Skip to content
This repository has been archived by the owner on Jun 15, 2023. It is now read-only.

andrewkroh/auditbeat-apache-struts-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

images

images

 
 

scripts

scripts

 
 

.env

.env

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Vagrantfile

Vagrantfile

 
 

docker-compose.yml

docker-compose.yml

 
 

exploit.py

exploit.py

 
 

provision-auditbeat.sh

provision-auditbeat.sh

 
 

provision-tomcat7.sh

provision-tomcat7.sh

 
 

Repository files navigation

Auditbeat Demo for CVE-2017-5638

This demonstrates how the file_integrity module in Elastic's Auditbeat can be used to find machines that have the Apache Struts jar.

Then we exploit the vulnerability in Apache Struts and detect the executions using Auditbeat's auditd module.

Usage

Start Elasticsearch, Kibana, and install the Auditbeat dashboards.

docker-compose up

Start and provision a Debian 9.

vagrant up

The Vagrant machine will have:

  • Auditbeat
  • Tomcat 7
  • Apache Struts Showcase Webapp

Run the exploit.

python exploit.py '/usr/bin/touch your-box-has-been-pwned'

Open Kibana on the host machine.

http://localhost:5601

View Results

Find all Struts Jars

Auditbeat File Integrity Search

See execve syscalls by the tomcat user

Auditbeat Execve Search

About

Detection of Vulnerabilities with Auditbeat

Topics

demo struts auditd cve-2017-5638 auditbeat

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages