mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-06-25 22:35:48 +02:00
5bbed5387e
This flag is hidden within a binary that runs a webservice on a given port. The port is blocked until the correct port knocking sequence is initiated. The default port sequence is all of the user's salary numbers. The commit also moves a lot of values that were previously in recipes into attributes files for easier maintaining going forward.
28 lines
566 B
Ruby
28 lines
566 B
Ruby
#
|
|
# Cookbook:: metasploitable
|
|
# Recipe:: iptables
|
|
#
|
|
# Copyright:: 2017, Rapid7, All Rights Reserved.
|
|
|
|
execute "apt-get update" do
|
|
command "apt-get update"
|
|
end
|
|
|
|
bash 'setup for knockd, used for flag' do
|
|
code <<-EOH
|
|
iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP
|
|
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
|
iptables -A INPUT -j DROP
|
|
EOH
|
|
end
|
|
|
|
package 'iptables-persistent' do
|
|
action :install
|
|
end
|
|
|
|
service 'iptables-persistent' do
|
|
action [:enable, :start]
|
|
end
|
|
|