digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-22 11:48:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
271 Commits 38 Branches 0 Tags
c_code
Commit Graph

271 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom
1820a7dfa9 Merge pull request #80 from cliffe/random_selection_squashed 
random selection between inputs
 2016-10-19 22:57:59 +01:00
Z. Cliffe Schreuders
601362a12d random selection between inputs 2016-10-19 19:49:30 +01:00
Z. Cliffe Schreuders
d68f98e0da code cleanup 2016-10-18 22:38:22 +01:00
Z. Cliffe Schreuders
518485f61d cleanup Vagrantfile output 2016-10-18 22:31:58 +01:00
Z. Cliffe Schreuders
3724fc1c7c organise scenario files into directories 2016-10-18 21:51:33 +01:00
Z. Cliffe Schreuders
4421c7d99c Merge branch 'parameterisation' 2016-10-18 21:25:17 +01:00
Z. Cliffe Schreuders
e282dde855 Merge branch 'master' of https://github.com/cliffe/SecGen 2016-10-18 21:23:02 +01:00
Z. Cliffe Schreuders
e63aa00e0a parameterisation 2016-10-18 21:19:47 +01:00
Tom
7c5991e03f Merge pull request #76 from Jjk422/new_smbclient_service_module 
Smbclient utility module.
 2016-09-20 09:05:52 +01:00
Jjk422
880b42e200 Requested changes have been made: 
secgen_metadata.xml:7 :: Removed line
smbclient_utility.xml:8 :: Corrected smbclinet_utility to smbclient_utility.
 2016-09-20 08:53:24 +01:00
Tom
24f06e9f5c Merge pull request #72 from Jjk422/new_list_scenarios_command 
List all SecGen scenarios
 2016-09-18 15:49:40 +01:00
Jjk422
133f5ee7d0 Corrected all mentioned changes: 
Added a line into the 'usage' method's commands section (at secgen.rb:23-27).
Extracted lines 191-195 into a method called list_scenarios.
 2016-09-13 14:24:08 +01:00
Jjk422
eb55b69dff Smbclient utility module. 
Scenario file found at '/home/user/RubymineProjects/SecGen/scenarios/simple_examples/smbclient_utility.xml'
 2016-09-13 12:05:08 +01:00
Tom
3c1a82472c Merge pull request #75 from Jjk422/new_changed_file_share_to_samba 
Changed service module samba directory from file_share to smb.
 2016-09-13 11:55:06 +01:00
Jjk422
772b96436e Changed service module samba directory from file_share to smb. 
Changed scenario files that used the module.
Also changed the secgen.xml for samba vulnerabilities that required the module.

service::samba::secgen_metadata.xml:
Changed type in SecGen metadata for samba service module from file_share to smb, also added author.
Removed unneeded comments, changed comment from apache to samba.
scenarios::samba_service.xml
Changed comment to represent samba.

Tested and seems to be fully working for all modules/scenarios that require it.
 2016-09-13 11:10:59 +01:00
Jjk422
bbf4ce1ed2 Added command line option to list all SecGen scenarios in scenarios directory. 2016-09-08 13:24:37 +01:00
Jjk422
4f53a7f770 Merge pull request #70 from thomashaw/nmap_setuid_rebase 
Tested, exploitable although multiple exploits needed to exploit the box.
Ready to be merged.
 2016-09-07 15:01:58 +01:00
thomashaw
f82e554a7e Added network tag to scenario 2016-09-07 11:33:09 +01:00
thomashaw
4528467f04 Vulnerability: Nmap setuid local privilege escalation 2016-09-06 15:34:12 +01:00
Jjk422
18268af6c9 Merge pull request #69 from thomashaw/shellshock_rebase 
Tested and seems to be fully working.
 2016-09-06 15:17:28 +01:00
thomashaw
d9d785f335 Metadata: Updated shellshock privilege = none, access = local 2016-09-06 13:46:31 +01:00
thomashaw
d3194f4d56 Fix: Added a file resource for the /usr/lib/cgi-bin/ directory. 2016-09-06 13:21:00 +01:00
Jjk422
bc9db957e3 Merge pull request #67 from thomashaw/samba_overshare_rebase 
Happy with this branch, don't think we need to change anything so merging, although the samba service module versioning may come back to bite us, but we can deal with that when we get to it.
 2016-09-06 13:15:44 +01:00
Tom
27dc5c3b9e Merge pull request #66 from Jjk422/new_access_control_misconfigurations_uid_less_running_as_root 
Access control vulnerability, allows less to run as root for any user.
 2016-09-06 13:10:22 +01:00
thomashaw
264952a103 removed public writable share scenario 2016-09-06 13:04:06 +01:00
Z. Cliffe Schreuders
8bbdc885a3 Merge branches 'master' and 'parameterisation' of https://github.com/cliffe/SecGen 2016-09-05 08:56:59 +01:00
thomashaw
60cd05536d Vulnerability: Shellshock in bash & Service: apache server with cgi hosting a bash script 
New scenario combines the two & is exploitable with msf module: exploit/multi/http/apache_mod_cgi_bash_env_exec
 2016-09-04 22:15:28 +01:00
thomashaw
060fbab612 updated install instructions as default ubuntu apt repository has an old incompatible vagrant version 2016-09-03 00:49:52 +01:00
thomashaw
e997c545f0 Removed 'Modulefile' as when unrealirc was selected puppet-librarian caused errors (as it tries to parse Modulefile's contents) 2016-09-03 00:31:47 +01:00
thomashaw
3f00728fd2 Vulnerability: samba anonymously writable share + symlink traversal 2016-09-02 19:55:42 +01:00
Tom
e7db9e1c2d Merge pull request #65 from Jjk422/new_user_account_module_pull_request 
Adds a user account module.
 2016-09-02 12:46:38 +01:00
Jjk422
51bbf5c7c3 Should fix all errors in branch 'Access control vulnerability, allows less to run as root for any user'. 
required:
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:4: Comments removed.
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:10-15: Comments removed.

