/// <summary>
/// Updates the troop levels of the village
/// </summary>
/// <param name="ownForce">Your own troops home</param>
/// <param name="thereForce">The total amount of troops in the village</param>
/// <param name="awayForce">Your own troops in other villages</param>
/// <param name="movingForce">Your own troops moving towards another village</param>
public void UpdateTroops(Dictionary <UnitTypes, int> ownForce, Dictionary <UnitTypes, int> thereForce, Dictionary <UnitTypes, int> awayForce, Dictionary <UnitTypes, int> movingForce)
{
Defense.Clear();
foreach (UnitTypes key in awayForce.Keys)
{
Defense.OtherDefenses[key] = thereForce[key] - ownForce[key];
Defense.OwnTroops[key] = ownForce[key] + awayForce[key] + movingForce[key];
Defense.OutTroops[key] = awayForce[key] + movingForce[key];
}
_villageDate = World.Default.Settings.ServerTime;
DefenseDate = _villageDate;
GuessVillageType();
}
protected void Test()
{
var defense = new Defense();
int result;
defense.Clear();
// 1: Pre-execution control: Check valid HTTP Verb
var original = HttpContext.Request.ServerVariables["REQUEST_METHOD"];
HttpContext.Request.ServerVariables["REQUEST_METHOD"] = "FAKE";
result = defense.checkHTTPMethod();
HttpContext.Request.ServerVariables["REQUEST_METHOD"] = original;
// 2: Pre-execution control: Check if the URL contains a vulnerability scanner string
var originalServer = HttpContext.Request.ServerVariables["REQUEST_URI"];
HttpContext.Request.ServerVariables["REQUEST_URI"] = "/?nessus";
result = defense.checkURI();
HttpContext.Request.ServerVariables["REQUEST_URI"] = originalServer;
// 3: Pre-execution control: Check if a valid HTTP version is being used
originalServer = HttpContext.Request.ServerVariables["SERVER_PROTOCOL"];
HttpContext.Request.ServerVariables["SERVER_PROTOCOL"] = "HTTP/8.0";
result = defense.checkHTTPVersion();
HttpContext.Request.ServerVariables["SERVER_PROTOCOL"] = originalServer;
// 4: Pre-execution control: Check if the user entered the correct domain name
result = defense.checkHostname("www.example.com");
// 5: Pre-execution control: Check valid HTTP Verb
original = HttpContext.Request.ServerVariables["REQUEST_METHOD"];
HttpContext.Request.ServerVariables["REQUEST_METHOD"] = "FAKE";
result = defense.checkHTTPMethod();
HttpContext.Request.ServerVariables["REQUEST_METHOD"] = original;
// 6: Pre-execution control: Forced browsing: check if they are trying to access a non-existing resource
originalServer = HttpContext.Request.ServerVariables["REQUEST_URI"];
HttpContext.Request.ServerVariables["REQUEST_URI"] = "/nonexistingresource";
result = defense.checkNonExistingFile();
HttpContext.Request.ServerVariables["REQUEST_URI"] = originalServer;
// 7: Pre-execution control: Forced browsing: check if they are trying to access a backup file
originalServer = HttpContext.Request.ServerVariables["REQUEST_URI"];
HttpContext.Request.ServerVariables["REQUEST_URI"] = "/existingresource.bak";
result = defense.checkNonExistingFile();
HttpContext.Request.ServerVariables["REQUEST_URI"] = originalServer;
// 8: Pre-execution control: Forced browsing: check if a non-authenticated user is accessing a privileged resource without permission
if (!(User.Identity.IsAuthenticated && (HttpContext.User != null)))
{
defense.attackDetected("Existing resource accessed by a non-authenticated user", 20);
}
// 9: Pre-execution control: Forced browsing: check if an authenticated user is accessing a privileged resource without permission
//if (!(User.Identity.IsAuthenticated && (HttpContext.User != null)))
defense.attackDetected("Authenticated user without permission", 100);
// 10: Pre-execution control: Check if the User-Agent is a vulnerability scanner
original = HttpContext.Request.ServerVariables["HTTP_USER_AGENT"];
HttpContext.Request.ServerVariables["HTTP_USER_AGENT"] = "Something Nikto";
result = defense.checkUserAgent();
HttpContext.Request.ServerVariables["HTTP_USER_AGENT"] = original;
// 11: Pre-execution control: Check if the User-Agent has changed
var originalClient = HttpContext.Session["HTTP_USER_AGENT"];
originalServer = HttpContext.Request.ServerVariables["HTTP_USER_AGENT"];
HttpContext.Session["user_agent"] = "The original user agent";
HttpContext.Request.ServerVariables["HTTP_USER_AGENT"] = "A different user agent";
result = defense.checkUserAgent();
HttpContext.Session["user_agent"] = originalClient;
HttpContext.Request.ServerVariables["HTTP_USER_AGENT"] = originalServer;
// 12: Pre-execution control: Check if the IP address changed for the cookie
originalClient = HttpContext.Session["REMOTE_ADDR"];
originalServer = HttpContext.Request.ServerVariables["REMOTE_ADDR"];
HttpContext.Session["REMOTE_ADDR"] = "1.1.1.1";
HttpContext.Request.ServerVariables["REMOTE_ADDR"] = "2.2.2.2";
defense.checkConcurrentSession();
HttpContext.Session["REMOTE_ADDR"] = originalClient;
HttpContext.Request.ServerVariables["REMOTE_ADDR"] = originalServer;
// 13: Pre-execution control: Trap: check if a user is accessing a fake robots.txt entry
