Replaced individual list generators with generic that allows future use. Added ncrack vulnerability.

lib/helpers/constants.rb

@@ -44,6 +44,7 @@ WORDLISTS_DIR = "#{ROOT_DIR}/lib/resources/wordlists"
 LINELISTS_DIR = "#{ROOT_DIR}/lib/resources/linelists"
 BLACKLISTED_WORDS_FILE = "#{ROOT_DIR}/lib/resources/blacklisted_words/blacklist.txt"
 IMAGES_DIR = "#{ROOT_DIR}/lib/resources/images"
+PASSWORDLISTS_DIR = "#{ROOT_DIR}/lib/resources/passwordlists"
 
 # Path to build puppet modules
 STDLIB_PUPPET_DIR = "#{MODULES_DIR}build/puppet/stdlib"

modules/generators/passwords/custom_list_password/secgen_local/local.rb

@@ -0,0 +1,35 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+
+class CustomPasswordGenerator < StringGenerator
+  attr_accessor :list_name
+
+  def initialize
+    super
+    self.module_name = 'Custom List Password Generator'
+    self.list_name = ''
+  end
+
+  def generate
+    self.outputs << File.readlines("#{PASSWORDLISTS_DIR}/#{list_name}").sample.chomp
+  end
+
+  def get_options_array
+    super + [['--list_name', GetoptLong::REQUIRED_ARGUMENT]]
+  end
+
+  def process_options(opt, arg)
+    super
+    case opt
+      when '--list_name'
+        self.list_name << arg;
+    end
+  end
+
+  def encoding_print_string
+    'list_name: ' + self.list_name.to_s + print_string_padding
+  end
+
+end
+
+CustomPasswordGenerator.new.run

modules/generators/passwords/custom_list_password/secgen_metadata.xml

@@ -2,18 +2,24 @@
 <generator xmlns="http://www.github/cliffe/SecGen/generator"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
-  <name>nCrack Password List Generator</name>
+  <name>Custom List Generator</name>
   <author>Jason Zeller</author>
   <module_license>MIT</module_license>
-  <description>Password randomly selected from nCrack default.pwd password file from Kali 2018.3, located at:
-    /usr/share/ncrack/default.pwd
+  <description>Allows you to specify custom password list to generate from.
+  Available password lists are located in: lib/resources/passwordlists
   </description>
 
   <type>password_generator</type>
-  <type>ncrack_password</type>
+  <type>custom_list_password</type>
   <platform>linux</platform>
   <platform>windows</platform>
 
+  <read_fact>list_name</read_fact>
+
+  <default_input into="list_name">
+    <value>jtrpassword.lst</value>
+  </default_input>
+
   <output_type>generated_passwords</output_type>
 
 </generator>

modules/generators/passwords/jtr_list_password/secgen_local/local.rb

@@ -1,15 +0,0 @@
-#!/usr/bin/ruby
-require_relative '../../../../../lib/objects/local_string_generator.rb'
-
-class JtRPasswordGenerator < StringGenerator
-  def initialize
-    super
-    self.module_name = 'JtR Password List Generator'
-  end
-
-  def generate
-    self.outputs << File.readlines("#{WORDLISTS_DIR}/jtrpassword.lst").sample.chomp
-  end
-end
-
-JtRPasswordGenerator.new.run

modules/generators/passwords/jtr_list_password/secgen_metadata.xml

@@ -1,19 +0,0 @@
-<?xml version="1.0"?>
-<generator xmlns="http://www.github/cliffe/SecGen/generator"
-           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-           xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
-  <name>JtR Password List Generator</name>
-  <author>Jason Zeller</author>
-  <module_license>MIT</module_license>
-  <description>Password randomly selected from John the Ripper password file from Kali 2018.3, located at:
-    /usr/share/john/password.lst
-  </description>
-
-  <type>password_generator</type>
-  <type>jtr_password</type>
-  <platform>linux</platform>
-  <platform>windows</platform>
-
-  <output_type>generated_passwords</output_type>
-
-</generator>

modules/generators/passwords/ncrack_list_password/secgen_local/local.rb

@@ -1,15 +0,0 @@
-#!/usr/bin/ruby
-require_relative '../../../../../lib/objects/local_string_generator.rb'
-
-class NcrackPasswordGenerator < StringGenerator
-  def initialize
-    super
-    self.module_name = 'nCrack Password List Generator'
-  end
-
-  def generate
-    self.outputs << File.readlines("#{WORDLISTS_DIR}/ncrackpassword.lst").sample.chomp
-  end
-end
-
-NcrackPasswordGenerator.new.run

modules/vulnerabilities/unix/system/jtr_crackable_user_account/secgen_metadata.xml

@@ -26,7 +26,11 @@
   </default_input>
 
   <default_input into="password">
-    <generator type="jtr_password"/>
+    <generator type="custom_list_password">
+      <input into="list_name">
+        <value>jtrpassword.lst</value>
+      </input>
+    </generator>
   </default_input>
 
