Marown/metasploitable3
1
0
Fork 0
mirror of https://github.com/rapid7/metasploitable3.git synced 2024-06-30 08:45:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from rapid7/ctf/port_knocking

Browse Source 
Add 5 of Diamonds
This commit is contained in:
sinn3r 2017-07-11 15:55:17 -05:00 committed by GitHub
commit 6cf3acc553
15 changed files with 316 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Vagrantfile vendored
View File

@ -145,7 +145,7 @@ Vagrant.configure("2") do |config|
trusty.vm.provider "virtualbox" do |v|
v.name = "MetasploitableUB"
v.memory = 1024
v.memory = 2048
end
config.omnibus.chef_version = :latest
@ -160,12 +160,6 @@ Vagrant.configure("2") do |config|
}
}
chef.add_recipe "metasploitable::mysql"
chef.add_recipe "metasploitable::apache_continuum"
chef.add_recipe "metasploitable::apache"
chef.add_recipe "metasploitable::php_545"
chef.add_recipe "metasploitable::phpmyadmin"
chef.add_recipe "metasploitable::proftpd"
chef.add_recipe "metasploitable::users"
chef.add_recipe "metasploitable::sinatra"
chef.add_recipe "metasploitable::docker"
@ -176,6 +170,9 @@ Vagrant.configure("2") do |config|
chef.add_recipe "metasploitable::readme_app"
chef.add_recipe "metasploitable::payroll_app"
chef.add_recipe "metasploitable::drupal"
chef.add_recipe "metasploitable::knockd"
chef.add_recipe "metasploitable::iptables"
chef.add_recipe "metasploitable::flags"
end
end
end

11
chef/cookbooks/metasploitable/attributes/default.rb
View File

@ -8,3 +8,14 @@ default[:metasploitable][:docker_users] = ['boba_fett',
'chewbacca',]
default[:metasploitable][:files_path] = '/vagrant/chef/cookbooks/metasploitable/files/'
default[:metasploitable][:ports] = { :cups => 631,
:apache => 80,
:unrealircd => 6697,
:proftpd => 21,
:mysql => 3306,
:chatbot_ui => 80,
:chatbot_nodejs => 3000,
:ruby => 8181,
:samba => 445
}

7
chef/cookbooks/metasploitable/attributes/flags.rb Normal file
View File

@ -0,0 +1,7 @@
#
# Cookbook:: metasploitable
# Attributes:: flags
#
default[:flags][:five_of_diamonds][:vuln_service] = 'custom_http'
default[:flags][:five_of_diamonds][:vuln_port] = '8989'

109
chef/cookbooks/metasploitable/attributes/users.rb Normal file
View File

@ -0,0 +1,109 @@
#
# Cookbook:: metasploitable
# Attributes:: users
#
default[:users][:leia_organa] = { username: 'leia_organa',
password: 'obiwan',
password_hash: '$1$2ny4/xaH$tAFV5fbEqHx2OkOPIQhpx0',
first_name: 'Leia',
last_name: 'Organa',
salary: '9560'}
default[:users][:luke_skywalker] = { username: 'luke_skywalker',
password: 'password',
password_hash: '$1$n8tgrGRs$8xaS40CFS1J5iIAEmbnx50',
first_name: 'Luke',
last_name: 'Skywalker',
salary: '1080'}
default[:users][:han_solo] = { username: 'han_solo',
password: 'sh00t-first',
password_hash: '$1$L/2/AWAh$ZMUulbFhP2IesZ6xwBmaV0',
first_name: 'Han',
last_name: 'Solo',
salary: '1200'}
default[:users][:artoo_detoo] = { username: 'artoo_detoo',
password: 'beep_b00p',
password_hash: '$1$DlEuqBUm$u71bKO9I603kDCqEphmon1',
first_name: 'Artoo',
last_name: 'Detoo',
salary: '22222'}
default[:users][:c_three_pio] = { username: 'c_three_pio',
password: 'pr0t0c0l',
password_hash: '$1$4JMoAFqs$b5MwsiCfOASdUKktx6wQ7/',
first_name: 'C',
last_name: 'Threepio',
salary: '3200'}
default[:users][:ben_kenobi] = { username: 'ben_kenobi',
password: 'thats_no_moon',
password_hash: '$1$vmHrrI9b$OyLulJjgi18GxgREG5V5c1',
first_name: 'Ben',
last_name: 'Kenobi',
salary: '10000'}
default[:users][:darth_vader] = { username: 'darth_vader',
password: 'd@rk_sid3',
password_hash: '$1$c7AfQJ86$zvcdz7pPate7GdCQ.yfTf0',
first_name: 'Darth',
last_name: 'Vader',
salary: '6666'}
default[:users][:anakin_skywalker] = { username: 'anakin_skywalker',
password: 'yipp33!!',
password_hash: '$1$AvIldIHu$o1s2OCU4n/qSCGQMKMgkH/',
first_name: 'Anakin',
last_name: 'Skywalker',
salary: '1025'}
default[:users][:jarjar_binks] = { username: 'jarjar_binks',
password: 'mesah_p@ssw0rd',
password_hash: '$1$SNokFi0c$F.SvjZQjYRSuoBuobRWMh1',
first_name: 'Jar-Jar',
last_name: 'Binks',
salary: '2048'}
default[:users][:lando_calrissian] = { username: 'lando_calrissian',
password: 'b@ckstab',
password_hash: '$1$8aWC7zHq$bz6K2rZVD7XlMNqBIIMGX.',
first_name: 'Lando',
last_name: 'Calrissian',
salary: '40000'}
default[:users][:boba_fett] = { username: 'boba_fett',
password: 'mandalorian1',
password_hash: '$1$TjxlmV4j$k/rG1vb4.pj.z0yFWJ.ZD0',
first_name: 'Boba',
last_name: 'Fett',
salary: '20000'}
default[:users][:jabba_hutt] = { username: 'jabba_hutt',
password: 'not-a-slug12',
password_hash: '$1$1q5jRHYC$LIp/8O/g9qg3NaeGOxGSl/',
first_name: 'Jaba',
last_name: 'Hutt',
salary: '65000'}
default[:users][:greedo] = { username: 'greedo',
password: 'hanShotFirst!',
password_hash: '$1$1lmZ0rOJ$GITT5.sX0tvOQeC2/wWQF1',
first_name: 'Greedo',
last_name: 'Rodian',
salary: '50000'}
default[:users][:chewbacca] = { username: 'chewbacca',
password: 'rwaaaaawr5',
password_hash: '$1$AjU5ZLh9$WjO.j9fYh3yms3HSDBKya1',
first_name: 'Chewbacca',
last_name: '',
salary: '4500'}
default[:users][:kylo_ren] = { username: 'kylo_ren',
password: 'daddy_issues1',
password_hash: '$1$Zcw3AKDA$1Mjgzmr/HpmFXuxUjj2Vv1',
first_name: 'Kylo',
last_name: 'Ren',
salary: '6667'}

BIN
chef/cookbooks/metasploitable/files/flags/five_of_diamonds Executable file
View File

Binary file not shown.

26
chef/cookbooks/metasploitable/files/flags/five_of_diamonds.cr Normal file
View File

File diff suppressed because one or more lines are too long

39
chef/cookbooks/metasploitable/files/flags/five_of_diamonds_srv Normal file
View File

@ -0,0 +1,39 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: five_of_diamonds
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Interactive: false
# Short-Description: Init script for five_of_diamonds
# Description: Start/stop five_of_diamonds
### END INIT INFO
DESC="five_of_diamonds"
NAME=five_of_diamonds
#DAEMON=
do_start()
{
echo "Starting five_of_diamonds.";
/opt/knock_knock/five_of_diamonds -p 8989 &
}
do_stop()
{
echo "Stopping five_of_diamonds."
killall five_of_diamonds
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
esac
exit 0

15
chef/cookbooks/metasploitable/files/knockd/knockd Normal file
View File

@ -0,0 +1,15 @@
################################################
#
# knockd's default file, for generic sys config
#
################################################
# control if we start knockd at init or not
# 1 = start
# anything else = don't start
#
# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
START_KNOCKD=1
# command line options
#KNOCKD_OPTS="-i eth1"

23
chef/cookbooks/metasploitable/recipes/flags.rb Normal file
View File

@ -0,0 +1,23 @@
#
# Cookbook:: metasploitable
# Recipe:: flags
#
# Copyright:: 2017, Rapid7, All Rights Reserved.
directory '/opt/knock_knock' do
mode 0700
end
cookbook_file '/opt/knock_knock/five_of_diamonds' do
source 'flags/five_of_diamonds'
mode 0700
end
cookbook_file '/etc/init.d/five_of_diamonds_srv' do
source 'flags/five_of_diamonds_srv'
mode '760'
end
service 'five_of_diamonds_srv' do
action [:enable, :start]
end

29
chef/cookbooks/metasploitable/recipes/iptables.rb Normal file
View File

@ -0,0 +1,29 @@
#
# Cookbook:: metasploitable
# Recipe:: iptables
#
# Copyright:: 2017, Rapid7, All Rights Reserved.
execute "apt-get update" do
command "apt-get update"
end
bash 'setup for knockd, used for flag' do
code_to_execute = ""
code_to_execute << "iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP\n"
code_to_execute << "iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n"
node[:metasploitable][:ports].keys.each do |service|
code_to_execute << "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service.to_sym]} -j ACCEPT\n"
end
code_to_execute << "iptables -A INPUT -j DROP\n"
code code_to_execute
end
package 'iptables-persistent' do
action :install
end
service 'iptables-persistent' do
action [:enable, :start]
end

23
chef/cookbooks/metasploitable/recipes/knockd.rb Normal file
View File

@ -0,0 +1,23 @@
#
# Cookbook:: metasploitable
# Recipe:: knockd
#
# Copyright:: 2017, Rapid7, All Rights Reserved.
package 'knockd' do
action :install
end
template '/etc/knockd.conf' do
source 'knockd/knockd.conf.erb'
mode '0600'
end
cookbook_file '/etc/default/knockd' do
source 'knockd/knockd'
mode '0600'
end
service 'knockd' do
action :restart
end

8
chef/cookbooks/metasploitable/recipes/payroll_app.rb
View File

@ -3,13 +3,17 @@
# Recipe:: payroll_app
# Copyright:: 2017, Rapid7, All Rights Reserved.
include_recipe 'metasploitable::mysql'
include_recipe 'metasploitable::apache'
include_recipe 'metasploitable::php_545'
cookbook_file '/var/www/html/payroll_app.php' do
source 'payroll_app/payroll_app.php'
mode '0755'
end
cookbook_file '/tmp/payroll.sql' do
source 'payroll_app/payroll.sql'
template '/tmp/payroll.sql' do
source 'payroll_app/payroll.sql.erb'
mode '0755'
end

