digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 19:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Wordpress module versions 1.5.1 - 4.8 (current)

Browse Source
This commit is contained in:
thomashaw
2018-03-19 16:56:53 +00:00
parent 8cded98a9f
commit c8e08cb438
10 changed files with 485 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/vulnerabilities/unix/webapp/wordpress/manifests/conf.pp
View File

@@ -6,9 +6,9 @@ class wordpress::conf ($version){
mode => '0755',
content => template('wordpress/wordpress_conf.sh.erb'),
}
#
# exec { 'run wordpress config script':
# command => '/bin/bash /tmp/wordpress_conf.sh',
# require => File['/tmp/wordpress_conf.sh'],
# }
exec { 'run wordpress config script':
command => '/bin/bash /tmp/wordpress_conf.sh',
require => File['/tmp/wordpress_conf.sh'],
}
}

12
modules/vulnerabilities/unix/webapp/wordpress/secgen_metadata.xml
View File

@@ -15,6 +15,7 @@
<read_fact>https</read_fact>
<read_fact>version</read_fact>
<read_fact>ip</read_fact> <!-- Installation requires the IP address of the network card apache is serving on. -->
<read_fact>port</read_fact>
<read_fact>blog_title</read_fact>
<read_fact>admin_email</read_fact>
@@ -22,7 +23,6 @@
<read_fact>username</read_fact>
<default_input into="https">
<!--<value>false</value>-->
<generator type="boolean_generator"/>
</default_input>
@@ -30,6 +30,10 @@
<value>4.9.4</value>
</default_input>
<default_input into="ip">
<value>172.16.0.2</value>
</default_input>
<default_input into="port">
<value>80</value>
</default_input>
@@ -39,7 +43,7 @@
</default_input>
<default_input into="admin_email">
<generator type="email_address"/>
<value>admin@wordpress.org</value>
</default_input>
<default_input into="admin_password">
@@ -53,10 +57,6 @@
<reference>https://www.exploit-db.com/exploits/44101/</reference>
<hint>The authors of this website forgot to sanitise their database inputs!</hint>
<!--<conflict>-->
<!--<name>Wheezy</name>-->
<!--</conflict>-->
<requires>
<module_path>.*/handy_cli_tools</module_path>
</requires>

22
modules/vulnerabilities/unix/webapp/wordpress/templates/wordpress_conf.sh.erb
View File

@@ -1,14 +1,12 @@
#!/bin/bash
<% $params = ''
$params += 'weblog_title=' + @blog_title
$url_email = @admin_email.gsub('@', '%40')
$params += '&admin_email=' + $url_email
<% require 'uri'
$params = ''
$params += 'weblog_title=' + URI::encode(@blog_title)
$params += '&admin_email=' + URI::encode(@admin_email)
if @version[0].to_i >= 3
$params += '&user_name=' + @username
$params += '&admin_password=' + @admin_password
$params += '&admin_password2=' + @admin_password
$params += '&user_name=' + @username
$params += '&admin_password=' + @admin_password
$params += '&admin_password2=' + @admin_password
elsif (@version[0].to_i == 4) and (@version[2].to_i >= 3)
$params += '&pw_weak=on'
$params += '&pass1-text=' + @admin_password
@@ -18,7 +16,9 @@
else
$params += '&blog_public=1'
$params += '&Submit=Install+WordPress'
$params += '&language='
end
-%>
curl -L --data '<%= $params %>' http://localhost:80/wp-admin/install.php?step=2
curl -L http://<%= @ip_address %>:<%= @port %>/
sleep 10
curl -L --data '<%= $params %>' http://<%= @ip_address %>:<%= @port %>/wp-admin/install.php?step=2

