metasploitable3/Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.define "win2k8" do |win2k8|
    # Base configuration for the VM and provisioner
    win2k8.vm.box = "metasploitable3"
    win2k8.vm.hostname = "metasploitable3"
    win2k8.vm.communicator = "winrm"
    win2k8.winrm.retry_limit = 60
    win2k8.winrm.retry_delay = 10

    win2k8.vm.network "private_network", type: "dhcp"

    # Configure Firewall to open up vulnerable services
    case ENV['MS3_DIFFICULTY']
      when 'easy'
        config.vm.provision :shell, path: "scripts/configs/disable_firewall.bat"
      else
        win2k8.vm.provision :shell, path: "scripts/configs/enable_firewall.bat"
        win2k8.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"
    end

    # Insecure share from the Linux machine
    win2k8.vm.provision :shell, path: "scripts/installs/install_share_autorun.bat"
    win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
    win2k8.vm.provision :shell, path: "scripts/installs/setup_linux_share.bat"
    win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  end

  config.vm.define "trusty" do |trusty|
    trusty.vm.box = "rsginc/ubuntu64-14-04-1"
    trusty.vm.hostname = "metasploitableUB"

    trusty.vm.network "private_network", ip: '172.28.128.3'

    trusty.vm.provider "virtualbox" do |v|
      v.name = "MetasploitableUB"
      v.memory = 2048
    end

    config.omnibus.chef_version = :latest

    # Provision with Chef Solo
    #
    config.vm.provision :chef_solo do |chef|
      chef.cookbooks_path = [ 'chef/cookbooks' ]

      chef.json = { 'metasploitable' => {
          # Customizations here
        }
      }

      chef.add_recipe "metasploitable::mysql"
      chef.add_recipe "metasploitable::apache_continuum"
      chef.add_recipe "metasploitable::apache"
      chef.add_recipe "metasploitable::php_545"
      chef.add_recipe "metasploitable::phpmyadmin"
      chef.add_recipe "metasploitable::proftpd"
      chef.add_recipe "metasploitable::users"
      chef.add_recipe "metasploitable::docker"
      chef.add_recipe "metasploitable::samba"
      chef.add_recipe "metasploitable::sinatra"
      chef.add_recipe "metasploitable::unrealircd"
      chef.add_recipe "metasploitable::chatbot"
      chef.add_recipe "metasploitable::payroll_app"
      chef.add_recipe "metasploitable::readme_app"
      chef.add_recipe "metasploitable::cups"
      chef.add_recipe "metasploitable::drupal"
      chef.add_recipe "metasploitable::knockd"
      chef.add_recipe "metasploitable::iptables"
      chef.add_recipe "metasploitable::flags"
      chef.add_recipe "metasploitable::clear_cache"
    end
  end
end
Initial commit. 2016-08-30 17:53:02 +02:00			`# -- mode: ruby --`
			`# vi: set ft=ruby :`

			`Vagrant.configure("2") do \|config\|`
WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00			`config.vm.define "win2k8" do \|win2k8\|`
			`# Base configuration for the VM and provisioner`
			`win2k8.vm.box = "metasploitable3"`
			`win2k8.vm.hostname = "metasploitable3"`
			`win2k8.vm.communicator = "winrm"`
Add Sinatra Leaked Secret Deserialization Vulnerability 2017-04-01 00:15:04 +02:00			`win2k8.winrm.retry_limit = 60`
			`win2k8.winrm.retry_delay = 10`
WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00
			`win2k8.vm.network "private_network", type: "dhcp"`

			`# Configure Firewall to open up vulnerable services`
			`case ENV['MS3_DIFFICULTY']`
Add Sinatra Leaked Secret Deserialization Vulnerability 2017-04-01 00:15:04 +02:00			`when 'easy'`
			`config.vm.provision :shell, path: "scripts/configs/disable_firewall.bat"`
			`else`
			`win2k8.vm.provision :shell, path: "scripts/configs/enable_firewall.bat"`
			`win2k8.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"`
WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00			`end`

Add share from Linux 2017-04-07 21:33:30 +02:00			`# Insecure share from the Linux machine`
Add Autorun for linux share 2017-05-02 18:07:48 +02:00			`win2k8.vm.provision :shell, path: "scripts/installs/install_share_autorun.bat"`
			`win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Add share from Linux 2017-04-07 21:33:30 +02:00			`win2k8.vm.provision :shell, path: "scripts/installs/setup_linux_share.bat"`
			`win2k8.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Make difficulty configurable 2016-10-28 23:04:22 +02:00			`end`

WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00			`config.vm.define "trusty" do \|trusty\|`
Add shellshock vulnerability exploitable through Apache mod_cgi. 2017-03-13 23:34:45 +01:00			`trusty.vm.box = "rsginc/ubuntu64-14-04-1"`
WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00			`trusty.vm.hostname = "metasploitableUB"`
Initial commit. 2016-08-30 17:53:02 +02:00
Add share from Linux 2017-04-07 21:33:30 +02:00			`trusty.vm.network "private_network", ip: '172.28.128.3'`
Add ElasticSearch to Metasploitable3 2016-10-26 20:33:56 +02:00
WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00			`trusty.vm.provider "virtualbox" do \|v\|`
			`v.name = "MetasploitableUB"`
Convert users to use attributes file. 2017-06-22 00:15:42 +02:00			`v.memory = 2048`
WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00			`end`

			`config.omnibus.chef_version = :latest`

			`# Provision with Chef Solo`
			`#`
			`config.vm.provision :chef_solo do \|chef\|`
			`chef.cookbooks_path = [ 'chef/cookbooks' ]`

linux: add docker_daemon_privilege_escalation Install docker from the community cookbook and add some users in the docker group from attributes. I created the `attributes/default.rb` attribute file to configure which users are added in the `docker` group. I suggest to put all configurable values here, such as users, passwords etc.. 2017-03-15 23:59:51 +01:00			`chef.json = { 'metasploitable' => {`
Add Sinatra Leaked Secret Deserialization Vulnerability 2017-04-01 00:15:04 +02:00			`# Customizations here`
Revert "Revert "Merge branch 'docker_vuln'"" This reverts commit 50a8a91c7117752ee15e5199ff6a3f9cf7c6a0b0. 2017-07-13 01:15:48 +02:00			`}`
Add Sinatra Leaked Secret Deserialization Vulnerability 2017-04-01 00:15:04 +02:00			`}`
WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00
Accidentally dropped some recipes 2017-07-13 19:57:31 +02:00			`chef.add_recipe "metasploitable::mysql"`
			`chef.add_recipe "metasploitable::apache_continuum"`
			`chef.add_recipe "metasploitable::apache"`
			`chef.add_recipe "metasploitable::php_545"`
			`chef.add_recipe "metasploitable::phpmyadmin"`
			`chef.add_recipe "metasploitable::proftpd"`
WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00			`chef.add_recipe "metasploitable::users"`
linux: add docker_daemon_privilege_escalation Install docker from the community cookbook and add some users in the docker group from attributes. I created the `attributes/default.rb` attribute file to configure which users are added in the `docker` group. I suggest to put all configurable values here, such as users, passwords etc.. 2017-03-15 23:59:51 +01:00			`chef.add_recipe "metasploitable::docker"`
Add Samba with vulnerable share There is a samba share named "public". Cred to access: chewbacca:rwaaaaawr5 2017-04-04 00:06:40 +02:00			`chef.add_recipe "metasploitable::samba"`
Add Sinatra Leaked Secret Deserialization Vulnerability 2017-04-01 00:15:04 +02:00			`chef.add_recipe "metasploitable::sinatra"`
Add unrealircd vulnerable service. 2017-04-06 20:19:21 +02:00			`chef.add_recipe "metasploitable::unrealircd"`
Add chatbot to Linux VM 2017-04-17 18:45:23 +02:00			`chef.add_recipe "metasploitable::chatbot"`
Add php page vulnerable to sql injection. 2017-04-11 19:53:34 +02:00			`chef.add_recipe "metasploitable::payroll_app"`
Add Sinatra Leaked Secret Deserialization Vulnerability 2017-04-01 00:15:04 +02:00			`chef.add_recipe "metasploitable::readme_app"`
			`chef.add_recipe "metasploitable::cups"`
Add drupal 7.5 Also make some changes to other recipes as I learn more about chef. 2017-06-06 21:46:22 +02:00			`chef.add_recipe "metasploitable::drupal"`
Add five_of_diamonds flag This flag is hidden within a binary that runs a webservice on a given port. The port is blocked until the correct port knocking sequence is initiated. The default port sequence is all of the user's salary numbers. The commit also moves a lot of values that were previously in recipes into attributes files for easier maintaining going forward. 2017-06-30 21:47:30 +02:00			`chef.add_recipe "metasploitable::knockd"`
			`chef.add_recipe "metasploitable::iptables"`
			`chef.add_recipe "metasploitable::flags"`
Clear chef cache 2017-07-20 22:44:38 +02:00			`chef.add_recipe "metasploitable::clear_cache"`
WIP: Adding Linux VM using chef solo provisioning 2017-02-13 22:53:51 +01:00			`end`
			`end`
Revert "Revert "Merge branch 'docker_vuln'"" This reverts commit 50a8a91c7117752ee15e5199ff6a3f9cf7c6a0b0. 2017-07-13 01:15:48 +02:00			`end`