Customized the PentesterLab Rack Cookies and Commands Injection section from the PentesterLab Bootcamp (http://pentesterlab.com/bootcamp) to automate tampering rack session cookies to gain a shell to the web server.
- If running on a
*.nixmachine, configure the pentesterlab vm to be reached from your host or guest VM. Go to/etc/hostsand create a hostname to match the IP of their vm. More instructions to download it can be found on their page (http://pentesterlab.com/exercises/rack_cookies_and_commands_injection/course). I am running on a Kali Linux vm and both my vm and pentesterlab's vm is configured on a NAT network. - Make sure
rubyis installed on your machine.
- Download this repo and make sure all files are saved in the same directory (for convenience).
crack_rack_cookie.rbis not marked as an executable. To call it, you can either:- call it as
ruby crack_rack_cookie.rbor - Mark it as executable:
chmod +x crack_rack_cookie.rband then you can call it as./crack_rack_cookie.rb- Running
file crack_rack_cookie.rbin the command line should output that the file is now a Ruby script.
- Running
- call it as
- Command line arguments are wordlists used for brute forcing the login and brute forcing the key used to sign the cookie. I've included a sample wordlist
bigol.txtthat can be used for both command line arguments.- Sample call:
./crack_rack.cookie.rb {ARG0} {ARG1}where both arguments can either bebigol.txtor any wordlist of your choosing.
- Sample call: