digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 19:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
271 Commits 38 Branches 0 Tags
c_code
Commit Graph

127 Commits

Author SHA1 Message Date
Z. Cliffe Schreuders
5aa32d5907 fix literal new line 2017-02-22 16:16:37 +00:00
Z. Cliffe Schreuders
ad55210ddf initial c_code example 2017-02-22 15:26:56 +00:00
thomashaw
e8f8dcece4 Team project work squashed + removed dead code 2017-02-17 14:59:07 +00:00
Z. Cliffe Schreuders
9466f26f8e security audit remit generator 2017-02-08 00:41:14 +00:00
thomashaw
43c02f220f Updated for post-parameterisation 2017-01-17 16:27:18 +00:00
thomashaw
f8a97b2842 Parameterised Cleanup Module 2017-01-17 16:11:50 +00:00
thomashaw
373b0bc5dc Parameterised Website using datastores. Loads of generators and encoders. Check out the example scenarios. 2017-01-15 19:56:13 +00:00
Z. Cliffe Schreuders
c6780f4a9e flag{generated_flag} format for flags 2017-01-15 16:12:08 +00:00
Z. Cliffe Schreuders
fcc4630187 desktop xfce 2017-01-08 01:20:04 +00:00
Z. Cliffe Schreuders
0548606f70 minor cleanup and directory restructuring 2017-01-07 21:55:26 +00:00
thomashaw
4d6fb601b7 Revert: Updated puppetforge/apache to latest version 2016-12-30 01:10:33 +00:00
thomashaw
f78e2fc404 Updated puppetforge/apache to latest version 2016-12-21 17:57:52 +00:00
thomashaw
2be095be6c Secure/patched version of chkrootkit vulnerability (utilities/unix/scanners/chkrootkit) 2016-12-20 16:09:06 +00:00
thomashaw
e7019afa86 Fixed shellshock 2016-12-20 15:26:21 +00:00
thomashaw
0d890ee535 Corrected proftpd_133c_backdoor as it gives you a root_rwx privilege, not user_rwx privilege, shell when exploiting this vulnerability. 2016-12-20 14:55:58 +00:00
thomashaw
ad49319447 Removed leftover comment 2016-12-14 13:50:49 +00:00
thomashaw
007863e05c weak_password_generator <type> added to the weak and common pw gens, fixed typo in account_hash_builder 2016-12-08 10:54:21 +00:00
thomashaw
17f425b37f Multiple leaked files, new secgen_functions module encapsulating the file_leak and overshare.erb logic. Updated old modules to use the new resource type. 2016-12-08 10:43:48 +00:00
thomashaw
2f58b35857 Temp fix: removed single quote from welcome_message generator 2016-12-06 18:56:45 +00:00
thomashaw
1595b4f3e3 NFS /etc/exports updated to allow all networks 2016-12-06 10:09:57 +00:00
thomashaw
7d7d2e2677 Rework: Moved hello_world to messages. Changed write_fact to output_type. Updated PATH constants to DIR. Changed string generators to more specific message_generator in strings_to_leak. 2016-12-05 17:15:55 +00:00
thomashaw
733c871072 Additional parameterisation. New modules: parameterised_accounts, generators and an account_encoder. Added plenty of parameters/default_inputs to currently existing vulnerability modules. 2016-11-30 18:09:22 +00:00
thomashaw
f724415cdf Privilege changes: More specific privilege levels. r, rw, rwx for root & user. 2016-11-14 14:34:04 +00:00
Tom
0920f6ef62 Merge pull request #79 from thomashaw/proftpd_service 
Service: ProFTPd
 2016-11-13 23:21:30 +00:00
thomashaw
0ff5f5ba04 Added a requirement for the accounts module. 2016-11-13 23:19:55 +00:00
thomashaw
9b797c7db2 Service: ProFTPd 
WIP: Renamed

proftpd service module cont.
 2016-11-13 22:53:21 +00:00
thomashaw
b1ba6700d4 Vulnerability: chkrootkit 0.49 local privilege escalation 2016-11-13 22:48:21 +00:00
thomashaw
2cf329eeef Vulnerability: Gitlist 0.4.0 webapp with RCE 2016-11-13 22:43:47 +00:00
Z. Cliffe Schreuders
03b739592b README update and some code cleanup 2016-11-08 23:28:52 +00:00
Z. Cliffe Schreuders
9ff06fce7e default values for parameters (modules and literal values) 2016-11-08 00:28:33 +00:00
Z. Cliffe Schreuders
601362a12d random selection between inputs 2016-10-19 19:49:30 +01:00
Z. Cliffe Schreuders
4421c7d99c Merge branch 'parameterisation' 2016-10-18 21:25:17 +01:00
Z. Cliffe Schreuders
e282dde855 Merge branch 'master' of https://github.com/cliffe/SecGen 2016-10-18 21:23:02 +01:00
Z. Cliffe Schreuders
e63aa00e0a parameterisation 2016-10-18 21:19:47 +01:00
Tom
7c5991e03f Merge pull request #76 from Jjk422/new_smbclient_service_module 
Smbclient utility module.
 2016-09-20 09:05:52 +01:00
Jjk422
880b42e200 Requested changes have been made: 
secgen_metadata.xml:7 :: Removed line
smbclient_utility.xml:8 :: Corrected smbclinet_utility to smbclient_utility.
 2016-09-20 08:53:24 +01:00
Jjk422
eb55b69dff Smbclient utility module. 
Scenario file found at '/home/user/RubymineProjects/SecGen/scenarios/simple_examples/smbclient_utility.xml'
 2016-09-13 12:05:08 +01:00
Jjk422
772b96436e Changed service module samba directory from file_share to smb. 
Changed scenario files that used the module.
Also changed the secgen.xml for samba vulnerabilities that required the module.

service::samba::secgen_metadata.xml:
Changed type in SecGen metadata for samba service module from file_share to smb, also added author.
Removed unneeded comments, changed comment from apache to samba.
scenarios::samba_service.xml
Changed comment to represent samba.

Tested and seems to be fully working for all modules/scenarios that require it.
 2016-09-13 11:10:59 +01:00
Jjk422
4f53a7f770 Merge pull request #70 from thomashaw/nmap_setuid_rebase 
Tested, exploitable although multiple exploits needed to exploit the box.
Ready to be merged.
 2016-09-07 15:01:58 +01:00
thomashaw
4528467f04 Vulnerability: Nmap setuid local privilege escalation 2016-09-06 15:34:12 +01:00
Jjk422
18268af6c9 Merge pull request #69 from thomashaw/shellshock_rebase 
Tested and seems to be fully working.
 2016-09-06 15:17:28 +01:00
thomashaw
d9d785f335 Metadata: Updated shellshock privilege = none, access = local 2016-09-06 13:46:31 +01:00
thomashaw
d3194f4d56 Fix: Added a file resource for the /usr/lib/cgi-bin/ directory. 2016-09-06 13:21:00 +01:00
Jjk422
bc9db957e3 Merge pull request #67 from thomashaw/samba_overshare_rebase 
Happy with this branch, don't think we need to change anything so merging, although the samba service module versioning may come back to bite us, but we can deal with that when we get to it.
 2016-09-06 13:15:44 +01:00
Tom
27dc5c3b9e Merge pull request #66 from Jjk422/new_access_control_misconfigurations_uid_less_running_as_root 
Access control vulnerability, allows less to run as root for any user.
 2016-09-06 13:10:22 +01:00
Z. Cliffe Schreuders
8bbdc885a3 Merge branches 'master' and 'parameterisation' of https://github.com/cliffe/SecGen 2016-09-05 08:56:59 +01:00
thomashaw
60cd05536d Vulnerability: Shellshock in bash & Service: apache server with cgi hosting a bash script 
New scenario combines the two & is exploitable with msf module: exploit/multi/http/apache_mod_cgi_bash_env_exec
 2016-09-04 22:15:28 +01:00
thomashaw
e997c545f0 Removed 'Modulefile' as when unrealirc was selected puppet-librarian caused errors (as it tries to parse Modulefile's contents) 2016-09-03 00:31:47 +01:00
thomashaw
3f00728fd2 Vulnerability: samba anonymously writable share + symlink traversal 2016-09-02 19:55:42 +01:00
Tom
e7db9e1c2d Merge pull request #65 from Jjk422/new_user_account_module_pull_request 
Adds a user account module.
 2016-09-02 12:46:38 +01:00