changes to linuxki for secgen testing

2026-02-20 13:50:45 +00:00 · 2023-03-18 18:16:57 +00:00
parent 137bec39cf
commit 0b56c71bbe
3 changed files with 12 additions and 16 deletions
--- a/modules/vulnerabilities/unix/http/linuxki_rce/manifests/apache.pp
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/apache.pp
@@ -4,6 +4,8 @@
 class linuxki_rce::apache {
  Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }

+  $port = '80' #$secgen_parameters['port'][0]
+
  file { '/etc/apache2/sites-enabled/000-default.conf':
    ensure => absent,
  }
@@ -15,7 +17,7 @@ class linuxki_rce::apache {
    mpm_module      => 'prefork',
  }
  -> ::apache::vhost { 'linuxki':
-    port        => '80',
+    port        => $port,
    options     => 'FollowSymLinks',
    override    => 'All',
    docroot     => '/opt/',
--- a/modules/vulnerabilities/unix/http/linuxki_rce/manifests/install.pp
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/install.pp
@@ -4,6 +4,10 @@
 class linuxki_rce::install {
  Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ] }

+  exec { 'apt update':
+    command => 'apt-get update',
+  }
+
  # Maybe automate linux-headers to use uname -r?
  ensure_packages(['make', 'elfutils', 'php', 'linux-headers-4.19.0-21-amd64'])

--- a/modules/vulnerabilities/unix/http/linuxki_rce/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/secgen_metadata.xml
@@ -6,14 +6,14 @@
  <name>LinuxKI Toolset 6.01 Remote Command Execution</name>
  <author>James Davis</author>
  <module_license>MIT</module_license>
-  <description> This
-    module exploits a vulnerability in LinuxKI Toolset 6.01 and below which allows
+  <description>
+    This module exploits a vulnerability in LinuxKI Toolset 6.01 and below which allows
    remote code execution.
    The kivis.php pid parameter received from the user is sent to the shell_exec function,
    resulting in security vulnerability.
  </description>

-  <type>http</type>
+  <type>misc</type>
  <type>in_the_wild</type>
  <privilege>user_rwx</privilege>
  <access>remote</access>
@@ -23,10 +23,9 @@
  <read_fact>port</read_fact>
  <read_fact>strings_to_leak</read_fact>
  <read_fact>leaked_filenames</read_fact>
-  <read_fact>strings_to_pre_leak</read_fact>

  <default_input into="port">
-    <value>**CHECK THIS**</value>
+    <value>80</value>
  </default_input>

  <!-- flags or other secrets exposed after exploitation -->
@@ -50,22 +49,13 @@
  <reference>
    https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1</reference>

-  <!--optional
-  hints-->
-  <hint></hint>
-
  <!-- can't live alongside other web sites, since it accepts any virtual host name -->
  <conflict>
    <type>webapp</type>
  </conflict>

  <requires>
-    <module_path>services/unix/http/apache_stretch_compatible/apache</module_path>
+    <module_path>.*apache.*compatible.*</module_path>
  </requires>

-  <requires>
-    <module_path>services/unix/http/**check versions**</module_path>
-  </requires>
-
-
 </vulnerability>