From 0c9216f17a59448457ae8fe349b28274696886b1 Mon Sep 17 00:00:00 2001
From: Tom <thomashaw@gmail.com>
Date: Tue, 31 Oct 2017 12:05:54 +0000
Subject: [PATCH 1/3] Update README.md to include default root password

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 3a8f1e400..41c3ed577 100644
--- a/README.md
+++ b/README.md
@@ -745,6 +745,8 @@ If you start SecGen with the "build-project" (or "p") command it creates the abo
 
 It is possible to copy the project directory to any compatible system with Vagrant, and simply run "vagrant up" to create the VMs.
 
+The default root password for the base-boxes is 'puppet', but this may be modified by SecGen depending on the scenario used.
+
 ## Roadmap
 - **More modules!** Including more CTF-style modules.
 - Windows baseboxes and vulnerabilities.

From 2dddfc42e324bd32ec7d751da12f0850c04c7d45 Mon Sep 17 00:00:00 2001
From: thomashaw <thomashaw@gmail.com>
Date: Fri, 17 Nov 2017 15:45:36 +0000
Subject: [PATCH 2/3] random_string_selector: removed testing code

---
 .../selector/random_string_selector/secgen_local/local.rb       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/encoders/selector/random_string_selector/secgen_local/local.rb b/modules/encoders/selector/random_string_selector/secgen_local/local.rb
index afcfa242a..987b40b13 100644
--- a/modules/encoders/selector/random_string_selector/secgen_local/local.rb
+++ b/modules/encoders/selector/random_string_selector/secgen_local/local.rb
@@ -6,7 +6,7 @@ class RandomSelectorEncoder < StringEncoder
   def initialize
     super
     self.module_name = 'Random String Selector'
-    self.position = 'test'
+    self.position = ''
   end
 
   def encode_all

From be454cc8bd23a28eb3c4cdd2c3ab98bd8844bae7 Mon Sep 17 00:00:00 2001
From: thomashaw <thomashaw@gmail.com>
Date: Fri, 17 Nov 2017 16:45:40 +0000
Subject: [PATCH 3/3] ssh_leaked_keys, no longer requires user_rw. param
 website doesn't drop a flag by default, additions to .gitignore

---
 .gitignore                                                    | 4 +++-
 .../unix/http/parameterised_website/secgen_metadata.xml       | 3 ++-
 .../unix/system/ssh_leaked_keys/secgen_metadata.xml           | 4 ----
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index c5d73d095..089a6f8dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,6 @@ unusedcode
 .DS_Store
 .idea
 mount
-log
\ No newline at end of file
+log
+batch/failed/
+batch/successful/
\ No newline at end of file
diff --git a/modules/services/unix/http/parameterised_website/secgen_metadata.xml b/modules/services/unix/http/parameterised_website/secgen_metadata.xml
index 3b298c92a..5421977f1 100644
--- a/modules/services/unix/http/parameterised_website/secgen_metadata.xml
+++ b/modules/services/unix/http/parameterised_website/secgen_metadata.xml
@@ -11,6 +11,7 @@
   <type>http</type>
   <platform>linux</platform>
 
+  <!-- Strings are leaked in index.html source code comments -->
   <read_fact>strings_to_leak</read_fact>
   <read_fact>images_to_leak</read_fact>
   <read_fact>organisation</read_fact>
@@ -34,7 +35,7 @@
   </default_input>
 
   <default_input into="strings_to_leak">
-    <generator type="flag_generator"/>
+    <generator type="message_generator"/>
     <generator type="message_generator"/>
   </default_input>
 
diff --git a/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml b/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
index 40a7cd561..814bb5a10 100644
--- a/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
@@ -47,8 +47,4 @@
     <module_path>utilities/unix/system/accounts</module_path>
   </requires>
 
-  <!--to exploit the attacker needs user write access-->
-  <requires>
-    <privilege>user_rw</privilege>
-  </requires>
 </vulnerability>
\ No newline at end of file