Giter Site home page Giter Site logo

cliffe / secgen Goto Github PK

View Code? Open in Web Editor NEW

This project forked from secgen/secgen

2.6K 2.6K 314.0 2.24 GB

Create randomly insecure VMs

License: GNU General Public License v3.0

Ruby 18.16% Shell 1.47% Pascal 0.05% Puppet 8.68% HTML 16.78% Makefile 0.09% Python 35.91% C 2.21% JavaScript 3.33% PHP 2.64% CSS 2.26% PowerShell 0.09% Batchfile 0.08% Perl 0.01% Go 0.08% Java 5.02% TeX 2.32% C++ 0.54% Tcl 0.01% Assembly 0.27%
ctf-challenges cybok labs provisioning randomization security security-vulnerability virtualization

secgen's People

Contributors

aviio avatar cliffe avatar dezull avatar eelsivart avatar egg82 avatar emlynbutterfield avatar emrossa avatar halfwhit avatar j-d-wifi-08 avatar jbiggs610 avatar jd2344 avatar jjk422 avatar lewisardern avatar mahfuz10 avatar manuelpoisson avatar meehien avatar mission-deny-the-mission avatar profzeller avatar redwiz666 avatar rgajendran avatar smarkusfeld avatar thomashaw avatar thompslu avatar tolly765 avatar tvergilio avatar witcherdude avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

secgen's Issues

Vagrant Host URL Download Error

I receive errors when trying to start up a VM with the default scenario. Found that the host url for downloading vagrant boxes has changed. What is the best way to update the metadata under Modules to correct this issue?

New Metadata URL: https://vagrantcloud.com

can't install gem bundler

Needed by anemone crawler

spec.add_runtime_dependency 'nokogiri'

Needed by db.rb and Msf::Exploit::Capture

spec.add_runtime_dependency 'packetfu'

For sniffer and raw socket modules

spec.add_runtime_dependency 'pcaprub'

Used by the Metasploit data model, etc.

bound to 0.20 for Activerecord 4.2.8 deprecation warnings:

ged/ruby-pg@c90ac64

17090
spec.add_runtime_dependency 'pg', '0.20.0'

Run initializers for metasploit-concern, metasploit-credential, metasplo

t_data_models Rails::Engines
spec.add_runtime_dependency 'railties'

required for OS fingerprinting

spec.add_runtime_dependency 'recog'

required for bitlocker fvek extraction

spec.add_runtime_dependency 'openssl-ccm'

Needed for documentation generation

spec.add_runtime_dependency 'octokit'
spec.add_runtime_dependency 'redcarpet'

Needed for Microsoft patch finding tool (msu_finder)

spec.add_runtime_dependency 'patch_finder'

Required for msfdb_ws (Metasploit data base as a webservice)

spec.add_runtime_dependency 'thin'
spec.add_runtime_dependency 'sinatra'
spec.add_runtime_dependency 'sysrandom'
spec.add_runtime_dependency 'warden'

TimeZone info

spec.add_runtime_dependency 'tzinfo-data'

Gem for dealing with SSHKeys

spec.add_runtime_dependency 'sshkey'

BitStruct Library used for handling certain Protocol Header/Packet const

uction
spec.add_runtime_dependency 'bit-struct'

Library for interpreting Windows error codes and strings

spec.add_runtime_dependency 'windows_error'

This used to be depended on by nokogiri, depended on by wmap

if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0')
spec.add_runtime_dependency 'xmlrpc'
end

File Parsing Libraries

Needed by auxiliary/gather/http_pdf_authors module

spec.add_runtime_dependency 'pdf-reader'
spec.add_runtime_dependency 'ruby-macho'

Protocol Libraries

spec.add_runtime_dependency 'dnsruby'
spec.add_runtime_dependency 'mqtt'
spec.add_runtime_dependency 'net-ssh'
spec.add_runtime_dependency 'ed25519' # Adds ed25519 keys for net-ssh
spec.add_runtime_dependency 'bcrypt_pbkdf'
spec.add_runtime_dependency 'ruby_smb'

REX Libraries

Core of the Ruby Exploitation Library

spec.add_runtime_dependency 'rex-core'

Text manipulation library for things like generating random string

spec.add_runtime_dependency 'rex-text'

Library for Generating Randomized strings valid as Identifiers such as v

riable names
spec.add_runtime_dependency 'rex-random_identifier'

library for creating Powershell scripts for exploitation purposes

spec.add_runtime_dependency 'rex-powershell'

Library for processing and creating Zip compatbile archives

spec.add_runtime_dependency 'rex-zip'

Library for parsing offline Windows Registry files

spec.add_runtime_dependency 'rex-registry'

Library for parsing Java serialized streams

spec.add_runtime_dependency 'rex-java'

Library for C-style structs

spec.add_runtime_dependency 'rex-struct2'

Library which contains architecture specific information such as registe

s, opcodes,

and stack manipulation routines.

spec.add_runtime_dependency 'rex-arch'

Library for working with OLE.

spec.add_runtime_dependency 'rex-ole'

Library for creating and/or parsing MIME messages.

spec.add_runtime_dependency 'rex-mime'

Library for Dynamic Multi-byte x86 NOP generation

spec.add_runtime_dependency 'rex-nop'

Library for parsing and manipulating executable binaries

spec.add_runtime_dependency 'rex-bin_tools'

Rex Socket Abstraction Layer

spec.add_runtime_dependency 'rex-socket'

Library for scanning a server's SSL/TLS capabilities

spec.add_runtime_dependency 'rex-sslscan'

Library and tool for finding ROP gadgets in a supplied binary

spec.add_runtime_dependency 'rex-rop_builder'

Library for polymorphic encoders; used for payload encoding

spec.add_runtime_dependency 'rex-encoder'

Library for exploit development helpers

spec.add_runtime_dependency 'rex-exploitation'

Command line editing, history, and tab completion in msfconsole

spec.add_runtime_dependency 'rb-readline'

Needed by some modules

spec.add_runtime_dependency 'rubyzip'

Needed for some post modules

spec.add_runtime_dependency 'sqlite3'

required for Time::TZInfo in ActiveSupport

spec.add_runtime_dependency 'tzinfo'

Needed so that disk size output isn't horrible

spec.add_runtime_dependency 'filesize'

Needed for openvas plugin

spec.add_runtime_dependency 'openvas-omp'

Needed by metasploit nessus bridge

spec.add_runtime_dependency 'nessus_rest'

Nexpose Gem

spec.add_runtime_dependency 'nexpose'

Needed for NDMP sockets

spec.add_runtime_dependency 'xdr'

Needed for ::Msf...CertProvider

spec.add_runtime_dependency 'faker'
end


--- TEMPLATE END -----------------------------------------------------------
----

Unfortunately, an unexpected error occurred, and Bundler cannot continue.

First, try this link to see if there are any existing issue reports for this
error:
https://github.com/bundler/bundler/search?q=Failed+to+open+TCP+connection+to
index.rubygems.org+443+%28No+such+file+or+directory+-+fstat%282%29%29&type=I
sues

If there aren't any reports for this error yet, please create copy and paste
the report template above into a new issue. Don't forget to anonymize any pr
vate data! The new issue form is located at:
https://github.com/bundler/bundler/issues/new

undefined method 'first' for nil:NilClass (NoMethodError)

I have successfully used (some of) the built-in scenarios to create VMs.
I have my own Windows basebox that I have created a secgen_metadata.xml for.
I created a scenario for it. When I try "ruby secgen.rb -s [scenario.xml] p" i get the error:
Checking to see if local basebox [windows basebox] exists Traceback (most recent call last): 6: from secgen.rb:464:in '<main>' 5: from secgen.rb:116:in 'build_config' 4: from /[path]/bin/secgen/lib/output/project_files_creator.rb:60:in 'write_files' 3: from /[path]/bin/secgen/lib/output/project_files_creator.rb:60:in 'each' 2: from /[path]/bin/secgen/lib/output/project_files_creator.rb:73:in 'block in write_files' 1: from /[path]/bin/secgen/lib/output/project_files_creator.rb:73:in 'each' /[path]/bin/secgen/lib/output/project_files_creator.rb:80:in 'block (2 levels) in write_files': undefined method 'first' for nil:NilClass (NoMethodError)

Error: Did not recognize your adapter specification (cannot load such file -- oj/oj).

This is on a ParrotOS image and refuses to build with these error messages.

Creating project: /home/user/SecGen/projects/SecGen20180729_0101...
Creating Puppet modules librarian-puppet file: /home/user/SecGen/projects/SecGen20180729_0101/puppet/escalation/Puppetfile
Preparing puppet modules using librarian-puppet
Loading librarian-puppet (install) in /home/user/SecGen/projects/SecGen20180729_0101/puppet/escalation
Module /home/user/SecGen/modules/build/puppet/secgen_functions does not have version, defaulting to 0.0.1
Module /home/user/SecGen/modules/vulnerabilities/unix/misc/distcc_exec does not have version, defaulting to 0.0.1
Module /home/user/SecGen/modules/utilities/unix/update/unix_update does not have version, defaulting to 0.0.1
Module /home/user/SecGen/modules/utilities/unix/audit_tools/scanners/nmap does not have version, defaulting to 0.0.1
Module /home/user/SecGen/modules/vulnerabilities/unix/local/setuid_nmap does not have version, defaulting to 0.0.1
Error executing puppet module install. Check that this command succeeds:
puppet module install --version 4.18.0 --target-dir /home/user/SecGen/projects/SecGen20180729_0101/puppet/escalation/.tmp/librarian/cache/source/puppet/forge/forgeapi_puppetlabs_com/puppetlabs-stdlib/4.18.0 --module_repository https://forgeapi.puppetlabs.com --modulepath /home/user/SecGen/projects/SecGen20180729_0101/puppet/escalation/.tmp/librarian/cache/source/puppet/forge/forgeapi_puppetlabs_com/puppetlabs-stdlib/4.18.0 --module_working_dir /home/user/SecGen/projects/SecGen20180729_0101/puppet/escalation/.tmp/librarian/cache/source/puppet/forge/forgeapi_puppetlabs_com/puppetlabs-stdlib/4.18.0 --ignore-dependencies puppetlabs-stdlib
Error:
Error: Did not recognize your adapter specification (cannot load such file -- oj/oj).
Error: Try 'puppet help module install' for usage
Non-zero exit status...
Failed to prepare puppet modules!

Generator output containing single quotes causes crash.

Keeping a record of this issue here in case anyone else comes across it.

Occasionally generators output strings with single quotes in them e.g. the generator/random_name outputting 'Patrick O'Neill' which causes a crash.

Will look into this further in the next couple of days, for now just re-run the scenario.

please help me to solve this problem..

exec '' --preserve-environment -c 'LD_LIBRARY_PATH=/data/data/com.termux/files/usr/lib PATH=/data/data/com.termux/files/usr/bin:/data/data/com.termux/files/usr/bin/applets /data/data/com.termux/files/usr/bin/bash'
/data/data/com.termux/files/usr/bin/tsu: line 139: exec: : not found
$

Adding <requires><privilege>user_rw... leads to 'Unexpected module type..' errors.

When adding a tag to the secgen_metadata we get the 'Unexpected module type...' (from lib/output/xml_scenario_generator.rb:97) error for each of the generators / encoders selected.

It appears that the selected_module.write_to_module_with_id is unset for modules added in this way.

On the current branch I'm working on I've commented out the 'exit' command (lib/output/xml_scenario_generator.rb:98) and both the scenario.xml generation and vm provisioning appears correct.

example secgen_metadata.xml

How to access the created VMs?

Once the installation is done, it shows "VMs created ". My question is where are those VMs created? How can i access the VMs individually? i suppose with one specific vulnerability it creates only one VM, to create another VM with a different vulnerability, i have to create another linux machine in the virtualbox and then install the SecGen again and then create a VM. is that so? Or i can create as many VMs with different vulnerabilities in just one linux machine with SecGen installed in it?

WARN: Unresolved specs during Gem::Specification.reset:

Hello.

I have installed SecGen but when running:
$ ruby secgen.rb run

I get the error:
Loading vagrant (up) in /home/mattias/SecGen/projects/SecGen20170829_1036
WARN: Unresolved specs during Gem::Specification.reset:
nokogiri (>= 0)
WARN: Clearing out unresolved specs.
Please report a bug if this causes problems.
Bringing machine 'storage_server' up with 'virtualbox' provider...
/usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/batch_action.rb:126:in join': No live threads left. Deadlock? (fatal) from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/batch_action.rb:126:in block in run'
from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/batch_action.rb:65:in each' from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/batch_action.rb:65:in run'
from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/environment.rb:258:in block (2 levels) in batch' from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/environment.rb:253:in tap'
from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/environment.rb:253:in block in batch' from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/environment.rb:252:in synchronize'
from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/environment.rb:252:in batch' from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/plugins/commands/up/command.rb:88:in execute'
from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/cli.rb:42:in execute' from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/environment.rb:274:in cli'
from /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/bin/vagrant:122:in <top (required)>' from /usr/bin/vagrant:22:in load'
from /usr/bin/vagrant:22:in `

'
VMs created.

No VMs are created :-(

How to resolve this?

best regards Mattias

Vulnerable WebApps - Question

@cliffe @LewisArdern Does SecGen support the autogeneration of webapps?
I could see a lot of infrastructure issues, but I'm more interested in web vulnerabilities i.e. injection attacks ala SQLi/XXE/Commandi etc..

I would like to have a random vulnerable webapp generator as part of a project I would like to work on.

Also do you support docker?

CTFd Import

The current generated zip is incompatible with the new CTFd 2.0 that was released. I was going to work on this but wanted to see if this work was already being done.

Rsync Error Debian 9.4

I have followed the installation instructions on this site and receive the following error:

==> escalation: Machine booted and ready!
==> escalation: Checking for guest additions in VM...
==> escalation: Rsyncing folder: /home/nicholas/bin/SecGen/projects/SecGen20180619_1946/environments/ => /tmp/vagrant-puppet/environments
There was an error when attempting to rsync a synced folder.
Please inspect the error message below for more info.

Host path: /home/nicholas/bin/SecGen/projects/SecGen20180619_1946/environments/
Guest path: /tmp/vagrant-puppet/environments
Command: "rsync" "--verbose" "--archive" "--delete" "-z" "--copy-links" "--no-owner" "--no-group" "--rsync-path" "sudo rsync" "-e" "ssh -p 2222 -o LogLevel=FATAL -o ControlMaster=auto -o ControlPath=/tmp/ssh.127 -o ControlPersist=10m -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i '/home/nicholas/bin/SecGen/projects/SecGen20180619_1946/.vagrant/machines/escalation/virtualbox/private_key'" "--exclude" ".vagrant/" "/home/nicholas/bin/SecGen/projects/SecGen20180619_1946/environments/" "[email protected]:/tmp/vagrant-puppet/environments"
Error: rsync error: unexplained error (code 255) at main.c(1196) [sender=3.1.2]

Non-zero exit status...
Error provisioning VMs, destroying VMs and exiting SecGen.

I've tried using different versions of vagrant and virtualbox with the same result and cannot seem to make any sense of the error message. I would appreciate some help as I really want to get this up and running! Thank you.

account values are appended in default input

A given secgen_metadata.xml of a module which contains:

<default_input into="accounts">
  <generator type="account">
      <input into="username">
        <value>jakesmith</value>
      </input>
   </generator>
 </default_input>

SecGen will produce an account with the name jakesmithrandomvalue instead of jakesmith.

Root Password Not Working & CTF Scenario Errors when Attempting to Create One.

For some reason when I try to create some scenarios I am able to log in with the default root 'puppet' password, however most of the time it will tell me the password is wrong so I tried to use the password that is the encrypted one in the Vagrant file and it will let me log in using that. Is there a way for me to fix that?

Another issue I am having is that when I try to create a ctf vm using the basic_narrative.xml it won't create. A little time after starting I get the error:

Error: can't add no data. Feeding into sender_domain
Check the scenario, not enough data is generated for this datastore (store_domain) to access this index (all)
Failed to resolve scenario.
During scenario generation 1 module conflict(s) occured...
Re-attempting to resolve scenario (#1)...

and at the end I get:

No element specified, e.g. access="0", for access_json="['name']": using (0)
/usr/lib/ruby/2.3.0/json/common.rb:156:in initialize': no implicit conversion of nil into String (TypeError) from /usr/lib/ruby/2.3.0/json/common.rb:156:in new'
from /usr/lib/ruby/2.3.0/json/common.rb:156:in parse' from /home/keith/Documents/SecGen/SecGen/lib/objects/system.rb:185:in block (2 levels) in select_modules'
from /home/keith/Documents/SecGen/SecGen/lib/objects/system.rb:136:in each' from /home/keith/Documents/SecGen/SecGen/lib/objects/system.rb:136:in block in select_modules'
from /home/keith/Documents/SecGen/SecGen/lib/objects/system.rb:135:in each' from /home/keith/Documents/SecGen/SecGen/lib/objects/system.rb:135:in select_modules'
from /home/keith/Documents/SecGen/SecGen/lib/objects/system.rb:36:in block in resolve_module_selection' from /home/keith/Documents/SecGen/SecGen/lib/objects/system.rb:35:in each'
from /home/keith/Documents/SecGen/SecGen/lib/objects/system.rb:35:in resolve_module_selection' from secgen.rb:90:in block in build_config'
from secgen.rb:89:in map!' from secgen.rb:89:in build_config'
from secgen.rb:172:in run' from secgen.rb:297:in

'

and it won't create the scenario, it just stops after that. But I am able to create the flawed fortress and the nw cyber games.

Issues Provisioning Flawed Fortress VM's (Evaluation Error)

Ubuntu 16.04.4
Ruby 2.3.1p112

I've been having difficulty trying to create VM's from the Flawed Fortress Scenario.
I've built the project then ran vagrant up on the project and keep receiving the following error on the Decode_me box and similar errors on the others.


user@userpc:~/SecGen/projects/SecGen20180615_1022$ vagrant up
Bringing machine 'decode_me' up with 'virtualbox' provider...
Bringing machine 'in_the_wild' up with 'virtualbox' provider...
Bringing machine 'that_escalated_quickly' up with 'virtualbox' provider...
==> decode_me: Importing base box 'modules_bases_debian_puppet_32'...
==> decode_me: Matching MAC address for NAT networking...
==> decode_me: Setting the name of the VM: SecGen20180615_1022_decode_me_1529054733967_4556
==> decode_me: Clearing any previously set network interfaces...
==> decode_me: Preparing network interfaces based on configuration...
    decode_me: Adapter 1: nat
    decode_me: Adapter 2: hostonly
==> decode_me: Forwarding ports...
    decode_me: 22 (guest) => 2222 (host) (adapter 1)
==> decode_me: Running 'pre-boot' VM customizations...
==> decode_me: Booting VM...
==> decode_me: Waiting for machine to boot. This may take a few minutes...
    decode_me: SSH address: 127.0.0.1:2222
    decode_me: SSH username: vagrant
    decode_me: SSH auth method: private key
    decode_me: Warning: Connection reset. Retrying...
    decode_me: Warning: Remote connection disconnect. Retrying...
    decode_me: Warning: Connection reset. Retrying...
    decode_me: Warning: Remote connection disconnect. Retrying...
    decode_me: 
    decode_me: Vagrant insecure key detected. Vagrant will automatically replace
    decode_me: this with a newly generated keypair for better security.
    decode_me: 
    decode_me: Inserting generated public key within guest...
    decode_me: Removing insecure key from the guest if it's present...
    decode_me: Key inserted! Disconnecting and reconnecting using new SSH key...
==> decode_me: Machine booted and ready!
[decode_me] GuestAdditions versions on your host (5.1.34) and guest (5.0.16) do not match.
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
  linux-headers-3.2.0-4-common
The following NEW packages will be installed:
  dkms
The following packages will be upgraded:
  linux-headers-3.2.0-4-686-pae linux-headers-3.2.0-4-common
2 upgraded, 1 newly installed, 0 to remove and 79 not upgraded.
Need to get 4,365 kB of archives.
After this operation, 252 kB of additional disk space will be used.
Get:1 http://httpredir.debian.org/debian/ wheezy/main dkms all 2.2.0.3-1.2 [77.4 kB]
Err http://security.debian.org/ wheezy/updates/main linux-headers-3.2.0-4-686-pae i386 3.2.89-2
  404  Not Found [IP: 151.101.16.204 80]
Err http://security.debian.org/ wheezy/updates/main linux-headers-3.2.0-4-common i386 3.2.89-2
  404  Not Found [IP: 151.101.16.204 80]
Failed to fetch http://security.debian.org/pool/updates/main/l/linux/linux-headers-3.2.0-4-686-pae_3.2.89-2_i386.deb  404  Not Found [IP: 151.101.16.204 80]
Failed to fetch http://security.debian.org/pool/updates/main/l/linux/linux-headers-3.2.0-4-common_3.2.89-2_i386.deb  404  Not Found [IP: 151.101.16.204 80]
Fetched 77.4 kB in 3s (21.7 kB/s)
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Get:1 http://apt.puppetlabs.com wheezy Release.gpg [819 B]
Get:2 http://security.debian.org wheezy/updates Release.gpg [1,601 B]
Get:3 http://apt.puppetlabs.com wheezy Release [89.1 kB]
Get:4 http://security.debian.org wheezy/updates Release [52.3 kB]
Err http://apt.puppetlabs.com wheezy Release
  
Hit http://httpredir.debian.org wheezy Release.gpg
Get:5 http://security.debian.org wheezy/updates/main Sources [353 kB]
Get:6 http://httpredir.debian.org wheezy-updates Release.gpg [1,601 B]
Hit http://httpredir.debian.org wheezy Release
Get:7 http://httpredir.debian.org wheezy-updates Release [155 kB]
Get:8 http://security.debian.org wheezy/updates/main i386 Packages [594 kB]
Get:9 http://security.debian.org wheezy/updates/main Translation-en [338 kB]
Hit http://httpredir.debian.org wheezy/main Sources
Hit http://httpredir.debian.org wheezy/main i386 Packages
Hit http://httpredir.debian.org wheezy/main Translation-en
Hit http://httpredir.debian.org wheezy-updates/main Sources
Hit http://httpredir.debian.org wheezy-updates/main i386 Packages/DiffIndex
Hit http://httpredir.debian.org wheezy-updates/main Translation-en/DiffIndex
Fetched 1,585 kB in 8s (178 kB/s)
Reading package lists...
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://apt.puppetlabs.com wheezy Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7F438280EF8D349F

W: Failed to fetch http://apt.puppetlabs.com/dists/wheezy/Release  

W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
  linux-headers-3.2.0-4-common
The following NEW packages will be installed:
  dkms
The following packages will be upgraded:
  linux-headers-3.2.0-4-686-pae linux-headers-3.2.0-4-common
2 upgraded, 1 newly installed, 0 to remove and 94 not upgraded.
Need to get 4,307 kB/4,385 kB of archives.
After this operation, 275 kB of additional disk space will be used.
Get:1 http://security.debian.org/ wheezy/updates/main linux-headers-3.2.0-4-686-pae i386 3.2.96-2 [667 kB]
Get:2 http://security.debian.org/ wheezy/updates/main linux-headers-3.2.0-4-common i386 3.2.96-2 [3,641 kB]
Reading changelogs...
dpkg-preconfigure: unable to re-open stdin: No such file or directory
Fetched 4,307 kB in 13s (314 kB/s)
Selecting previously unselected package dkms.
(Reading database ... 44974 files and directories currently installed.)
Unpacking dkms (from .../dkms_2.2.0.3-1.2_all.deb) ...
Preparing to replace linux-headers-3.2.0-4-686-pae 3.2.73-2+deb7u3 (using .../linux-headers-3.2.0-4-686-pae_3.2.96-2_i386.deb) ...
Unpacking replacement linux-headers-3.2.0-4-686-pae ...
Preparing to replace linux-headers-3.2.0-4-common 3.2.73-2+deb7u3 (using .../linux-headers-3.2.0-4-common_3.2.96-2_i386.deb) ...
Unpacking replacement linux-headers-3.2.0-4-common ...
Processing triggers for man-db ...
Setting up dkms (2.2.0.3-1.2) ...
Setting up linux-headers-3.2.0-4-common (3.2.96-2) ...
Setting up linux-headers-3.2.0-4-686-pae (3.2.96-2) ...
Examining /etc/kernel/header_postinst.d.
run-parts: executing /etc/kernel/header_postinst.d/dkms 3.2.0-4-686-pae
Downloading VirtualBox Guest Additions ISO from http://download.virtualbox.org/virtualbox/5.1.34/VBoxGuestAdditions_5.1.34.iso
Copy iso file /home/user/.vagrant.d/tmp/VBoxGuestAdditions_5.1.34.iso into the box /tmp/VBoxGuestAdditions.iso
Mounting Virtualbox Guest Additions ISO to: /mnt
mount: block device /tmp/VBoxGuestAdditions.iso is write-protected, mounting read-only
Installing Virtualbox Guest Additions 5.1.34 - guest version is 5.0.16
Verifying archive integrity... All good.
Uncompressing VirtualBox 5.1.34 Guest Additions for Linux...........
VirtualBox Guest Additions installer
Removing installed version 5.0.16 of VirtualBox Guest Additions...
Stopping VirtualBox Additions ...fail!
(Cannot unload module vboxguest)
Removing existing VirtualBox DKMS kernel modules ...done.
Removing existing VirtualBox non-DKMS kernel modules ...done.
Stopping VirtualBox Guest Addition service  ...done.
Copying additional installer modules ...
Installing additional modules ...
vboxadd.sh: Starting the VirtualBox Guest Additions.

Could not find the X.Org or XFree86 Window System, skipping.
An error occurred during installation of VirtualBox Guest Additions 5.1.34. Some functionality may not work as intended.
In most cases it is OK that the "Window System drivers" installation failed.
vboxadd.sh: Starting the VirtualBox Guest Additions.
vboxadd.sh: failed: modprobe vboxsf failed.

Could not find the X.Org or XFree86 Window System, skipping.
Unmounting Virtualbox Guest Additions ISO from: /mnt
Cleaning up downloaded VirtualBox Guest Additions ISO...
Got different reports about installed GuestAdditions version:
Virtualbox on your host claims:   5.0.16
VBoxService inside the vm claims: 5.1.34
Going on, assuming VBoxService is correct...
Got different reports about installed GuestAdditions version:
Virtualbox on your host claims:   5.0.16
VBoxService inside the vm claims: 5.1.34
Going on, assuming VBoxService is correct...
Got different reports about installed GuestAdditions version:
Virtualbox on your host claims:   5.0.16
VBoxService inside the vm claims: 5.1.34
Going on, assuming VBoxService is correct...
Restarting VM to apply changes...
==> decode_me: Attempting graceful shutdown of VM...
==> decode_me: Booting VM...
==> decode_me: Waiting for machine to boot. This may take a few minutes...
    decode_me: SSH address: 127.0.0.1:2222
    decode_me: SSH username: vagrant
    decode_me: SSH auth method: private key
    decode_me: Warning: Connection reset. Retrying...
    decode_me: Warning: Remote connection disconnect. Retrying...
    decode_me: Warning: Connection reset. Retrying...
    decode_me: Warning: Remote connection disconnect. Retrying...
    decode_me: Warning: Connection reset. Retrying...
    decode_me: Warning: Remote connection disconnect. Retrying...
    decode_me: Warning: Connection reset. Retrying...
    decode_me: Warning: Remote connection disconnect. Retrying...
    decode_me: Warning: Connection reset. Retrying...
==> decode_me: Machine booted and ready!
==> decode_me: Checking for guest additions in VM...
    decode_me: The guest additions on this VM do not match the installed version of
    decode_me: VirtualBox! In most cases this is fine, but in rare cases it can
    decode_me: prevent things such as shared folders from working properly. If you see
    decode_me: shared folder errors, please make sure the guest additions within the
    decode_me: virtual machine match the version of VirtualBox you have installed on
    decode_me: your host and reload your VM.
    decode_me: 
    decode_me: Guest Additions Version: 5.0.16
    decode_me: VirtualBox Version: 5.1
==> decode_me: Configuring and enabling network interfaces...
==> decode_me: Rsyncing folder: /home/user/SecGen/projects/SecGen20180615_1022/environments/ => /tmp/vagrant-puppet/environments
==> decode_me: Rsyncing folder: /home/user/SecGen/projects/SecGen20180615_1022/puppet/decode_me/modules/nfs_overshare/ => /tmp/vagrant-puppet/manifests-c3e5722619d73662db7ffa8b4d34174c
==> decode_me: Rsyncing folder: /home/user/SecGen/projects/SecGen20180615_1022/puppet/decode_me/modules/ => /tmp/vagrant-puppet/modules-aadb3b59c7a2563e109c70c61cc745a1
==> decode_me: Rsyncing folder: /home/user/SecGen/projects/SecGen20180615_1022/puppet/decode_me/modules/accounts/ => /tmp/vagrant-puppet/manifests-087a8d40deb2582fa0175948a4163cb3
==> decode_me: Rsyncing folder: /home/user/SecGen/projects/SecGen20180615_1022/puppet/decode_me/modules/cleanup/ => /tmp/vagrant-puppet/manifests-1fd4bea925230b5fa7640717b34b5147
==> decode_me: Mounting shared folders...
    decode_me: /vagrant => /home/user/SecGen/projects/SecGen20180615_1022
==> decode_me: Running provisioner: puppet...
==> decode_me: Running Puppet with environment production...
==> decode_me: Notice: Scope(Secgen_functions::Leak_file[nfs_overshare-hush_hush-2]): File with that name already defined, appending leaked strings instead...
==> decode_me: Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Exec[nfs_overshare-hush_hush-2-/files/hush_hush] is already declared in file /tmp/vagrant-puppet/modules-aadb3b59c7a2563e109c70c61cc745a1/secgen_functions/manifests/leak_file.pp:6; cannot redeclare at /tmp/vagrant-puppet/modules-aadb3b59c7a2563e109c70c61cc745a1/secgen_functions/manifests/leak_file.pp:15 at /tmp/vagrant-puppet/modules-aadb3b59c7a2563e109c70c61cc745a1/secgen_functions/manifests/leak_file.pp:15:7  at /tmp/vagrant-puppet/modules-aadb3b59c7a2563e109c70c61cc745a1/secgen_functions/manifests/leak_files.pp:26 on node localhost
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

In the wild VM:


==> in_the_wild: Running Puppet with environment production...
==> in_the_wild: Error: Evaluation Error: Error while evaluating a Function Call, Failed to parse template proftpd/proftpd.erb:
==> in_the_wild:   Filepath: /tmp/vagrant-puppet/modules-b5f98d3cb961f16d8f8776474b0b4a2b/proftpd/templates/proftpd.erb
==> in_the_wild:   Line: 1
==> in_the_wild:   Detail: undefined method `[]' for nil:NilClass
==> in_the_wild:  at /tmp/vagrant-puppet/modules-b5f98d3cb961f16d8f8776474b0b4a2b/proftpd/manifests/configure.pp:9:17 on node localhost
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

error from scenario.xml

XML Parsing Error: not well-formed
Location: file:///home/user/SecGen/projects/SecGen20180615_1022/scenario.xml
Line Number 15, Column 103:    <!--  (inputs: {"strings_to_encode"=>["flag{BDBpdi47Pys0Mgq6RxMe1A}"]}, outputs: ["..-. .-.. .- --. -.--.- -... -.. -... .--. -.. .. ....- --... .--. -.-- ... ----- -- --. --.- -.... .-. -..- -- . .---- .- -.--.- "])-->
------------------------------------------------------------------------------------------------------^

Attached scenario.xml from project
scenario.zip

Error provisoning desktop

I had error when provisioning desktop vm Evaluation Error: Error while evaluating a Function Call, Could not find class ::unix_update::unix in security audit scenario.

librarian (LoadError)

Hey I am running into this issue have tried a couple of things but no luck. I made sure I followed all instructions as well. I am running Linux Mint 18.2 KDE.

when I run ruby secgen.rb run I get this response

/usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in require': cannot load such file -- librarian (LoadError) from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in require'
from /home/k32237h/SecGen/lib/output/project_files_creator.rb:6:in <top (required)>' from secgen.rb:9:in require_relative'
from secgen.rb:9:in `

'

Any help on this would be much appreciated.

Thank you.

ssh_leaked_keys fails to build

When attempting to use the ssh_leaked_keys vulnerability the following error is encountered

==> ssh_leaked_keys: Rsyncing folder: /root/case_study/SecGen/projects/SecGen20170822_1606/puppet/ssh_leaked_keys/modules/ssh_leaked_keys/ => /tmp/vagrant-puppet/manifests-5b2dd281e39290dc00cc65f081174850
==> ssh_leaked_keys: Mounting shared folders...
    ssh_leaked_keys: /vagrant => /root/case_study/SecGen/projects/SecGen20170822_1606
==> ssh_leaked_keys: Running provisioner: puppet...
==> ssh_leaked_keys: Running Puppet with environment production...
==> ssh_leaked_keys: Notice: Compiled catalog for localhost in environment production in 0.04 seconds
==> ssh_leaked_keys: Notice: Applied catalog in 0.02 seconds
==> ssh_leaked_keys: Running provisioner: puppet...
==> ssh_leaked_keys: Running Puppet with environment production...
==> ssh_leaked_keys: Notice: Scope(Class[Suid_root_nano::Change_uid_permissions]): File {/bin/nano} permissions have been checked.
==> ssh_leaked_keys: Notice: Scope(Class[Suid_root_nano::Change_uid_permissions]): File {/usr/bin/nano} permissions have been checked.
==> ssh_leaked_keys: Notice: Compiled catalog for localhost in environment production in 0.28 seconds
==> ssh_leaked_keys: Notice: /Stage[main]/Suid_root_nano::Change_uid_permissions/File[/bin/nano]/mode: mode changed '0755' to '4777'
==> ssh_leaked_keys: Notice: Applied catalog in 0.02 seconds
==> ssh_leaked_keys: Running provisioner: puppet...
==> ssh_leaked_keys: Running Puppet with environment production...
==> ssh_leaked_keys: Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Function Call, uninitialized constant Puppet::Pops::Types::PSensitiveType at /tmp/vagrant-puppet/modules-0056b55cb031da22656b974ec70e2bfc/ssh_leaked_keys/manifests/account.pp:8:19  at /tmp/vagrant-puppet/modules-0056b55cb031da22656b974ec70e2bfc/ssh_leaked_keys/manifests/init.pp:10 on node localhost
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.
Error creating VMs, Exiting SecGen.

The following invocation was used in this case, however any scenario using the ssh_leaked_keys module will fail with the same error.

ruby secgen.rb run --scenario scenarios/examples/vulnerability_examples/ssh_leaked_keys.xml

Regex conflict issue?

Issue where the conflict tag will causes other services to be marked as invalid due to placement of conflict inside service.
E.g. the php module may have the conflict tag of php, therefore no other php services are selected, however a service like phpmyadmin (that may require the php module) is being marked as invalid due to the conflict (as far as I can tell).
For the PHP module this can be avoided with the conflict php5 or php-language instead of just php, however this may not be possible with all other services and may cause more complex code in the future.

This may be a regex issue, however I am not sure on the exact cause, whether this is intentional or whether this is a issue we need to worry about.

default run

hangs after shh key is made.. Timed out while waiting for the machine to boot.

Error provisioning VMs, destroying VMs and exiting SecGen
tried on ubuntu 16.04 and 18.
base - clean install

commands run:

wget https://releases.hashicorp.com/vagrant/1.9.8/vagrant_1.9.8_x86_64.deb
sudo apt install ./vagrant_1.9.8_x86_64.deb

sudo apt-get install ruby-dev zlib1g-dev liblzma-dev build-essential patch virtualbox ruby-bundler imagemagick libmagickwand-dev exiftool libpq-dev libcurl4-openssl-dev libxml2-dev graphviz graphviz-dev
cd /home/user/bin/SecGen
bundle install

ruby secgen.rb run

please duplicate and recommend fix

Error in base metadata file

Hi, and thanks for a great project.
I just now checked out the latest master branch and found that I was unable to build any projects. I am able to do this with the previous commit in the master branch. This is the message I get:

atluxity@laptop:~/SecGen$ ruby secgen.rb --scenario scenarios/ctf/basic_narrative.xml build-project


1 system(s) specified
Reading available base modules...
Reading base: modules/bases/debian_puppet_32_desktop
Error in base metadata file (/home/atluxity/SecGen/modules/bases/debian_puppet_32_desktop/secgen_metadata.xml):
Element '{http://www.github/cliffe/SecGen/base}ovirt_template': This element is not expected. Expected is one of ( {http://www.github/cliffe/SecGen/base}software_license, {http://www.github/cliffe/SecGen/base}conflict, {http://www.github/cliffe/SecGen/base}requires ).
Failed to validate base metadata file (/home/atluxity/SecGen/modules/bases/debian_puppet_32_desktop/secgen_metadata.xml): against schema (/home/atluxity/SecGen/lib/schemas/base_metadata_schema.xsd)
exit

This is the same for any scenario I try.

Only one VM can be processed at a time

SecGen currently connects to the VM that it creates via SSH on the localhost address but on port 2222 and will result in a connection timeout when a second VM tries to connect to a machine on localhost:2222

Suggested solution:
Add networking into the application or change port numbers incrementally for each provisioned VM but make sure to avoid collisions.

vsftpd backdoor isnt compatible with newer versions of the debian basebox

The vsftpd backdoor module is very fragile and will only work with a specific version of the debian basebox.

Suggested fix: Either add a 'basebox' attribute to the metadata and ensure that if the vulnerability is selected, the corresponding basebox will be selected

Suggested fix: Re-write vsftpd module to be less fragile

Configured wrong vboxnet number

I had issue where it configured wrong vboxnetX number so intranet and desktop were not pingable from webserver in the organization/team scenario. Then I configured correct ones manually.

SecGen not creating machine in virtualbox

After upgrading my laptop to Ubuntu 16.04 (Xenial) from Ubuntu 14.04 (Trusty) and installing the new version of virtualbox (5.1), SecGen seems to be generating machines but not passing them to virtualbox.
I am wondering if anyone else has had any issues like this or whether they know what the problem is.
I have a feeling that it is due to using the new virtualbox versions, however I cannot seem to install virtualbox 4.3 on ubuntu 16.04.

[Ubuntu 18.04] SecGen fails to build project. (Solution in comments.)

I'm using VirtualBox 5.2 and manually installed the latest version of Vagrant (since the version installed as per the SecGen instructions was out of date). When running ruby secgen.rb run everything seems to work up to the point of building the project. Then I get this error:

Building project: /home/torhackr/SecGen/projects/SecGen20180418_1621
Loading vagrant (up ) in /home/torhackr/SecGen/projects/SecGen20180418_1621
Bringing machine 'escalation' up with 'virtualbox' provider...
==> escalation: Box 'modules_bases_debian_puppet_32' could not be found. Attempting to find and install...
    escalation: Box Provider: virtualbox
    escalation: Box Version: >= 0
==> escalation: Box file was not detected as metadata. Adding it directly...
==> escalation: Adding box 'modules_bases_debian_puppet_32' (v0) for provider: virtualbox
    escalation: Downloading: https://app.vagrantup.com/secgen/boxes/debian_wheezy_puppet/versions/1.0.0/providers/virtualbox.box
    escalation: Progress: 0Error provisioning VMs, destroying VMs and exiting SecGen.
Loading vagrant (destroy -f) in /home/torhackr/SecGen/projects/SecGen20180418_1621
==> escalation: VM not created. Moving on...

It appears that perhaps Vagrant failed to download the box 'modules_bases_debian_puppet_32' for the VirtualBox provider. I can download this file manually, but where do I put it? How do I set it up so the build process will work?

[Ubuntu 18.04] Error installing on step 'bundle install' (fix in comments)

The installation is failing on the 'bundle install' step. Here is the error provided:

torhackr@DevBox:~/SecGen$ bundle install
Fetching gem metadata from https://rubygems.org/........
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies...
Using rake 11.1.2
Using CFPropertyList 2.2.8
Using bundler 1.16.1
Using chunky_png 1.3.8
Using cinch 2.3.3
Using thor 0.19.1
Using credy 0.2.1
Using facter 2.4.6
Using i18n 0.7.0
Using faker 1.6.6
Using multipart-post 2.0.0
Using faraday 0.9.2
Using faraday_middleware 0.10.0
Using forgery 0.6.0
Using json_pure 1.8.3
Using hiera 3.2.0
Fetching json 1.8.3


Your user account isn't allowed to install to the system RubyGems.
  You can cancel this installation and run:

      bundle install --path vendor/bundle

  to install the gems into ./vendor/bundle/, or you can enter your password
  and install the bundled gems to RubyGems using sudo.

  Password: 
Installing json 1.8.3 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /tmp/bundler20180418-8256-llesewjson-1.8.3/gems/json-1.8.3/ext/json/ext/generator
/usr/bin/ruby2.5 -r ./siteconf20180418-8256-1u9ptb7.rb extconf.rb
creating Makefile

current directory: /tmp/bundler20180418-8256-llesewjson-1.8.3/gems/json-1.8.3/ext/json/ext/generator
make "DESTDIR=" clean

current directory: /tmp/bundler20180418-8256-llesewjson-1.8.3/gems/json-1.8.3/ext/json/ext/generator
make "DESTDIR="
compiling generator.c
generator.c: In function ‘generate_json’:
generator.c:861:25: error: ‘rb_cFixnum’ undeclared (first use in this function); did you mean ‘mFixnum’?
     } else if (klass == rb_cFixnum) {
                         ^~~~~~~~~~
                         mFixnum
generator.c:861:25: note: each undeclared identifier is reported only once for each function it appears in
generator.c:863:25: error: ‘rb_cBignum’ undeclared (first use in this function); did you mean ‘rb_cFixnum’?
     } else if (klass == rb_cBignum) {
                         ^~~~~~~~~~
                         rb_cFixnum
Makefile:242: recipe for target 'generator.o' failed
make: *** [generator.o] Error 1

make failed, exit code 2

Gem files will remain installed in /tmp/bundler20180418-8256-llesewjson-1.8.3/gems/json-1.8.3 for inspection.
Results logged to /tmp/bundler20180418-8256-llesewjson-1.8.3/extensions/x86_64-linux/2.5.0/json-1.8.3/gem_make.out

An error occurred while installing json (1.8.3), and Bundler cannot continue.
Make sure that `gem install json -v '1.8.3'` succeeds before bundling.

In Gemfile:
  ovirt-engine-sdk was resolved to 4.1.8, which depends on
    json

I tried installing the library manually using sudo gem install json -v '1.8.3' but this also failed. It appears that v1.8.3 conflicts with my installed (latest) ruby version. Will json v2.0.0 work for this application? Can we update the version requirement?

scenarios/ctf/basic_narrative.xml results in broken DB

when running the scenario the outputted vm is working ok, except for the database of the onlinestore module which is not populated with the right values, some tables are empty(for example users table), others are truncated such as: only half of the flag is present in token table

404 error downloading box when building default scenario

I've followed the install + build instructions as instructed in the README. Building the default scenario yields the following error:

Bringing machine 'storage_server' up with 'virtualbox' provider...
==> storage_server: Box 'modules_bases_debian_puppet_32' could not be found. Attempting to find and install...
    storage_server: Box Provider: virtualbox
    storage_server: Box Version: >= 0
==> storage_server: Box file was not detected as metadata. Adding it directly...
==> storage_server: Adding box 'modules_bases_debian_puppet_32' (v0) for provider: virtualbox
    storage_server: Downloading: http://atlas.hashicorp.com/puppetlabs/boxes/debian-7.8-32-puppet/versions/1.0.4/providers/virtualbox.box
An error occurred while downloading the remote file. The error
message, if any, is reproduced below. Please fix this error and try
again.

The requested URL returned error: 404 Not Found
VMs created.

issues building basic_narrative scenario

I'm having issues building both the basic_narrative and team_project scenarios. Both of them are producing similar Nil errors. Below is the one from basic_narrative. When looking through

Module added: Account Generator (modules/generators/structured_content/account)
Filtered to modules matching: {"type"=>["person"]} ~= (n=1)
Selecting module: Person Profile Generator (modules/generators/structured_content/person)
Receiving datastores: {"account"=>[{"variablename"=>"accounts", "access"=>"1", "access_json"=>""}]}
Error: can't add no data. Feeding [nil] into account
Check the scenario, not enough data is generated for this datastore (accounts) to access this index (1)
Failed to resolve scenario.
No conflicts, but failed to resolve scenario -- this is a sign there is something wrong in the config (scenario / modules)
Please review the scenario -- something is wrong.

team_project error below

Module added: Debian 7 Wheezy Server (modules/bases/debian_puppet_32)
Filtered to modules matching: {"module_path"=>[".*security_audit_remit"]} ~= (n=1)
Selecting module: Security Audit Remit Generator (modules/generators/messages/security_audit_remit)
Receiving datastores: {"business_name"=>[{"variablename"=>"organisation", "access"=>"all", "access_json"=>"['business_name']"}]}
No element specified, e.g. access="0", for access_json="['business_name']": using (0)
Traceback (most recent call last):
14: from secgen.rb:495:in <main>' 13: from secgen.rb:80:in build_config'
12: from secgen.rb:80:in map!' 11: from secgen.rb:81:in block in build_config'
10: from /home/redwiz666/SecGen/lib/objects/system.rb:50:in resolve_module_selection' 9: from /home/redwiz666/SecGen/lib/objects/system.rb:50:in each'
8: from /home/redwiz666/SecGen/lib/objects/system.rb:51:in block in resolve_module_selection' 7: from /home/redwiz666/SecGen/lib/objects/system.rb:206:in select_modules'
6: from /home/redwiz666/SecGen/lib/objects/system.rb:206:in each' 5: from /home/redwiz666/SecGen/lib/objects/system.rb:207:in block in select_modules'
4: from /home/redwiz666/SecGen/lib/objects/system.rb:207:in each' 3: from /home/redwiz666/SecGen/lib/objects/system.rb:261:in block (2 levels) in select_modules'
2: from /var/lib/gems/2.5.0/gems/json-2.2.0/lib/json/common.rb:156:in parse' 1: from /var/lib/gems/2.5.0/gems/json-2.2.0/lib/json/common.rb:156:in new'
/var/lib/gems/2.5.0/gems/json-2.2.0/lib/json/common.rb:156:in `initialize': no implicit conversion of nil into String (TypeError)

I'm have looked through the xml file but i'm not seeing anything that is causing it.

Vagrant SSH keys: Connection Reset

Hello again.

I have installed the CTF-challenge, and everything looks okay. But after closing down vagrant "vagrant halt" and then starting the CTF again with "vagrant up" I get an connection reset for the SSH keys:

decode_me: username: vagrant
decode_me: SSH auth method: private key
decode_me: Warning: Connection reset. Retrying...
decode_me: Warning: Remote connection disconnect. Retrying...

in_the_wild: SSH username: vagrant
in_the_wild: SSH auth method: private key
in_the_wild: Warning: Connection reset. Retrying...
in_the_wild: Warning: Remote connection disconnect. Retrying...

that_escalated_quickly: SSH username: vagrant
that_escalated_quickly: SSH auth method: private key
that_escalated_quickly: Warning: Connection reset. Retrying...
that_escalated_quickly: Warning: Remote connection disconnect. Retrying...

Everything spins up and syncs, but why are the connection reset?

Thanks in advance.

Best regards Mattias

--manifests-path is deprecated in Puppet v4

Currently, we specify the manifests-path in the vagrantbase.erb - this is deprecated as of puppet v4, which uses environments instead, meaning we can only use base boxes that have a puppet version of < 4

Update ReadMe / Add Change log

I'm liking the new changes to SecGen, and overall this is pretty much a new overhaul of the first PoC.

You should look to change the ReadMe to contain the new structure of how SecGen works, add the contributor list e.g Myself, Cliffe, Connor, Tom, et al.

Maybe start holding a changelog for any large changes to the codebase, new vulns to the system.

What is the default username&password?

I created a vm with following example command on the description: ruby secgen.rb --scenario scenarios/examples/remotely_exploitable_user_vulnerability.xml run

Now, I want to login to machine to see it's local ip. However, it requires username&password and there is no information about default credentials on description.

NFS share leak

Maybe I'm missing something, but when I mount the export folder given through NFS, I can't read any of the files. Am I doing it wrong, or is there something wrong here?

Dependencies tag

Would a dependencies tag be best for the modules (in secgen_metadata.xml), so we say which modules are dependent on others, e.g. some services that require apt-get update to be done require an update module, or if we decide to create modules that create users and groups inputted from facter then we may need the tag. Just an idea.

Don't really know where to put this, that's why I'm putting this in issues.

Undefined method `[]' for nil:NilClass when provisioning proftpd

I wrote a scenario that included the proftpd service and everything runs good until it tries to provision the proftpd module. I've reviewed some of the configuration and templates regarding proftpd but hadn't find anything. I would appreciate any help.

Error: Evaluation Error: Error while evaluating a Function Call, Failed to parse template proftpd/proftpd.erb:
==> escuela_final_4: Filepath: /tmp/vagrant-puppet/modules-c6c9757ce2e4393b325bd712cf459896/proftpd/templates/proftpd.erb
==> escuela_final_4: Line: 1
==> escuela_final_4: Detail: undefined method ´[]' for nil:NilClass
==> escuela_final_4: at /tmp/vagrant-puppet/modules-c6c9757ce2e4393b325bd712cf459896/proftpd/manifests/configure.pp:9:17 on node localhost.localdomain
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

Failed to read scenario configuration file

Hay,

I have installed SecGen as directed without any issues but when I run the following command;

ruby secgen.rb --scenario scenarios/security_audit/team_project_scenario.xml run

I get an error stating 'Failed to read scenario configuration file'

Any advice? Running on ubuntu server 18

Flag not generated

In security audit scenario flag on http intranet server does not get generated. This is for sure as I logged in as root and grepped for flag in /var/www folder. I looked through template files and it looks like the normal index site that had flag in web server is not used as there is alternative index site for this server but none of those templates actually contain strings_to_leak.

Services / Utilities extraction

Previously contained within the Services module category are some required software utilities that do not present themselves as a networked service running over a socket. This can lead to some strange scenarios being generated where, for example, the user specifies that they want 3 secure services on a box and SecGen will select the update service, java language service and firewall configuration. When interrogating the box externally through service-discovery, e.g. using nmap, this will show nothing running. This is valid behaviour as the software stands now but is likely not what an end-user would expect.

This will be resolved through the creation of a 'utilities' type of module and separating those modules which do not present themselves over the network out.

ESXI support

Thanks for the great tool. Have you though about adding VMware ESXI support? I found that vagrant has an esxi plugin what would accomplish this. I tried adding it and modifying the vagrant file to support the options but the virtualbox.box files that are downloaded will not work with it. I'm new to using vagrant so it might be user error.

When using the esxi plugin i get the error 'the box you attempted to add doesn't match the provider specified' this is because the boxes downloaded are virtual box files.

I don't know enough ruby to work on writing a converter before attempting to add it.

I installed the plugin by 'vagrant plugin install vagrant-vmware-esxi'

Below is a link to the plugin and the documentation.
https://github.com/josenk/vagrant-vmware-esxi

Hopefully this support can be added

Problem Installing PriorityQueue

hi guys,
having trouble getting SecGen running on latest Kali Linux.
I know not directly related to SecGen but couldn't find anything related anywhere else.

Installing PriorityQueue 0.1.2 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /tmp/bundler20190323-22771-xmpfy0PriorityQueue-0.1.2/gems/PriorityQueue-0.1.2/ext/priority_queue
/usr/bin/ruby2.5 -r ./siteconf20190323-22771-arw9zq.rb extconf.rb
creating Makefile

current directory: /tmp/bundler20190323-22771-xmpfy0PriorityQueue-0.1.2/gems/PriorityQueue-0.1.2/ext/priority_queue
make "DESTDIR=" clean

current directory: /tmp/bundler20190323-22771-xmpfy0PriorityQueue-0.1.2/gems/PriorityQueue-0.1.2/ext/priority_queue
make "DESTDIR="
compiling priority_queue.c
In file included from /usr/include/ruby-2.5.0/ruby.h:33,
                 from priority_queue.c:24:
priority_queue.c: In function ‘pq_node2dot’:
/usr/include/ruby-2.5.0/ruby/ruby.h:1779:3: error: call to ‘rb_varargs_bad_length’ declared with attribute error:  argument length doesn't
match
   rb_varargs_bad_length(argc, vargc)), \
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/ruby-2.5.0/ruby/ruby.h:2474:6: note: in expansion of macro ‘rb_varargs_argc_check’
      rb_varargs_argc_check(rb_funcall_argc, rb_funcall_nargs), \
      ^~~~~~~~~~~~~~~~~~~~~
priority_queue.c:820:4: note: in expansion of macro ‘rb_funcall’
    rb_funcall(Qnil, id_format, 4, rb_str_new2("NODE%i -> NODE%i;\n"),
    ^~~~~~~~~~
make: *** [Makefile:243: priority_queue.o] Error 1

make failed, exit code 2

Gem files will remain installed in /tmp/bundler20190323-22771-xmpfy0PriorityQueue-0.1.2/gems/PriorityQueue-0.1.2 for inspection.
Results logged to /tmp/bundler20190323-22771-xmpfy0PriorityQueue-0.1.2/extensions/x86_64-linux/2.5.0/PriorityQueue-0.1.2/gem_make.out

An error occurred while installing PriorityQueue (0.1.2), and Bundler cannot continue.
Make sure that `gem install PriorityQueue -v '0.1.2' --source 'https://rubygems.org/'` succeeds before bundling.

In Gemfile:
  huffman was resolved to 0.0.1, which depends on
    PriorityQueue

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.