0%

安装Weblogic靶机CVE-2018-2628

安装系统后基本设置

使用了知名靶机vulhub,该项目地址:https://github.com/vulhub/vulhub。

以下环境为在虚拟机中安装好ubuntu18.04之后进行的操作配置。

配置国内更新源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# 判断ubuntu版本,如下是18.04
redcat8850@neusoft-virtual-machine:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.5 LTS
Release: 18.04
Codename: bionic
# 修改Ubuntu源
redcat8850@neusoft-virtual-machine:~$ cp /etc/apt/sources.list ~
redcat8850@neusoft-virtual-machine:~$ sudo vi /etc/apt/sources.list
# 添加如下内容
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
1
2
3
# 更新系统
redcat8850@neusoft-virtual-machine:~$ sudo apt-get update
redcat8850@neusoft-virtual-machine:~$ sudo apt-get upgrade

安装好Ubuntu18.04之后开启ssh服务。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
redcat8850@neusoft-virtual-machine:~$ sudo apt-get install net-tools openssh-server
redcat8850@neusoft-virtual-machine:~$ sudo netstat -nlutp
激活Internet连接 (仅服务器)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 442/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 862/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 771/cupsd
tcp6 0 0 :::22 :::* LISTEN 862/sshd
tcp6 0 0 ::1:631 :::* LISTEN 771/cupsd
udp 0 0 127.0.0.53:53 0.0.0.0:* 442/systemd-resolve
udp 0 0 0.0.0.0:68 0.0.0.0:* 871/dhclient
udp 0 0 0.0.0.0:631 0.0.0.0:* 810/cups-browsed
udp 0 0 0.0.0.0:5353 0.0.0.0:* 773/avahi-daemon: r
udp 0 0 0.0.0.0:38124 0.0.0.0:* 773/avahi-daemon: r
udp6 0 0 :::47385 :::* 773/avahi-daemon: r
udp6 0 0 :::5353 :::* 773/avahi-daemon: r
1
2
3
# 如果没有看到SSH用的22号端口打开,请使用如下命令启动ssh服务
redcat8850@neusoft-virtual-machine:~$ sudo systemctl restart ssh
[ ok ] Restarting ssh (via systemctl): ssh.service.

安装Docker和配置

安装Docker和Docker-compose

1
2
3
4
5
6
7
8
9
10
# 使apt-get允许使用https源
redcat8850@neusoft-virtual-machine:~$ sudo apt install apt-transport-https ca-certificates curl software-properties-common
# 添加阿里GPG秘钥
redcat8850@neusoft-virtual-machine:~$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# 添加阿里Docker源
redcat8850@neusoft-virtual-machine:~$ sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# 安装Docker和Docker-compose
redcat8850@neusoft-virtual-machine:~$ sudo apt install -y docker-ce docker-compose
# 查看Docker版本
redcat8850@neusoft-virtual-machine:~$ docker --version

配置国内Docker加速

1
2
3
4
5
6
7
8
redcat8850@neusoft-virtual-machine:~$ sudo vi /etc/docker/daemon.json
{
"registry-mirrors": ["http://hub-mirror.c.163.com"]
}
# 必须重启服务后才能生效
redcat8850@neusoft-virtual-machine:~$ sudo systemctl daemon-reload
redcat8850@neusoft-virtual-machine:~$ sudo systemctl restart docker
redcat8850@neusoft-virtual-machine:~$ sudo systemctl status docker

安装和设置靶机

安装vulhub和CVE-2018-2628

也适用于CVE-2020-2551(因为镜像中版本为weblogc10.3.6.0)

为了下载更快,事先将vulhub克隆到了码云。

1
2
3
4
5
6
7
8
9
redcat8850@neusoft-virtual-machine:~$ wget https://gitee.com/redcat8850/vulhub/repository/archive/master.zip -O vulhub-master.zip
redcat8850@neusoft-virtual-machine:~$ unzip vulhub-master.zip
# 必须进入对应的漏洞目录执行sudo docker-compose up -d 才能开启靶机Docker
redcat8850@neusoft-virtual-machine:~$ cd vulhub/weblogic/CVE-2018-2628/
redcat8850@neusoft-virtual-machine:~/vulhub/weblogic/CVE-2018-2628$ sudo docker-compose up -d
redcat8850@neusoft-virtual-machine:~/vulhub/weblogic/CVE-2018-2628$ sudo docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------
cve20182628_weblogic_1 startWebLogic.sh Up 5556/tcp, 0.0.0.0:7001->7001/tcp

设置容器跟随系统自启动

1
2
3
4
5
6
7
# 查看容器ID
redcat8850@neusoft-virtual-machine:~$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b3fff9d1358f vulhub/weblogic "startWebLogic.sh" 5 minutes ago Up 10 seconds 5556/tcp, 0.0.0.0:7001->7001/tcp cve20182628_weblogic_1
# 指定容器ID跟随系统启动
redcat8850@neusoft-virtual-machine:~$ sudo docker update --restart=always b3fff9d1358f
b3fff9d1358f

测试weblogic是否运行

使用浏览器打开:http://UbuntuIP:7001/console

username:weblogic

password:Oracle@123

后记

关于weblogic登录账号密码的破解

意外发现好文,破解weblogc AES加密:https://blog.csdn.net/weixin_34025151/article/details/92309137,使用命令:docker-compose exec weblogic bash可以进入容器命令控制台进行后续调整操作

如果我把容器中的Weblogic搞的乱七八糟怎么办?

1
2
3
4
5
6
7
8
9
# 停止容器
docker stop <容器 ID>
# 查看要删除的容器ID
docker ps -a
# 删除容器
docker rm -f <容器 ID>
# 重新创建容器,所有设置都将丢失。
cd ~/vulhub/weblogic/CVE-2018-2628/
sudo docker-compose up -d