24
chef/cookbooks/metasploitable/recipes/users.rb
View File

@ -6,31 +6,15 @@
# See scripts/configs/create_users.bat for passwords
users = {'leah_organa' => { password: '$1$2ny4/xaH$tAFV5fbEqHx2OkOPIQhpx0' },
'luke_skywalker' => { password: '$1$n8tgrGRs$8xaS40CFS1J5iIAEmbnx50' },
'han_solo' => { password: '$1$L/2/AWAh$ZMUulbFhP2IesZ6xwBmaV0' },
'artoo_detoo' => { password: '$1$DlEuqBUm$u71bKO9I603kDCqEphmon1' },
'c_three_pio' => { password: '$1$4JMoAFqs$b5MwsiCfOASdUKktx6wQ7/' },
'ben_kenobi' => { password: '$1$vmHrrI9b$OyLulJjgi18GxgREG5V5c1' },
'darth_vader' => { password: '$1$c7AfQJ86$zvcdz7pPate7GdCQ.yfTf0' },
'anakin_skywalker' => { password: '$1$AvIldIHu$o1s2OCU4n/qSCGQMKMgkH/' },
'jarjar_binks' => { password: '$1$SNokFi0c$F.SvjZQjYRSuoBuobRWMh1' },
'lando_calrissian' => { password: '$1$8aWC7zHq$bz6K2rZVD7XlMNqBIIMGX.' },
'boba_fett' => { password: '$1$TjxlmV4j$k/rG1vb4.pj.z0yFWJ.ZD0' },
'jabba_hutt' => { password: '$1$1q5jRHYC$LIp/8O/g9qg3NaeGOxGSl/' },
'greedo' => { password: '$1$1lmZ0rOJ$GITT5.sX0tvOQeC2/wWQF1' },
'chewbacca' => { password: '$1$AjU5ZLh9$WjO.j9fYh3yms3HSDBKya1' },
'kylo_ren' => { password: '$1$Zcw3AKDA$1Mjgzmr/HpmFXuxUjj2Vv1' }
}
uid = 1111
users.each do |username, opts|
user username do
node[:users].each do |u, attributes|
user attributes[:username] do
manage_home true
password opts[:password]
password attributes[:password_hash]
uid uid
gid '100'
home "/home/#{username}"
home "/home/#{attributes[:username]}"
shell '/bin/bash'
end
uid += 1

14
chef/cookbooks/metasploitable/templates/knockd/knockd.conf.erb Normal file
View File

@ -0,0 +1,14 @@
[options]
UseSyslog
[openFlag]
sequence = <%= node[:users].collect { |u, att| node[:users][u][:salary] }.join(',') %>
seq_timeout = 15
command = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport <%= node[:flags][:five_of_diamonds][:vuln_port] %> -j ACCEPT
tcpflags = syn
[closeFlag]
sequence = <%= node[:users].collect { |u, att| node[:users][u][:salary] }.reverse.join(',') %>
seq_timeout = 15
command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport <%= node[:flags][:five_of_diamonds][:vuln_port] %> -j ACCEPT
tcpflags = syn

21
chef/cookbooks/metasploitable/files/payroll_app/payroll.sql → chef/cookbooks/metasploitable/templates/payroll_app/payroll.sql.erb
View File

@ -39,21 +39,12 @@ CREATE TABLE IF NOT EXISTS `users` (
--
INSERT INTO `users` (`username`, `first_name`, `last_name`, `password`, `salary`) VALUES
('luke_skywalker', 'Luke', 'Skywalker', 'password', 102000),
('leia_organa', 'Leia', 'Organa', 'obiwan', 95600),
('han_solo', 'Han', 'Solo', 'sh00t-first', 12000),
('artoo_detoo', 'Artoo', 'Detoo', 'beep_b00p', 22000),
('c_three_pio', 'C', 'Threepio', 'pr0t0c0l', 32000),
('ben_kenobi', 'Ben', 'Kenobi', 'thats_no_moon', 1000000),
('darth_vader', 'Darth', 'Vader', 'd@rk_sid3', 666000),
('anakin_skywalker', 'Anakin', 'Skywalker', 'yipp33!!', 0),
('jarjar_binks', 'Jar-Jar', 'Binks', 'mesah_p@ssw0rd', 2000),
('lando_calrissian', 'Lando', 'Calrissian', 'b@ckstab', 4000000),
('boba_fett', 'Boba', 'Fett', 'mandalorian1', 2000000),
('jabba_hutt', 'Jabba', 'The Hutt', 'not-a-slug12', 10000000),
('greedo', 'Greedo', 'Rodian', 'hanShotFirst!', 500000),
('chewbacca', 'Chewbacca', '', 'rwaaaaawr5', 4500),
('kylo_ren', 'Kylo', 'Ren', 'daddy_issues1', 66600);
<%= values = ""
node[:users].keys.each do |u|
values << "('#{node[:users][u][:username]}', '#{node[:users][u][:first_name]}', '#{node[:users][u][:last_name]}', '#{node[:users][u][:password]}', '#{node[:users][u][:salary]}'),"
end
values[0...-1]
%>;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;