Everything needed for RC5

2024-09-21 00:01:14 +02:00 · 2017-09-12 09:16:20 -05:00 · 2017-09-12 09:16:20 -05:00 · c3c3b63382
commit c3c3b63382
parent 80c2fc0f84
8 changed files with 321 additions and 6 deletions
--- a/chef/cookbooks/metasploitable/files/proftpd/hosts_renewer.conf
+++ b/chef/cookbooks/metasploitable/files/proftpd/hosts_renewer.conf
@ -0,0 +1,7 @@
+description 'Run hosts renewer'
+author 'metasploitable3'
+
+start on runlevel [2345]
+script
+  ruby /opt/proftpd/hosts_renewer.rb
+end script
--- a/chef/cookbooks/metasploitable/files/proftpd/hosts_renewer.rb
+++ b/chef/cookbooks/metasploitable/files/proftpd/hosts_renewer.rb
@ -0,0 +1,135 @@
+#!/usr/bin/env ruby
+
+#
+# This script will update ProFTPd's DefaultAddress setting in the config file
+# when the IP changes.
+#
+# You should comebine systemd to make sure this things automatically updates
+# ProFTPd as soon as it starts. The script:
+#
+# [Unit]
+#Description=Foo
+#
+# [Service]
+# ExecStart=rvm-shell -c /opt/proftpd/proftp_ip_renewer.rb
+
+# [Install]
+# WantedBy=multi-user.target
+#
+
+require 'socket'
+
+class HostsRenewer
+
+  class Error < RuntimeError; end
+
+  # The config file to update
+  CONFIG_PATH = '/etc/hosts'
+
+  # Number of seconds to wait before we try to update again
+  WAIT_TIME   = 3
+
+  # The kind of private IP prefix we are looking for to update
+  # The Metasploitable3 private IP always starts with 10-something.
+  EXPECTED_IP_PREFIX = '10'
+
+  def initialize
+    unless config_exists?
+      raise ProFTPIPRenewer::Error, "#{CONFIG_PATH} not found"
+    end
+
+    last_known_ip = get_default_address_from_config
+    @hostname = `hostname`
+
+    unless last_known_ip
+      puts "* The ip/hostname isn't present in /etc/hosts. Adding it."
+      init_default_address_to_config
+      last_known_ip = get_default_address_from_config
+      restart_proftpd
+    end
+  end
+
+  def read_config
+    File.read(CONFIG_PATH)
+  end
+
+  def init_default_address_to_config
+    current_ip = get_private_ip
+    value = "\n#{current_ip} #{@hostname}\n"
+    File.open(CONFIG_PATH, 'ab') do |f|
+      f.write(value)
+    end
+  end
+
+  def get_default_address_from_config
+    config = read_config
+    current_ip = get_private_ip
+    config.scan(/#{current_ip} #{@hostname}/).flatten.first
+  end
+
+  def get_private_ip
+    ip = Socket.ip_address_list.select { |addr| addr.ip_address =~ /^#{EXPECTED_IP_PREFIX}\./}.first
+    if ip
+      ip.ip_address
+    else
+      puts "* The desired IP is not found. We are falling back to 127.0.0.1."
+      '127.0.0.1'
+    end
+  end
+
+  def config_exists?
+    File.exists?(CONFIG_PATH)
+  end
+
+  def update_ip_address
+    config = read_config
+    new_config = ''
+    changed = false
+    current_ip = get_private_ip
+
+    config.each_line do |line|
+      if line =~ /(#{current_ip}) #{@hostname}/
+        if $1 != current_ip
+          changed = true
+          puts "* IP has changed to: #{current_ip}."
+          new_config << "#{current_ip} #{@hostname}\n"
+        end
+      else
+        new_config << line
+      end
+    end
+
+    if changed
+      File.write(CONFIG_PATH, new_config)
+      puts "* #{CONFIG_PATH} updated"
+      restart_proftpd
+    end
+  end
+
+  def restart_proftpd
+    puts "* Restarting ProFTPd"
+    puts `service proftpd stop`
+    puts `service proftpd start`
+  end
+
+  def start
+    while true
+      update_ip_address
+      sleep WAIT_TIME
+    end
+  end
+
+end
+
+def main
+  begin
+    ip_renewer = HostsRenewer.new
+    ip_renewer.start
+  rescue HostsRenewer::Error => e
+    puts "* Error: #{e.message}"
+  end
+end
+
+if __FILE__ == $PROGRAM_NAME
+  main
+end
--- a/chef/cookbooks/metasploitable/files/proftpd/proftpd_ip_renewer.conf
+++ b/chef/cookbooks/metasploitable/files/proftpd/proftpd_ip_renewer.conf
@ -0,0 +1,7 @@
+description 'Run proftpd IP renewer'
+author 'metasploitable3'
+
+start on runlevel [2345]
+script
+  ruby /opt/proftpd/proftpd_ip_renewer.rb
+end script
--- a/chef/cookbooks/metasploitable/files/proftpd/proftpd_ip_renewer.rb
+++ b/chef/cookbooks/metasploitable/files/proftpd/proftpd_ip_renewer.rb
@ -0,0 +1,131 @@
+#!/usr/bin/env ruby
+
+#
+# This script will update ProFTPd's DefaultAddress setting in the config file
+# when the IP changes.
+#
+# You should comebine systemd to make sure this things automatically updates
+# ProFTPd as soon as it starts. The script:
+#
+# [Unit]
+#Description=Foo
+#
+# [Service]
+# ExecStart=rvm-shell -c /opt/proftpd/proftp_ip_renewer.rb
+
+# [Install]
+# WantedBy=multi-user.target
+#
+
+require 'socket'
+
+class ProFTPIPRenewer
+
+  class Error < RuntimeError; end
+
+  # The config file to update
+  CONFIG_PATH = '/opt/proftpd/etc/proftpd.conf'
+
+  # Number of seconds to wait before we try to update again
+  WAIT_TIME   = 3
+
+  # The kind of private IP prefix we are looking for to update
+  # The Metasploitable3 private IP always starts with 10-something.
+  EXPECTED_IP_PREFIX = '10'
+
+  def initialize
+    unless config_exists?
+      raise ProFTPIPRenewer::Error, "#{CONFIG_PATH} not found"
+    end
+
+    last_known_ip = get_default_address_from_config
+
+    unless last_known_ip
+      puts "* There is no DefaultAddress in proftpd.conf. We are going to create one."
+      init_default_address_to_config
+      last_known_ip = get_default_address_from_config
+    end
+  end
+
+  def read_config
+    File.read(CONFIG_PATH)
+  end
+
+  def init_default_address_to_config
+    current_ip = get_private_ip
+    value = "\nDefaultAddress #{current_ip}\n"
+    File.open(CONFIG_PATH, 'ab') do |f|
+      f.write(value)
+    end
+  end
+
+  def get_default_address_from_config
+    config = read_config
+    config.scan(/DefaultAddress (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/).flatten.first
+  end
+
+  def get_private_ip
+    ip = Socket.ip_address_list.select { |addr| addr.ip_address =~ /^#{EXPECTED_IP_PREFIX}\./}.first
+    if ip
+      ip.ip_address
+    else
+      puts "* The desired IP is not found. We are falling back to 127.0.0.1."
+      '127.0.0.1'
+    end
+  end
+
+  def config_exists?
+    File.exists?(CONFIG_PATH)
+  end
+
+  def update_ip_address
+    config = read_config
+    new_config = ''
+    changed = false
+    current_ip = get_private_ip
+
+    config.each_line do |line|
+      if line =~ /DefaultAddress (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/
+        if $1 != current_ip
+          changed = true
+          puts "* IP has changed to: #{current_ip}."
+          new_config << "DefaultAddress #{current_ip}\n"
+        end
+      else
+        new_config << line
+      end
+    end
+
+    if changed
+      File.write(CONFIG_PATH, new_config)
+      puts "* #{CONFIG_PATH} updated"
+    end
+  end
+
+  def restart_proftpd
+    puts "* Restarting ProFTPd"
+    puts `service proftpd stop`
+    puts `service proftpd start`
+  end
+
+  def start
+    while true
+      update_ip_address
+      sleep WAIT_TIME
+    end
+  end
+
+end
+
+def main
+  begin
+    ip_renewer = ProFTPIPRenewer.new
+    ip_renewer.start
+  rescue ProFTPIPRenewer::Error => e
+    puts "* Error: #{e.message}"
+  end
+end
+
+if __FILE__ == $PROGRAM_NAME
+  main
+end
--- a/chef/cookbooks/metasploitable/recipes/proftpd.rb
+++ b/chef/cookbooks/metasploitable/recipes/proftpd.rb
@ -40,6 +40,39 @@ cookbook_file '/etc/init.d/proftpd' do
  mode '760'
 end

+# Setup the IP Renewer
+cookbook_file '/opt/proftpd/proftpd_ip_renewer.rb' do
+  source 'proftpd/proftpd_ip_renewer.rb'
+  mode '744'
+  owner 'root'
+  group 'root'
+end
+
+cookbook_file '/etc/init/proftpd_ip_renewer.conf' do
+  source 'proftpd/proftpd_ip_renewer.conf'
+  mode '0644'
+end
+
+cookbook_file '/opt/proftpd/hosts_renewer.rb' do
+  source 'proftpd/hosts_renewer.rb'
+  mode '744'
+  owner 'root'
+  group 'root'
+end
+
+cookbook_file '/etc/init/hosts_renewer.conf' do
+  source 'proftpd/hosts_renewer.conf'
+  mode '0644'
+end
+
 service 'proftpd' do
  action [:enable, :start]
 end
+
+service 'proftpd_ip_renewer' do
+  action [:enable, :start]
+end
+
+service 'hosts_renewer' do
+  action [:enable, :start]
+end
--- a/chef/cookbooks/metasploitable/recipes/readme_app.rb
+++ b/chef/cookbooks/metasploitable/recipes/readme_app.rb
@ -33,10 +33,12 @@ cookbook_file '/etc/init/readme_app.conf' do
  mode '0644'
 end

-script 'set permissions' do
+bash 'set permissions' do
  code <<-EOH
-    find . -type d | xargs chmod 0755
-    find . -type f | xargs chmod 0644
+    chown -R chewbacca:users /opt/readme_app
+    find /opt/readme_app -type d | xargs chmod 0755
+    find /opt/readme_app -type f | xargs chmod 0644
+    chmod 0755 /opt/readme_app/start.sh
  EOH
 end

--- a/chef/cookbooks/metasploitable/templates/readme_app/start.sh.erb
+++ b/chef/cookbooks/metasploitable/templates/readme_app/start.sh.erb
@ -1,5 +1,5 @@
 #!/bin/sh

 cd /opt/readme_app
-bundle install
-rails s -b 0.0.0.0 -p <%= node[:metasploitable][:ports][:readme_app] %>
+bundle install --path vendor/bundle
+bundle exec rails s -b 0.0.0.0 -p <%= node[:metasploitable][:ports][:readme_app] %>
--- a/packer/templates/aws/ubuntu_1404_ctf_2017.json
+++ b/packer/templates/aws/ubuntu_1404_ctf_2017.json
@ -51,6 +51,6 @@
    "iso_url": "http://old-releases.ubuntu.com/releases/14.04.1/ubuntu-14.04.1-server-amd64.iso",
    "iso_checksum_type": "md5",
    "iso_checksum": "ca2531b8cd79ea5b778ede3a524779b9",
-    "box_version": "0.1.8"
+    "box_version": "0.1.12"
  }
 }