207
modules/vulnerabilities/unix/webapp/wordpress/wordpress.pp
View File

@@ -4,6 +4,8 @@ $blog_title = $secgen_parameters['blog_title'][0]
$admin_email = $secgen_parameters['admin_email'][0]
$admin_password = $secgen_parameters['admin_password'][0]
$username = $secgen_parameters['username'][0]
$ip_address = $secgen_parameters['IP_address'][0]
$port = $secgen_parameters['port'][0]
class { 'mysql::server': }
class { 'mysql::bindings': php_enable => true, }
@@ -16,7 +18,7 @@ class { '::apache':
apache::vhost { 'wordpress':
docroot => '/var/www/wordpress',
port => '80',
port => $port,
}
class { 'wordpress':
@@ -25,205 +27,4 @@ class { 'wordpress':
} ~>
class { 'wordpress::conf':
version => $version,
}
# TODO:
# Configuration
## Pass an account in?
# HTTPS true/false
#
# wordpress conf
# Older versions (1.2.1)
# GET /wp-admin/install.php HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# GET /wp-admin/install.php?step=1 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# GET /wp-admin/install.php?step=2 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php?step=1
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# POST /wp-admin/install.php?step=3 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php?step=2
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 34
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# step=3&url=http%3A%2F%2F172.16.0.2
# 1.5.1
#
# POST /wp-admin/install.php?step=2 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php?step=1
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 83
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# weblog_title=test&admin_email=test%40test.com&Submit=Continue+to+Second+Step+%C2%BB
# 2.0
# 2.5
#
# POST /wp-admin/install.php?step=2 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 84
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# weblog_title=test&admin_email=test%40test.com&blog_public=1&Submit=Install+WordPress
# 2.9
# POST /wp-admin/install.php?step=2 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 84
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# weblog_title=test&admin_email=test%40test.com&blog_public=1&Submit=Install+WordPress
# 3.0
# POST /wp-admin/install.php?step=2 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 141
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# weblog_title=test&user_name=admin&admin_password=test&admin_password2=test&admin_email=test%40test.com&blog_public=1&Submit=Install+WordPress
# 4.2
#
# POST /wp-admin/install.php?step=2 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 159
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# weblog_title=test&user_name=user&admin_password=password&admin_password2=password&admin_email=test%40email.com&blog_public=1&Submit=Install+WordPress&language=
# 4.3 (default generated password)
#
# POST /wp-admin/install.php?step=2 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 181
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# weblog_title=test&user_name=test&admin_password=test&pass1-text=QjqKmEYBWqQ4LLTp5D&admin_password2=test&admin_email=test%40test.test&blog_public=1&Submit=Install+WordPress&language=
# 4.3 (user supplied weak password)
# secure password with pw_weak=on works! just always include the parameter.
#
# POST /wp-admin/install.php?step=2 HTTP/1.1
# Host: 172.16.0.2
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Referer: http://172.16.0.2/wp-admin/install.php
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 177
# Cookie: wp-settings-time-1=1521034877
# Connection: close
# Upgrade-Insecure-Requests: 1
#
# weblog_title=test&user_name=user&admin_password=test&pass1-text=test&admin_password2=test&pw_weak=on&admin_email=test%40test.com&blog_public=1&Submit=Install+WordPress&language=
# 1.5.1
# weblog_title=test&admin_email=test%40test.com&Submit=Continue+to+Second+Step+%C2%BB
# 2.0 - 2.9
# weblog_title=test&admin_email=test%40test.com&blog_public=1&Submit=Install+WordPress
# 3.0
# weblog_title=test&user_name=admin&admin_password=test&admin_password2=test&admin_email=test%40test.com&blog_public=1&Submit=Install+WordPress
# 4.2
# weblog_title=test&user_name=user&admin_password=password&admin_password2=password&admin_email=test%40email.com&blog_public=1&Submit=Install+WordPress&language=
# 4.3
# weblog_title=test&user_name=test&admin_password=test&pass1-text=QjqKmEYBWqQ4LLTp5D&admin_password2=test&admin_email=test%40test.test&blog_public=1&Submit=Install+WordPress&language=
# weblog_title=test&user_name=user&admin_password=test&pass1-text=test&admin_password2=test&pw_weak=on&admin_email=test%40test.com&blog_public=1&Submit=Install+WordPress&language=
}

40
scenarios/examples/vulnerability_examples/wordpress_examples/wordpress_1x.xml Normal file
View File

