From 0b56c71bbeaa1c554d490fad9f6bb3e63bab187e Mon Sep 17 00:00:00 2001
From: JD <j.davis2344@student.leedsbeckett.ac.uk>
Date: Sat, 18 Mar 2023 18:16:57 +0000
Subject: [PATCH] changes to linuxki for secgen testing

---
 .../unix/http/linuxki_rce/manifests/apache.pp |  4 +++-
 .../http/linuxki_rce/manifests/install.pp     |  4 ++++
 .../unix/http/linuxki_rce/secgen_metadata.xml | 20 +++++--------------
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/modules/vulnerabilities/unix/http/linuxki_rce/manifests/apache.pp b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/apache.pp
index fbaf7a1dd..b103ce21a 100644
--- a/modules/vulnerabilities/unix/http/linuxki_rce/manifests/apache.pp
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/apache.pp
@@ -4,6 +4,8 @@
 class linuxki_rce::apache {
   Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
 
+  $port = '80' #$secgen_parameters['port'][0]
+
   file { '/etc/apache2/sites-enabled/000-default.conf':
     ensure => absent,
   }
@@ -15,7 +17,7 @@ class linuxki_rce::apache {
     mpm_module      => 'prefork',
   }
   -> ::apache::vhost { 'linuxki':
-    port        => '80',
+    port        => $port,
     options     => 'FollowSymLinks',
     override    => 'All',
     docroot     => '/opt/',
diff --git a/modules/vulnerabilities/unix/http/linuxki_rce/manifests/install.pp b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/install.pp
index 49b080c34..2ab249183 100644
--- a/modules/vulnerabilities/unix/http/linuxki_rce/manifests/install.pp
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/install.pp
@@ -4,6 +4,10 @@
 class linuxki_rce::install {
   Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ] }
 
+  exec { 'apt update':
+    command => 'apt-get update',
+  }
+
   # Maybe automate linux-headers to use uname -r?
   ensure_packages(['make', 'elfutils', 'php', 'linux-headers-4.19.0-21-amd64'])
 
diff --git a/modules/vulnerabilities/unix/http/linuxki_rce/secgen_metadata.xml b/modules/vulnerabilities/unix/http/linuxki_rce/secgen_metadata.xml
index 2fae26f32..91298e7fb 100644
--- a/modules/vulnerabilities/unix/http/linuxki_rce/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/secgen_metadata.xml
@@ -6,14 +6,14 @@
   <name>LinuxKI Toolset 6.01 Remote Command Execution</name>
   <author>James Davis</author>
   <module_license>MIT</module_license>
-  <description> This
-    module exploits a vulnerability in LinuxKI Toolset 6.01 and below which allows
+  <description>
+    This module exploits a vulnerability in LinuxKI Toolset 6.01 and below which allows
     remote code execution.
     The kivis.php pid parameter received from the user is sent to the shell_exec function,
     resulting in security vulnerability.
   </description>
 
-  <type>http</type>
+  <type>misc</type>
   <type>in_the_wild</type>
   <privilege>user_rwx</privilege>
   <access>remote</access>
@@ -23,10 +23,9 @@
   <read_fact>port</read_fact>
   <read_fact>strings_to_leak</read_fact>
   <read_fact>leaked_filenames</read_fact>
-  <read_fact>strings_to_pre_leak</read_fact>
 
   <default_input into="port">
-    <value>**CHECK THIS**</value>
+    <value>80</value>
   </default_input>
 
   <!-- flags or other secrets exposed after exploitation -->
@@ -50,22 +49,13 @@
   <reference>
     https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1</reference>
 
-  <!--optional
-  hints-->
-  <hint></hint>
-
   <!-- can't live alongside other web sites, since it accepts any virtual host name -->
   <conflict>
     <type>webapp</type>
   </conflict>
 
   <requires>
-    <module_path>services/unix/http/apache_stretch_compatible/apache</module_path>
+    <module_path>.*apache.*compatible.*</module_path>
   </requires>
 
-  <requires>
-    <module_path>services/unix/http/**check versions**</module_path>
-  </requires>
-
-
 </vulnerability>
\ No newline at end of file