Rails-doubletap-RCE Unable to start demo app

I ran

bundle install

then I got the error

 /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/application.rb:585:in `validate_secret_key_base': Missing `secret_key_base` for 'production' environment, set this string with `rails credentials:edit` (ArgumentError)

so I ran

rails credentials:edit

then I got the error

root@none:/var/www/Rails-doubletap-RCE/demo-5.2.1# rails s -b 0.0.0.0 -e production => Booting Puma => Rails 5.2.1 application starting in production => Run rails server -h for more startup options Exiting Traceback (most recent call last): 104: from bin/rails:4:in <main>' 103: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:287:in require' 102: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:253:in load_dependency' 101: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:287:in block in require' 100: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:29:in require' 99: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:20:in require_with_bootsnap_lfi' 98: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/loaded_features_index.rb:83:in register' 97: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in block in require_with_bootsnap_lfi' 96: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in require' 95: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/commands.rb:18:in

' 94: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/command.rb:46:in invoke' 93: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/command/base.rb:65:in perform' 92: from /usr/local/rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor.rb:387:in dispatch' 91: from /usr/local/rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/invocation.rb:126:in invoke_command' 90: from /usr/local/rvm/gems/ruby-2.5.1/gems/thor-0.20.3/lib/thor/command.rb:27:in run' 89: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/commands/server/server_command.rb:142:in perform' 88: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/commands/server/server_command.rb:142:in tap' 87: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/commands/server/server_command.rb:147:in block in perform' 86: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/commands/server/server_command.rb:53:in start' 85: from /usr/local/rvm/gems/ruby-2.5.1/gems/rack-2.0.6/lib/rack/server.rb:283:in start' 84: from /usr/local/rvm/gems/ruby-2.5.1/gems/rack-2.0.6/lib/rack/server.rb:354:in

wrapped_app' 83: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/commands/server/server_command.rb:27:in

app' 82: from /usr/local/rvm/gems/ruby-2.5.1/gems/rack-2.0.6/lib/rack/server.rb:219:in app' 81: from /usr/local/rvm/gems/ruby-2.5.1/gems/rack-2.0.6/lib/rack/server.rb:319:in build_app_and_options_from_config' 80: from /usr/local/rvm/gems/ruby-2.5.1/gems/rack-2.0.6/lib/rack/builder.rb:40:in parse_file' 79: from /usr/local/rvm/gems/ruby-2.5.1/gems/rack-2.0.6/lib/rack/builder.rb:49:in new_from_string' 78: from /usr/local/rvm/gems/ruby-2.5.1/gems/rack-2.0.6/lib/rack/builder.rb:49:in eval' 77: from config.ru:in

' 76: from config.ru:in new' 75: from /usr/local/rvm/gems/ruby-2.5.1/gems/rack-2.0.6/lib/rack/builder.rb:55:in initialize' 74: from /usr/local/rvm/gems/ruby-2.5.1/gems/rack-2.0.6/lib/rack/builder.rb:55:in instance_eval' 73: from config.ru:3:in block in

' 72: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:44:in

require_relative' 71: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:287:in

require' 70: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:253:in

load_dependency' 69: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:287:in

block in require' 68: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:29:in

require' 67: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:20:in

require_with_bootsnap_lfi' 66: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/loaded_features_index.rb:83:in

register' 65: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in

block in require_with_bootsnap_lfi' 64: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in require' 63: from /var/www/Rails-doubletap-RCE/demo-5.2.1/config/environment.rb:5:in

' 62: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/application.rb:361:in initialize!' 61: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/initializable.rb:60:in run_initializers' 60: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:205:in tsort_each' 59: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:226:in tsort_each' 58: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:347:in each_strongly_connected_component' 57: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:347:in call' 56: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:347:in each' 55: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:349:in block in each_strongly_connected_component' 54: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:431:in each_strongly_connected_component_from' 53: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:350:in block (2 levels) in each_strongly_connected_component' 52: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/tsort.rb:228:in block in tsort_each' 51: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/initializable.rb:61:in block in run_initializers' 50: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/initializable.rb:32:in run' 49: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/initializable.rb:32:in instance_exec' 48: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/application/finisher.rb:69:in

block in <module:Finisher>' 47: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/application/finisher.rb:69:in

each' 46: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/engine.rb:356:in eager_load!' 45: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/engine.rb:475:in eager_load!' 44: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/engine.rb:475:in each' 43: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/engine.rb:477:in block in eager_load!' 42: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/engine.rb:477:in each' 41: from /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/engine.rb:478:in block (2 levels) in eager_load!' 40: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:244:in

require_dependency' 39: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/active_support.rb:82:in

