Setup a vulnerable instance of Struts 2

Follow these steps to setup a vulnerable instance of Struts 2 for lab testing - CVE-2017-5638

Instructions are for Ubuntu Server, but should work with other distros.

---

Install Oracle Java JDK 8

sudo mkdir -p /usr/lib/jvm
sudo mv ./jdk1.8.0* /usr/lib/jvm/
sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_171/bin/java" 1
sudo update-alternatives --install "/usr/bin/javac" "javac" "/usr/lib/jvm/jdk1.8.0_171/bin/javac" 1
sudo update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/lib/jvm/jdk1.8.0_171/bin/javaws" 1
sudo chmod a+x /usr/bin/java
sudo chmod a+x /usr/bin/javac
sudo chmod a+x /usr/bin/javaws
sudo chown -R root:root /usr/lib/jvm/jdk1.8.0_171
sudo update-alternatives --config java
sudo update-alternatives --config javac
sudo update-alternatives --config javaws

If you see "nothing to configure" that's OK.
java -version

Step2: Tomcat install

tar xvzf apache-tomcat-9.0.0.M26.tar.gz
sudo mkdir /usr/local/tomcat
sudo mv apache-tomcat-9.0.0.M26/* /usr/local/tomcat
Ubuntu server, execute these commands:
cd
vi .bashrc
Add this line to the bottom of the file, as shown below.
export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_171
Save the file with :wq, Enter.
Ubuntu server, execute this command to set the new environment variable:
source .bashrc
Ubuntu server, execute this command to start Tomcat:
/usr/local/tomcat/bin/startup.sh
Tomcat starts
On your host system, in a Web browser, open this URL, replacing the IP.
http://System_IP:8080/
You see an Apache Tomcat page.

Step3: Install unzip

Step4: Install Struts2 (Old, Vulnerable Version)

Step5: Install Maven

sudo tar xvzf apache-maven*.tar.gz -C /opt/
cd
nano .bashrc
Add this line to the bottom of the file, as shown below.
export PATH=$PATH:/opt/apache-maven-3.5.0/bin
Save the file with Ctrl+X, Y, Enter.
Ubuntu server, execute this command to set the new environment variable:
source .bashrc
In the SSH session controlling your Ubuntu server, execute this command:
mvn -version
You see a version number
Step5: Creating a Project
Ubuntu server, execute these commands:
cd
mvn archetype:generate \
-DgroupId=com.tutorialforlinux \
-DartifactId=myWebApp \
-DarchetypeArtifactId=maven-archetype-webapp
Many pages of "Downloading" messages scroll by.
When you see the message: "Define value for property 'version' 1.0-SNAPSHOT: :", press Enter.
When you see the message: "Y: :", press Enter.
You see a "BUILD SUCCESS" message

Ubuntu server, execute these commands:
cd myWebApp
nano pom.xml
The file opens, as shown below. This is an XML configuration file.
At the bottom of the file, in the "build" section, change myWebApp to basic_struts,
<build>
<finalName>basic_struts</finalName>
</build>
At the bottom of the file, in the "dependencies" section, add a new "dependency" section, Include in the <dependencies> Section:

<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-core</artifactId>
<version>2.5.10</version>
</dependency>
Save the file with Ctrl+X, Y, Enter.

To make your web app,Ubuntu server, execute this command:
mvn clean package
Many pages of "Downloading" messages scroll by, ending with a green "BUILD SUCCESS" message
This has created a "war" file, ready to deploy, at this location:
~/myWebApp/target/basic_struts.war
However, we don't actually need that application. We'll deploy a different one later.

Step6: Configuring Web-Based Deployment

Add this line to the bottom of the file, as shown below.
export CATALINA_HOME=/usr/local/tomcat

Save the file with Ctrl+X, Y, Enter.
Ubuntu server, execute this command to set the new environment variable:
source .bashrc
Now we need to adjust the tomcat configuration to allow administration from remote addresses.
Ubuntu server, execute this command:
sudo nano $CATALINA_HOME/conf/tomcat-users.xml
The "tomcat-users" section contain only comments,
Insert these lines into the "tomcat-users" section,
<role rolename="manager-gui" />
<user username="admin" password="admin" roles="manager-gui"/>

Save the file with Ctrl+X, Y, Enter.
Ubuntu server, execute this command:
sudo nano $CATALINA_HOME/conf/Catalina/localhost/manager.xml

Insert these lines into the file, as shown below.

<Context privileged="true" antiResourceLocking="false"
docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />
</Context>
Save the file with Ctrl+X, Y, Enter.
Ubuntu server, execute these commands to restart Tomcat. It may take a few minutes to shut down the first time--that's OK.
sudo $CATALINA_HOME/bin/shutdown.sh
sudo $CATALINA_HOME/bin/startup.sh
Tomcat restarts,

Step 7: Opening the Web-Based Administration Page

http://IP:8080/manager
A box pops up asking for credentials. Enter these credentials:
Username: admin
Password: admin

In the "Tomcat Web Application Manager" page, scroll down to the "Deploy" section

Step 8: Downloading a Vulnerable Web App

On the right side, click the Download button.
You get a file named struts2_2.3.15.1-showcase.war

Step9: Deploying the Vulnerable Web App
In the "Tomcat Web Application Manager" page, in the "Deploy" section, in the "WAR file to deploy" section, click the "Choose File" button.

Navigate to your Downloads folder and double-click the struts2_2.3.15.1-showcase.war file.

Click the Deploy button.

The Tomcat page now shows the /struts2_2.3.15.1-showcase application at the bottom of the Applications section, as shown below
Click /struts2_2.3.15.1-showcase.
The "Struts2 Showcase" page should appear.

referenced this blog with some tweaks..

http://blog.ud64.com/2017/09/apache-struts-with-cve-2017-5638-set-up.html