Commit Graph

  • a13431fad9 Moved over ForGen internet history module need to modify into SecGen structure Jjk422 2017-03-27 09:21:40 +01:00
  • 03aaae2bc3 xfce desktop environment: extracted out auto login as root into vulnerability module thomashaw 2017-03-24 15:30:30 +00:00
  • 9ce9941843 adding ctf challenges to flawed_fortress_1.xml thomashaw 2017-03-23 20:58:50 +00:00
  • 75056b8bc8 Adding images_to_leak to appropriate modules. Use ::secgen_functions::leak_files to leak one or more images. Updated parameterised_website to leak multiple images. Updated gitlist to create a git repo with leaked strings and images. thomashaw 2017-03-23 20:58:35 +00:00
  • 200ce2206d Merge pull request #92 from cliffe/fixed_default_inputs Tom 2017-03-22 10:48:25 +00:00
  • f969cc8a42 fixed issue with passing a nested literal value into a default module input Z. Cliffe Schreuders 2017-03-21 21:59:26 +00:00
  • c4bec37107 Moved over ForGen internet history module need to modify into SecGen structure Jjk422 2017-03-21 19:23:55 +00:00
  • e18ae5c5c9 flawed_fortress_1.xml - removed 'need more ascii_reversible' comment thomashaw 2017-03-21 11:45:32 +00:00
  • 6918eb1d3e Minor fixes - parameterised_website leaks multiple strings_to_leak & metadata corrections thomashaw 2017-03-21 11:42:50 +00:00
  • 78b97bdeeb Vignere Cipher - Takes strings_to_encode and encryption_key, outputs: KEY_CIPHERTEXT thomashaw 2017-03-21 11:40:38 +00:00
  • b9395ac69a Selecting default_inputs on specific generators rather than string_generator thomashaw 2017-03-21 11:28:26 +00:00
  • b7293f32d0 Windows modules (web browsers, languages and text editor) and chocolatey repository manager. Jjk422 2017-03-20 23:00:01 +00:00
  • 94aa36cb2b strong_password_generator thomashaw 2017-03-20 14:31:56 +00:00
  • 378bfcda69 ssh_leaked_keys example scenario thomashaw 2017-03-20 14:02:43 +00:00
  • 0de7581a96 Merge pull request #88 from meehien/master Tom 2017-03-20 14:01:16 +00:00
  • 7960914a79 Adds the Windows 2008 r2 server 64 bit basebox, allows for no license. Will download ISO from microsoft site, will then build basebox (storing in VAGRANT_BASEBOX_STORAGE) and will then build with vagrant. If Basebox is not present SecGen will prompt whether to use packer (requires download from packer website in README.md and for the binary to be in the system path) to build the Basebox. Jjk422 2017-03-19 17:52:17 +00:00
  • 25771b6344 unique_module_names for selectively ensuring a scenario doesn't repeat modules (currently only in the scenario for nested under an input) Z. Cliffe Schreuders 2017-03-18 17:03:47 +00:00
  • 86192340d7 removed debian 8.2 Mihai Ordean 2017-03-18 08:54:49 +00:00
  • bcc764ea11 seccourse will use base debian 7.8 Mihai Ordean 2017-03-17 16:51:27 +00:00
  • 46827cd22c added ssh_leaked_keys module Mihai Ordean 2017-03-17 16:32:59 +00:00
  • cb0f6ac289 Merge https://github.com/cliffe/SecGen Mihai Ordean 2017-03-16 14:04:00 +00:00
  • 3028e076d9 parameterise local root level vulnerabilities -- added strings_to_leak thomashaw 2017-03-03 14:05:11 +00:00
  • 53149f3fd5 Misc. changes / cleanup thomashaw 2017-03-03 14:05:11 +00:00
  • 7c4d21e942 generators/images/qr_code: creates a QR code out of a string(usually a flag) and outputs it as a .png represented as a base64 string. thomashaw 2017-03-16 12:32:33 +00:00
  • 638e87e571 generators/challenges/hidden_data_in_image_file: Appends strings_to_leak to a random image's raw data. thomashaw 2017-03-16 12:22:03 +00:00
  • 8d61097be5 encoders/string/hex: string to oct encoder - Encodes a string into each character's octal representation thomashaw 2017-03-16 12:21:03 +00:00
  • 8b83eb1ac3 encoders/string/hex: string to hex encoder - Encodes a string into hexadecimal thomashaw 2017-03-16 12:18:11 +00:00
  • bb884e9ffc generators/image/random_image: Returns random image as a base64 string. leaks the image to the parameterised_website. Icons in the public domain - thanks to http://publicicons.org/ thomashaw 2017-03-16 12:03:22 +00:00
  • 895af9ae89 generators/challenges/bitwise_xor: input is a string_to_mask, output is 2 random bit streams that can, when bitwise xor'd together, reveal the string_to_mask. thomashaw 2017-03-08 10:47:19 +00:00
