-
Notifications
You must be signed in to change notification settings - Fork 2
Adding a Level to Shepherd
- Build your level (Easier said than done)
- Open a securityShepherd core mysql instance (root / CowSaysMoo)
- Run the following procude, filling in the fields
call moduleCreate('theModuleName', 'lesson/challenge', 'moduleCategory', true/false, 'theModuleSolution');
moduleCategory - Defined by user and groups together levels. If the Category already exists, use it (Case Sensitive) theModuleSolution - hard coded expected result or null with no single quotes. true/false - Is the key hardcoded into the level or not?
- The procedure will return a hash and the stored moduleSolution. If you left it as null this is now the answer for your module. Make note of the Hash - referred to as level hash
- Open the webLevelTemplate.jsp in OwaspSecurityShepherdCore/src/jsp
- Save it as levelHash.jsp in OwaspSecurityShepherdCore/src/jsp/lesson or tOwaspSecurityShepherdCore/src/jsp/challenge based on the type you chose in the procedure
- Fill out as much information as you can in the template and be careful of double quotes.
- If you are going to write your own HTML and do not want to use the template levelBlurb section, remove the levelBlurb scriptlet from the HTML contentDiv section of the page and put your stuff there
- If there is a downloadable associated with the level(PCAP, jar, stuff), archive it and put the zip in a folder named levelHash
- Run this SQL command to generate an insert statement to put in the core database script (Changing the ? with the levelHash)
SELECT CONCAT("INSERT INTO modules (`moduleId`, `moduleName`, `moduleType`, `moduleCategory`, `moduleResult`, `moduleHash`, `moduleStatus`, `incrementalRank`, `scoreValue`, `scoreBonus`, `hardcodedKey`) VALUES ('", moduleId, "', '", moduleName, "', '", moduleType,"', '", moduleCategory,"', '", moduleResult, "', '", moduleHash, "', 'open', '", incrementalRank, "', '", scoreValue, "', '5', ", hardcodedKey,");") FROM modules WHERE moduleHash = '?';
- Add the outputted INSERT command from the Create Level function you ran on Shepherd to the SecurityShepherdCore/database/coreSchema.sql file in the HSS git repo.
- Review the statement first. Make sure it is valid. And make sure you add where the rest of the inserts are there for modules
- Update the line's entry for score and incrementalRank (IncrementalRank depicts where it lists in the
- Add a cheat sheet entry for your level by replacing the ? of the following procedure call with the ID of the module you created;
CALL cheatSheetCreate('?', "Step by Step Guide to Solve level");
- Fetch & Pull from remote and then Push your updates and your level will be live when the WAR file is deployed
It is recommended that you test your level on your local deployment. To set up your local instance of shepherd follow these steps. To test your level you will need to run the SQL command you added to the masterSchema.sql on your MySQL server