SecGen

digital-forensics-labs/SecGen

Fork 0

mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 19:28:02 +00:00

Commit Graph

Select branches

Hide Pull Requests

CyBOK-lecture-updates

OSSEC2

RSA_LAB_squash

anass_modules

auto_grading180621

auto_grading_dev

c_code

challenge_generators

ctf_challenges

ctf_challenges_merge

ctf_pwn_setuid

ctfd_output

es7_merge_1511

ff2

hvhb1and2

ids_lab

ids_test

iri_dl_hvhb1and2

january_19_merge

labtainers

live_lab

logging_system

master

orientation

ovirt_networking

phishing

post_tests

pr/109

rema_coconut_merge

rsa_fixes_1123

s2progress

stretch_kde_update

stretch_kde_update_2

stretch_merge

team_project

thomashaw-patch-1

web_merge

web_userspice

#1

#10

#103

#104

#104

#109

#109

#11

#12

#125

#126

#134

#135

#136

#137

#138

#142

#144

#150

#153

#16

#16

#166

#168

#168

#17

#172

#18

#184

#188

#19

#190

#191

#194

#195

#198

#2

#2

#20

#200

#201

#203

#204

#207

#209

#21

#21

#210

#211

#217

#218

#22

#22

#222

#223

#229

#23

#230

#232

#232

#233

#234

#234

#235

#235

#236

#237

#237

#238

#239

#24

#240

#241

#241

#242

#243

#244

#245

#246

#246

#247

#248

#249

#25

#25

#250

#251

#252

#253

#253

#254

#254

#255

#255

#256

#256

#257

#257

#258

#259

#259

#260

#260

#261

#262

#262

#263

#263

#264

#264

#265

#267

#268

#269

#270

#271

#272

#273

#274

#275

#276

#277

#278

#278

#279

#280

#282

#283

#284

#284

#285

#287

#296

#297

#298

#299

#3

#30

#300

#300

#302

#306

#307

#308

#309

#31

#31

#311

#312

#313

#314

#32

#33

#336

#338

#340

#341

#344

#345

#346

#347

#348

#349

#35

#350

#351

#353

#354

#354

#355

#355

#356

#356

#357

#357

#358

#358

#359

#359

#36

#360

#360

#361

#361

#362

#362

#38

#39

#4

#40

#41

#41

#42

#43

#44

#45

#46

#47

#47

#49

#5

#50

#52

#53

#54

#54

#55

#57

#57

#58

#6

#60

#61

#62

#63

#64

#65

#66

#67

#68

#69

#7

#70

#71

#72

#73

#73

#74

#74

#75

#76

#77

#78

#79

#8

#80

#81

#82

#82

#83

#84

#86

#86

#87

#88

#89

#9

#90

#92

#93

#93

#95

d6ced69c31 Fix calling rubygem executable on some platforms Z. Cliffe Schreuders 2017-08-18 23:31:57 -07:00
7a115e2340 vulnerabilities/samba_symlink: updated comment thomashaw 2017-08-16 19:18:43 +01:00
d445c3bdc1 vulnerabilities/samba_symlink: now uses organisations thomashaw 2017-08-16 19:17:33 +01:00
c6ee0316a1 vulnerabilities/samba_pws: now uses organisations thomashaw 2017-08-16 19:09:05 +01:00
f9ac37360c generators/domain: added default read_fact for name thomashaw 2017-08-16 19:08:03 +01:00
799d729f2c renamed guildford_event_basic_narrative.xml => basic_narrative.xml thomashaw 2017-08-16 18:06:06 +01:00
957212daff scenarios/ctf/nw_cyber_games.xml updated to use organisation thomashaw 2017-08-16 17:37:01 +01:00
ef2ce0f986 team_project_scenario: updated to use structured_content/organisation thomashaw 2017-08-16 16:37:30 +01:00
50c5854873 generators/mail_id: removed type=text_paragraph thomashaw 2017-08-16 15:43:23 +01:00
3b9c2f05b2 services/http/parameterised_website: update to use generators/structured_content/organisation thomashaw 2017-08-16 14:00:55 +01:00
1d2786a076 generators/organisation: added domain fact thomashaw 2017-08-16 13:14:05 +01:00
ed31b4bf0f print.rb: added .warn and bright_yellow text colouring thomashaw 2017-08-16 13:11:33 +01:00
b25c3818a4 updating guildford_event_basic_narrative scenario thomashaw 2017-08-08 16:17:35 +01:00
