Play with Java Struts2 Rest Plugin Vulnerability in Metasploitable 3— CVE-2017–9805
Recently, a critical Remote Code Execution (RCE) vulnerability was discovered in the popular Apache Struts web application framework, which allowed remote attackers to run malicious code on the affected servers.
The Hacker News reported,
All versions of Apache Struts since 2008 (Struts 2.1.2 — Struts 2.3.33, Struts 2.5 — Struts 2.5.12) are affected, leaving all web applications using the framework’s REST plugin vulnerable to remote attackers.
Metasploitable 3 already had Apache Struts (version 2.3.20.1) installed and it is vulnerable to CVE-2016–3087.
From the Apache Security Bulletin, it was found that the above version is also vulnerable to the latest RCE vulnerability CVE-2017–9805.
So if you are planning to get yourself comfortable exploiting the vulnerability, all you need to do is setup Metasploitable 3 VM and start playing around with it.
How to setup Metasploitable 3 ?
Setting up Metasploitable 3 is simple.
Method 1:
Install the requirements:
- Packer
- Vagrant (version 1.9.1)
- Vagrant Reload Plugin
- VirtualBox
Pull the official GitHub repository using
git pull https://github.com/rapid7/metasploitable3
cd metasploitable3
On Windows (Powershell),
./build_win2008.ps1
On Linux,
./build_win2008.sh
This method is the simplest. But it takes more than an hour to complete as it downloads the Microsoft Windows Server 2008 R2 .iso file, sets up the VM, installs and configures vulnerable software.
Method 2:
A pre-built Metasploitable 3 box is available. In this method, Packer installation is eliminated as the box is already built.
git pull https://github.com/rapid7/metasploitable3
cd metasploitable3
git checkout pre_built_box
vagrant box add jbarnett-r7/metasploitable3-win2k8
vagrant up
This method takes less time comparatively, as this method downloads a pre-built Metasploitable 3 box and starts the VM.
You can read more details of Method 2 here.
Spoiter Alert ! Metasploit framework recently merged the exploit code for this vulnerability.
Useful Resources:
- Detecting and Exploiting the Java Struts2 REST Plugin vulnerability — CVE-2017–9805 : A must read article that explains the procedure to exploit the vulnerability manually.
- struts-pwn_CVE-2017–9805 : An exploit for Apache Struts CVE-2017–9805
If you liked this article, click the 👏 button and share so that other people will see it here on Medium.
