mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-07-04 18:55:48 +02:00
25 lines
505 B
Plaintext
25 lines
505 B
Plaintext
==============
|
|
Description
|
|
==============
|
|
|
|
This application is vulnerable to a deserialization vulnerability due to a
|
|
compromised session secret.
|
|
|
|
Since this is a custom application, the Metasploitable player is required to
|
|
figure out what the secret is (remotely, not through code reading), and write
|
|
an exploit from scratch.
|
|
|
|
==============
|
|
Usage
|
|
==============
|
|
|
|
To start the vulnerable application, first do:
|
|
|
|
$ bundle install
|
|
|
|
And then finally:
|
|
|
|
$ ruby start.rb
|
|
|
|
The server should start on port 8181.
|