Maltrail RCE CVE-2025-34073#365
Open
girlier wants to merge 18 commits intocliffe:masterfrom
Open
Conversation
- Replace maltrail-0.54.tar.gz with maltrail-0.53.tar.gz containing vulnerable version - Update manifests/install.pp with version 0.53 references and correct extraction path - Update secgen_metadata.xml with corrected CVE description (<= 0.53) - Fix maltrail.conf with all required options for v0.53: - Add CAPTURE_BUFFER 1GB (mandatory option) - Add UPDATE_PERIOD 24 (mandatory option) - Update maltrail.service.erb description to include version 0.53 - Remove empty <service/> tag from off_the_trail.xml to prevent random kibana selection
…a log Implements comprehensive MalTrail data generation for the off_the_trail CTF scenario: Generator Module (maltrail_data): - Creates randomized threat events with synthetic IPs, domains, and URLs - Generates configurable event volumes (low: 10-20, medium: 50-100, high: 500-1000) - Embeds a second CTF flag within DNS query events to update.secgen-ctf.local - Produces custom trails file for static threat detection Vulnerability Module Updates: - Adds maltrail_flag and data_volume inputs to secgen_metadata.xml - Deploys helper scripts for log and trails generation at provisioning time - Creates /var/log/maltrail/YYYY-MM-DD.log with synthetic events - Creates /opt/maltrail/trails/custom.txt with custom threat indicators - Fixes admin password hash in maltrail.conf Scenario Updates: - Adds dual-flag challenge structure to off_the_trail.xml - Flag 1: Found via RCE exploitation and filesystem access - Flag 2: Hidden in MalTrail web UI threat data (trail_info field)
- Downgrade MalTrail from v0.53 to v0.52 for CVE-2025-34073 - Rename configure.pp to config.pp for consistency - Convert static maltrail.conf to ERB template - Simplify metadata and remove redundant comments - Use username_generator instead of hardcoded username - Update off_the_trail scenario: lower difficulty, add privesc vuln - Insert flag trail in middle of custom trails file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Maltrail RCE CVE-2025-34073
Maltrail RCE Vulnerability Module with a multi-stage attack scenario (Off-the-trail). Off-the-trail CTF contains 3 flags. The first flag is inserted into the populated trails (fake malicious traffic). The Second is exploitable from CVE-2025-34073 through the Metasploit module. The third flag (root) is set to a misconfiguration found in writable_passwd and writable_shadow.
Application
Module Implementation
Options
Attributes
Tests