add ingreslock vuln

classic backdoor shell on 1524

chef/cookbooks/metasploitable/recipes/ingreslock.rb

@@ -0,0 +1,27 @@
+#
+# Cookbook:: metasploitable
+# Recipe:: ingreslock
+#
+# Copyright:: 2020, Rapid7, All Rights Reserved.
+
+include_recipe 'iptables::default'
+
+iptables_rule '01_ingreslock' do
+  lines "-A INPUT -p tcp --dport 1524 -j ACCEPT"
+end
+
+package 'inetutils-inetd' do
+  action :install
+end
+
+# needs to happen before starting the service --
+# otherwise, if no services listed in inetd.conf,
+# inetd will refuse to start.
+execute 'add ingreslock to /etc/inetd.conf' do
+  command "echo 'ingreslock stream tcp nowait root /bin/bash bash -i' >> /etc/inetd.conf"
+  not_if "grep -q 'ingreslock stream tcp nowait root /bin/bash bash -i' /etc/inetd.conf"
+end
+
+service 'inetutils-inetd' do
+  action [:enable, :start]
+end

chef/dev/ub1404/Vagrantfile

@@ -37,8 +37,9 @@ Vagrant.configure("2") do |config|
     chef.add_recipe "metasploitable::cups"
     chef.add_recipe "metasploitable::drupal"
     chef.add_recipe "metasploitable::knockd"
+    chef.add_recipe "metasploitable::ingreslock"
     chef.add_recipe "metasploitable::iptables"
     chef.add_recipe "metasploitable::flags"
     chef.add_recipe "metasploitable::clear_cache"
   end
-end
+end

packer/templates/ubuntu_1404.json

@@ -146,6 +146,7 @@
         "metasploitable::cups",
         "metasploitable::drupal",
         "metasploitable::knockd",
+        "metasploitable::ingreslock",
         "metasploitable::iptables",
         "metasploitable::flags"
       ]

versions/pro/Vagrantfile

@@ -69,6 +69,7 @@ Vagrant.configure("2") do |config|
       chef.add_recipe "metasploitable::cups"
       chef.add_recipe "metasploitable::drupal"
       chef.add_recipe "metasploitable::knockd"
+      chef.add_recipe "metasploitable::ingreslock"
       chef.add_recipe "metasploitable::iptables"
       chef.add_recipe "metasploitable::flags"
       chef.add_recipe "metasploitable::clear_cache"