Initial import of custom password generators and matching vulnerabilities.

modules/generators/passwords/jtr_list_password/secgen_local/local.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+
+class JtRPasswordGenerator < StringGenerator
+  def initialize
+    super
+    self.module_name = 'JtR Password List Generator'
+  end
+
+  def generate
+    self.outputs << File.readlines("#{WORDLISTS_DIR}/jtrpassword.lst").sample.chomp
+  end
+end
+
+JtRPasswordGenerator.new.run

modules/generators/passwords/jtr_list_password/secgen_metadata.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+  <name>JtR Password List Generator</name>
+  <author>Jason Zeller</author>
+  <module_license>MIT</module_license>
+  <description>Password randomly selected from John the Ripper password file from Kali 2018.3, located at:
+    /usr/share/john/password.lst
+  </description>
+
+  <type>password_generator</type>
+  <type>jtr_password</type>
+  <platform>linux</platform>
+  <platform>windows</platform>
+
+  <output_type>generated_passwords</output_type>
+
+</generator>

modules/generators/passwords/ncrack_list_password/secgen_local/local.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+
+class NcrackPasswordGenerator < StringGenerator
+  def initialize
+    super
+    self.module_name = 'nCrack Password List Generator'
+  end
+
+  def generate
+    self.outputs << File.readlines("#{WORDLISTS_DIR}/ncrackpassword.lst").sample.chomp
+  end
+end
+
+NcrackPasswordGenerator.new.run

modules/generators/passwords/ncrack_list_password/secgen_metadata.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+  <name>nCrack Password List Generator</name>
+  <author>Jason Zeller</author>
+  <module_license>MIT</module_license>
+  <description>Password randomly selected from nCrack default.pwd password file from Kali 2018.3, located at:
+    /usr/share/ncrack/default.pwd
+  </description>
+
+  <type>password_generator</type>
+  <type>ncrack_password</type>
+  <platform>linux</platform>
+  <platform>windows</platform>
+
+  <output_type>generated_passwords</output_type>
+
+</generator>

modules/vulnerabilities/unix/system/jtr_crackable_user_account/jtr_crackable_user_account.pp

@@ -0,0 +1 @@
+require jtr_crackable_user_account::init

modules/vulnerabilities/unix/system/jtr_crackable_user_account/manifests/account.pp

@@ -0,0 +1,51 @@
+define jtr_crackable_user_account::account($username, $password, $super_user, $strings_to_leak, $leaked_filenames) {
+  # ::accounts::user changes permissions on group, passwd, shadow etc. so needs to run before
+  if defined('writable_groups::config') {
+    include ::writable_groups::config
+    $writable_groups = [File['/etc/group']]
+  } else { $writable_groups = [] }
+
+  if defined('writable_passwd::config') {
+    include ::writable_passwd::config
+    $writable_passwd = [File['/etc/passwd']]
+  } else { $writable_passwd = [] }
+
+  if defined('writable_shadow::config') {
+    include ::writable_shadow::config
+    $writable_shadow = [File['/etc/shadow']]
+  } else { $writable_shadow = [] }
+
+  $misconfigurations = concat($writable_groups, $writable_passwd, $writable_shadow)
+
+  # Add user account
+  ::accounts::user { $username:
+    shell      => '/bin/bash',
+    password   => pw_hash($password, 'SHA-512', 'mysalt'),
+    managehome => true,
+    before     => $misconfigurations,
+  }
+
+  # sort groups if sudo add to conf
+  if $super_user {
+    exec { "add-$username-to-sudoers":
+      path    => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
+      command => "echo '$username ALL=(ALL) ALL' >> /etc/sudoers",
+    }
+  }
+
+  if $password == '' {
+    exec { "remove_password_from_account_$username":
+      command => "/usr/bin/passwd -d $username",
+      require => Accounts::User[$username],
+    }
+  }
+
+  # Leak strings in a text file in the users home directory
+  ::secgen_functions::leak_files { "$username-file-leak":
+    storage_directory => "/home/$username/",
+    leaked_filenames  => $leaked_filenames,
+    strings_to_leak   => $strings_to_leak,
+    owner             => $username,
+    leaked_from       => "accounts_$username",
+  }
+}

modules/vulnerabilities/unix/system/jtr_crackable_user_account/manifests/init.pp

@@ -0,0 +1,14 @@
+class jtr_crackable_user_account::init {
+  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+
+  $account = parsejson($secgen_parameters['account'][0])
+  $username = $account['username']
+
+  ::jtr_crackable_user_account::account { "jtr_crackable_user_account_$username":
+    username        => $username,
+    password        => $secgen_parameters['password'][0],
+    super_user      => str2bool($account['super_user']),
+    strings_to_leak => $secgen_parameters['strings_to_leak'],
+    leaked_filenames => $secgen_parameters['leaked_filenames']
+  }
+}

modules/vulnerabilities/unix/system/jtr_crackable_user_account/secgen_metadata.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0"?>
+
+<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
+  <name>JtR Crackable User Account</name>
+  <author>Jason Zeller</author>
+  <module_license>MIT</module_license>
+  <description>Unprivileged user account with a password from John the Ripper default dictionary.
+    For use with training specifically on John the Ripper.
+  </description>
+
+  <type>system</type>
+  <privilege>user_rwx</privilege>
+  <access>local</access>
+  <platform>linux</platform>
+
+  <read_fact>leaked_filenames</read_fact>
+  <read_fact>strings_to_leak</read_fact>
+  <read_fact>account</read_fact>
+  <read_fact>password</read_fact>
+  <read_fact>flag_password</read_fact>
+
+  <default_input into="leaked_filenames">
+    <generator type="filename"/>
+  </default_input>
+
+  <default_input into="password">
+    <generator type="jtr_password"/>
+  </default_input>
+
+  <default_input into="strings_to_leak">
+    <generator type="flag_generator"/>
+  </default_input>
+
+  <!-- password, strings_to_leak, and leaked_filenames generate from this account will not be used -->
+  <!-- They can be passed in or generated by default above -->
+  <default_input into="account">
+    <generator type="account"/>
+  </default_input>
+
+  <hint>Password is susceptible to cracking. Try to obtain /etc/passwd and /etc/shadow.</hint>
+  <hint>Use John the Ripper to crack password.</hint>
+  <solution>Use the following command: 'john -wordlist=/usr/share/john/password.lst yourhashfile'</solution>
+
+  <requires>
+    <module_path>utilities/unix/system/accounts</module_path>
+  </requires>
+
+
+
+</vulnerability>