary>http://worldtime.io/current/utc_netherlands/8554</Secondary>
<Secondary>http://www.timeanddate.com/worldclock/timezone/utc</Secondary>
<Secondary>http://www.thetimenow.com/utc/coordinated_universal_time</Secondary>
<Secondary>http://www.worldtimeserver.com/current_time_in_UTC.aspx</Secondary>
</TimeServers>
<DestructImage>
<Before>2017-09-10 06:00</Before>
<After>2017-10-11 06:00</After>
<Uptime/>
<Playtime/>
<InvalidClient>true</InvalidClient>
<InvalidTeam/>
</DestructImage>
<DisableFeedback>
<Before>2017-09-10 06:00</Before>
<After>2017-10-11 06:00</After>
<Uptime/>
<Playtime/>
<NoConnection>true</NoConnection>
<InvalidClient>true</InvalidClient>
<InvalidTeam>false</InvalidTeam>
</DisableFeedback>
<WarnAfter/>
<StopImageAfter/>
<StopTeamAfter/>
<StartupTime>60</StartupTime>
<IntervalTime>60</IntervalTime>
<UploadTimeout>24</UploadTimeout>
<OnPointsGained>
<Execute>C:\CyberPatriot\sox.exe C:\CyberPatriot\gain.wav -d -q</Execute>
<Execute>C:\CyberPatriot\CyberPatriotNotify.exe You Gained Points!</Execute>
</OnPointsGained>
<OnPointsLost>
<Execute>C:\CyberPatriot\sox.exe C:\CyberPatriot\alarm.wav -d -q</Execute>
<Execute>C:\CyberPatriot\CyberPatriotNotify.exe You Lost Points.</Execute>
</OnPointsLost>
<AutoDisplayPoints>true</AutoDisplayPoints>
<InstallPath>C:\CyberPatriot</InstallPath>
<TeamConfig>ScoringConfig</TeamConfig>
<HtmlReport>ScoringReport</HtmlReport>
<HtmlReportTemplate>ScoringReportTemplate</HtmlReportTemplate>
<XmlReport>ScoringData/ScoringReport</XmlReport>
<RedShirt>tempfile</RedShirt>
<OnInstall>
<Execute>cmd.exe /c echo Running installation commands</Execute>
</OnInstall>
<ValidClient>
<ResourcePath>C:\CyberPatriot\ScoringResource.dat</ResourcePath>
<ClientPath>C:\CyberPatriot\CCSClient.exe</ClientPath>
<ClientHash>97730CF6A894FFF14D0248F777BC1FB52F8923CE5CE39E9E2D556A148F03F273</ClientHash>
<ProductID>Windows 7 Professional 32-bit</ProductID>
<DiskID>30C5E9AD</DiskID>
<InstallDate>2015-Jul-30 14:49:12</InstallDate>
</ValidClient>
<Check>
<CheckID>FOR_Q1</CheckID>
<Description>29665E692A36A3E9EC3A76A27F507B0113B73B9718384777F4996AF3D464F5608DDCD2D294E165E5C0EA388CE120D1F99E99C3AC8B535C57BAE8A0AF810D4B9F</Description>
<Points>10</Points>
<Test>
<Type>file</Type>
<Name>T1</Name>
<FilePath>C:\Users\CyberPatriot\Desktop\Scored Questions.txt</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Contains</Condition>
<Equals>(?i)ANSWER:\s*(C:\\|\\)?Users\\Ken(?-i)</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_LYLE</CheckID>
<Description>760F8E1795D284EA6A39A8B1DE9DB1DAE61B17246BA4EF8D4807D396E3F50F26FAA233DAE03771E3C0989DA8F95E0DD9CD013EA083691562138225C0265E95EAF8AB0B4DCD</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>Lyle</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Admin</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>USR_PWD</CheckID>
<Description>9C4AD4F6FC51B3F4D1464747CC276FA2F5641DCAA7C5E08B49827FAE17D6FBEA0461EB89916614359516E17644DCD4C0794485E07CDFD4FCB3FA0C538C7F27BBD0BC44C159A1B40C</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>Max</UserName>
</Test>
<Test>
<Name>T2</Name>
<Type>user</Type>
<UserName>Mae</UserName>
</Test>
<Test>
<Name>T3</Name>
<Type>user</Type>
<UserName>Anri</UserName>
</Test>
<Test>
<Name>T4</Name>
<Type>user</Type>
<UserName>Diane</UserName>
</Test>
<Test>
<Name>T5</Name>
<Type>user</Type>
<UserName>Lyle</UserName>
</Test>
<Test>
<Name>T6</Name>
<Type>user</Type>
<UserName>Ken</UserName>
</Test>
<Test>
<Name>T7</Name>
<Type>user</Type>
<UserName>Luke</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
<T3>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T3>
<T4>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T4>
<T5>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T5>
<T6>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T6>
<T7>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T7>
<T1>
<Condition>Password</Condition>
<NotEquals/>
</T1>
<T2>
<Condition>Password</Condition>
<NotEquals/>
</T2>
<T3>
<Condition>Password</Condition>
<NotEquals/>
</T3>
<T4>
<Condition>Password</Condition>
<NotEquals/>
</T4>
<T5>
<Condition>Password</Condition>
<NotEquals/>
</T5>
<T6>
<Condition>Password</Condition>
<NotEquals/>
</T6>
<T7>
<Condition>Password</Condition>
<NotEquals/>
</T7>
</PassIf>
</Check>
<Check>
<CheckID>USR_GUEST</CheckID>
<Description>DA78AB9BA54A831909DF6B1F1066558F39235E0E3B98B535EEEB75669DFE9089A10D92CD26BF0AD02B974ED5BF2363D97DB7CF3EC720BDF764FC9D9BD0F2CE59</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>Guest</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Enabled</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Password</Condition>
