mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-07-02 17:55:46 +02:00
Merge pull request #2 from rapid7/sinatra_update
Embed 6 of Clubs in Sinatra service
This commit is contained in:
commit
8fd0cc948c
1
chef/cookbooks/metasploitable/files/sinatra/Gemfile
Normal file → Executable file
1
chef/cookbooks/metasploitable/files/sinatra/Gemfile
Normal file → Executable file
|
@ -3,3 +3,4 @@ gem 'rack', '2.0.1'
|
||||||
gem 'sinatra', '2.0.0rc2'
|
gem 'sinatra', '2.0.0rc2'
|
||||||
gem 'erubis'
|
gem 'erubis'
|
||||||
gem 'activesupport'
|
gem 'activesupport'
|
||||||
|
gem 'obfuscate'
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
==============
|
|
||||||
Description
|
|
||||||
==============
|
|
||||||
|
|
||||||
This application is vulnerable to a deserialization vulnerability due to a
|
|
||||||
compromised session secret.
|
|
||||||
|
|
||||||
Since this is a custom application, the Metasploitable player is required to
|
|
||||||
figure out what the secret is (remotely, not through code reading), and write
|
|
||||||
an exploit from scratch.
|
|
||||||
|
|
||||||
==============
|
|
||||||
Usage
|
|
||||||
==============
|
|
||||||
|
|
||||||
To start the vulnerable application, first do:
|
|
||||||
|
|
||||||
$ bundle install
|
|
||||||
|
|
||||||
And then finally:
|
|
||||||
|
|
||||||
$ ruby start.rb
|
|
||||||
|
|
||||||
The server should start on port 8181.
|
|
1
chef/cookbooks/metasploitable/files/sinatra/server
Executable file
1
chef/cookbooks/metasploitable/files/sinatra/server
Executable file
File diff suppressed because one or more lines are too long
|
@ -1,33 +0,0 @@
|
||||||
#!/usr/bin/env ruby
|
|
||||||
|
|
||||||
require 'sinatra'
|
|
||||||
require 'erubis'
|
|
||||||
require 'active_support'
|
|
||||||
require 'webrick'
|
|
||||||
|
|
||||||
MYSECRET = 'a7aebc287bba0ee4e64f947415a94e5f'
|
|
||||||
|
|
||||||
set :environment, :development
|
|
||||||
set :bind, '0.0.0.0'
|
|
||||||
set :port, 8181
|
|
||||||
|
|
||||||
# These settings are specific for Sinatra 2.0.0rc2
|
|
||||||
set :logging, false
|
|
||||||
set :quiet, true
|
|
||||||
dev_null = WEBrick::Log::new("/dev/null", 7)
|
|
||||||
set :server_settings, {:Logger => dev_null, :AccessLog => dev_null}
|
|
||||||
|
|
||||||
use Rack::Session::Cookie,
|
|
||||||
:key => "_metasploitable",
|
|
||||||
:path => "/",
|
|
||||||
:expire_after => 1800,
|
|
||||||
:secret => MYSECRET
|
|
||||||
|
|
||||||
get '/' do
|
|
||||||
val = "Shhhhh, don't tell anybody this cookie secret: #{MYSECRET}"
|
|
||||||
session['_metasploitable'] = val unless session['_metasploitable']
|
|
||||||
body = "Welcome to Metasploitable3 - Linux edition.<br>"
|
|
||||||
body << "If you exploit this application, you will be handsomely rewarded."
|
|
||||||
[200, {}, body]
|
|
||||||
end
|
|
||||||
|
|
2
chef/cookbooks/metasploitable/files/sinatra/sinatra.conf
Normal file → Executable file
2
chef/cookbooks/metasploitable/files/sinatra/sinatra.conf
Normal file → Executable file
|
@ -2,4 +2,4 @@ description 'Run vulnerable Sinatra'
|
||||||
author 'metasploitable3'
|
author 'metasploitable3'
|
||||||
|
|
||||||
start on runlevel [2345]
|
start on runlevel [2345]
|
||||||
exec "/opt/sinatra/start.sh"
|
exec "/var/opt/sinatra/start.sh"
|
||||||
|
|
2
chef/cookbooks/metasploitable/files/sinatra/start.sh
Normal file → Executable file
2
chef/cookbooks/metasploitable/files/sinatra/start.sh
Normal file → Executable file
|
@ -2,4 +2,4 @@
|
||||||
|
|
||||||
cd /opt/sinatra
|
cd /opt/sinatra
|
||||||
bundle install
|
bundle install
|
||||||
ruby ./server.rb
|
ruby -e "require 'obfuscate'; Obfuscate.setup { |c| c.salt = 'sinatra'; c.mode = :string}; code = Obfuscate.clarify(File.read('server')); eval(code)"
|
||||||
|
|
|
@ -13,13 +13,22 @@ directory '/opt/sinatra' do
|
||||||
mode '0777'
|
mode '0777'
|
||||||
end
|
end
|
||||||
|
|
||||||
['Gemfile', 'README.txt', 'start.sh', 'server.rb'].each do |fname|
|
directory '/var/opt/sinatra' do
|
||||||
|
mode '0777'
|
||||||
|
end
|
||||||
|
|
||||||
|
['Gemfile', 'server'].each do |fname|
|
||||||
cookbook_file "/opt/sinatra/#{fname}" do
|
cookbook_file "/opt/sinatra/#{fname}" do
|
||||||
source "sinatra/#{fname}"
|
source "sinatra/#{fname}"
|
||||||
mode '0777'
|
mode '0777'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
cookbook_file '/var/opt/sinatra/start.sh' do
|
||||||
|
source 'sinatra/start.sh'
|
||||||
|
mode '0777'
|
||||||
|
end
|
||||||
|
|
||||||
cookbook_file '/etc/init/sinatra.conf' do
|
cookbook_file '/etc/init/sinatra.conf' do
|
||||||
source 'sinatra/sinatra.conf'
|
source 'sinatra/sinatra.conf'
|
||||||
mode '0777'
|
mode '0777'
|
||||||
|
|
Loading…
Reference in New Issue
Block a user