Add five_of_diamonds flag
This flag is hidden within a binary that runs a webservice on a given port. The port is blocked until the correct port knocking sequence is initiated. The default port sequence is all of the user's salary numbers. The commit also moves a lot of values that were previously in recipes into attributes files for easier maintaining going forward.
This commit is contained in:
parent
dfcdafe410
commit
5bbed5387e
|
@ -160,12 +160,6 @@ Vagrant.configure("2") do |config|
|
|||
}
|
||||
}
|
||||
|
||||
chef.add_recipe "metasploitable::mysql"
|
||||
chef.add_recipe "metasploitable::apache_continuum"
|
||||
chef.add_recipe "metasploitable::apache"
|
||||
chef.add_recipe "metasploitable::php_545"
|
||||
chef.add_recipe "metasploitable::phpmyadmin"
|
||||
chef.add_recipe "metasploitable::proftpd"
|
||||
chef.add_recipe "metasploitable::users"
|
||||
chef.add_recipe "metasploitable::sinatra"
|
||||
chef.add_recipe "metasploitable::docker"
|
||||
|
@ -176,6 +170,9 @@ Vagrant.configure("2") do |config|
|
|||
chef.add_recipe "metasploitable::readme_app"
|
||||
chef.add_recipe "metasploitable::payroll_app"
|
||||
chef.add_recipe "metasploitable::drupal"
|
||||
chef.add_recipe "metasploitable::knockd"
|
||||
chef.add_recipe "metasploitable::iptables"
|
||||
chef.add_recipe "metasploitable::flags"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
#
|
||||
# Cookbook:: metasploitable
|
||||
# Attributes:: flags
|
||||
#
|
||||
|
||||
default[:flags][:flag1][:vuln_service] = 'apache'
|
||||
default[:flags][:flag1][:vuln_port] = '8989'
|
|
@ -0,0 +1,109 @@
|
|||
#
|
||||
# Cookbook:: metasploitable
|
||||
# Attributes:: users
|
||||
#
|
||||
|
||||
default[:users][:leia_organa] = { username: 'leia_organa',
|
||||
password: 'obiwan',
|
||||
password_hash: '$1$2ny4/xaH$tAFV5fbEqHx2OkOPIQhpx0',
|
||||
first_name: 'Leia',
|
||||
last_name: 'Organa',
|
||||
salary: '9560'}
|
||||
|
||||
default[:users][:luke_skywalker] = { username: 'luke_skywalker',
|
||||
password: 'password',
|
||||
password_hash: '$1$n8tgrGRs$8xaS40CFS1J5iIAEmbnx50',
|
||||
first_name: 'Luke',
|
||||
last_name: 'Skywalker',
|
||||
salary: '1080'}
|
||||
|
||||
default[:users][:han_solo] = { username: 'han_solo',
|
||||
password: 'sh00t-first',
|
||||
password_hash: '$1$L/2/AWAh$ZMUulbFhP2IesZ6xwBmaV0',
|
||||
first_name: 'Han',
|
||||
last_name: 'Solo',
|
||||
salary: '1200'}
|
||||
|
||||
default[:users][:artoo_detoo] = { username: 'artoo_detoo',
|
||||
password: 'beep_b00p',
|
||||
password_hash: '$1$DlEuqBUm$u71bKO9I603kDCqEphmon1',
|
||||
first_name: 'Artoo',
|
||||
last_name: 'Detoo',
|
||||
salary: '22222'}
|
||||
|
||||
default[:users][:c_three_pio] = { username: 'c_three_pio',
|
||||
password: 'pr0t0c0l',
|
||||
password_hash: '$1$4JMoAFqs$b5MwsiCfOASdUKktx6wQ7/',
|
||||
first_name: 'C',
|
||||
last_name: 'Threepio',
|
||||
salary: '3200'}
|
||||
|
||||
default[:users][:ben_kenobi] = { username: 'ben_kenobi',
|
||||
password: 'thats_no_moon',
|
||||
password_hash: '$1$vmHrrI9b$OyLulJjgi18GxgREG5V5c1',
|
||||
first_name: 'Ben',
|
||||
last_name: 'Kenobi',
|
||||
salary: '10000'}
|
||||
|
||||
default[:users][:darth_vader] = { username: 'darth_vader',
|
||||
password: 'd@rk_sid3',
|
||||
password_hash: '$1$c7AfQJ86$zvcdz7pPate7GdCQ.yfTf0',
|
||||
first_name: 'Darth',
|
||||
last_name: 'Vader',
|
||||
salary: '6666'}
|
||||
|
||||
default[:users][:anakin_skywalker] = { username: 'anakin_skywalker',
|
||||
password: 'yipp33!!',
|
||||
password_hash: '$1$AvIldIHu$o1s2OCU4n/qSCGQMKMgkH/',
|
||||
first_name: 'Anakin',
|
||||
last_name: 'Skywalker',
|
||||
salary: '1025'}
|
||||
|
||||
default[:users][:jarjar_binks] = { username: 'jarjar_binks',
|
||||
password: 'mesah_p@ssw0rd',
|
||||
password_hash: '$1$SNokFi0c$F.SvjZQjYRSuoBuobRWMh1',
|
||||
first_name: 'Jar-Jar',
|
||||
last_name: 'Binks',
|
||||
salary: '2048'}
|
||||
|
||||
default[:users][:lando_calrissian] = { username: 'lando_calrissian',
|
||||
password: 'b@ckstab',
|
||||
password_hash: '$1$8aWC7zHq$bz6K2rZVD7XlMNqBIIMGX.',
|
||||
first_name: 'Lando',
|
||||
last_name: 'Calrissian',
|
||||
salary: '40000'}
|
||||
|
||||
default[:users][:boba_fett] = { username: 'boba_fett',
|
||||
password: 'mandalorian1',
|
||||
password_hash: '$1$TjxlmV4j$k/rG1vb4.pj.z0yFWJ.ZD0',
|
||||
first_name: 'Boba',
|
||||
last_name: 'Fett',
|
||||
salary: '20000'}
|
||||
|
||||
default[:users][:jabba_hutt] = { username: 'jabba_hutt',
|
||||
password: 'not-a-slug12',
|
||||
password_hash: '$1$1q5jRHYC$LIp/8O/g9qg3NaeGOxGSl/',
|
||||
first_name: 'Jaba',
|
||||
last_name: 'Hutt',
|
||||
salary: '65000'}
|
||||
|
||||
default[:users][:greedo] = { username: 'greedo',
|
||||
password: 'hanShotFirst!',
|
||||
password_hash: '$1$1lmZ0rOJ$GITT5.sX0tvOQeC2/wWQF1',
|
||||
first_name: 'Greedo',
|
||||
last_name: 'Rodian',
|
||||
salary: '50000'}
|
||||
|
||||
default[:users][:chewbacca] = { username: 'chewbacca',
|
||||
password: 'rwaaaaawr5',
|
||||
password_hash: '$1$AjU5ZLh9$WjO.j9fYh3yms3HSDBKya1',
|
||||
first_name: 'Chewbacca',
|
||||
last_name: '',
|
||||
salary: '4500'}
|
||||
|
||||
default[:users][:kylo_ren] = { username: 'kylo_ren',
|
||||
password: 'daddy_issues1',
|
||||
password_hash: '$1$Zcw3AKDA$1Mjgzmr/HpmFXuxUjj2Vv1',
|
||||
first_name: 'Kylo',
|
||||
last_name: 'Ren',
|
||||
salary: '6667'}
|
Binary file not shown.
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,39 @@
|
|||
#!/bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: five_of_diamonds
|
||||
# Required-Start: $local_fs
|
||||
# Required-Stop: $local_fs
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# X-Interactive: false
|
||||
# Short-Description: Init script for five_of_diamonds
|
||||
# Description: Start/stop five_of_diamonds
|
||||
### END INIT INFO
|
||||
|
||||
DESC="five_of_diamonds"
|
||||
NAME=five_of_diamonds
|
||||
#DAEMON=
|
||||
|
||||
do_start()
|
||||
{
|
||||
echo "Starting five_of_diamonds.";
|
||||
/opt/knock_knock/five_of_diamonds -p 8989 &
|
||||
}
|
||||
|
||||
do_stop()
|
||||
{
|
||||
echo "Stopping five_of_diamonds."
|
||||
killall five_of_diamonds
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
do_start
|
||||
;;
|
||||
stop)
|
||||
do_stop
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,15 @@
|
|||
################################################
|
||||
#
|
||||
# knockd's default file, for generic sys config
|
||||
#
|
||||
################################################
|
||||
|
||||
# control if we start knockd at init or not
|
||||
# 1 = start
|
||||
# anything else = don't start
|
||||
#
|
||||
# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
|
||||
START_KNOCKD=1
|
||||
|
||||
# command line options
|
||||
#KNOCKD_OPTS="-i eth1"
|
|
@ -0,0 +1,23 @@
|
|||
#
|
||||
# Cookbook:: metasploitable
|
||||
# Recipe:: flags
|
||||
#
|
||||
# Copyright:: 2017, Rapid7, All Rights Reserved.
|
||||
|
||||
directory '/opt/knock_knock' do
|
||||
mode 0700
|
||||
end
|
||||
|
||||
cookbook_file '/opt/knock_knock/five_of_diamonds' do
|
||||
source 'flags/five_of_diamonds'
|
||||
mode 0700
|
||||
end
|
||||
|
||||
cookbook_file '/etc/init.d/five_of_diamonds_srv' do
|
||||
source 'flags/five_of_diamonds_srv'
|
||||
mode '760'
|
||||
end
|
||||
|
||||
service 'five_of_diamonds_srv' do
|
||||
action [:enable, :start]
|
||||
end
|
|
@ -0,0 +1,27 @@
|
|||
#
|
||||
# Cookbook:: metasploitable
|
||||
# Recipe:: iptables
|
||||
#
|
||||
# Copyright:: 2017, Rapid7, All Rights Reserved.
|
||||
|
||||
execute "apt-get update" do
|
||||
command "apt-get update"
|
||||
end
|
||||
|
||||
bash 'setup for knockd, used for flag' do
|
||||
code <<-EOH
|
||||
iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP
|
||||
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
||||
iptables -A INPUT -j DROP
|
||||
EOH
|
||||
end
|
||||
|
||||
package 'iptables-persistent' do
|
||||
action :install
|
||||
end
|
||||
|
||||
service 'iptables-persistent' do
|
||||
action [:enable, :start]
|
||||
end
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
#
|
||||
# Cookbook:: metasploitable
|
||||
# Recipe:: knockd
|
||||
#
|
||||
# Copyright:: 2017, Rapid7, All Rights Reserved.
|
||||
|
||||
package 'knockd' do
|
||||
action :install
|
||||
end
|
||||
|
||||
template '/etc/knockd.conf' do
|
||||
source 'knockd/knockd.conf.erb'
|
||||
mode '0600'
|
||||
end
|
||||
|
||||
cookbook_file '/etc/default/knockd' do
|
||||
source 'knockd/knockd'
|
||||
mode '0600'
|
||||
end
|
||||
|
||||
service 'knockd' do
|
||||
action :restart
|
||||
end
|
|
@ -0,0 +1,14 @@
|
|||
[options]
|
||||
UseSyslog
|
||||
|
||||
[openFlag]
|
||||
sequence = <%= node[:users].collect { |u, att| node[:users][u][:salary] }.join(',') %>
|
||||
seq_timeout = 15
|
||||
command = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport <%= node[:flags][:flag1][:vuln_port] %> -j ACCEPT
|
||||
tcpflags = syn
|
||||
|
||||
[closeFlag]
|
||||
sequence = <%= node[:users].collect { |u, att| node[:users][u][:salary] }.reverse.join(',') %>
|
||||
seq_timeout = 15
|
||||
command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport <%= node[:flags][:flag1][:vuln_port] %> -j ACCEPT
|
||||
tcpflags = syn
|
Loading…
Reference in New Issue