optional / suggested:
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:1: $user parameter kept, module should be able to be copied and used for other modules (changing user permissions or different files) to ensure that all code is the same and checked <-- this was my thinking anyway.
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:2: Removed the 'String' from before the block parameter definitions.
/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp:3-8(post comment removal): Indented the block by two spaces.
 2016-09-01 16:36:13 +01:00
Jjk422
bacf8f8278 Fix for errors in the pull request. 
Reverted the following:
documentation/yard/rakefile.rb
lib/schemas/service_metadata_schema.xsd
modules/services/unix/database/mysql/*

Removed comments in the following:
scenarios/simple_examples/user_test_scenario.xml:11
modules/utilities/unix/system/accounts/secgen_metadata.xml:20
 2016-09-01 16:14:04 +01:00
Tom
f7161dbe4e Merge pull request #63 from Jjk422/new_options_rework_and_additional_options 
Added extra command line options to modify generated vms, need to be …
 2016-09-01 12:52:42 +01:00
Jjk422
d49cb521cc Access control vulnerability, allows less to run as root for any user. 
Access_control_misconfigurations_uid_less_root.xml can be used to test this
 2016-09-01 10:06:00 +01:00
Tom
c37d88e7e5 Merge pull request #64 from Jjk422/new_access_control_vulnerability_vi_running_as_root 
Access control misconfiguration module that ensures the vi text edit…
 2016-08-31 15:57:34 +01:00
Tom
50e0c5d683 Merge pull request #62 from thomashaw/unreal_rework 
unrealirc_3281_backdoor vulnerability refactored.
 2016-08-31 15:08:02 +01:00
Jjk422
be636f7b42 Adds a user account module, currently not modifiable by facter or scenarios files but will be added when parametrization is merged. 
Currently creates a user account named user with the password as password.
Home directory in /home/user.
Shell as /bin/bash.
 2016-08-31 13:18:48 +01:00
Jjk422
b29c08a8b5 Fixed mislabeled secgen_metadata.xml <privilege> tag from user to root. 2016-08-31 09:42:02 +01:00
Jjk422
f9b2cd548f Correcting pull request errors, only one out of --total-memory or --memory-per-vm is selected (first to be inputted) and shows error message if both inputted. 
Also removed defaults so that vms automatically decide on values if not specified.
 2016-08-31 09:37:01 +01:00
Z. Cliffe Schreuders
9f0bd61726 Parameterisation 2016-08-30 23:18:31 +01:00
Z. Cliffe Schreuders
6b96ef6476 Parameterisation 2016-08-29 23:06:57 +01:00
Jjk422
94d6d00112 Access control misconfiguration module that ensures the vi text editor runs at root. 
Scenario file at access_control_misconfigurations_uid_vi_root.xml.
 2016-08-29 10:36:46 +01:00
Jjk422
42adbcb853 Added extra command line options to modify generated vms, need to be separated into a ruby class to ensure max values are not set (max ram larger then system ram) and to make sure that large ruby blocks are not in Vagrantfile.erb. 
Options added are:
--memory-per-vm
--total-memory
--max-cpu-cores
--max-cpu-usage
 2016-08-19 19:35:47 +01:00
Tom
0e1f06bd5d Merge pull request #61 from Jjk422/new_samba_service_module_fix 
Fix for the samba service module
 2016-08-18 21:19:41 +01:00
thomashaw
b8cc50b549 separated the vulnerable code out and used require to manipulate order 2016-08-18 20:58:04 +01:00
Jjk422
97076b2537 Merge pull request #60 from egg82/patch-1 
Allowing SecGen to be run on servers/droplets
 2016-08-18 11:02:55 +01:00
Z. Cliffe Schreuders
d8d624cd03 Merge remote-tracking branch 'origin/parameterisation' into parameterisation 
Conflicts:
	lib/objects/module.rb
	lib/objects/system.rb
	lib/readers/module_reader.rb
	lib/schemas/scenario_schema.xsd
	modules/vulnerabilities/unix/local/writeable_shadow/secgen_metadata.xml
	scenarios/simple_examples/writeable_shadow_vulnerability.xml
 2016-08-17 23:13:28 +01:00
Z. Cliffe Schreuders
edc1e28d68 Parameterisation 2016-08-17 23:11:53 +01:00
egg82
d9325395d2 Update secgen.rb 2016-08-17 13:36:33 -06:00