<NotEquals/>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Password</Condition>
<Equals/>
</T1>
<T1>
<Condition>LogonInteractiveEnabled</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>ACT_HIST</CheckID>
<Description>97AAF213F75AEBB339236C2A9C0502919AB9B987EA2E8D5FFAF51204D0FD90671EFB3449A32C56639C2CA24B597F3297851C76CADC0A4E3D62EECDE0D0F544643A0D35C2D3D4B464185EF77C747928</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>password_policy</Type>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>PasswordHistLen</Condition>
<GreaterThan>2</GreaterThan>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>ACT_MINL</CheckID>
<Description>2ABE4936EEEDA3F71C8162386DC8A3D3D60694577F602668DF405C01EF2CAB6339F99664F466012C5F1F1161463525F60EDF5E1F3A4C05A73C8372EE2479B3310A5A3AA48A5BB4A9207295CAF410224E</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>password_policy</Type>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>MinPasswordLen</Condition>
<GreaterThan>7</GreaterThan>
</T1>
</PassIf>
</Check>
<Check>
<CheckID>FIL_HWEBS</CheckID>
<Description>83F4D0442CF505D8ACBB2AAFA98606609030FBEB9C8FF91C711A09C19AD300214F2E2C143C90B1ECFB938206FF96A5CAC51BBE24188918973EC1CB</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Program Files\Home Series\Home Web Server\HomeWebServer.exe</FilePath>
</Test>
<Test>
<Name>T2</Name>
<Type>file</Type>
<FilePath>C:\Program Files</FilePath>
</Test>
<Test>
<Name>T3</Name>
<Type>process</Type>
<ProcessName>\HomeWebServer.exe</ProcessName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
<T3>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T3>
</PassIf>
</Check>
<Check>
<CheckID>FIL_MP3</CheckID>
<Description>F25DA83BA15672B5EDD44427FDDA6A029B127F51C04334F684DC482DEE50F4C03E345D0FC63F2E5FA27AEBCA04209711080E6022D5380F4151EF468C61001DEF8B8481EDD46D51A2D3E26D708545B50C6914158585C87D68A862BA</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Users\Ken\BallGame.mp3</FilePath>
</Test>
<Test>
<Name>T2</Name>
<Type>file</Type>
<FilePath>C:\Users\Ken\TheEntertainer.mp3</FilePath>
</Test>
<Test>
<Name>T3</Name>
<Type>file</Type>
<FilePath>C:\Users\Ken</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T2>
<T3>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T3>
</PassIf>
</Check>
<Check>
<CheckID>SRV_TLNT</CheckID>
<Description>B265B634E680CFEB913931EF8F9DEBD748F1189E0428A79BD4771743F63816655EF0E6C5800C4FF8ED8CC90A88DA1B6A317C4F8FBA7239EA578BB75D53650E2849F35680505595918FE32963AD4B7F05</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>service</Type>
<ServiceName>TlntSvr</ServiceName>
</Test>
<Test>
<Name>T2</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SYSTEM\CurrentControlSet\Services\TlntSvr</KeyPath>
<KeyName>Start</KeyName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>State</Condition>
<NotEquals>Running</NotEquals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
<T2>
<Condition>Value</Condition>
<GreaterThan>2</GreaterThan>
</T2>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
<T2>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T2>
</PassIf>
</Check>
<Check>
<CheckID>OUP_AUTO</CheckID>
<Description>F39E5C834B4C4DE77BE9B9F92BCB97D9140913C9E0AFFD23B8A816F0C86D5059722CFA2D8AD4BE7614E074AE9DB479452EFCD2B63DE5F11F5FC1FD4513642E0925203BFC994AA5C90A64EF45</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update</KeyPath>
<KeyName>AUOptions</KeyName>
</Test>
<Test>
<Name>T2</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU</KeyPath>
<KeyName>AUOptions</KeyName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Value</Condition>
<GreaterThan>1</GreaterThan>
</T1>
</PassIf>
<PassIf>
<T2>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T2>
<T2>
<Condition>Value</Condition>
<GreaterThan>1</GreaterThan>
</T2>
</PassIf>
</Check>
<Penalty>
<CheckID>PEN_RDSK</CheckID>
<Description>212F20AE5D40CA1D6EADA2C8AAF1C48F29A8193CCBB211E46492F59BC26768DE0E7237A6077AF05F7C40B76BE25851FB6DA658D082E46103A18D496D3C0ED6AEFC806E21</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>registry</Type>
<Key>HKEY_LOCAL_MACHINE</Key>
<KeyPath>System\CurrentControlSet\Control\Terminal Server</KeyPath>
<KeyName>fDenyTSConnections</KeyName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>true</Equals>
</T1>
<T1>
<Condition>Value</Condition>
<NotEquals>0</NotEquals>
</T1>
</PassIf>
</Penalty>
<Penalty>
<CheckID>PEN_USR</CheckID>
