A9 Cimentech not exploitable on Linux machines

[rafaveira3]

After building the app, it is not possible to follow the attack narrative and reproduce the exploitation.

Maybe docker running in Linux has some different protections.

Issue found by @mbenford . Thanks for that! 👏🏻

[Krlier]

Nice catch @rafaveira3!

I did some testing and I was able to reproduce this issue. The problem is that some Ruby installations on some Linux systems may come without the Highline gem, which is needed to properly run the exploit.

I took the liberty of creating a few steps on how to solve it, and added a link to this issue on A9's README.md:

As we can see from the image below, I'm not able to properly run the exploit because of the Highline gem:

This issue can be fixed by running the gem installation command and, yes, you need to run it as sudo to work:

sudo gem install highline

After installing the missing gem, I was able to properly run the exploit, as shown by the image below:

If you did all the steps above and is still facing some difficulty running the exploit, please have a look at the troubleshooting section here.

[spimpaov]

I had this same issue on MacOS, and these steps worked for me as well.