9d9c39bb6b parameterised_website: removed contact us from navbar on blank organisation thomashaw 2017-08-08 16:17:35 +01:00
d791b15ad4 parameterised_website: now accepts blank organisation thomashaw 2017-08-08 16:17:35 +01:00
71291c39c3 scenario changes to account for parse_json="" and access="" thomashaw 2017-08-08 16:17:35 +01:00
f7a34f6e83 bugfix: added cpu_word_size to scenario schema - can re-run scenarios again thomashaw 2017-08-14 14:16:39 +01:00
341429d94a Merge branch 'merge_structured_data' thomashaw 2017-08-14 14:11:13 +01:00
ee83e5016e structured_content: initial work, created an organisation generator. Organisation based scenarios need updating to use this. datastore access_json: can now access individual structured_content elements thomashaw 2017-08-14 14:09:29 +01:00
35c4c309f4 basic support for public domains, with example -- will prompt for network interface to bridge to (ref #97) Z. Cliffe Schreuders 2017-08-12 10:02:35 +01:00
246443bb5e ssh root login vulnerability, and some other code cleanup Z. Cliffe Schreuders 2017-08-03 22:39:43 +01:00
3f719c4761 Update README.md Cliffe 2017-07-05 21:38:23 +01:00
f44680051e more vagrantfile.erb whitespace updates thomashaw 2017-06-30 22:56:07 +01:00
76d7fa08ab vagrantfile.erb whitespace updates thomashaw 2017-06-30 22:53:49 +01:00
844a4f9db5 PR_90: removed linux_box left over from testing thomashaw 2017-06-30 22:48:21 +01:00
7a6334fb00 PR_90 changes: added cpu_word_size to differentiate between 32/64bit systems in bases, refactored vagrantfile.erb to include this, changed windows 'config.vm.network' settings to use the system name rather than config. thomashaw 2017-06-30 22:46:54 +01:00
534a780726 Merge remote-tracking branch 'origin/pr/90' thomashaw 2017-06-30 15:21:22 +01:00
013fb58c5f Minor changes to Jason's PR_89: add_ability_to_generate_forensics images thomashaw 2017-06-30 14:57:32 +01:00
200411ef91 Merge pull request #89 from Jjk422/forensic_image_creation Tom 2017-06-30 14:32:46 +01:00
15374cb9f5 Merge branch 'ctf_guildford_girls_school' thomashaw 2017-06-29 15:54:06 +01:00
22aaf7fbb4 updating scenario.xml's which refer to old username generators via module_path thomashaw 2017-06-29 15:51:13 +01:00
fa1f879374 guildford event scenario thomashaw 2017-06-24 00:37:44 +01:00
1a5649fddf hint improvements thomashaw 2017-06-24 00:19:52 +01:00
6d8bc007f0 utilities/parameterised_website: additional pages and hidden flag in white_text thomashaw 2017-06-23 23:30:10 +01:00
a853bf8db5 ssh_leaked_keys + onlinestore: added hints thomashaw 2017-06-23 23:28:11 +01:00
8eddc7fc44 Marker generator: only matches "flag{"" at start of string. Exclude "vulnerable in terms of its" system||misc||ctf||local . Now displays all secgen_metadata.xml <hint>'s thomashaw 2017-06-23 23:27:38 +01:00
6a98deae3e hidden_file, now uses different filename than the account + strings_to_leak instead of flag thomashaw 2017-06-23 15:30:35 +01:00
11703a626a encoders/string_selector: now accepts a position (essentially index+1) so that elements can be selected from a list based on id's thomashaw 2017-06-23 15:07:06 +01:00
2e35c1e915 generators/flag/flag_concat: joins strings and wraps in flag{} thomashaw 2017-06-22 09:06:57 +01:00
58c53269ad Hints: hidden_file, onlinestore, passwordless_account thomashaw 2017-06-21 22:35:01 +01:00
9c9bc0d6fd utilities/unix/version_control/git utilities/unix/sql/sqlmap thomashaw 2017-06-21 22:12:41 +01:00
22f72a0b38 onlinestore: added functionality to have killed_on support multiple different dates thomashaw 2017-06-21 20:37:58 +01:00
bae2a644af mail message: module_name update thomashaw 2017-06-21 20:36:28 +01:00
c3a092f680 unbounded maximum number of <hint>'s in metadata schemas thomashaw 2017-06-21 18:54:03 +01:00
48f09bec49 Person generator now accepts accounts and fills in the missing data (email, name) thomashaw 2017-06-21 18:45:27 +01:00
c29294671f Random username and Name based username generator merged. Name-based behaviour runs when 'name' parameter is passed. Otherwise outputs a random username. thomashaw 2017-06-21 14:27:52 +01:00
de0a689cdb parameterised_website update thomashaw 2017-06-20 11:52:48 +01:00
7ad35cbafd new module: vulnerabilities/unix/system/passwordless_user_account thomashaw 2017-06-20 11:08:32 +01:00
f98d73f02a 2 apaches: onlinestore updates thomashaw 2017-06-20 11:07:33 +01:00
7063d29b58 access_control_misconfigurations/readable_shadow: fixed typo thomashaw 2017-06-20 10:33:53 +01:00
d5a63a2532 markdown -> html encoder: removed 'string_encoder' selector thomashaw 2017-06-20 09:44:40 +01:00
ea452219c6 parameterised_website, removed floating ' - ' character when no business_name is included thomashaw 2017-06-19 14:17:51 +01:00
9d75e8e7c6 removed 'testing_' from mail module thomashaw 2017-06-19 13:58:37 +01:00
eec0423443 access_control_misconfigurations/readable_shadow: fixed typo thomashaw 2017-06-20 10:33:53 +01:00
45f202a11e markdown -> html encoder: removed 'string_encoder' selector thomashaw 2017-06-20 09:44:40 +01:00
9aaba7b135 parameterised_website, removed floating ' - ' character when no business_name is included thomashaw 2017-06-19 14:17:51 +01:00
1a7540a83a removed 'testing_' from mail module thomashaw 2017-06-19 13:58:37 +01:00
467baf15fa apache 2: changed the internals of puppet-labs/apache to prevent ports.conf being overwritten when apache is called from 2 modules thomashaw 2017-06-16 11:50:53 +01:00
b3f8913dcb 2 apaches: website_scenario static ip thomashaw 2017-06-15 17:18:32 +01:00
e973d89f90 2 apaches instances: parameterised_website + gitlist port changes thomashaw 2017-06-15 17:18:06 +01:00
e7b777eb9a 2 apache instances: metadata updates thomashaw 2017-06-15 17:17:12 +01:00
3a0f426842 utilities/mail module: creates system mail messages for a user on a linux system. generators/mail_message: hash containing the data for a mail message. generators/mail_id: outputs a randomly generated mail id string. generators/date: added mail format and option to pass a date in + have it formatted. thomashaw 2017-06-13 19:34:53 +01:00
ebb0ded6e0 moved relevant example.xml's to ctf_module_examples thomashaw 2017-06-08 11:24:37 +01:00
210f5cdfbe new module: ctf/hidden_file - drops a hidden linux file prepended with a dot, containing a flag, into either the provided account's home directory OR the provided storage_directory thomashaw 2017-06-08 11:24:23 +01:00
f59c18adf0 new module: ctf/java_decompile - based on picoctf-2013 thomashaw 2017-06-06 20:49:21 +01:00
2b4553020f services/nfs: added storage_directory parameter thomashaw 2017-06-06 16:22:31 +01:00
875524afc6 dc16_feedme: Reversing / pwnable module from defcon 2016 qualifiers thomashaw 2017-06-06 16:20:24 +01:00
a4226665aa dc16_b3s23: Reversing / programming module from defcon 2016 qualifiers thomashaw 2017-06-06 15:02:18 +01:00
4e25e6a85c dc16_amadhj: using new install_setuid_root_binary thomashaw 2017-06-06 15:01:06 +01:00
