From a853bf8db52ff0aebf23b8f6357b4cc794eeee5d Mon Sep 17 00:00:00 2001
From: thomashaw <thomashaw@gmail.com>
Date: Fri, 23 Jun 2017 23:28:11 +0100
Subject: [PATCH] ssh_leaked_keys + onlinestore: added hints

---
 .../unix/system/ssh_leaked_keys/secgen_metadata.xml   | 10 ++++++++--
 .../unix/webapp/onlinestore/secgen_metadata.xml       | 11 +++--------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml b/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
index be010855e..cd5507a10 100644
--- a/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0"?>
 
 <vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
   <name>Leaked SSH keys module</name>
   <author>Mihai Ordean</author>
   <author>Puppet Labs</author>
@@ -37,6 +37,12 @@
   <!--optional details-->
   <reference>https://forge.puppet.com/puppetlabs/accounts</reference>
 
+  <hint>Look for hidden files in the home directories on the box.</hint>
+  <hint>Copy the .ssh.tar.gz archive with cp /origin/path ~/.ssh/, extract and connect via ssh.</hint>
+  <solution>Extract the archive with tar -xvzf /path/to/.ssh.tar.gz, ensure ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub are in
+    place, connect with ssh user@localhost
+  </solution>
+
   <requires>
     <module_path>utilities/unix/system/accounts</module_path>
   </requires>
diff --git a/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml b/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml
index 0d946bf6e..2231fa8b5 100644
--- a/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/webapp/onlinestore/secgen_metadata.xml
@@ -133,14 +133,9 @@
   </default_input>
 
   <hint>The authors of this website forgot to sanitise their database inputs!</hint>
-  <hint>The product page's filter form is vulnerable to SQL injection attacks.</hint>
-  <hint>SQL Injection tutorial: http://www.unixwiz.net/techtips/sql-injection.html</hint>
-  <hint>There are automated tools, such as sqlmap, that will probe database through the web application and retrieve the
-    data.
-  </hint>
-  <solution>You can dump the database with the following command: 'sqlmap --url=http://url:port/product?filter=* --dump' and
-    follow the instructions when prompted.
-  </solution>
+  <hint>The product page's filter form is vulnerable to SQL injection attacks. SQL Injection tutorial: http://www.unixwiz.net/techtips/sql-injection.html</hint>
+  <hint>There are automated tools, such as sqlmap, that will probe database through the web application and retrieve the data. </hint>
+  <solution>You can dump the database with the following command: 'sqlmap --url=http://url:port/product?filter=* --dump' and follow the instructions when prompted.</solution>
 
   <requires>
     <module_path>modules/services/unix/http/apache</module_path>