ssh_leaked_keys + onlinestore: added hints

2026-02-21 19:28:02 +00:00 · 2017-06-23 23:28:11 +01:00
parent 8eddc7fc44
commit a853bf8db5
2 changed files with 11 additions and 10 deletions
--- a/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0"?>

 <vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
  <name>Leaked SSH keys module</name>
  <author>Mihai Ordean</author>
  <author>Puppet Labs</author>
@@ -37,6 +37,12 @@
  <!--optional details-->
  <reference>https://forge.puppet.com/puppetlabs/accounts</reference>

+  <hint>Look for hidden files in the home directories on the box.</hint>
+  <hint>Copy the .ssh.tar.gz archive with cp /origin/path ~/.ssh/, extract and connect via ssh.</hint>
+  <solution>Extract the archive with tar -xvzf /path/to/.ssh.tar.gz, ensure ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub are in
+    place, connect with ssh user@localhost
+  </solution>
+
  <requires>
    <module_path>utilities/unix/system/accounts</module_path>
  </requires>
--- a/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml
@@ -133,14 +133,9 @@
  </default_input>

  <hint>The authors of this website forgot to sanitise their database inputs!</hint>
-  <hint>The product page's filter form is vulnerable to SQL injection attacks.</hint>
-  <hint>SQL Injection tutorial: http://www.unixwiz.net/techtips/sql-injection.html</hint>
-  <hint>There are automated tools, such as sqlmap, that will probe database through the web application and retrieve the
-    data.
-  </hint>
-  <solution>You can dump the database with the following command: 'sqlmap --url=http://url:port/product?filter=* --dump' and
-    follow the instructions when prompted.
-  </solution>
+  <hint>The product page's filter form is vulnerable to SQL injection attacks. SQL Injection tutorial: http://www.unixwiz.net/techtips/sql-injection.html</hint>
+  <hint>There are automated tools, such as sqlmap, that will probe database through the web application and retrieve the data. </hint>
+  <solution>You can dump the database with the following command: 'sqlmap --url=http://url:port/product?filter=* --dump' and follow the instructions when prompted.</solution>

  <requires>
    <module_path>modules/services/unix/http/apache</module_path>