mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-06-30 16:55:50 +02:00
Merge pull request #2 from rapid7/sinatra_update
Embed 6 of Clubs in Sinatra service
This commit is contained in:
commit
8fd0cc948c
1
chef/cookbooks/metasploitable/files/sinatra/Gemfile
Normal file → Executable file
1
chef/cookbooks/metasploitable/files/sinatra/Gemfile
Normal file → Executable file
|
@ -3,3 +3,4 @@ gem 'rack', '2.0.1'
|
|||
gem 'sinatra', '2.0.0rc2'
|
||||
gem 'erubis'
|
||||
gem 'activesupport'
|
||||
gem 'obfuscate'
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
==============
|
||||
Description
|
||||
==============
|
||||
|
||||
This application is vulnerable to a deserialization vulnerability due to a
|
||||
compromised session secret.
|
||||
|
||||
Since this is a custom application, the Metasploitable player is required to
|
||||
figure out what the secret is (remotely, not through code reading), and write
|
||||
an exploit from scratch.
|
||||
|
||||
==============
|
||||
Usage
|
||||
==============
|
||||
|
||||
To start the vulnerable application, first do:
|
||||
|
||||
$ bundle install
|
||||
|
||||
And then finally:
|
||||
|
||||
$ ruby start.rb
|
||||
|
||||
The server should start on port 8181.
|
1
chef/cookbooks/metasploitable/files/sinatra/server
Executable file
1
chef/cookbooks/metasploitable/files/sinatra/server
Executable file
File diff suppressed because one or more lines are too long
|
@ -1,33 +0,0 @@
|
|||
#!/usr/bin/env ruby
|
||||
|
||||
require 'sinatra'
|
||||
require 'erubis'
|
||||
require 'active_support'
|
||||
require 'webrick'
|
||||
|
||||
MYSECRET = 'a7aebc287bba0ee4e64f947415a94e5f'
|
||||
|
||||
set :environment, :development
|
||||
set :bind, '0.0.0.0'
|
||||
set :port, 8181
|
||||
|
||||
# These settings are specific for Sinatra 2.0.0rc2
|
||||
set :logging, false
|
||||
set :quiet, true
|
||||
dev_null = WEBrick::Log::new("/dev/null", 7)
|
||||
set :server_settings, {:Logger => dev_null, :AccessLog => dev_null}
|
||||
|
||||
use Rack::Session::Cookie,
|
||||
:key => "_metasploitable",
|
||||
:path => "/",
|
||||
:expire_after => 1800,
|
||||
:secret => MYSECRET
|
||||
|
||||
get '/' do
|
||||
val = "Shhhhh, don't tell anybody this cookie secret: #{MYSECRET}"
|
||||
session['_metasploitable'] = val unless session['_metasploitable']
|
||||
body = "Welcome to Metasploitable3 - Linux edition.<br>"
|
||||
body << "If you exploit this application, you will be handsomely rewarded."
|
||||
[200, {}, body]
|
||||
end
|
||||
|
2
chef/cookbooks/metasploitable/files/sinatra/sinatra.conf
Normal file → Executable file
2
chef/cookbooks/metasploitable/files/sinatra/sinatra.conf
Normal file → Executable file
|
@ -2,4 +2,4 @@ description 'Run vulnerable Sinatra'
|
|||
author 'metasploitable3'
|
||||
|
||||
start on runlevel [2345]
|
||||
exec "/opt/sinatra/start.sh"
|
||||
exec "/var/opt/sinatra/start.sh"
|
||||
|
|
2
chef/cookbooks/metasploitable/files/sinatra/start.sh
Normal file → Executable file
2
chef/cookbooks/metasploitable/files/sinatra/start.sh
Normal file → Executable file
|
@ -2,4 +2,4 @@
|
|||
|
||||
cd /opt/sinatra
|
||||
bundle install
|
||||
ruby ./server.rb
|
||||
ruby -e "require 'obfuscate'; Obfuscate.setup { |c| c.salt = 'sinatra'; c.mode = :string}; code = Obfuscate.clarify(File.read('server')); eval(code)"
|
||||
|
|
|
@ -13,13 +13,22 @@ directory '/opt/sinatra' do
|
|||
mode '0777'
|
||||
end
|
||||
|
||||
['Gemfile', 'README.txt', 'start.sh', 'server.rb'].each do |fname|
|
||||
directory '/var/opt/sinatra' do
|
||||
mode '0777'
|
||||
end
|
||||
|
||||
['Gemfile', 'server'].each do |fname|
|
||||
cookbook_file "/opt/sinatra/#{fname}" do
|
||||
source "sinatra/#{fname}"
|
||||
mode '0777'
|
||||
end
|
||||
end
|
||||
|
||||
cookbook_file '/var/opt/sinatra/start.sh' do
|
||||
source 'sinatra/start.sh'
|
||||
mode '0777'
|
||||
end
|
||||
|
||||
cookbook_file '/etc/init/sinatra.conf' do
|
||||
source 'sinatra/sinatra.conf'
|
||||
mode '0777'
|
||||
|
|
Loading…
Reference in New Issue
Block a user