  • 5b76e04f9b Encoder: Morse Code. 'parentheses' mapped to [], { }, <> and () to cover as many varieties as we can. Any other character not represented in Morse Code is dropped. thomashaw 2017-03-03 14:09:00 +00:00
  • 253d983e01 encoders/string/dec: ASCII to DEC encoder - Encodes each character into DEC representation and concats the results thomashaw 2017-03-16 10:31:01 +00:00
  • 23fcdb626c encoders/string/binary: ASCII to Binary encoder thomashaw 2017-03-16 10:29:07 +00:00
  • 41bbb34649 fixed nested default modules Z. Cliffe Schreuders 2017-03-13 23:32:49 +00:00
  • e48cd1b250 mark ascii_value_shift as being ascii_reversable Z. Cliffe Schreuders 2017-03-14 17:34:44 +00:00
  • 6a14c417c6 marker.xml for marking CTF flags and providing hints (which have IDs so we don't have to give the same hint twice), also updated organisation of scenarios Z. Cliffe Schreuders 2017-03-14 17:30:33 +00:00
  • 4820f11275 secgen.rb: 17-33: Standardised help menu, added forgotten delete-all-projects command. 229: Removed --build-from-iso, merged accidentally from a different branch. Jjk422 2017-03-13 18:55:30 +00:00
  • adf9fa965d Added ability to generate forensic images from virtual machines, either in the ewf or raw formats. Note: the ewf format requires the FTK Imager command line utility to be installed and added to the path. Jjk422 2017-03-13 18:45:02 +00:00
  • 4f122a5ff6 added seccourse.xml scenario Mihai Ordean 2017-03-13 15:12:46 +00:00
  • d9391d384f added check to verify if leaked files is empty Mihai Ordean 2017-03-13 15:10:17 +00:00
  • 6c97d81250 added gnome desktop env. for debian Mihai Ordean 2017-03-13 10:44:26 +00:00
  • 45543b2662 added debian 8.2 base Mihai Ordean 2017-03-13 10:43:16 +00:00
  • ad869c82dc added options to customize VirtualBox hw support from command line Mihai Ordean 2017-03-13 10:41:54 +00:00
  • 5842a0d44e Update README with repo install of ruby-bundler Cliffe 2017-03-12 13:05:30 +00:00
  • e73b0f3d58 Shift Cipher Encoders: caesar_shift and ascii_value_shift thomashaw 2017-03-02 12:44:48 +00:00
  • ffb0caf2bf Don't encode output to b64 if we're just running the script as a stand-alone. thomashaw 2017-03-02 12:43:24 +00:00
  • 32091ed0fe Special Character work + generator/encoder superclass refactor. thomashaw 2017-03-01 19:19:54 +00:00
  • 5aa32d5907 fix literal new line c_code Z. Cliffe Schreuders 2017-02-22 16:16:37 +00:00
  • ad55210ddf initial c_code example Z. Cliffe Schreuders 2017-02-22 15:26:56 +00:00
  • e8f8dcece4 Team project work squashed + removed dead code thomashaw 2017-02-17 14:59:07 +00:00
  • 9466f26f8e security audit remit generator Z. Cliffe Schreuders 2017-02-08 00:41:14 +00:00
  • 1f3f0c211d Merge branch 'access_datastore_elements' Z. Cliffe Schreuders 2017-01-18 21:49:52 +00:00
  • 655684e3d4 datastore iteration and element access Z. Cliffe Schreuders 2017-01-17 17:09:15 +00:00
  • f30f62bbd5 readme update Z. Cliffe Schreuders 2017-01-17 20:45:32 +00:00
  • 24c38cbe46 Merge pull request #87 from thomashaw/cleanup_rebse Tom 2017-01-17 16:28:12 +00:00
  • 43c02f220f Updated for post-parameterisation thomashaw 2017-01-17 16:27:18 +00:00
  • f8a97b2842 Parameterised Cleanup Module thomashaw 2016-12-18 22:03:56 +00:00
  • 16e3107838 Quick fix for the system_number method from last commit. thomashaw 2017-01-17 15:59:29 +00:00
  • 1522fd3ac9 Enable static IP address network IP address resolution & a fix for the duplicate modules being output when using multiple systems in Vagrantfile bug thomashaw 2017-01-17 14:49:24 +00:00
  • 373b0bc5dc Parameterised Website using datastores. Loads of generators and encoders. Check out the example scenarios. thomashaw 2017-01-15 19:54:34 +00:00
  • c6780f4a9e flag{generated_flag} format for flags Z. Cliffe Schreuders 2017-01-15 16:12:08 +00:00
  • fcc4630187 desktop xfce Z. Cliffe Schreuders 2017-01-08 01:20:04 +00:00
  • 0548606f70 minor cleanup and directory restructuring Z. Cliffe Schreuders 2017-01-07 21:55:26 +00:00
  • f8ba19ad75 datastores for storing and reusing calculated values Z. Cliffe Schreuders 2017-01-07 21:21:17 +00:00
