Merge pull request #2 from kevinbackhouse/StrutsREADME

s0 · web-flow · commit c408848767f3 · 2019-02-04T13:35:46.000-08:00
Update README
diff --git a/Apache/Struts/CVE-2018-11776/README.md b/Apache/Struts/CVE-2018-11776/README.md
@@ -6,7 +6,7 @@ To demonstrate the PoC in a safe environment, we will use two docker containers
 
 We have tried to make the `Dockerfile`'s for the server and attacker as simple as possible, to make it clear that we have used vanilla [Ubuntu 18.04](http://releases.ubuntu.com/18.04/) with no unusual packages installed.
 
-Because we have Struts running in docker with no graphics, it isn't convenient to pop a calculator. So, instead, we will use the vulnerability to get a shell on the server. The PoC is a little simplistic because it assumes that the server has its ssh port 22 exposed to the public internet. A more realistic attack would probably involve getting the server to connect out to a webserver controlled by the attacker. It would be straightforward to modify this PoC to do that.
+We have created two versions of the PoC. The first version enables the attacker to get a shell on the server. The PoC is a little simplistic because it assumes that the server has its ssh port 22 exposed to the public internet. A more realistic attack would probably involve getting the server to connect out to a webserver controlled by the attacker. It would be straightforward to modify the PoC to do that. The second version of the PoC pops a calculator.
 
 ## Network setup
 
@@ -31,6 +31,8 @@ Start the container:
 docker run --rm --network struts-demo-network --ip=172.16.0.10 -h struts-server --publish 8080:8080 -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix -i -t struts-server
 ```
 
+Note: the `--publish`, `-e`, and `-v` command line arguments are optional. The `--publish` argument exposes port 8080 so that we can open the Struts showcase app in a web-browser. The `-e` and `-v` arguments enable the container to access X11, which is necessary for popping a calculator.
+
 Inside the container, start Struts and sshd. The reason for starting sshd is that we are going to use it to get a shell on the Struts server. We think it is realistic for sshd to be running because it is very widely used by system administrators for remote access.
 
 ```
