elliott
f4eef81807
QEMU's SLIRP hostfwd tried to bind host port 21 for the Metasploitable2
target, which fails for the non-root cis490 user (EPERM). The exploit
driver also had no way to use a different host-side port than the module's
static RPORT=21, so even if the VM had started the exploit would have
connected to the wrong port.
Fix:
- launch_target.sh: change PORT_BASE default from (21 + SLOT*100) to
(2121 + SLOT*100) so SLIRP binds non-privileged ports
- exploits/driver.py: add target_port to DriverConfig; in _fire(),
override opts["RPORT"] when target_port is set so msfrpcd connects
to the correct forwarded port
- tools/run_tier3_demo.py: pass target_port=args.target_port to DriverConfig
- scripts/install-tier-3-4.sh: --target-port 2121 (matches new default)
Closes spectral/CIS490#18
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| guest-agent | ||
| launch_demo.sh | ||
| launch_target.sh | ||
| README.md | ||
| setup_bridge.sh | ||
vm/
Recipes and helpers for building and snapshotting guest VMs. Disk images and snapshots themselves are gitignored — this directory carries the how, not the bytes.
vm/
images/ # qcow2 staging (gitignored)
snapshots/ # exported snapshots if needed (gitignored)
guest-agent/ # in-guest telemetry agent (shipped into the guest)
metasploitable2.md # download/convert/snapshot procedure (TODO)
custom-debian/ # cloud-init for our own vulnerable Debian (TODO)
See docs/lab-setup.md for the full host + guest
bring-up procedure.