tidy and updates #267 couchdb

2026-02-21 11:18:06 +00:00 · 2023-04-20 16:25:20 +01:00
parent 17b6292715
commit b1a2bb3389
4 changed files with 27 additions and 31 deletions
--- a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/configure.pp
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/configure.pp
@@ -1,8 +1,8 @@
 class apache_couchdb::configure {
  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
  $database = 'couchdb'
-  $user = $secgen_parameters['leaked_username'][0]
-  $password = $secgen_parameters['leaked_password'][0]
+  $user = $secgen_parameters['unix_username'][0]
+  $password = $secgen_parameters['used_password'][0]
  $jsondb = 'sampledata' ##TODO secgen
  $strings_to_leak = $secgen_parameters['strings_to_leak']
  $leaked_filenames = $secgen_parameters['leaked_filenames']
@@ -10,17 +10,6 @@ class apache_couchdb::configure {

  Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }

-  #create database 
-  #exec { 'create-database':
-  #	command => "curl -X PUT http://localhost:34023/${database} -u \"${username}:${password}\"",
-  #	logoutput => true
-  #}->
-  #exec { 'import_data':
-  #  cwd=> '/usr/bin/',
-  #	command => "curl -d @${jsondb}.json -H \"Content-type: application/json\" -X POST http://127.0.0.1:34023/${database}/_bulk_docs -u \"${username}:${password}\"",
-  #	logoutput => true
-  #}
-
  ::secgen_functions::leak_files { 'couchdb-flag-leak':
    storage_directory => $user_home,
    leaked_filenames  => $leaked_filenames,
--- a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/couchdb.pp
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/couchdb.pp
@@ -1,7 +1,7 @@
 class apache_couchdb::couchdb {
  $secgen_parameters=secgen_functions::get_parameters($::base64_inputs_file)
-  $username = $secgen_parameters['leaked_username'][0]
-  $password = $secgen_parameters['leaked_password'][0]
+  $username = $secgen_parameters['unix_username'][0]
+  $password = $secgen_parameters['used_password'][0]
  $host ='127.0.0.1'
  $docroot = '/opt/couchdb'
  $database_dir = '/var/lib/couchdb'
@@ -64,4 +64,3 @@ class apache_couchdb::couchdb {
    flags   => '-port 1337',
  }
 }
-
--- a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/install.pp
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/install.pp
@@ -3,7 +3,7 @@ class apache_couchdb::install {
  $responsefile = 'installresponse'
  $packagename = 'couchdb_3.2.1_buster_amd64'
  $jsondb = 'sampledata.json'
-  $password = $secgen_parameters['leaked_password'][0]
+  $password = $secgen_parameters['used_password'][0]

  Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }

@@ -15,7 +15,7 @@ class apache_couchdb::install {
  'libcurl4-openssl-dev',
  'gnupg'])

-  # copy archive 
+  # copy archive
  file { "/usr/local/src/${packagename}.deb" :
    ensure => file,
    source => "puppet:///modules/apache_couchdb/${packagename}.deb",
--- a/modules/vulnerabilities/unix/http/apache_couchdb/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/secgen_metadata.xml
@@ -18,11 +18,9 @@
  <difficulty>low</difficulty>

  <read_fact>port</read_fact>
-  <read_fact>known_username</read_fact>
-  <read_fact>known_password</read_fact>
  <read_fact>strings_to_leak</read_fact>
-  <read_fact>strings_to_preleak</read_fact>
  <read_fact>leaked_filenames</read_fact>
+  <read_fact>unix_username</read_fact>

  <default_input into="port">
    <generator type="random_number_generator" />
@@ -37,16 +35,15 @@
    <generator type="filename_generator" />
  </default_input>

-  <default_input into="leaked_username">
+  <default_input into="unix_username">
    <value>couchdb</value>
  </default_input>

-  <default_input into="leaked_password">
+  <default_input into="used_password">
    <generator type="password_generator" />
  </default_input>

-  <!--optional
-  vulnerability details-->
+  <!--optional vulnerability details-->
  <!-- rce vuln -->
  <cve>CVE-2022-24706</cve>
  <cvss_base_score>9</cvss_base_score>
@@ -57,15 +54,26 @@
  <software_name>Apache CouchDB</software_name>
  <software_license>Apache</software_license>

-  <!--optional
-  hints-->
+  <!--optional hints-->
  <hint>This exploit is based off on 1F98D's Erlang Cookie - Remote Code Execution </hint>

  <requires>
    <type>update</type>
  </requires>
-  <!--<requires>
-    <module_path>.*apache.*compatible.*</module_path>
-  </requires>-->

-</vulnerability>
+  <CyBOK KA="WAM" topic="Server-Side Vulnerabilities and Mitigations">
+    <keyword>server-side misconfiguration and vulnerable components</keyword>
+    <keyword>Vulnerable defaults</keyword>
+  </CyBOK>
+  <CyBOK KA="MAT" topic="Attacks and exploitation">
+    <keyword>EXPLOITATION</keyword>
+    <keyword>EXPLOITATION FRAMEWORKS</keyword>
+  </CyBOK>
+  <CyBOK KA="SS" topic="Categories of Vulnerabilities">
+    <keyword>CVEs and CWEs</keyword>
+  </CyBOK>
+  <CyBOK KA="SOIM" topic="PENETRATION TESTING">
+    <keyword>PENETRATION TESTING - SOFTWARE TOOLS</keyword>
+    <keyword>PENETRATION TESTING - ACTIVE PENETRATION</keyword>
+  </CyBOK>
+</vulnerability>