From c687e6c6334ca7d52fbeffa028fef1d8b1c00a82 Mon Sep 17 00:00:00 2001
From: Dave Eargle <dave.eargle@carvesystems.com>
Date: Tue, 25 Jul 2023 21:54:08 -0600
Subject: [PATCH] add ingreslock vuln

classic backdoor shell on 1524
---
 .../metasploitable/recipes/ingreslock.rb      | 27 +++++++++++++++++++
 chef/dev/ub1404/Vagrantfile                   |  1 +
 packer/templates/ubuntu_1404.json             |  1 +
 versions/pro/Vagrantfile                      |  1 +
 4 files changed, 30 insertions(+)
 create mode 100644 chef/cookbooks/metasploitable/recipes/ingreslock.rb

diff --git a/chef/cookbooks/metasploitable/recipes/ingreslock.rb b/chef/cookbooks/metasploitable/recipes/ingreslock.rb
new file mode 100644
index 00000000..ff14614d
--- /dev/null
+++ b/chef/cookbooks/metasploitable/recipes/ingreslock.rb
@@ -0,0 +1,27 @@
+#
+# Cookbook:: metasploitable
+# Recipe:: ingreslock
+#
+# Copyright:: 2020, Rapid7, All Rights Reserved.
+
+include_recipe 'iptables::default'
+
+iptables_rule '01_ingreslock' do
+  lines "-A INPUT -p tcp --dport 1524 -j ACCEPT"
+end
+
+package 'inetutils-inetd' do
+  action :install
+end
+
+# needs to happen before starting the service --
+# otherwise, if no services listed in inetd.conf,
+# inetd will refuse to start.
+execute 'add ingreslock to /etc/inetd.conf' do
+  command "echo 'ingreslock stream tcp nowait root /bin/bash bash -i' >> /etc/inetd.conf"
+  not_if "grep -q 'ingreslock stream tcp nowait root /bin/bash bash -i' /etc/inetd.conf"
+end
+
+service 'inetutils-inetd' do
+  action [:enable, :start]
+end
diff --git a/chef/dev/ub1404/Vagrantfile b/chef/dev/ub1404/Vagrantfile
index ed1859d2..0caa9c14 100644
--- a/chef/dev/ub1404/Vagrantfile
+++ b/chef/dev/ub1404/Vagrantfile
@@ -41,6 +41,7 @@ Vagrant.configure("2") do |config|
     chef.add_recipe "metasploitable::cups"
     chef.add_recipe "metasploitable::drupal"
     chef.add_recipe "metasploitable::knockd"
+    chef.add_recipe "metasploitable::ingreslock"
     chef.add_recipe "metasploitable::iptables"
     chef.add_recipe "metasploitable::flags"
     chef.add_recipe "metasploitable::clear_cache"
diff --git a/packer/templates/ubuntu_1404.json b/packer/templates/ubuntu_1404.json
index b6c995be..9c3cb258 100644
--- a/packer/templates/ubuntu_1404.json
+++ b/packer/templates/ubuntu_1404.json
@@ -175,6 +175,7 @@
         "metasploitable::cups",
         "metasploitable::drupal",
         "metasploitable::knockd",
+        "metasploitable::ingreslock",
         "metasploitable::iptables",
         "metasploitable::flags",
         "metasploitable::ifnames"
diff --git a/versions/pro/Vagrantfile b/versions/pro/Vagrantfile
index b53ea992..8e5cdf4d 100644
--- a/versions/pro/Vagrantfile
+++ b/versions/pro/Vagrantfile
@@ -69,6 +69,7 @@ Vagrant.configure("2") do |config|
       chef.add_recipe "metasploitable::cups"
       chef.add_recipe "metasploitable::drupal"
       chef.add_recipe "metasploitable::knockd"
+      chef.add_recipe "metasploitable::ingreslock"
       chef.add_recipe "metasploitable::iptables"
       chef.add_recipe "metasploitable::flags"
       chef.add_recipe "metasploitable::clear_cache"