Merge branch 'master' of https://github.com/cliffe/SecGen

.gitignore

@@ -3,4 +3,6 @@ unusedcode
 .DS_Store
 .idea
 mount
-log
+log
+batch/failed/
+batch/successful/

README.md

@@ -745,6 +745,8 @@ If you start SecGen with the "build-project" (or "p") command it creates the abo
 
 It is possible to copy the project directory to any compatible system with Vagrant, and simply run "vagrant up" to create the VMs.
 
+The default root password for the base-boxes is 'puppet', but this may be modified by SecGen depending on the scenario used.
+
 ## Roadmap
 - **More modules!** Including more CTF-style modules.
 - Windows baseboxes and vulnerabilities.

modules/encoders/selector/random_string_selector/secgen_local/local.rb

@@ -6,7 +6,7 @@ class RandomSelectorEncoder < StringEncoder
   def initialize
     super
     self.module_name = 'Random String Selector'
-    self.position = 'test'
+    self.position = ''
   end
 
   def encode_all

modules/services/unix/http/parameterised_website/secgen_metadata.xml

@@ -11,6 +11,7 @@
   <type>http</type>
   <platform>linux</platform>
 
+  <!-- Strings are leaked in index.html source code comments -->
   <read_fact>strings_to_leak</read_fact>
   <read_fact>images_to_leak</read_fact>
   <read_fact>organisation</read_fact>
@@ -34,7 +35,7 @@
   </default_input>
 
   <default_input into="strings_to_leak">
-    <generator type="flag_generator"/>
+    <generator type="message_generator"/>
     <generator type="message_generator"/>
   </default_input>
 

modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml

@@ -47,8 +47,4 @@
     <module_path>utilities/unix/system/accounts</module_path>
   </requires>
 
-  <!--to exploit the attacker needs user write access-->
-  <requires>
-    <privilege>user_rw</privilege>
-  </requires>
 </vulnerability>