metasploitable3/chef/cookbooks/metasploitable/files/sinatra/README.txt

==============
Description
==============

This application is vulnerable to a deserialization vulnerability due to a
compromised session secret.

Since this is a custom application, the Metasploitable player is required to
figure out what the secret is (remotely, not through code reading), and write
an exploit from scratch.

==============
Usage
==============

To start the vulnerable application, first do:

$ bundle install

And then finally:

$ ruby start.rb

The server should start on port 8181.
Add Sinatra Leaked Secret Deserialization Vulnerability 2017-04-01 00:15:04 +02:00			`==============`
			`Description`
			`==============`

			`This application is vulnerable to a deserialization vulnerability due to a`
			`compromised session secret.`

			`Since this is a custom application, the Metasploitable player is required to`
			`figure out what the secret is (remotely, not through code reading), and write`
			`an exploit from scratch.`

			`==============`
			`Usage`
			`==============`

			`To start the vulnerable application, first do:`

			`$ bundle install`

			`And then finally:`

			`$ ruby start.rb`

Use upstart script 2017-04-05 22:54:14 +02:00			`The server should start on port 8181.`