Cliffe
I think some of these are recent problems, but I hadn't used VirtualBox for quite a few months. - The wheezy server base has just started complaining of a package...
``` ruby modules/encoders/cipher/bitwise_xor/secgen_local/local.rb --b64 --strings_to_encode=MTAyMTA4MDk3MTAzMTIzMDk5MTAwMTAwMTAwMTAwMDU3MDUxMDUxMTI1 Bitwise XOR Challenge Generator Reading args from STDIN Encoding '["102108097103123099100100100100057051051125"]' Encoded: ["010101100111010001111000011101010110011110100000110101100001000000001000110110011000110100111010100001100000010111010111110011101111110110100000111000100101100100001011011010011111101111111011000100000011011010000010001001011110010101001100101010010110100111111001101000010000101001110001100111011010111011111100011011111001100100001110_011001110100010001001010010001000101011110011000111001100010100100111111111010001011110100001001101101110011011111100100111111101100010010011001110100110110100100111011010110001100101111001011001000010000011010110010000101001101010101111100100110010101110011001110100100010011111101000000101011011001101111001101010111101010101100111011", [...]]... /home/secgen/SecGen/lib/objects/local_encoding_functions.rb:26:in `map': stack level too deep (SystemStackError) from /home/secgen/SecGen/lib/objects/local_encoding_functions.rb:26:in `array_to_utf8' from /home/secgen/SecGen/lib/objects/local_encoding_functions.rb:32:in...
https://github.com/cliffe/SecGen/blob/3135bf46c728baba40646c20cb9db24559ed05e6/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp#L12 Update to _also_ include /usr/bin/awk
So that they can automatically conflict with each other. Some of the newer modules need this metadata.
https://github.com/cliffe/SecGen/blob/3135bf46c728baba40646c20cb9db24559ed05e6/modules/generators/structured_content/hackerbot_config/hb_suid_acls/templates/lab.xml.erb#L109 "Add **the string** xyz" (+the string)
https://github.com/cliffe/SecGen/blob/3135bf46c728baba40646c20cb9db24559ed05e6/modules/vulnerabilities/unix/desktop/xfce_lightdm_root_login/secgen_metadata.xml#L16 Add conflicts with most bases -- esp anything with kde in the title
Ideally add a rule to sudoers so that it doesn't, so that these priv escalation attacks work regardless of the method used to obtain access (the attacker doesn't always know...
We have started using normal user accounts in kali, but some of the HB lab sheets still list the old "root:toor" creds.
https://github.com/cliffe/SecGen/blob/3135bf46c728baba40646c20cb9db24559ed05e6/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp#L12 Would be good to add a parameter so we can specify the file permissions -- so that we can have the option to drop the flag in / with...
https://github.com/cliffe/SecGen/blob/ee5c9c2a2c830ebd08e20e7ed202053d9c4e2382/modules/vulnerabilities/unix/misc/jboss_remoting_unified_invoker_rce/manifests/flags.pp#L7 We should follow SecGen convention and put the flag somewhere obvious (/home) -- successful exploitation doesn't always land the attacker in the directory we are using. Also check the...