From d2ee0181595b119567a0b93bb4fc3051cd6b5b9d Mon Sep 17 00:00:00 2001
From: wchen-r7 <wei_chen@rapid7.com>
Date: Wed, 26 Oct 2016 13:33:56 -0500
Subject: [PATCH] Add ElasticSearch to Metasploitable3

---
 Vagrantfile                                | 9 +++++++++
 scripts/configs/configure_firewall.bat     | 1 +
 scripts/installs/install_elasticsearch.bat | 9 +++++++++
 3 files changed, 19 insertions(+)
 create mode 100644 scripts/installs/install_elasticsearch.bat

diff --git a/Vagrantfile b/Vagrantfile
index 3cc95eb..33f5c93 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -57,6 +57,7 @@ Vagrant.configure("2") do |config|
   config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
 
   # Vulnerability - Wordpress and phpMyAdmin
+  # This must run after the WAMP setup.
   config.vm.provision :shell, path: "scripts/chocolatey_installs/vcredist2008.bat" # Visual Studio 2008 redistributable is a requirement for WAMP
   config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
   config.vm.provision :shell, path: "scripts/installs/install_wamp.bat"
@@ -85,6 +86,7 @@ Vagrant.configure("2") do |config|
   config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
 
   # Vulnerability - WebDAV
+  # This must run after the WAMP setup.
   config.vm.provision :shell, path: "scripts/installs/setup_webdav.bat"
   config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
 
@@ -97,6 +99,7 @@ Vagrant.configure("2") do |config|
   config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
 
   # Vulnerability - Axis2
+  # This must run after the Apache Struts setup.
   config.vm.provision :shell, path: "scripts/installs/setup_axis2.bat"
   config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
 
@@ -104,6 +107,12 @@ Vagrant.configure("2") do |config|
   config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"
   config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
 
+  # Vulnerability - ElasticSearch
+  # This must run after the firewall rules, because it needs to make some HTTP requests in order to
+  # set up the vulnerable state.
+  config.vm.provision :shell, path: "scripts/installs/install_elasticsearch.bat"
+  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
+
   # Configure flags
   config.vm.provision :shell, path: "scripts/installs/install_flags.bat"
   config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614a
diff --git a/scripts/configs/configure_firewall.bat b/scripts/configs/configure_firewall.bat
index 9cf8715..519652b 100644
--- a/scripts/configs/configure_firewall.bat
+++ b/scripts/configs/configure_firewall.bat
@@ -12,3 +12,4 @@ netsh advfirewall firewall add rule name="Open Port 3306 for MySQL" dir=in actio
 netsh advfirewall firewall add rule name="Open Port 8020 for ManageEngine Desktop Central" dir=in action=allow protocol=TCP localport=8020
 netsh advfirewall firewall add rule name="Open Port 8383 for ManageEngine Desktop Central" dir=in action=allow protocol=TCP localport=8383
 netsh advfirewall firewall add rule name="Open Port 8022 for ManageEngine Desktop Central" dir=in action=allow protocol=TCP localport=8022
+netsh advfirewall firewall add rule name="Open Port 9200 for ElasticSearch" dir=in action=allow protocol=TCP localport=9200
diff --git a/scripts/installs/install_elasticsearch.bat b/scripts/installs/install_elasticsearch.bat
new file mode 100644
index 0000000..dfda300
--- /dev/null
+++ b/scripts/installs/install_elasticsearch.bat
@@ -0,0 +1,9 @@
+powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://repo1.maven.org/maven2/org/elasticsearch/elasticsearch/1.1.1/elasticsearch-1.1.1.zip', 'C:\Windows\Temp\elasticsearch-1.1.1.zip')" <NUL
+cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\Windows\Temp\elasticsearch-1.1.1.zip" -o"C:\Program Files\""
+cmd /c ""C:\Program Files\elasticsearch-1.1.1\bin\service.bat" install"
+sc config "elasticsearch-service-x64" start= auto
+cmd /c ""C:\Program Files\elasticsearch-1.1.1\bin\service.bat" start"
+powershell -Command "Start-Sleep -s 5"
+powershell -Command "$req = [System.Net.HttpWebRequest]::Create('http://localhost:9200/metasploitable3/'); $req.method = 'PUT'; $req.GetResponse()"
+powershell -Command "$body = [System.Text.Encoding]::ASCII.GetBytes('{\"user\":\"kimchy\", \"post_date\": \"2009-11-15T14:12:12\", \"message\": \"Elasticsearch\" }'); $req = [System.Net.HttpWebRequest]::Create('http://localhost:9200/metasploitable3/message/1'); $req.method = 'PUT'; $req.ContentType = 'application/x-www-form-urlencoded'; $stream = $req.GetRequestStream(); $stream.Write($body, 0, $body.Length); $stream.close(); $req.GetResponse()"
+