Commit Graph

158 Commits

Author SHA1 Message Date
James Barnett
bc3ef65dbf Update linux tests.
- Finished out flag tests
- All tests are passing correctly
- Use integer for mode consistently
2017-08-15 12:43:37 -05:00
James Barnett
d1ad7dcd47 Merge branch 'feature/linux_ctf' of github.com:rapid7/metasploitable3-ctf into feature/linux_ctf 2017-08-11 13:36:58 -05:00
James Barnett
d8091b6e66 Add more tests. 2017-08-11 13:36:04 -05:00
jbarnett-r7
04f0aa2737 Merge pull request #8 from rapid7/update_king_of_spades
Update the Base64 for ircd.motd
2017-08-10 14:44:16 -05:00
James Barnett
25d896fd4d Update test for new logo 2017-08-09 11:10:49 -05:00
James Barnett
aa72a903cb Missed a file. 2017-08-09 10:55:32 -05:00
jbarnett-r7
ca7f6b2d31 Merge pull request #9 from rapid7/add_aws_builder
Add AWS builder
2017-08-09 10:51:34 -05:00
James Barnett
3fdaf996ae Update recipes for better chef practices.
There were quite a few bugs in the chef recipes when building using other platforms.
These were mostly due to assuming the vagrant user would exist.
Things are now more generic and should be more reliable overall.
2017-08-04 11:18:57 -05:00
James Barnett
520c0564be Build Linux VM in packer.
This makes some other changes:
* Moves packer related files to packer directory.
* Updates build scripts for new packer directory.
* Renames boxes to metasploitabl3-<OS>
2017-07-31 15:48:27 -05:00
sinn3r
be68ba5724 Merge pull request #7 from rapid7/2_of_spades
Add 2 of spades
2017-07-28 12:12:58 -05:00
wchen-r7
761140684e Update the Base64 for ircd.motd 2017-07-28 00:47:46 -05:00
James Barnett
b4b47b5e06 Merge branch 'master' into feature/linux_ctf 2017-07-27 11:31:23 -05:00
James Barnett
24e20be16e Add 2 of spades 2017-07-26 17:42:43 -05:00
wchen-r7
30fa1a7b60 change perm 2017-07-22 01:52:23 -05:00
wchen-r7
d3559e1628 Auto close for knockd 2017-07-22 01:28:30 -05:00
wchen-r7
5c802ca808 Change start script to upstart for five of diamonds 2017-07-21 17:32:29 -05:00
wchen-r7
1dec6f1d0b Update binary 2017-07-21 16:56:41 -05:00
wchen-r7
7c0e16ecfe Set perm 2017-07-21 16:31:42 -05:00
wchen-r7
f893bdeafa Update five of diamonds with obfuscation 2017-07-21 14:53:49 -05:00
wchen-r7
326982e3ed Fix 5 of Hearts in Drupal 2017-07-20 16:38:18 -05:00
wchen-r7
1944427139 Clear chef cache 2017-07-20 15:44:38 -05:00
wchen-r7
52fd8f351d Use Crystal loader for Sinatra 2017-07-20 14:08:03 -05:00
Chan9390
bc1c62a3c2
Converted scripts to port resource 2017-07-19 18:22:41 +05:30
Chan9390
a86f53bffc
Updated wamp.rb 2017-07-19 18:13:45 +05:30
Chan9390
be2c849d3b
Updated snmp.rb 2017-07-19 18:09:15 +05:30
Chan9390
06cba9d340
Updated rails_service.rb 2017-07-19 18:02:59 +05:30
Chan9390
6acb359c09
Updated mysql.rb 2017-07-19 17:42:49 +05:30
Chan9390
97e5e7ede6
Updated manageengine.rb 2017-07-19 17:39:42 +05:30
Chan9390
bf7d1b498f
Updated jmx.rb 2017-07-19 17:31:38 +05:30
Chan9390
09a45f05f6
Updated elasticsearch.rb 2017-07-19 16:38:28 +05:30
Chan9390
f31f99d49b
Updated create_users.rb 2017-07-19 16:10:43 +05:30
wchen-r7
bc4f5e3a41 Make port 80 browsable and set a pass for phpmyadmin 2017-07-17 13:54:12 -05:00
wchen-r7
a8ea9d7cb6 Fix ircd 2017-07-14 17:47:05 -05:00
wchen-r7
31160bda49 This is the right chatbot.zip 2017-07-14 16:40:07 -05:00
James Barnett
ec2b7380c7 Missed dockerfile 2017-07-14 15:43:48 -05:00
wchen-r7
b7205c3351 merge conflict 2017-07-14 15:27:26 -05:00
wchen-r7
30f4b325d6 Update chatbot code for ace of clubs 2017-07-14 15:27:07 -05:00
James Barnett
268537fa5d Hide 7 of diamonds in docker container 2017-07-14 15:13:15 -05:00
wchen-r7
d088960490 Fix a typo 2017-07-14 14:27:57 -05:00
James Barnett
dc733474af Add more flags 2017-07-14 12:14:01 -05:00
James Barnett
2824f96795 Hide 5 of hearts in drupal 2017-07-13 16:26:38 -05:00
James Barnett
3dddb7c3e8 Hide king of spades in unrealircd 2017-07-13 16:23:31 -05:00
James Barnett
c1e40ac1d4 Hide ace of clubs 2017-07-13 15:23:28 -05:00
James Barnett
c2f5a4ff52 Hide king of spades 2017-07-13 15:21:50 -05:00
James Barnett
b2aeac3028 Fix typo in file name 2017-07-13 13:11:12 -05:00
James Barnett
55b0cbf763 Forgot the readme_app in port listing 2017-07-13 12:50:14 -05:00
wchen-r7
cdb7987c67 Embed 6 of Clubs in Sinatra service 2017-07-12 16:51:08 -05:00
Chan9390
36d99c45d3
Added IIS, psexec and winrm tests 2017-07-07 18:46:43 +05:30
Chan9390
e90d1b1163
Added port checking 2017-07-07 17:50:21 +05:30
James Barnett
6fd0a57fdf Configure iptables for other services. 2017-07-06 17:08:33 -05:00
James Barnett
fc336a5f1b Configure other services in iptables 2017-07-06 14:52:39 -05:00
Chan9390
b95eec973f
Initial test scripts 2017-07-06 08:55:40 +05:30
James Barnett
367d3fd6db Use actual flag name 2017-06-30 15:45:08 -05:00
James Barnett
5bbed5387e Add five_of_diamonds flag
This flag is hidden within a binary that runs a webservice on a given port.
The port is blocked until the correct port knocking sequence is initiated.
The default port sequence is all of the user's salary numbers.

The commit also moves a lot of values that were previously in recipes into
attributes files for easier maintaining going forward.
2017-06-30 14:47:30 -05:00
James Barnett
dfcdafe410
Convert users to use attributes file. 2017-06-21 17:15:42 -05:00
James Barnett
541e39430b
Add tests for the chatbot. 2017-06-13 12:24:44 -05:00
James Barnett
121b8ed880
Add tests for drupal. 2017-06-06 15:34:30 -05:00
James Barnett
eb9188f04d Merge branch 'inspec_testing' into linux/drupal 2017-06-06 14:58:36 -05:00
James Barnett
1570bf7117
Add drupal 7.5
Also make some changes to other recipes as I learn more about chef.
2017-06-06 14:46:22 -05:00
James Barnett
e4b142c2ef
Add cups tests 2017-05-30 16:25:42 -05:00
James Barnett
00b263a0e2
Add tests for apache. 2017-05-26 14:23:27 -05:00
James Barnett
456ed291b5
Merge branch 'add_linux_vm' into chatbot 2017-05-03 13:03:54 -05:00
wchen-r7
3b492538b7 Resolve merge conflict 2017-04-21 14:27:54 -05:00
wchen-r7
8259ef67a1 Update chatbot.zip 2017-04-21 14:07:49 -05:00
James Barnett
e2221d2460
Install nodejs 4.x instead of 0.10.2. 2017-04-21 10:46:21 -05:00
James Barnett
1eae27f271
Move nodejs install to separate recipe. 2017-04-20 15:50:02 -05:00
James Barnett
c03cbe633e
Merge branch 'add_linux_vm' into chatbot
Fix conflict in Vagrantfile
2017-04-20 15:20:07 -05:00
wchen-r7
27634d321b change port to 3500 because 3000 is occupied by the bot 2017-04-20 15:14:38 -05:00
James Barnett
1c2cea73f2
Add missing files. 2017-04-20 14:44:26 -05:00
James Barnett
9bb04bbaec
Update cups to listen on all interfaces. 2017-04-20 14:42:47 -05:00
wchen-r7
be04fc19d8 Resolve merge conflict in Vagrantfile 2017-04-20 14:11:02 -05:00
James Barnett
6462446b44
Fix bundle install and startup errors. 2017-04-20 13:43:11 -05:00
James Barnett
a66ff125d9
Add readme_app.
Also moved ruby installs out into its own recipe and included that in readme_app and sinatra recipes.
2017-04-19 16:25:46 -05:00
wchen-r7
41d86d73a3 Bring linux/cups up to date 2017-04-19 16:25:35 -05:00
wchen-r7
af004b1845 Resolve merge conflict in Vagrantfile 2017-04-19 11:07:53 -05:00
wchen-r7
416066f536 Up to date linux/webdav 2017-04-18 16:08:10 -05:00
wchen-r7
88bea47229 Update payroll_app 2017-04-18 16:02:52 -05:00
wchen-r7
2ecf81cb65 Update payroll_app 2017-04-18 16:00:38 -05:00
wchen-r7
a92d7693d2 Update chatbot.zip 2017-04-17 15:52:50 -05:00
James Barnett
8939a3d84f
Add vulnerable service cups. 2017-04-17 14:54:43 -05:00
wchen-r7
b522075693 update chatbot.rb 2017-04-17 13:28:07 -05:00
wchen-r7
fe3cd99781 Add chatbot to Linux VM 2017-04-17 11:45:23 -05:00
James Barnett
7b60422bbf
Enable WebDAV on Apache. 2017-04-13 16:52:10 -05:00
James Barnett
3183374191
Add poc for sql injection. 2017-04-11 16:12:46 -05:00
James Barnett
fa021341aa
Add php page vulnerable to sql injection. 2017-04-11 12:53:34 -05:00
James Barnett
9ee6631831 Merge branch 'add_linux_vm' of github.com:rapid7/metasploitable3 into add_linux_vm 2017-04-10 14:33:26 -05:00
James Barnett
a2c943940a
Fix syntax in user config. 2017-04-10 14:33:00 -05:00
James Barnett
9d750aa155
Add unrealircd vulnerable service. 2017-04-06 13:19:21 -05:00
jbarnett-r7
3daf5181f3 Merge pull request #111 from rapid7/add_custom_vuln
Add Custom Vulnerability (deserialization due to a compromised secret) for Linux VM
2017-04-05 17:27:49 -05:00
James Barnett
759bde200a
Remove unused file. 2017-04-05 17:27:15 -05:00
wchen-r7
ab5a2ae9d3 Add missing file 2017-04-05 15:59:49 -05:00
wchen-r7
bccc03578b Update sinatra.rb 2017-04-05 15:58:26 -05:00
wchen-r7
2f2a2f2309 Use upstart script 2017-04-05 15:54:14 -05:00
wchen-r7
1e8b607fe1 Add a comment explaining where the passwords are 2017-04-03 17:19:20 -05:00
wchen-r7
ed38a9e2fa Add Samba with vulnerable share
There is a samba share named "public". Cred to access:

chewbacca:rwaaaaawr5
2017-04-03 17:06:40 -05:00
wchen-r7
eef880200f Merge branch 'add_linux_vm' into add_custom_vuln 2017-04-03 11:19:47 -05:00
James Barnett
50a8a91c71 Revert "Merge branch 'docker_vuln'"
This reverts commit 7f77216223, reversing
changes made to 8b1af132e1.
2017-04-03 10:43:43 -05:00
wchen-r7
820f265241 Change port 2017-03-31 17:20:04 -05:00
wchen-r7
1b21911005 Add Sinatra Leaked Secret Deserialization Vulnerability 2017-03-31 17:15:04 -05:00
Sliim
dbe3947d22 linux: add docker_daemon_privilege_escalation
Install docker from the community cookbook and add some users in the
docker group from attributes.
I created the `attributes/default.rb` attribute file to configure which
users are added in the `docker` group. I suggest to put all configurable
values here, such as users, passwords etc..
2017-03-25 12:41:46 +01:00