Skip to content

Create New Shepherd Level Entry

Mark Denihan edited this page May 28, 2015 · 20 revisions
  1. Build your level (Easier said than done)
  2. Open a securityShepherd core mysql instance (root / CowSaysMoo)
  3. Run the following procude, filling in the fields
call moduleCreate('theModuleName', 'lesson/challenge', 'moduleCategory', true/false, 'theModuleSolution');

moduleCategory - Defined by user and groups together levels. If the Category already exists, use it (Case Sensitive)
theModuleSolution - hard coded expected result or null with no single quotes. true/false - Is the key hardcoded into the level or not?

  1. The procedure will return a hash and the stored moduleSolution. If you left it as null this is now the answer for your module. Make note of the Hash - referred to as level hash
  2. Open the webLevelTemplate.jsp in OwaspSecurityShepherdCore/src/jsp
  3. Save it as levelHash.jsp in SecurityShepherdCore/src/jsp/lesson or SecurityShepherdCore/src/jsp/challenge based on the type you chose in the procedure
  4. Fill out as much information as you can in the template and be careful of double quotes.
  5. If you are going to write your own HTML and do not want to use the template levelBlurb section, remove the levelBlurb scriptlet from the HTML contentDiv section of the page and put your stuff there
  6. If there is a downloadable associated with the level(PCAP, jar, stuff), archive it and put the zip in a folder named levelHash
  7. Run this SQL command to generate an insert statement to put in the core database script so your new level entry will persist when a new Shepherd instance is created(Changing the ? with the levelHash)
SELECT CONCAT("INSERT INTO modules (moduleId, moduleName, moduleType, moduleCategory, moduleResult, moduleHash, moduleStatus, incrementalRank, scoreValue, scoreBonus, hardcodedKey) VALUES ('", moduleId, "', '", moduleName, "', '", moduleType,"', '", moduleCategory,"', '", moduleResult, "', '", moduleHash, "', 'open', '", incrementalRank, "', '", scoreValue, "', '5', ", hardcodedKey,");") FROM modules WHERE moduleHash = '?';
  1. Add the outputted INSERT command from the Create Level function you ran on Shepherd to the SecurityShepherdCore/database/coreSchema.sql file in the HSS git repo. Review the statement first. Make sure it is valid. And make sure you add where the rest of the inserts are there for modules
  2. Next you need to create a cheat sheet entry for your level. Add the following cheat sheet line to the SecurityShepherdCore/database/coreSchema.sql file.
CALL cheatSheetCreate('moduleIdHere', "Instructions on how to complete level Here. HTML supported.");
  1. Fetch & Pull from remote and then Push your updates and your level will be live when the WAR file is deployed

It is recommended that you test your level on your local deployment. To set up your local instance of shepherd follow these steps. To test your level you will need to run the SQL command you added to the masterSchema.sql on your MySQL server