<Description>DF66CC2E205666006CB57A25A2B9D136163CFBA50CC1414DC20D927566991209B07E27D88762337D7055220E71EB6C815A415B9F4F7C21E91B3BE34266CD63D382F10C43002314</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>user</Type>
<UserName>Max</UserName>
</Test>
<Test>
<Name>T2</Name>
<Type>user</Type>
<UserName>Mae</UserName>
</Test>
<Test>
<Name>T3</Name>
<Type>user</Type>
<UserName>Anri</UserName>
</Test>
<Test>
<Name>T4</Name>
<Type>user</Type>
<UserName>Diane</UserName>
</Test>
<Test>
<Name>T5</Name>
<Type>user</Type>
<UserName>Lyle</UserName>
</Test>
<Test>
<Name>T6</Name>
<Type>user</Type>
<UserName>Ken</UserName>
</Test>
<Test>
<Name>T7</Name>
<Type>user</Type>
<UserName>Luke</UserName>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T2>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T2>
</PassIf>
<PassIf>
<T3>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T3>
</PassIf>
<PassIf>
<T4>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T4>
</PassIf>
<PassIf>
<T5>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T5>
</PassIf>
<PassIf>
<T6>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T6>
</PassIf>
<PassIf>
<T7>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T7>
</PassIf>
</Penalty>
<Penalty>
<CheckID>PEN_USRD</CheckID>
<Description>F947CA7C6FCD5525CD9051CF084032A9BD35BE34DB7839D0AFDB3DA720B89CDE526D32100925CADDC8AFC1288295ADDCAA0F0D419B17155DF3A67E838B88F19A7F436ED7791C5E109AEAD3A7725BB2F0</Description>
<Points>10</Points>
<Test>
<Name>T1</Name>
<Type>file</Type>
<FilePath>C:\Users\Max</FilePath>
</Test>
<Test>
<Name>T2</Name>
<Type>file</Type>
<FilePath>C:\Users\Mae</FilePath>
</Test>
<Test>
<Name>T3</Name>
<Type>file</Type>
<FilePath>C:\Users\Anri</FilePath>
</Test>
<Test>
<Name>T4</Name>
<Type>file</Type>
<FilePath>C:\Users\Diane</FilePath>
</Test>
<Test>
<Name>T5</Name>
<Type>file</Type>
<FilePath>C:\Users\Lyle</FilePath>
</Test>
<Test>
<Name>T6</Name>
<Type>file</Type>
<FilePath>C:\Users\Ken</FilePath>
</Test>
<Test>
<Name>T7</Name>
<Type>file</Type>
<FilePath>C:\Users\Luke</FilePath>
</Test>
<PassIf>
<T1>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T1>
</PassIf>
<PassIf>
<T2>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T2>
</PassIf>
<PassIf>
<T3>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T3>
</PassIf>
<PassIf>
<T4>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T4>
</PassIf>
<PassIf>
<T5>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T5>
</PassIf>
<PassIf>
<T6>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T6>
</PassIf>
<PassIf>
<T7>
<Condition>Exists</Condition>
<Equals>false</Equals>
</T7>
</PassIf>
</Penalty>
<AllFiles>
<FilePath>C:\</FilePath>
<FilePath>C:\mytrojan.exe</FilePath>
<FilePath>C:\rootkit.exe</FilePath>
<FilePath>C:\Windows\</FilePath>
<FilePath>C:\Windows\mytrojan.exe</FilePath>
<FilePath>C:\Windows\en-US\</FilePath>
<FilePath>C:\Windows\Media\</FilePath>
<FilePath>C:\Windows\Microsoft.NET\Framework</FilePath>
<FilePath>C:\Windows\PolicyDefinitions\</FilePath>
<FilePath>C:\Windows\Prefetch\</FilePath>
<FilePath>C:\Windows\servicing\</FilePath>
<FilePath>C:\Windows\System32\rootkit.exe</FilePath>
<FilePath>C:\Windows\System32\GroupPolicy\Machine\</FilePath>
</AllFiles>
<AllQueries>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbasedirectories</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbaseobjects</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxPacketSize</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableEncryption</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\HibernateEnabled</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SNMP\Parameters\ExtensionAgents</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TermSrv\</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TermSrv\ServiceName</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NETFramework\Performance\Library</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser\Parameters\ServiceDll</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso\Security\Security</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Lsa\Performance\Library</Key>
<Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMPTRAP\Start</Key>
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\</Key>
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tcpip\CurrentVersion\</Key>
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Build</Key>
<Key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\CleanupTime</Key>
</AllQueries>
</CyberPatriotResource>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment