metasploitable3

mirror of https://github.com/rapid7/metasploitable3.git synced 2024-07-01 01:06:05 +02:00

History

James Barnett 759bde200a Remove unused file.		2017-04-05 17:27:15 -05:00
..
check.rb	Change port	2017-03-31 17:20:04 -05:00
Gemfile	Use upstart script	2017-04-05 15:54:14 -05:00
poc.rb	Change port	2017-03-31 17:20:04 -05:00
README.txt	Use upstart script	2017-04-05 15:54:14 -05:00
server.rb	Use upstart script	2017-04-05 15:54:14 -05:00
sinatra.conf	Use upstart script	2017-04-05 15:54:14 -05:00
start.sh	Add missing file	2017-04-05 15:59:49 -05:00

README.txt

==============
Description
==============

This application is vulnerable to a deserialization vulnerability due to a
compromised session secret.

Since this is a custom application, the Metasploitable player is required to
figure out what the secret is (remotely, not through code reading), and write
an exploit from scratch.

For development purposes, you can use the following scripts to test the
vulnerable service:

* check.rb - This will check if the application is vulnerable.
* poc.rb   - This will attempt to exploit the application. It will create a
             file named /tmp/your_id.txt

==============
Usage
==============

To start the vulnerable application, first do:

$ bundle install

And then finally:

$ ruby start.rb

The server should start on port 8181.