Marown/metasploitable3
1
0
Fork 0
mirror of https://github.com/rapid7/metasploitable3.git synced 2024-07-02 17:55:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
126949ce19
metasploitable3/chef/cookbooks/metasploitable/files/sinatra
History
wchen-r7 974b0642ec Delete files that are not needed anymore
2017-07-12 17:17:04 -05:00
..
Gemfile Use upstart script 2017-07-12 17:13:45 -05:00
README.txt Delete files that are not needed anymore 2017-07-12 17:17:04 -05:00
server.rb Use upstart script 2017-07-12 17:13:45 -05:00
sinatra.conf Use upstart script 2017-07-12 17:13:45 -05:00
start.sh Add missing file 2017-07-12 17:13:45 -05:00

README.txt 

==============
Description
==============

This application is vulnerable to a deserialization vulnerability due to a
compromised session secret.

Since this is a custom application, the Metasploitable player is required to
figure out what the secret is (remotely, not through code reading), and write
an exploit from scratch.

==============
Usage
==============

To start the vulnerable application, first do:

$ bundle install

And then finally:

$ ruby start.rb

The server should start on port 8181.