The Great Train Robbery - A guide to exploits

The project is a mini ctf activity introducing basic exploits in a fun way. The user attacks a remote process in a safe manner, finding hidden keys, unlocking a safe of gold at the back of the train.

Comment 1

The Great Train Robbery - A Guide to Exploits (Educational Simulation) 🚂💻

This document details the inspiration, function, and development of "The Great Train Robbery," an educational simulation designed to teach defensive security concepts related to common software and network vulnerabilities.

💡 Inspiration

Answer: The Computer Information and Security class

The story: Our inspiration came from the lack of safe, interactive environments for students and new developers to understand how common vulnerabilities (like Buffer Overflows and DDoS attacks) work at a conceptual level. We wanted to create a gamified, safe-lab experience that simultates what an attacker may do, or even a pen tester, in a way that is fun, also teaching how to use commands like grep to find keys.

⚙️ What it does

The "Great Train Robbery" is a command-line interface (CLI) application that hosts safe, simulated environments, or "Carts," for users to interact with:

  1. Cart 1 (Nuclear Engine - DDoS Simulation): Provides a means to investigate basic DDOS structure and how they are delpoyed against targets.
  2. Cart 2 (Quantum Holding - Buffer Overflow Simulation): Contains a vulnerable, but safe, program that demonstrates the concept of a buffer overflow without allowing actual system compromise. The user's goal is to analyze program memory and craft an egg to give a shell.
  3. Cart 3 (Galactic Mail - SQL Injection Simulation): A program is set up emulating a SQl server, where if given a malformed string, can
  4. give admin passwords.
  5. The Vault This cart can be accessed at any time, but requires the 3 keys found using the descriptions provided to unlock the safe and get the gold.
  6. Educational Explainers: Before entering each cart, the user is presented with high-level conceptual information about the vulnerability, common defensive signals, and safety guidelines.

🏗️ How we built it

We built the main menu and simulation wrapper using Python 3 for its cross-platform compatibility and ease of use in managing subprocesses. We also used bash extensively to manage the network connections coded in c, along with the navigation between the different rooms

  • Main Menu (train_menu.py): Uses Python's subprocess and shutil modules to launch and manage the different "cart" scripts.
  • DDoS Simulation (ddos_room.py): Built using Python to simulate incoming network requests and monitor resource usage. [If applicable: Describe the tools used for traffic generation/visualization, e.g., a simple loop to flood a local socket].
  • Buffer Overflow Simulation (buf_room.sh): The core vulnerable program was written in C and compiled with specific flags (like -fno-stack-protector) to safely demonstrate the vulnerability. The wrapper script uses Bash to manage the environment and display educational content.

🚧 Challenges we ran into

  1. Ensuring Absolute Safety: The primary challenge was demonstrating high-risk exploits like Buffer Overflows in a fully sandboxed and non-actionable way. We had to ensure the C code was compiled and executed in an environment that made privilege escalation or lateral movement impossible, keeping the focus strictly on educational analysis. We started trying to create a legitimatly vunerable process, but due to extensive kernel protections that would have to be disabled and counltess means of unpredictable behavior, designing a program that emulates an attack was the chosen platform.
  2. Cross-Platform Execution: Getting the Python wrapper to reliably execute both Python scripts (via the correct interpreter path) and Bash shell scripts proved tricky due to variations in pathing and executable permissions (os.access(path, os.X_OK) logic).
  3. ASCII ART Ascii art is simple of itself, but framing them to print over a socket and framed correctly to the terminal so it wasn't squished proved suprisingly difficult.

🎉 Accomplishments that we're proud of

  1. The Buffer Overflow cart: We successfully created a highly engaging simulation where the user can use information provided to send an egg to a remote machine that gives root.
  2. Robust Script Execution: We are proud of the run_room function's logic, which successfully detects the script type (Python, Bash, or direct command) and executes it correctly, even handling permission and interpreter path checks.
  3. Clear Educational Tone: We managed to structure all the content to be strictly defensive and educational, meeting our initial goal of avoiding any instructional material that could be misused for unethical purposes.
  4. The vault and keys Designing the end was very fun, as it is like in an escape room you use all the things you collected to leave, but the logic was both fun and engaging. Hiding the keys was a way to encourage self-research, and could be found in one command but is another fun challenge to the train.

🚀 What we learned

  1. Deepened understanding of C/Memory Protection: We gained a practical, low-level appreciation for how modern stack protection mechanisms work and why they are necessary, especially when compiling C code.
  2. Python Subprocess Management: We learned advanced techniques for managing synchronous and asynchronous sub-processes in Python, including robust error handling and path resolution.
  3. Ethical Hacking vs. Defense: We reinforced the principle that understanding the mechanics of an attack is the most powerful tool for building effective defenses.

🔮 What's next for The Great Train Robbery

  1. Adding More Carts: As the project is inherently modular, we can expand the simulation with new carts covering other common vulnerabilities like Integer Overflow and Cross-Site Scripting (XSS).
  2. Progress Tracking: Implement a simple database or file to track user progress and "trophies" for successfully mitigating attacks in the carts.
  3. Graphical Interface: Upgrade the experience from a purely CLI interface to a simple GUI (using a library like Tkinter or Pygame) to make the simulations more visually engaging and easier for novice users.

Built With

Share this project:

Updates