Skip to content

Commit 6c69e13

Browse files
author
wolfthefallen
committed
Updated based on comments
1 parent 3e9480e commit 6c69e13

File tree

1 file changed

+6
-7
lines changed

1 file changed

+6
-7
lines changed

documentation/modules/exploit/linux/http/dcos_marathon.md

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -73,11 +73,12 @@ rm ~/.ssh/id_rsa # before doing this make sure you have saved a copy for later
7373

7474
Shut down the CentOS vm, take a snapshot. (This will be your base)
7575
clone the VM 2 times. One will be DCOS-Master, the Other DCOS-Agent.
76-
Start both virtual machines. Login and get their current IP address.
77-
I recommend giving them static IPs if you have further use for the cluster.
76+
Start the DCOS-Master and DCOS-Agent virtual machines You just cloned.
77+
Login and get their current IP address.
78+
* Note: I recommend giving them static IPs if you have further use for the cluster.
7879

7980
From here use another linux machine with docker installed to finish
80-
the installation process. I used a ubuntu machine with docker installed.
81+
the installation process. I used an ubuntu machine with docker installed.
8182

8283
Follow the custom CLI guide for creating the required files in
8384
the genconf folder.
@@ -132,18 +133,16 @@ sudo ./dcos_generate_config.sh --deploy
132133
sudo bash dcos_generate_config.sh --postflight
133134
```
134135

135-
If all is passing navigate to http://<master_ip>:8080/
136+
If all is passing navigate to http://[master_ip]:8080/
136137
You should see the Marathon UI web application.
137138

138139
# Exploitation
139-
This module is designed for attacker to leaverage the creatation of a
140+
This module is designed for the attacker to leaverage the creatation of a
140141
docker contianer with out authentication through the DCOS Marathon UI
141142
to gain root access to the hosting server of the docker container
142143
in the DCOS cluster.
143144

144145
## Options
145-
- RHOST is the target IP/Hostname that is hosting the Marathon UI Web application
146-
- RPORT is the Port the Marathon UI service is running on.
147146
- DOCKERIMAGE is the hub.docker.com docker container image you are wanting to have the DCOS Cluster to deploy for this exploit.
148147
- TARGETURI this is the path to make the Marathon UI web request to. By default this is /v2/apps
149148
- WAIT_TIMEOUT is how long you will wait for a docker container to deploy before bailing out if it does not start.

0 commit comments

Comments
 (0)