cliffe · alixthegreat · Dec 6, 2025 · Dec 9, 2025 · Dec 9, 2025 · Dec 9, 2025
diff --git a/modules/vulnerabilities/unix/http/apache_druid_rce/manifests/install.pp b/modules/vulnerabilities/unix/http/apache_druid_rce/manifests/install.pp
@@ -16,21 +16,31 @@
     home       => $user_home,
     managehome => true,
   }
-
-  # This generates a repo file so we can get packages from debian stretch
-  file { '/etc/apt/sources.list.d/stretch.list':
-    ensure => file,
-    source => "puppet:///modules/${modulename}/stretch.list"
+  exec { 'download-jdk8':
+    cwd     => '/tmp',
+    command => 'wget -O jdk8.tar.gz https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_linux_hotspot_8u432b06.tar.gz',
+    creates => '/tmp/jdk8.tar.gz',
+    timeout => 300,
+  }
+  -> exec { 'extract-jdk8':
+    cwd     => '/tmp',
+    command => 'tar -xzf jdk8.tar.gz',
+    creates => '/tmp/jdk8u432-b06',
   }
-  -> exec { 'update-packages':
-    command => 'apt update'
+  -> exec { 'mkdir-jvm':
+    cwd     => '/tmp',
+    command => 'sudo mkdir /usr/lib/jvm;',
+  }
+  -> exec { 'install-jdk8':
+    cwd     => '/tmp',
+    command => 'mv jdk8u432-b06 /usr/lib/jvm/java-8-openjdk',
+    creates => '/usr/lib/jvm/java-8-openjdk',
   }
-  -> package { 'install-jdk8':
-    ensure => 'installed',
-    name   => 'openjdk-8-jdk',
+  -> file { '/etc/profile.d/java8.sh':
+    ensure  => file,
+    content => "export JAVA_HOME=/usr/lib/jvm/java-8-openjdk\nexport PATH=\$JAVA_HOME/bin:\$PATH\n",
+    mode    => '0644',
   }
-  # openjdk8 is required. Since we are buster, we need the repos within stretch for this
-  #ensure_packages(['openjdk-8-jdk'], { ensure => 'installed'})
 
   $releasename = "${modulename}.tar.gz"
   $currentsource = ["${releasename}.partaa",

diff --git a/modules/vulnerabilities/unix/http/apache_druid_rce/templates/druid.service.erb b/modules/vulnerabilities/unix/http/apache_druid_rce/templates/druid.service.erb
@@ -9,6 +9,9 @@ WorkingDirectory=/usr/local/apache-druid/
 ExecStart=/usr/local/apache-druid/bin/start-nano-quickstart
 Restart=always
 RestartSec=1
+Environment="JAVA_HOME=/usr/lib/jvm/java-8-openjdk"
+Environment="PATH=/usr/lib/jvm/java-8-openjdk/bin:/usr/bin:/bin"
+Environment="DRUID_SKIP_JAVA_CHECK=1"
 
 [Install]
 WantedBy=multi-user.target
diff --git a/scenarios/ctf/eventful_data.xml b/scenarios/ctf/eventful_data.xml
@@ -91,13 +91,16 @@
 
     <system>
         <system_name>server</system_name>
-        <base distro="Debian 10" type="desktop" name="KDE" />
+        <base distro="Debian 12" type="desktop" name="KDE" />
 
         <vulnerability module_path=".*/apache_druid_rce">
             <input into="strings_to_leak">
                 <generator type="flag_generator" />
             </input>
-            <input into="strings_to_pre_leak">
+        </vulnerability>
+
+        <vulnerability module_path=".*/sudo_root_more">
+        <input into="strings_to_leak">
                 <encoder type="^(ascii|alpha)_reversible$" difficulty="low">
                     <input into="strings_to_encode">
                         <generator type="flag_generator" />
@@ -106,8 +109,6 @@
             </input>
         </vulnerability>
 
-        <vulnerability module_path=".*/sudo_root_more"></vulnerability>
-
         <network type="private_network">
             <input into="IP_address">
                 <datastore access="1">IP_addresses</datastore>