depend_on' 38: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:330:in

depend_on' 37: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/active_support.rb:47:in

require_or_load' 36: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/active_support.rb:16:in

allow_bootsnap_retry' 35: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/active_support.rb:48:in

block in require_or_load' 34: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:352:in

require_or_load' 33: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:37:in

load_interlock' 32: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies/interlock.rb:13:in

loading' 31: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/concurrency/share_lock.rb:151:in

exclusive' 30: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies/interlock.rb:14:in

block in loading' 29: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:37:in

block in load_interlock' 28: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:369:in

block in require_or_load' 27: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:471:in

load_file' 26: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:657:in

new_constants_in' 25: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/dependencies.rb:472:in

block in load_file' 24: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:50:in

load' 23: from /usr/local/rvm/gems/ruby-2.5.1/gems/bootsnap-1.4.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:50:in

load' 22: from /usr/local/rvm/gems/ruby-2.5.1/gems/activestorage-5.2.1/app/models/active_storage/blob.rb:16:in <main>' 21: from /usr/local/rvm/gems/ruby-2.5.1/gems/activestorage-5.2.1/app/models/active_storage/blob.rb:206:in class:Blob' 20: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/lazy_load_hooks.rb:51:in

run_load_hooks' 19: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/lazy_load_hooks.rb:51:in

each' 18: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/lazy_load_hooks.rb:52:in

block in run_load_hooks' 17: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/lazy_load_hooks.rb:67:in

execute_hook' 16: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/lazy_load_hooks.rb:62:in

with_execution_control' 15: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/lazy_load_hooks.rb:71:in

block in execute_hook' 14: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/lazy_load_hooks.rb:71:in instance_eval' 13: from /usr/local/rvm/gems/ruby-2.5.1/gems/activestorage-5.2.1/lib/active_storage/engine.rb:81:in block (2 levels) in class:Engine' 12: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/erb.rb:876:in result' 11: from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/erb.rb:876:in eval' 10: from (erb):12:in

<main>' 9: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/core_ext/module/delegation.rb:271:in

method_missing' 8: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/encrypted_configuration.rb:38:in

options' 7: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/encrypted_configuration.rb:33:in

config' 6: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/encrypted_configuration.rb:21:in read' 5: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/encrypted_file.rb:42:in read' 4: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/encrypted_file.rb:79:in decrypt' 3: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/messages/rotator.rb:21:in decrypt_and_verify' 2: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/message_encryptor.rb:157:in

decrypt_and_verify' 1: from /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/message_encryptor.rb:183:in

_decrypt' /usr/local/rvm/gems/ruby-2.5.1/gems/activesupport-5.2.1/lib/active_support/message_encryptor.rb:206:in `rescue in _decrypt': ActiveSupport::MessageEncryptor::InvalidMessage (ActiveSupport::MessageEncryptor::InvalidMessage)

Apr 05 '19 07:04 romanianstrife

Any idea on how I can get this demo app to run?

Apr 05 '19 07:04 romanianstrife

Try this: https://github.com/rails/rails/issues/31397#issuecomment-387561117

Apr 05 '19 13:04 mpgn

Now I am getting

/usr/local/rvm/gems/ruby-2.5.1/gems/execjs-2.7.0/lib/execjs/runtimes.rb:58:in `autodetect': Could not find a JavaScript runtime. See https://github.com/rails/execjs for a list of available runtimes. (ExecJS::RuntimeUnavailable)

and I already went there and installed therubyracer

any ideas?

Apr 08 '19 01:04 romanianstrife

FYI, full installation based on current commit (tested on Debian 9/10/Kali):

apt update && apt install -y git curl curl -sSL https://get.rvm.io -o rvm.sh && bash rvm.sh && source /etc/profile.d/rvm.sh rvm install ruby-2.5.1 git clone https://github.com/mpgn/Rails-doubletap-RCE && cd Rails-doubletap-RCE/demo-5.2.1 sed -i "s/# gem 'mini_racer/gem 'mini_racer/g" Gemfile bundle install rm config/credentials.yml.enc && EDITOR=vi rails credentials:edit ## --> Just save & exit 'ZZ' rails s -b 0.0.0.0 -e production

Jul 07 '19 20:07 tijldeneut

And to make the exploit work, change the IP address & port and run this to bypass proxy requirement: sed -i "s/, $proxy_addr, $proxy_port//g" exploit.rb

Jul 07 '19 20:07 tijldeneut

Rails-doubletap-RCE Rails-doubletap-RCE copied to clipboard

Unable to start demo app

Rails-doubletap-RCE
Rails-doubletap-RCE copied to clipboard