Add shellshock vulnerability exploitable through Apache mod_cgi.

2017-03-13 17:34:45 -05:00 · 2017-03-13 17:34:45 -05:00 · 4d6c47efda
parent ffed818290
commit 4d6c47efda
5 changed files with 73 additions and 1 deletions
--- a/3
+++ b/3
@ -132,7 +132,7 @@ Vagrant.configure("2") do |config|
  end

  config.vm.define "trusty" do |trusty|
-    trusty.vm.box = "ubuntu/trusty64"
+    trusty.vm.box = "rsginc/ubuntu64-14-04-1"
    trusty.vm.hostname = "metasploitableUB"

    trusty.vm.network "private_network", type: "dhcp"
@ -152,6 +152,7 @@ Vagrant.configure("2") do |config|

      chef.add_recipe "metasploitable::mysql"
      chef.add_recipe "metasploitable::apache_continuum"
+      chef.add_recipe "metasploitable::apache"
      chef.add_recipe "metasploitable::users"
    end
  end
--- a/chef/cookbooks/metasploitable/files/apache/cgi-bin.conf
+++ b/chef/cookbooks/metasploitable/files/apache/cgi-bin.conf
@ -0,0 +1,19 @@
+<IfModule mod_alias.c>
+    <IfModule mod_cgi.c>
+        Define ENABLE_CGI_BIN
+    </IfModule>
+
+    <IfModule mod_cgid.c>
+        Define ENABLE_CGI_BIN
+    </IfModule>
+
+    <IfDefine ENABLE_CGI_BIN>
+        ScriptAlias /cgi-bin/ /var/www/cgi-bin/
+        <Directory "/var/www/cgi-bin">
+            AllowOverride None
+            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+            Order allow,deny
+            Allow from all
+        </Directory>
+    </IfDefine>
+</IfModule>
--- a/chef/cookbooks/metasploitable/files/apache/hello_world.pl
+++ b/chef/cookbooks/metasploitable/files/apache/hello_world.pl
@ -0,0 +1,3 @@
+#!/usr/bin/perl
+print "Content-type: text/html\n\n";
+print "Hello, World.";
--- a/chef/cookbooks/metasploitable/files/apache/hello_world.sh
+++ b/chef/cookbooks/metasploitable/files/apache/hello_world.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+printf "Content-type: text/html\n\n"
+printf "Hello World!\n"
--- a/chef/cookbooks/metasploitable/recipes/apache.rb
+++ b/chef/cookbooks/metasploitable/recipes/apache.rb
@ -0,0 +1,46 @@
+#
+# Cookbook:: metasploitable
+# Recipe:: apache
+#
+# Copyright:: 2017, Rapid7, All Rights Reserved.
+
+execute 'apt-get update' do
+  command 'apt-get update'
+end
+
+package 'apache2' do
+  action :install
+end
+
+directory '/var/www/cgi-bin' do
+  mode '0755'
+  recursive true
+end
+
+cookbook_file '/var/www/cgi-bin/hello_world.sh' do
+  source 'apache/hello_world.sh'
+  mode '0755'
+end
+
+cookbook_file '/etc/apache2/conf-available/cgi-bin.conf' do
+  source 'apache/cgi-bin.conf'
+  mode '0644'
+end
+
+execute 'enable-cgi-mod' do
+  command 'a2enmod cgi'
+end
+
+execute 'enable-cgi-bin-conf' do
+  command 'a2enconf cgi-bin'
+end
+
+execute 'disable-serve-cgi-bin-conf' do
+  command 'a2disconf serve-cgi-bin'
+end
+
+service 'apache2' do
+  action [:enable, :start]
+end
+
+