fcda518504 setuid root binary fixes thomashaw 2017-06-06 14:59:51 +01:00
ada45e9420 New function: secgen_functions::install_setuid_root_binary Updated dc16_amadhj to use this function thomashaw 2017-06-06 11:26:34 +01:00
88265a1271 defcon16_amadhj: installing and has correct permissions -- refactor installation of setuid binary challenges into a secgen_function thomashaw 2017-06-05 13:19:49 +01:00
03172d955c WIP:: implementing defcon qualifier challenges -- amadhj (reversing challenge, leak a binary + expose a pwnable service running the binary) thomashaw 2017-05-30 12:28:42 +01:00
2dc7d93d33 utilities/parameterised_accounts: adds an account with a strong password by default vulnerabilities/crackable_user_account: adds an account with a weak password by default thomashaw 2017-05-30 11:23:58 +01:00
5e7689316b vulnerabilities/parameterised_accounts => utilities/parameterised_accounts thomashaw 2017-05-24 13:01:42 +01:00
333f259736 param_website: fixed re-assignment error thomashaw 2017-05-24 13:01:16 +01:00
c4d9d229d9 example scenario.xml: uid_less_root, uid_vi_root thomashaw 2017-05-24 10:03:15 +01:00
0b4a153c2b uid_bash_root example scenario.xml thomashaw 2017-05-24 10:01:11 +01:00
0b875871e0 uid_less_root/uid_vi_root: updating metadata thomashaw 2017-05-24 09:58:43 +01:00
15d594144d access control misconfigurations: uid_bash_root thomashaw 2017-05-24 09:57:50 +01:00
48385db779 access control misconfiguration: writable_passwd -- enforced the order in accounts::users w/ multiple ac misconfigs at same time thomashaw 2017-05-23 17:51:27 +01:00
c39ec63434 Enforce run order of parameterised_accounts and writable_groups thomashaw 2017-05-22 16:47:24 +01:00
93759154ee s/writeable/writable thomashaw 2017-05-22 13:37:21 +01:00
aebf8c135a renamed writeable => writable thomashaw 2017-05-22 13:36:36 +01:00
09abd74235 access control misconfiguration: readable shadow thomashaw 2017-05-22 13:31:24 +01:00
152f59e3f1 access control misconfiguration: writable groups thomashaw 2017-05-22 13:30:23 +01:00
e283775ed3 access control misconfiguration: writable shadow thomashaw 2017-05-22 13:29:46 +01:00
49c5fdee3f readable_shadow scenario updated thomashaw 2017-05-22 13:10:25 +01:00
0155018879 access control misconfiguration: readable /etc/shadow file thomashaw 2017-05-22 12:45:45 +01:00
2b93c8c20d access control misconfiguration: suid_root_nano thomashaw 2017-05-22 11:53:25 +01:00
6e98c95504 Merge remote-tracking branch 'origin/randomise_service_ports' thomashaw 2017-05-20 15:06:18 +01:00
6c09be05b8 Added two vulnerabilities with random ports + exclusion list scenario thomashaw 2017-05-20 15:05:48 +01:00
05cd757f55 Fixed samba concat{} error with newer versions of puppet / stdlib thomashaw 2017-05-20 14:02:22 +01:00
6b5c66f586 Parameterised port - vulnerabilities/unrealirc_3281_backdoor thomashaw 2017-04-19 18:01:08 +01:00
bdc6c065de Parameterised port - services/unrealirc thomashaw 2017-04-19 15:13:30 +01:00
3c6e0a5a24 Parameterised port - vulnerabilities/proftpd_133c_backdoor thomashaw 2017-04-19 13:40:00 +01:00
42966f4a43 Parameterised port - service/proftpd -- set default port to 21 thomashaw 2017-04-19 13:18:38 +01:00
3d4c0fa98a Parameterised port - service/proftpd thomashaw 2017-04-19 13:17:48 +01:00
e0a0e1f8d4 Parameterised port - service/vsftp -- fixed thomashaw 2017-04-19 12:50:43 +01:00
a0949b57e5 Parameterised port - service/vsftp (WIP) thomashaw 2017-04-19 12:06:12 +01:00

... 27 28 29 30 31 ...