little improvements while preparing a workshop (Iletee#4)

* cleanup

* skip rat by default in pom.xml

* roll back to 2.5.10

* improved README

* added link to Struts rest showcase source

.gitignore

@@ -1,9 +1,3 @@
-/target/antrun/
-/target/classes/
-/target/generated-*/
-/target/maven-*/
-/target/struts2*/
-/target/test-classes/
 /.apt_generated/
 .settings/
 .vscode/

Jenkinsfile

@@ -23,9 +23,9 @@ node () {
       // Run the maven build
       try{
         if (isUnix()) {
-           sh "./mvnw  -B -Dmaven.test.failure.ignore -Drat.skip=true -f pom.xml clean package -U"
+           sh "./mvnw  -B -Dmaven.test.failure.ignore clean package"
         } else {
-           bat(/mvnw.cmd -B -Dmaven.test.failure.ignore -Drat.skip=true clean package/)
+           bat("mvnw.cmd -B -Dmaven.test.failure.ignore clean package")
         }
 
         currentBuild.result = 'SUCCESS'

README.md

@@ -5,34 +5,37 @@
 Completely based on https://github.com/piesecurity/apache-struts2-CVE-2017-5638
 
 ### Usage:
-Pre-requisites: have docker, and a jre installed
+Pre-requisites: have Docker and a JRE installed, and Python if not on Mac
 
 1. fork this repo
-1. run ./mvnw clean package in project root
-1. run docker build -t hack \.
-1. run docker run -d -p 9080:8080 hack
+1. run `./mvnw clean package` in project root
+1. run `docker build -t hack \.`
+1. run `docker run -d -p 9080:8080 hack`
 1. once container comes online - verify by running in browser http://localhost:9080
 
 To begin testing RCE - run the exploit.py file.
 
-1. python exploit.py http://localhost:9080/orders/3 "CMD" 
+1. `python exploit.py http://localhost:9080/orders/3 "CMD"` or if on a Mac you can run `./dist/exploit http://localhost:9080/orders/3 "CMD"`
 
 Try with different CMDs like
-* pwd - where are we?
-* whomai - what user are we running this?
-* ls -la - what's in my directory?
-* ls / - what's my machine
-* ls /etc - what else we can find?
+* `pwd` - where are we?
+* `whomai` - what user are we running this?
+* `ls -la` - what's in my directory?
+* `ls /` - what's my machine
+* `ls /etc` - what else we can find?
 
 ## How to Fix!
 Use the Nexus Lifecycle Component Information Panel to identify a non-vulnerable version of struts2-core. 
-Update the POM to that version and rebuild.You can also rebuild the docker image and run it to retry the attack.
+Update the POM to that version and rebuild. You can also rebuild the Docker image and run it to retry the attack.
 
 Also, look in the Issues here to see DepShield findings
 
 
-### Original readme
-===========================================================================
+## Original readme
+
+https://github.com/apache/struts/tree/master/apps/rest-showcase
+
+```
 README.txt - Rest Showcase Webapp
 
 Rest Showcase is a simple example of REST app build with the REST plugin.
@@ -48,3 +51,4 @@ in an environment where the default locale is set to English. This means that
 the default messages defined in package.properties are in English. If the default
 locale for your server is different, then rename package.properties to package_en.properties
 and create a new package.properties with proper values for your default locale.
+```

pom.xml

@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.struts</groupId>
         <artifactId>struts2-apps</artifactId>
-        <version>2.5.20</version>
+        <version>2.5.10</version>
     </parent>
 
     <artifactId>struts2-rest-showcase</artifactId>
@@ -35,21 +35,21 @@
     <description>Struts 2 Rest Showcase Example</description>
 
     <distributionManagement>
-       <snapshotRepository>
-    <id>nexus</id>
-    <url>http://18.188.100.16:8081/repository/maven-snapshots/</url>
-    </snapshotRepository>
-     <repository>
-    <id>nexus</id>
-    <url>http://18.188.100.16:8081/repository/maven-releases/</url>
-    </repository>
+        <snapshotRepository>
+            <id>nexus</id>
+            <url>http://18.188.100.16:8081/repository/maven-snapshots/</url>
+        </snapshotRepository>
+        <repository>
+            <id>nexus</id>
+            <url>http://18.188.100.16:8081/repository/maven-releases/</url>
+        </repository>
     </distributionManagement>
 
     <dependencies>
         <dependency>
             <groupId>org.apache.struts</groupId>
             <artifactId>struts2-rest-plugin</artifactId>
-	</dependency>
+	    </dependency>
         <dependency>
             <groupId>org.apache.struts</groupId>
             <artifactId>struts2-convention-plugin</artifactId>
@@ -59,10 +59,10 @@
             <artifactId>struts2-config-browser-plugin</artifactId>
         </dependency>
         <dependency>
-        <groupId>com.lowagie</groupId>
-        <artifactId>itext</artifactId>
-        <version>4.2.2</version>
-    </dependency>
+            <groupId>com.lowagie</groupId>
+            <artifactId>itext</artifactId>
+            <version>4.2.2</version>
+        </dependency>
 
         <!-- Logging -->
         <dependency>
@@ -147,5 +147,6 @@
     </build>
     <properties>
     	<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <rat.skip>true</rat.skip>
     </properties>
 </project>