Merge pull request #2 from rapid7/sinatra_update

Embed 6 of Clubs in Sinatra service
2024-06-30 16:55:50 +02:00 · 2017-07-12 18:23:21 -05:00 · 2017-07-12 18:23:21 -05:00 · 8fd0cc948c
commit 8fd0cc948c
parent 3e00bdc822 3e70958049
7 changed files with 14 additions and 60 deletions
--- a/chef/cookbooks/metasploitable/files/sinatra/Gemfile
+++ b/chef/cookbooks/metasploitable/files/sinatra/Gemfile
@ -3,3 +3,4 @@ gem 'rack', '2.0.1'
 gem 'sinatra', '2.0.0rc2'
 gem 'erubis'
 gem 'activesupport'
+gem 'obfuscate'
--- a/chef/cookbooks/metasploitable/files/sinatra/README.txt
+++ b/chef/cookbooks/metasploitable/files/sinatra/README.txt
@ -1,24 +0,0 @@
-==============
-Description
-==============
-
-This application is vulnerable to a deserialization vulnerability due to a
-compromised session secret.
-
-Since this is a custom application, the Metasploitable player is required to
-figure out what the secret is (remotely, not through code reading), and write
-an exploit from scratch.
-
-==============
-Usage
-==============
-
-To start the vulnerable application, first do:
-
-$ bundle install
-
-And then finally:
-
-$ ruby start.rb
-
-The server should start on port 8181.
--- a/chef/cookbooks/metasploitable/files/sinatra/server
+++ b/chef/cookbooks/metasploitable/files/sinatra/server
--- a/chef/cookbooks/metasploitable/files/sinatra/server.rb
+++ b/chef/cookbooks/metasploitable/files/sinatra/server.rb
@ -1,33 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'sinatra'
-require 'erubis'
-require 'active_support'
-require 'webrick'
-
-MYSECRET = 'a7aebc287bba0ee4e64f947415a94e5f'
-
-set :environment, :development
-set :bind, '0.0.0.0'
-set :port, 8181
-
-# These settings are specific for Sinatra 2.0.0rc2
-set :logging, false
-set :quiet, true
-dev_null = WEBrick::Log::new("/dev/null", 7)
-set :server_settings, {:Logger => dev_null, :AccessLog => dev_null}
-
-use Rack::Session::Cookie,
-  :key          => "_metasploitable",
-  :path         => "/",
-  :expire_after => 1800,
-  :secret       => MYSECRET
-
-get '/' do
-  val = "Shhhhh, don't tell anybody this cookie secret: #{MYSECRET}"
-  session['_metasploitable'] = val unless session['_metasploitable']
-  body =  "Welcome to Metasploitable3 - Linux edition.<br>"
-  body << "If you exploit this application, you will be handsomely rewarded."
-  [200, {}, body]
-end
-
--- a/chef/cookbooks/metasploitable/files/sinatra/sinatra.conf
+++ b/chef/cookbooks/metasploitable/files/sinatra/sinatra.conf
@ -2,4 +2,4 @@ description 'Run vulnerable Sinatra'
 author 'metasploitable3'

 start on runlevel [2345]
-exec "/opt/sinatra/start.sh"
+exec "/var/opt/sinatra/start.sh"
--- a/chef/cookbooks/metasploitable/files/sinatra/start.sh
+++ b/chef/cookbooks/metasploitable/files/sinatra/start.sh
@ -2,4 +2,4 @@

 cd /opt/sinatra
 bundle install
-ruby ./server.rb 
+ruby -e "require 'obfuscate'; Obfuscate.setup { |c| c.salt = 'sinatra'; c.mode = :string}; code = Obfuscate.clarify(File.read('server')); eval(code)"
--- a/chef/cookbooks/metasploitable/recipes/sinatra.rb
+++ b/chef/cookbooks/metasploitable/recipes/sinatra.rb
@ -13,13 +13,22 @@ directory '/opt/sinatra' do
  mode '0777'
 end

-['Gemfile', 'README.txt', 'start.sh', 'server.rb'].each do |fname|
+directory '/var/opt/sinatra' do
+  mode '0777'
+end
+
+['Gemfile', 'server'].each do |fname|
  cookbook_file "/opt/sinatra/#{fname}" do
    source "sinatra/#{fname}"
    mode '0777'
  end
 end

+cookbook_file '/var/opt/sinatra/start.sh' do
+  source 'sinatra/start.sh'
+  mode '0777'
+end
+
 cookbook_file '/etc/init/sinatra.conf' do
  source 'sinatra/sinatra.conf'
  mode '0777'