   <default_input into="strings_to_leak">

modules/vulnerabilities/unix/system/ncrack_user_account/manifests/account.pp

@@ -0,0 +1,51 @@
+define ncrack_user_account::account($username, $password, $super_user, $strings_to_leak, $leaked_filenames) {
+  # ::accounts::user changes permissions on group, passwd, shadow etc. so needs to run before
+  if defined('writable_groups::config') {
+    include ::writable_groups::config
+    $writable_groups = [File['/etc/group']]
+  } else { $writable_groups = [] }
+
+  if defined('writable_passwd::config') {
+    include ::writable_passwd::config
+    $writable_passwd = [File['/etc/passwd']]
+  } else { $writable_passwd = [] }
+
+  if defined('writable_shadow::config') {
+    include ::writable_shadow::config
+    $writable_shadow = [File['/etc/shadow']]
+  } else { $writable_shadow = [] }
+
+  $misconfigurations = concat($writable_groups, $writable_passwd, $writable_shadow)
+
+  # Add user account
+  ::accounts::user { $username:
+    shell      => '/bin/bash',
+    password   => pw_hash($password, 'SHA-512', 'mysalt'),
+    managehome => true,
+    before     => $misconfigurations,
+  }
+
+  # sort groups if sudo add to conf
+  if $super_user {
+    exec { "add-$username-to-sudoers":
+      path    => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
+      command => "echo '$username ALL=(ALL) ALL' >> /etc/sudoers",
+    }
+  }
+
+  if $password == '' {
+    exec { "remove_password_from_account_$username":
+      command => "/usr/bin/passwd -d $username",
+      require => Accounts::User[$username],
+    }
+  }
+
+  # Leak strings in a text file in the users home directory
+  ::secgen_functions::leak_files { "$username-file-leak":
+    storage_directory => "/home/$username/",
+    leaked_filenames  => $leaked_filenames,
+    strings_to_leak   => $strings_to_leak,
+    owner             => $username,
+    leaked_from       => "accounts_$username",
+  }
+}

modules/vulnerabilities/unix/system/ncrack_user_account/manifests/init.pp

@@ -0,0 +1,14 @@
+class ncrack_user_account::init {
+  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+
+  $account = parsejson($secgen_parameters['account'][0])
+  $username = $account['username']
+
+  ::ncrack_user_account::account { "ncrack_user_account_$username":
+    username        => $username,
+    password        => $secgen_parameters['password'][0],
+    super_user      => str2bool($account['super_user']),
+    strings_to_leak => $secgen_parameters['strings_to_leak'],
+    leaked_filenames => $secgen_parameters['leaked_filenames']
+  }
+}

modules/vulnerabilities/unix/system/ncrack_user_account/ncrack_user_account.pp

@@ -0,0 +1 @@
+require ncrack_user_account::init

modules/vulnerabilities/unix/system/ncrack_user_account/secgen_metadata.xml

@@ -0,0 +1,55 @@
+<?xml version="1.0"?>
+
+<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
+  <name>Crackable User Account</name>
+  <author>Jason Zeller</author>
+  <module_license>MIT</module_license>
+  <description>Unprivileged user account with a password from nCrack dictionary.</description>
+
+  <type>system</type>
+  <privilege>user_rwx</privilege>
+  <access>local</access>
+  <platform>linux</platform>
+
+  <read_fact>leaked_filenames</read_fact>
+  <read_fact>strings_to_leak</read_fact>
+  <read_fact>account</read_fact>
+  <read_fact>password</read_fact>
+  <read_fact>flag_password</read_fact>
+  <read_fact>username</read_fact>
+
+  <default_input into="leaked_filenames">
+    <generator type="filename"/>
+  </default_input>
+
+  <default_input into="password">
+    <generator type="custom_list_password">
+      <input into="list_name">
+        <value>ncrackpassword.lst</value>
+      </input>
+    </generator>
+  </default_input>
+
+  <default_input into="strings_to_leak">
+    <generator type="flag_generator"/>
+  </default_input>
+
+  <!-- password, strings_to_leak, and leaked_filenames generate from this account will not be used -->
+  <!-- They can be passed in or generated by default above -->
+  <default_input into="account">
+    <generator type="account"/>
+  </default_input>
+
+  <hint>Password is susceptible to cracking.</hint>
+  <hint>Use nCrack to crack password. If you don't know the username, try using the /usr/share/ncrack/minimal.usr dictionary.</hint>
+  <solution>Use the following command: 'ncrack -v --user username -P /usr/share/ncrack/default.pwd host_ip:22'</solution>
+
+  <requires>
+    <module_path>utilities/unix/system/accounts</module_path>
+  </requires>
+
+
+
+</vulnerability>