defense.attackDetected("Fake robots.txt entry", 100);
// 14: Pre-execution control: Trap: check if a user is accessing a fake hidden URL within a document
defense.attackDetected("Fake hidden URL access", 100);
// 15: Pre-execution control: Trap: check if a user is modifying a fake cookie
var existsCookie = HttpContext.Request.Cookies.AllKeys.Contains("admin");
var cookieValue = "";
if (existsCookie)
{
cookieValue = HttpContext.Request.Cookies["admin"].Value;
HttpContext.Request.Cookies["admin"].Value = "true";
}
else
{
HttpContext.Request.Cookies.Add(new HttpCookie("admin", "true"));
}
result = defense.checkFakeCookie("admin", "false");
if (existsCookie)
{
HttpContext.Request.Cookies["admin"].Value = cookieValue;
}
else
{
HttpContext.Request.Cookies.Remove("admin");
}
// 16: Pre-execution control: Trap: check if a user is modifying a fake input field
original = HttpContext.Request.Form["passkey"];
var originalSession = HttpContext.Session["passkey"];
HttpContext.Session["passkey"] = "674441960ca1ba2de08ad4e50c9fde98";
//HttpContext.Request.Form["passkey"] = "a value different than the one I am testing";
result = defense.checkFakeInput("passkey", "674441960ca1ba2de08ad4e50c9fde98");
//HttpContext.Request.Form["passkey"] = original;
HttpContext.Session["passkey"] = originalSession;
// 17: Execution control: check if they are using the correct HTTP verb
original = HttpContext.Request.ServerVariables["REQUEST_METHOD"];
HttpContext.Request.ServerVariables["REQUEST_METHOD"] = "GET";
result = defense.checkHTTPMethod("POST");
HttpContext.Request.ServerVariables["REQUEST_METHOD"] = original;
// 18: Execution control: check if any parameter is missing
if (HttpContext.Request.Form["this_parameter_should_not_be_missing"] == null)
{
defense.attackDetected("Missing parameter", 100);
}
// 19: Execution control: check if there are any extra parameters
if (HttpContext.Request.Form.Count != 3)
{
defense.attackDetected("Extra parameters", 20);
}
// 20: Execution control: check if they are sending unexpected values on any parameter
var postValue = HttpContext.Request.Form["id"];
int postParseResult;
var parseResult = Int32.TryParse(postValue, out postParseResult);
if ((postValue == null) || (parseResult == false))
{
defense.attackDetected("Unexpected value", 100);
}
// 21: Execution control: check when functions may be susceptible to MiTM attacks
var ConnNfo = new ConnectionInfo("scanme.nmap.org", 22, "username",
new AuthenticationMethod[] {
new PrivateKeyAuthenticationMethod("username", new PrivateKeyFile[] {
new PrivateKeyFile(@"c:\\temp\\openssh.key", "password")
}
)
});
try
{
using (var sshclient = new SshClient(ConnNfo))
{
sshclient.Connect();
sshclient.Disconnect();
}
}
catch (SshAuthenticationException e)
{
defense.attackDetected("Authenticity check failed", 100);
}
// 22: Execution control: check if the canonical path differs from the path entered by the user (path traversal attack)
var file = @"C:\Program files\..\Windows\aaa.txt";
if (file != System.IO.Path.GetFullPath(file))
{
defense.attackDetected("Path traversal detected", 100);
}
// 23: Execution control: check if the anti Cross-Site Request Forgery (CSRF) token differs from the original
// if(!verifyAntiXSRF(anti-xsrf-token))
defense.attackDetected("Anti-XSRF token invalid", 100);
// 24: Execution control: check if the origin is forbidden for the user's session
// if(isGeoLocationForbidden($session))
defense.attackDetected("Geo location is forbidden", 100);
// 25:
var time = DateTime.UtcNow;
if (time.Hour > 20 || time.Hour < 8)
{
defense.alertAdmin("The user logged in outside business hours");
}
// 26: Execution control: check if the user triggered an unexpected catch statement
var a = 0;
try
{
a = a / a;
}
catch (Exception)
{
defense.attackDetected("Exception divided by zero should never happen", 20);
}
// 27: Execution control: check if there are any uncaught exceptions
//throw new Exception("this is an uncaught exception");
// 28: Execution control: check if they are looping through passwords
defense.attackDetected("Password attempt", 10);
// 29: Execution control: check how fast they are
defense.checkSpeed();
// 30.1: Post-execution control: check if the fake secret admin acccount has been leaked
HttpContext.Response.Write("0,secrethiddenadminaccount,1...");
HttpContext.Response.Flush();
var filter = (OutputFilterStream)HttpContext.Items["Filter"];
if (filter.ReadStream().Contains("secrethiddenadminaccount"))
{
defense.attackDetected("Passwords leaked", 100);
}
// 30.2: Post-execution control: check if the fake secret directory has been leaked
HttpContext.Response.Write("/var/www/html/secrethiddendirectory");
HttpContext.Response.Flush();
if (filter.ReadStream().Contains("secrethiddendirectory"))
{
defense.attackDetected("Files leaked", 100);
}
// 31: Post-execution control: check if the request took too much time
time = DateTime.Now;
Thread.Sleep(2000);
if (DateTime.Now.Subtract(time).TotalSeconds > 1)
{
defense.attackDetected("Too much time", 20);
}
}
