README.md 840 Bytes
Newer Older
Kilian Low's avatar
Kilian Low committed
1 2
# SSI_CVE_2018_8979

Kilian Low's avatar
Kilian Low committed
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
## Build image
```bash
docker build . -t openaudit
```

### Launch image in first terminal and exposing your local port 3000 to its port 80
```bash
docker run -t -i -v "$(pwd)":/source -p 3000:80 openaudit
```

## Step to reproduce the exploit
### Open a second terminal and enter the same docker session
```bash
docker exec -it "$(docker ps -q -n 1)" bash
```
### Inside the second terminal, reset mysql_server password
```bash
cat reset.sql | mysql -uroot
Kilian Low's avatar
Kilian Low committed
21
```
Kilian Low's avatar
Kilian Low committed
22 23 24 25

### Download the executable
```bash
wget http://dl-openaudit.opmantek.com/OAE-Linux-x86_64-release_2.1.run
Kilian Low's avatar
Kilian Low committed
26
```
Kilian Low's avatar
Kilian Low committed
27 28 29 30

### Install the .run
```bash
chmod +x OAE-Linux-x86_64-release_2.1.run && yes Y | ./OAE-Linux-x86_64-release_2.1.run
Kilian Low's avatar
Kilian Low committed
31
```
Kilian Low's avatar
Kilian Low committed
32 33 34 35

## Installation is finished, you can now access the interface on your machine at
[localhost:3000](http://localhost:3000)