Agent: refactor a couple web_rce methods to static
This commit is contained in:
parent
e69639b426
commit
206abfa5e8
|
@ -58,7 +58,7 @@ class ElasticGroovyExploiter(WebRCE):
|
|||
def get_open_service_ports(self, port_list, names):
|
||||
# We must append elastic port we get from elastic fingerprint module because It's not
|
||||
# marked as 'http' service
|
||||
valid_ports = super(ElasticGroovyExploiter, self).get_open_service_ports(port_list, names)
|
||||
valid_ports = WebRCE.get_open_service_ports(self.host, port_list, names)
|
||||
if ES_SERVICE in self.host.services:
|
||||
valid_ports.append([ES_PORT, False])
|
||||
return valid_ports
|
||||
|
|
|
@ -39,7 +39,7 @@ class Struts2Exploiter(WebRCE):
|
|||
:param extensions: What subdirectories to scan. www.domain.com[/extension]
|
||||
:return: Array of url's to try and attack
|
||||
"""
|
||||
url_list = super(Struts2Exploiter, self).build_potential_urls(ports)
|
||||
url_list = WebRCE.build_potential_urls(self.host.ip_addr, ports)
|
||||
url_list = [self.get_redirected(url) for url in url_list]
|
||||
return url_list
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ from infection_monkey.model import (
|
|||
MONKEY_ARG,
|
||||
POWERSHELL_HTTP_UPLOAD,
|
||||
RUN_MONKEY,
|
||||
WGET_HTTP_UPLOAD,
|
||||
WGET_HTTP_UPLOAD, VictimHost,
|
||||
)
|
||||
from infection_monkey.network.tools import tcp_port_to_service
|
||||
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||
|
@ -154,8 +154,10 @@ class WebRCE(HostExploiter):
|
|||
"""
|
||||
raise NotImplementedError()
|
||||
|
||||
def get_open_service_ports(self, port_list, names):
|
||||
@staticmethod
|
||||
def get_open_service_ports(victim_host: VictimHost, port_list, names): # noqa: F821
|
||||
"""
|
||||
:param victim_host: VictimHost object that exploiter is targeting
|
||||
:param port_list: Potential ports to exploit. For example _config.HTTP_PORTS
|
||||
:param names: [] of service names. Example: ["http"]
|
||||
:return: Returns all open ports from port list that are of service names
|
||||
|
@ -163,12 +165,12 @@ class WebRCE(HostExploiter):
|
|||
candidate_services = {}
|
||||
candidate_services.update(
|
||||
{
|
||||
service: self.host.services[service]
|
||||
for service in self.host.services
|
||||
service: victim_host.services[service]
|
||||
for service in victim_host.services
|
||||
if (
|
||||
self.host.services[service]
|
||||
and "name" in self.host.services[service]
|
||||
and self.host.services[service]["name"] in names
|
||||
victim_host.services[service]
|
||||
and "name" in victim_host.services[service]
|
||||
and victim_host.services[service]["name"] in names
|
||||
)
|
||||
}
|
||||
)
|
||||
|
@ -216,10 +218,12 @@ class WebRCE(HostExploiter):
|
|||
logger.error("Host's exploitability check failed due to: %s" % e)
|
||||
return False
|
||||
|
||||
def build_potential_urls(self, ports, extensions=None):
|
||||
@staticmethod
|
||||
def build_potential_urls(ip: str, ports, extensions=None):
|
||||
"""
|
||||
Build all possibly-vulnerable URLs on a specific host, based on the relevant ports and
|
||||
extensions.
|
||||
:param ip: IP address of the victim
|
||||
:param ports: Array of ports. One port is described as size 2 array: [port.no(int),
|
||||
isHTTPS?(bool)]
|
||||
Eg. ports: [[80, False], [443, True]]
|
||||
|
@ -237,9 +241,7 @@ class WebRCE(HostExploiter):
|
|||
protocol = "https"
|
||||
else:
|
||||
protocol = "http"
|
||||
url_list.append(
|
||||
join(("%s://%s:%s" % (protocol, self.host.ip_addr, port[0])), extension)
|
||||
)
|
||||
url_list.append(join(("%s://%s:%s" % (protocol, ip, port[0])), extension))
|
||||
if not url_list:
|
||||
logger.info("No attack url's were built")
|
||||
return url_list
|
||||
|
@ -329,7 +331,7 @@ class WebRCE(HostExploiter):
|
|||
:return: Array of ports: [[80, False], [443, True]] or False. Port always consists of [
|
||||
port.nr, IsHTTPS?]
|
||||
"""
|
||||
ports = self.get_open_service_ports(ports, names)
|
||||
ports = WebRCE.get_open_service_ports(self.host, ports, names)
|
||||
if not ports:
|
||||
logger.info("All default web ports are closed on %r, skipping", str(self.host))
|
||||
return False
|
||||
|
|
Loading…
Reference in New Issue