安装Weblogic靶机CVE-2018-2628

安装系统后基本设置

使用了知名靶机vulhub，该项目地址：https://github.com/vulhub/vulhub。

以下环境为在虚拟机中安装好ubuntu18.04之后进行的操作配置。

配置国内更新源

# 判断ubuntu版本，如下是18.04
redcat8850@neusoft-virtual-machine:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.5 LTS
Release:        18.04
Codename:       bionic
# 修改Ubuntu源
redcat8850@neusoft-virtual-machine:~$ cp /etc/apt/sources.list ~
redcat8850@neusoft-virtual-machine:~$ sudo vi /etc/apt/sources.list
# 添加如下内容
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

# 更新系统
redcat8850@neusoft-virtual-machine:~$ sudo apt-get update
redcat8850@neusoft-virtual-machine:~$ sudo apt-get upgrade

安装好Ubuntu18.04之后开启ssh服务。

redcat8850@neusoft-virtual-machine:~$ sudo apt-get install net-tools openssh-server
redcat8850@neusoft-virtual-machine:~$ sudo netstat -nlutp
激活Internet连接 (仅服务器)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      442/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      862/sshd
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      771/cupsd
tcp6       0      0 :::22                   :::*                    LISTEN      862/sshd
tcp6       0      0 ::1:631                 :::*                    LISTEN      771/cupsd
udp        0      0 127.0.0.53:53           0.0.0.0:*                           442/systemd-resolve
udp        0      0 0.0.0.0:68              0.0.0.0:*                           871/dhclient
udp        0      0 0.0.0.0:631             0.0.0.0:*                           810/cups-browsed
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           773/avahi-daemon: r
udp        0      0 0.0.0.0:38124           0.0.0.0:*                           773/avahi-daemon: r
udp6       0      0 :::47385                :::*                                773/avahi-daemon: r
udp6       0      0 :::5353                 :::*                                773/avahi-daemon: r

# 如果没有看到SSH用的22号端口打开，请使用如下命令启动ssh服务
redcat8850@neusoft-virtual-machine:~$ sudo systemctl restart ssh
[ ok ] Restarting ssh (via systemctl): ssh.service.

安装Docker和配置

安装Docker和Docker-compose

# 使apt-get允许使用https源
redcat8850@neusoft-virtual-machine:~$ sudo apt install apt-transport-https ca-certificates curl software-properties-common
# 添加阿里GPG秘钥
redcat8850@neusoft-virtual-machine:~$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# 添加阿里Docker源
redcat8850@neusoft-virtual-machine:~$ sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# 安装Docker和Docker-compose
redcat8850@neusoft-virtual-machine:~$ sudo apt install -y docker-ce docker-compose
# 查看Docker版本
redcat8850@neusoft-virtual-machine:~$ docker --version

配置国内Docker加速

redcat8850@neusoft-virtual-machine:~$ sudo vi /etc/docker/daemon.json
{
        "registry-mirrors": ["http://hub-mirror.c.163.com"]
}
# 必须重启服务后才能生效
redcat8850@neusoft-virtual-machine:~$ sudo systemctl daemon-reload
redcat8850@neusoft-virtual-machine:~$ sudo systemctl restart docker
redcat8850@neusoft-virtual-machine:~$ sudo systemctl status docker

安装和设置靶机

安装vulhub和CVE-2018-2628

也适用于CVE-2020-2551（因为镜像中版本为weblogc10.3.6.0）

为了下载更快，事先将vulhub克隆到了码云。

redcat8850@neusoft-virtual-machine:~$ wget https://gitee.com/redcat8850/vulhub/repository/archive/master.zip -O vulhub-master.zip
redcat8850@neusoft-virtual-machine:~$ unzip vulhub-master.zip
# 必须进入对应的漏洞目录执行sudo docker-compose up -d 才能开启靶机Docker
redcat8850@neusoft-virtual-machine:~$ cd vulhub/weblogic/CVE-2018-2628/
redcat8850@neusoft-virtual-machine:~/vulhub/weblogic/CVE-2018-2628$ sudo docker-compose up -d
redcat8850@neusoft-virtual-machine:~/vulhub/weblogic/CVE-2018-2628$ sudo docker-compose ps
         Name                Command        State                Ports
------------------------------------------------------------------------------------
cve20182628_weblogic_1   startWebLogic.sh   Up      5556/tcp, 0.0.0.0:7001->7001/tcp

设置容器跟随系统自启动

# 查看容器ID
redcat8850@neusoft-virtual-machine:~$ sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS                              NAMES
b3fff9d1358f        vulhub/weblogic     "startWebLogic.sh"   5 minutes ago       Up 10 seconds       5556/tcp, 0.0.0.0:7001->7001/tcp   cve20182628_weblogic_1
# 指定容器ID跟随系统启动
redcat8850@neusoft-virtual-machine:~$ sudo docker update --restart=always b3fff9d1358f
b3fff9d1358f

测试weblogic是否运行

使用浏览器打开：http://UbuntuIP:7001/console

username:weblogic

password:Oracle@123

后记

关于weblogic登录账号密码的破解

意外发现好文，破解weblogc AES加密：https://blog.csdn.net/weixin_34025151/article/details/92309137，使用命令：docker-compose exec weblogic bash可以进入容器命令控制台进行后续调整操作

如果我把容器中的Weblogic搞的乱七八糟怎么办？

# 停止容器
docker stop <容器 ID>
# 查看要删除的容器ID
docker ps -a
# 删除容器
docker rm -f <容器 ID>
# 重新创建容器，所有设置都将丢失。
cd ~/vulhub/weblogic/CVE-2018-2628/
sudo docker-compose up -d