@@ -0,0 +1,40 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<system>
<system_name>wp_1x</system_name>
<base platform="linux" type="server" module_path=".*debian_puppet_32.*"/>
<input into_datastore="IP_addresses">
<value>172.16.0.12</value>
</input>
<vulnerability module_path=".*wordpress.*">
<input into="version">
<encoder type="string_selector">
<input into="strings_to_encode">
<value>1.5.2</value>
<value>1.5.1.3</value>
<value>1.5.1.2</value>
<value>1.5.1.1</value>
<value>1.5.1</value>
</input>
</encoder>
</input>
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

75
scenarios/examples/vulnerability_examples/wordpress_examples/wordpress_2x.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<system>
<system_name>wp_2x</system_name>
<base platform="linux" type="server" module_path=".*debian_puppet_32.*"/>
<input into_datastore="IP_addresses">
<value>172.16.0.12</value>
</input>
<vulnerability module_path=".*wordpress.*">
<input into="version">
<encoder type="string_selector">
<input into="strings_to_encode">
<value>2.9.2</value>
<value>2.9.1</value>
<value>2.9</value>
<value>2.8.6</value>
<value>2.8.5</value>
<value>2.8.4</value>
<value>2.8.3</value>
<value>2.8.2</value>
<value>2.8.1</value>
<value>2.8</value>
<value>2.7.1</value>
<value>2.7</value>
<value>2.6.5</value>
<value>2.6.3</value>
<value>2.6.2</value>
<value>2.6.1</value>
<value>2.6</value>
<value>2.5.1</value>
<value>2.5</value>
<value>2.3.3</value>
<value>2.3.2</value>
<value>2.3.1</value>
<value>2.3</value>
<value>2.2.3</value>
<value>2.2.2</value>
<value>2.2.1</value>
<value>2.2</value>
<value>2.1.3</value>
<value>2.1.2</value>
<value>2.1.1</value>
<value>2.1</value>
<value>2.0.11</value>
<value>2.0.10</value>
<value>2.0.9</value>
<value>2.0.8</value>
<value>2.0.7</value>
<value>2.0.6</value>
<value>2.0.5</value>
<value>2.0.4</value>
<value>2.0.1</value>
<value>2.0</value>
</input>
</encoder>
</input>
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

136
scenarios/examples/vulnerability_examples/wordpress_examples/wordpress_3x.xml Normal file
View File

@@ -0,0 +1,136 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<system>
<system_name>wp_3x</system_name>
<base platform="linux" type="server" module_path=".*debian_puppet_32.*"/>
<input into_datastore="IP_addresses">
<value>172.16.0.12</value>
</input>
<vulnerability module_path=".*wordpress.*">
<input into="version">
<encoder type="string_selector">
<input into="strings_to_encode">
<value>3.9.23</value>
<value>3.9.22</value>
<value>3.9.21</value>
<value>3.9.20</value>
<value>3.9.19</value>
<value>3.9.18</value>
<value>3.9.17</value>
<value>3.9.16</value>
<value>3.9.15</value>
<value>3.9.14</value>
<value>3.9.13</value>
<value>3.9.12</value>
<value>3.9.11</value>
<value>3.9.10</value>
<value>3.9.9</value>
<value>3.9.8</value>
<value>3.9.7</value>
<value>3.9.6</value>
<value>3.9.5</value>
<value>3.9.4</value>
<value>3.9.3</value>
<value>3.9.2</value>
<value>3.9.1</value>
<value>3.9</value>
<value>3.8.25</value>
<value>3.8.24</value>
<value>3.8.23</value>
<value>3.8.22</value>
<value>3.8.21</value>
<value>3.8.20</value>
<value>3.8.19</value>
<value>3.8.18</value>
<value>3.8.17</value>
<value>3.8.16</value>
<value>3.8.15</value>
<value>3.8.14</value>
<value>3.8.13</value>
<value>3.8.12</value>
<value>3.8.11</value>
<value>3.8.10</value>
<value>3.8.9</value>
<value>3.8.8</value>
<value>3.8.7</value>
<value>3.8.6</value>
<value>3.8.5</value>
<value>3.8.4</value>
<value>3.8.3</value>
<value>3.8.2</value>
<value>3.8.1</value>
<value>3.8</value>
<value>3.7.25</value>
<value>3.7.24</value>
<value>3.7.23</value>
<value>3.7.22</value>
<value>3.7.21</value>
<value>3.7.20</value>
<value>3.7.19</value>
<value>3.7.18</value>
<value>3.7.17</value>
<value>3.7.16</value>
<value>3.7.15</value>
<value>3.7.14</value>
<value>3.7.13</value>
<value>3.7.12</value>
<value>3.7.11</value>
<value>3.7.10</value>
<value>3.7.9</value>
<value>3.7.8</value>
<value>3.7.7</value>
<value>3.7.6</value>
<value>3.7.5</value>
<value>3.7.4</value>
<value>3.7.3</value>
<value>3.7.2</value>
<value>3.7.1</value>
<value>3.7</value>
<value>3.6.1</value>
<value>3.6</value>
<value>3.5.2</value>
<value>3.5.1</value>
<value>3.5</value>
<value>3.4.2</value>
<value>3.4.1</value>
<value>3.4</value>
<value>3.3.3</value>
<value>3.3.2</value>
<value>3.3.1</value>
<value>3.3</value>
<value>3.2.1</value>
<value>3.2</value>
<value>3.1.4</value>
<value>3.1.3</value>
<value>3.1.2</value>
<value>3.1.1</value>
<value>3.1</value>
<value>3.0.6</value>
<value>3.0.5</value>
<value>3.0.4</value>
<value>3.0.3</value>
<value>3.0.2</value>
<value>3.0.1</value>
<value>3.0</value>
</input>
</encoder>
</input>
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

31
scenarios/examples/vulnerability_examples/wordpress_examples/wordpress_48.xml Normal file
View File

@@ -0,0 +1,31 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<system>
<system_name>wp_48</system_name>
<base platform="linux" type="server" module_path=".*debian_puppet_32.*"/>
<input into_datastore="IP_addresses">
<value>172.16.0.12</value>
</input>
<vulnerability module_path=".*wordpress.*">
<input into="version">
<value>4.8</value>
</input>
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

177
scenarios/examples/vulnerability_examples/wordpress_examples/wordpress_4x.xml Normal file
View File

@@ -0,0 +1,177 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<system>
<system_name>wp_4x</system_name>
<base platform="linux" type="server" module_path=".*debian_puppet_32.*"/>
<input into_datastore="IP_addresses">
<value>172.16.0.12</value>
</input>
<vulnerability module_path=".*wordpress.*">
<input into="version">
<encoder type="string_selector">
<input into="strings_to_encode">
<value>4.9.4</value>
<value>4.9.3</value>
<value>4.9.2</value>
<value>4.9.1</value>
<value>4.9</value>
<value>4.8.5</value>
<value>4.8.4</value>
<value>4.8.3</value>
<value>4.8.2</value>
<value>4.8.1</value>
<value>4.8</value>
<value>4.7.9</value>
<value>4.7.8</value>
<value>4.7.7</value>
<value>4.7.6</value>
<value>4.7.5</value>
<value>4.7.4</value>
<value>4.7.3</value>
<value>4.7.2</value>
<value>4.7.1</value>
<value>4.7</value>
<value>4.6.10</value>
<value>4.6.9</value>
<value>4.6.8</value>
<value>4.6.7</value>
<value>4.6.6</value>
<value>4.6.5</value>
<value>4.6.4</value>
<value>4.6.3</value>
<value>4.6.2</value>
<value>4.6.1</value>
<value>4.6</value>
<value>4.5.13</value>
<value>4.5.12</value>
<value>4.5.11</value>
<value>4.5.10</value>
<value>4.5.9</value>
<value>4.5.8</value>
<value>4.5.7</value>
<value>4.5.6</value>
<value>4.5.5</value>
<value>4.5.4</value>
<value>4.5.3</value>
<value>4.5.2</value>
<value>4.5.1</value>
<value>4.5</value>
<value>4.4.14</value>
<value>4.4.13</value>
<value>4.4.12</value>
<value>4.4.11</value>
<value>4.4.10</value>
<value>4.4.9</value>
<value>4.4.8</value>
<value>4.4.7</value>
<value>4.4.6</value>
<value>4.4.5</value>
<value>4.4.4</value>
<value>4.4.3</value>
<value>4.4.2</value>
<value>4.4.1</value>
<value>4.4</value>
<value>4.3.15</value>
<value>4.3.14</value>
<value>4.3.13</value>
<value>4.3.12</value>
<value>4.3.11</value>
<value>4.3.10</value>
<value>4.3.9</value>
<value>4.3.8</value>
<value>4.3.7</value>
<value>4.3.6</value>
<value>4.3.5</value>
<value>4.3.4</value>
<value>4.3.3</value>
<value>4.3.2</value>
<value>4.3.1</value>
<value>4.3</value>
<value>4.2.19</value>
<value>4.2.18</value>
<value>4.2.17</value>
<value>4.2.16</value>
<value>4.2.15</value>
<value>4.2.14</value>
<value>4.2.13</value>
<value>4.2.12</value>
<value>4.2.11</value>
<value>4.2.10</value>
<value>4.2.9</value>
<value>4.2.8</value>
<value>4.2.7</value>
<value>4.2.6</value>
<value>4.2.5</value>
<value>4.2.4</value>
<value>4.2.3</value>
<value>4.2.2</value>
<value>4.2.1</value>
<value>4.2</value>
<value>4.1.22</value>
<value>4.1.21</value>
<value>4.1.20</value>
<value>4.1.19</value>
<value>4.1.18</value>
<value>4.1.17</value>
<value>4.1.16</value>
<value>4.1.15</value>
<value>4.1.14</value>
<value>4.1.13</value>
<value>4.1.12</value>
<value>4.1.11</value>
<value>4.1.10</value>
<value>4.1.9</value>
<value>4.1.8</value>
<value>4.1.7</value>
<value>4.1.6</value>
<value>4.1.5</value>
<value>4.1.4</value>
<value>4.1.3</value>
<value>4.1.2</value>
<value>4.1.1</value>
<value>4.1</value>
<value>4.0.22</value>
<value>4.0.21</value>
<value>4.0.20</value>
<value>4.0.19</value>
<value>4.0.18</value>
<value>4.0.17</value>
<value>4.0.16</value>
<value>4.0.15</value>
<value>4.0.14</value>
<value>4.0.13</value>
<value>4.0.12</value>
<value>4.0.11</value>
<value>4.0.10</value>
<value>4.0.9</value>
<value>4.0.8</value>
<value>4.0.7</value>
<value>4.0.6</value>
<value>4.0.5</value>
<value>4.0.4</value>
<value>4.0.3</value>
<value>4.0.2</value>
<value>4.0.1</value>
<value>4.0</value>
</input>
</encoder>
</input>
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>

34
scenarios/test_scenario.xml
View File

@@ -1,34 +0,0 @@
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<!-- an example remote storage system, with a remotely exploitable vulnerability that can then be escalated to root -->
<system>
<system_name>escalation</system_name>
<base platform="linux" type="server" module_path=".*debian_puppet_32.*"/>
<vulnerability module_path=".*wordpress.*">
<input into="version">
<encoder type="string_selector">
<input into="strings_to_encode">
<!--<value>1.0.2</value> Not found!-->
<!--<value>2.0</value> Has different fields, only requires title and email, will auto create user: admin and generate random 6 char password -->
<!--<value>4.2</value>&lt;!&ndash; Has old PW field&ndash;&gt;-->
<!--<value>4.3</value> &lt;!&ndash;Has new PW field&ndash;&gt;-->
<value>4.3</value>
<!--<value>4.5</value>-->
<!--<value>4.6</value>-->
<!--<value>4.7</value>-->
<!--<value>4.8</value>-->
<!--<value>1.5.2</value>-->
</input>
</encoder>
</input>
</vulnerability>
<network type="private_network" range="172.16.0.0"/>
</system>
</scenario>