digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-22 11:48:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
363 Commits 38 Branches 0 Tags
c7047e4e125ff288e3ff91086bb024dfc58a8834
Commit Graph

186 Commits

Author SHA1 Message Date
thomashaw
c7047e4e12 Parameterised 'Start here!' tab 2017-05-01 13:21:25 +01:00
thomashaw
4d34a7a89d Changed the tab position and updated the scenario.xml 2017-05-01 11:57:40 +01:00
thomashaw
f2df7485ba Added hidden_tabs to parameterised website 2017-04-29 12:06:50 +01:00
thomashaw
fa88a0fc6b Tabbed pane now displays in main_container.html.erb + generate the tab pages from new read_fact = visible_tabs. 
Also added read_fact = hidden_tabs which needs implementing next. The hidden tabs names should begin with tab_0.html, then increment from tab_(visible_tabs.length+1).html. The hidden tabs should not be indexed on the main page.
 2017-04-27 20:02:43 +01:00
thomashaw
6f7b2f0edf generators/html_snippet: input header and paragraphs, wrap them in <h3> and <p> tags. 2017-04-27 20:00:42 +01:00
thomashaw
9781976467 active tab changes on click 2017-04-27 13:48:40 +01:00
thomashaw
25e3065768 AJAX loading data into <div> from from html files. 2017-04-27 13:13:03 +01:00
thomashaw
a78af06f9b Added JQuery + custom .js file, updated bootstrap / css 2017-04-27 12:28:28 +01:00
thomashaw
ce61074bf1 vulnerabilities/unix/webapp/onlinestore - db_password is now dynamically generated 2017-04-18 16:22:52 +01:00
thomashaw
0b99e58c27 CTF module - vulnerabilities/unix/webapp/onlinestore (by Meehein @ University of Birmingham) 2017-04-18 15:46:13 +01:00
thomashaw
398ca4df47 vulnerabilities/unix/system/symlinks - CTF module with symlink (TOCTTOU) vulnerability with binary setgid shadow + crackable weak password 2017-04-18 14:37:16 +01:00
thomashaw
ce9a6f3de7 CTF module - vulnerabilities/unix/system/two_shell_calls (by Meehein @ University of Birmingham) 2017-04-14 12:44:58 +01:00
thomashaw
07eaad8199 Project Vagrantfile's now use relative paths. This enables distribution of project's without having to mess with paths. 2017-04-11 11:46:44 +01:00
thomashaw
b245a168e5 leaked_filename reduced chance of clashes + consolidated both random filename modules into 1 2017-04-04 22:27:57 +01:00
thomashaw
f4a0f54758 symlink traversal, better handling of 1 flag 2017-04-04 21:53:36 +01:00
thomashaw
5e852da39b word flag generator name update 2017-04-04 16:58:28 +01:00
thomashaw
eac3b86674 fixed word flag generator: remove non alpha-numerical characters from flag (umlauts were being interpreted incorrectly) 2017-04-04 16:49:36 +01:00
thomashaw
a0af1a5fef fixed random boolean conversion error 2017-04-04 16:38:53 +01:00
thomashaw
57a7dc69f6 ssh_leaked_keys - dynamically generated key 
(cherry picked from commit b3e248c)
 2017-04-04 16:30:52 +01:00
thomashaw
d93d3fdfed samba symlink traversal, fixed the permissions error(cherry picked from commit b62a06f) 2017-04-04 16:30:26 +01:00
thomashaw
f068d698d0 leaked_file privilege changes (cherry picked from commit 3f4ddad) 2017-04-04 16:30:03 +01:00
thomashaw
8977559f8a exif metadata challenge + jpg converter/generator (cherry picked from commit e51347f) 2017-04-04 16:29:17 +01:00
thomashaw
aad46803ca fixes / modifications - strong pw generator strip illegal characters, gitlist_040 changed leak flag position 
(cherry picked from commit dc7e77f)
 2017-04-04 16:26:53 +01:00
thomashaw
f6b7cc41cf removing final name="" from fortress 2017-03-31 21:29:06 +01:00
thomashaw
04399470f2 updated scenarios, metadata changes + updated qr code 2017-03-31 19:21:36 +01:00
thomashaw
bf8d15e395 added a flag drop in root directory to samba_symlink_traversal 2017-03-31 14:57:06 +01:00
thomashaw