  • ab8ff07201 fix parameterised module input into modules Z. Cliffe Schreuders 2017-01-05 21:07:48 +00:00
  • 4d6fb601b7 Revert: Updated puppetforge/apache to latest version thomashaw 2016-12-30 01:10:33 +00:00
  • 87e029fdd3 change [0] for .first thomashaw 2016-12-22 20:23:44 +00:00
  • f78e2fc404 Updated puppetforge/apache to latest version thomashaw 2016-12-21 17:57:52 +00:00
  • 2be095be6c Secure/patched version of chkrootkit vulnerability (utilities/unix/scanners/chkrootkit) thomashaw 2016-12-20 16:09:06 +00:00
  • e7019afa86 Fixed shellshock thomashaw 2016-12-20 15:26:21 +00:00
  • 38b097cb4c Removed link to old Developer VM thomashaw 2016-12-20 14:56:39 +00:00
  • 0d890ee535 Corrected proftpd_133c_backdoor as it gives you a root_rwx privilege, not user_rwx privilege, shell when exploiting this vulnerability. thomashaw 2016-12-20 14:55:58 +00:00
  • ad49319447 Removed leftover comment thomashaw 2016-12-14 13:50:49 +00:00
  • b09769c515 Adding read_fact to generators. thomashaw 2016-12-13 19:26:48 +00:00
  • e0bacae26b Merge pull request #84 from thomashaw/multi_file_leak_rebase Tom 2016-12-13 19:08:18 +00:00
  • 007863e05c weak_password_generator <type> added to the weak and common pw gens, fixed typo in account_hash_builder thomashaw 2016-12-08 10:54:21 +00:00
  • 17f425b37f Multiple leaked files, new secgen_functions module encapsulating the file_leak and overshare.erb logic. Updated old modules to use the new resource type. thomashaw 2016-12-06 16:45:26 +00:00
  • 2f58b35857 Temp fix: removed single quote from welcome_message generator thomashaw 2016-12-06 18:55:32 +00:00
  • d197421c11 Vagrantfile removed encoders + generators as they don't need to be on the box thomashaw 2016-12-06 16:52:53 +00:00
  • 1595b4f3e3 NFS /etc/exports updated to allow all networks thomashaw 2016-12-06 10:09:57 +00:00
  • 76ac20da68 Merge pull request #83 from thomashaw/param_rebase Tom 2016-12-05 17:24:00 +00:00
  • 7d7d2e2677 Rework: Moved hello_world to messages. Changed write_fact to output_type. Updated PATH constants to DIR. Changed string generators to more specific message_generator in strings_to_leak. thomashaw 2016-12-05 17:15:55 +00:00
  • 733c871072 Additional parameterisation. New modules: parameterised_accounts, generators and an account_encoder. Added plenty of parameters/default_inputs to currently existing vulnerability modules. thomashaw 2016-11-30 18:09:22 +00:00
  • 186b741c8f Merge pull request #81 from thomashaw/privilege_changes Tom 2016-11-14 14:46:57 +00:00
  • f724415cdf Privilege changes: More specific privilege levels. r, rw, rwx for root & user. thomashaw 2016-11-14 14:34:04 +00:00
  • 0920f6ef62 Merge pull request #79 from thomashaw/proftpd_service Tom 2016-11-13 23:21:30 +00:00
  • 0ff5f5ba04 Added a requirement for the accounts module. thomashaw 2016-11-13 23:19:55 +00:00
  • 9b797c7db2 Service: ProFTPd thomashaw 2016-10-13 21:14:21 +01:00
  • 8f5a774eb8 Merge pull request #78 from thomashaw/chkrootkit Tom 2016-11-13 22:51:38 +00:00
  • 073483f91d Moving scenario files thomashaw 2016-11-13 22:49:41 +00:00
  • b1ba6700d4 Vulnerability: chkrootkit 0.49 local privilege escalation thomashaw 2016-10-12 21:19:34 +01:00
  • 87b195b9e2 Merge pull request #77 from thomashaw/gitlist_refactor Tom 2016-11-13 22:44:43 +00:00
  • 2cf329eeef Vulnerability: Gitlist 0.4.0 webapp with RCE thomashaw 2016-11-13 22:43:47 +00:00
  • 5558838005 Merge remote-tracking branch 'origin/master' Z. Cliffe Schreuders 2016-11-08 23:32:08 +00:00
  • 03b739592b README update and some code cleanup Z. Cliffe Schreuders 2016-11-08 23:17:34 +00:00
  • a9f75721fe README update and some code cleanup Z. Cliffe Schreuders 2016-11-08 23:17:34 +00:00
  • 9ff06fce7e default values for parameters (modules and literal values) Z. Cliffe Schreuders 2016-10-25 00:22:54 +01:00
  • 1820a7dfa9 Merge pull request #80 from cliffe/random_selection_squashed Tom 2016-10-19 22:57:59 +01:00
  • a1258f8cc9 Merge pull request #5 from cliffe/master Cliffe 2016-10-19 20:01:51 +01:00
  • 601362a12d random selection between inputs Z. Cliffe Schreuders 2016-10-19 19:36:10 +01:00
  • d68f98e0da code cleanup Z. Cliffe Schreuders 2016-10-18 22:38:22 +01:00