464d266bfe Revert: adding breakthenet xss web vulnerability -- Now registers the mysql db + allows www-data to connect with password 'example', change this! register.php claims that registration was successful but logging in does not work... investigate further. 2017-03-31 14:12:14 +01:00
thomashaw
42ac95b3ab ssh_leaked_keys: adding strings_to_leak flag read_fact 2017-03-31 13:31:35 +01:00
thomashaw
39586af9a3 exif metadata module (WIP - needs some jpg files rather than png) 2017-03-31 13:29:50 +01:00
thomashaw
98cc8aa5c8 Fixing metadata 2017-03-31 13:28:49 +01:00
thomashaw
fa10962295 adding breakthenet xss web vulnerability -- Now registers the mysql db + allows www-data to connect with password 'example', change this! register.php claims that registration was successful but logging in does not work... investigate further. 2017-03-30 11:21:33 +01:00
thomashaw
9f41e42381 vsftpd_backdoor: updated metadata, is actually root_rwx not user_rwx 2017-03-29 12:09:23 +01:00
thomashaw
c09341188b gitlist_040 fixed, removed bootstrap repo + added a hyperlink to /gitlist 2017-03-29 12:00:04 +01:00
thomashaw
241e83a7a9 generators/random/random_hex: added number_of_lines and line_length params 
generators/challenges/encoded_diff: encodes a flag in hex, generates random_hex, shuffles the ordering, inserts a flag in a random position. accounts for line length vs flag length with random hex padding.
secgen_functions::leak_file.pp: Added division between data leaked to the same file
 2017-03-28 10:51:57 +01:00
thomashaw
03aaae2bc3 xfce desktop environment: extracted out auto login as root into vulnerability module 2017-03-24 15:30:30 +00:00
thomashaw
75056b8bc8 Adding images_to_leak to appropriate modules. Use ::secgen_functions::leak_files to leak one or more images. Updated parameterised_website to leak multiple images. Updated gitlist to create a git repo with leaked strings and images. 2017-03-23 20:58:35 +00:00
thomashaw
6918eb1d3e Minor fixes - parameterised_website leaks multiple strings_to_leak & metadata corrections 2017-03-21 11:44:17 +00:00
thomashaw
78b97bdeeb Vignere Cipher - Takes strings_to_encode and encryption_key, outputs: KEY_CIPHERTEXT 2017-03-21 11:44:07 +00:00
thomashaw
b9395ac69a Selecting default_inputs on specific generators rather than string_generator 2017-03-21 11:28:26 +00:00
thomashaw
94aa36cb2b strong_password_generator 2017-03-20 14:31:56 +00:00
Mihai Ordean
86192340d7 removed debian 8.2 2017-03-18 08:54:49 +00:00
Mihai Ordean
46827cd22c added ssh_leaked_keys module 2017-03-17 16:32:59 +00:00
Mihai Ordean
cb0f6ac289 Merge https://github.com/cliffe/SecGen 2017-03-16 14:04:00 +00:00
thomashaw
3028e076d9 parameterise local root level vulnerabilities -- added strings_to_leak 2017-03-16 13:20:32 +00:00
thomashaw
53149f3fd5 Misc. changes / cleanup 2017-03-16 12:39:50 +00:00
thomashaw
7c4d21e942 generators/images/qr_code: creates a QR code out of a string(usually a flag) and outputs it as a .png represented as a base64 string. 2017-03-16 12:32:33 +00:00
thomashaw
638e87e571 generators/challenges/hidden_data_in_image_file: Appends strings_to_leak to a random image's raw data. 2017-03-16 12:22:03 +00:00
thomashaw
8d61097be5 encoders/string/hex: string to oct encoder - Encodes a string into each character's octal representation 2017-03-16 12:21:03 +00:00
thomashaw
8b83eb1ac3 encoders/string/hex: string to hex encoder - Encodes a string into hexadecimal 2017-03-16 12:18:11 +00:00
thomashaw
bb884e9ffc generators/image/random_image: Returns random image as a base64 string. leaks the image to the parameterised_website. Icons in the public domain - thanks to http://publicicons.org/ 2017-03-16 12:03:22 +00:00