diff --git a/monkey/infection_monkey/exploit/drupal.py b/monkey/infection_monkey/exploit/drupal.py index 113788993..c4c834559 100644 --- a/monkey/infection_monkey/exploit/drupal.py +++ b/monkey/infection_monkey/exploit/drupal.py @@ -106,6 +106,15 @@ class DrupalExploiter(WebRCE): :return: vulnerable URL to exploit """ return self.vulnerable_urls.pop() + + def are_vulnerable_urls_sufficient(self): + """ + For the Drupal exploit, 5 distinct URLs are needed to perform the full attack. + :return: Whether the list of vulnerable URLs has at least 5 elements. + """ + # We need 5 URLs for a "full-chain": check remote files, check architecture, drop monkey, chmod it and run it. + num_urls_needed_for_full_exploit = 5 + return len(self.vulnerable_urls) > num_urls_needed_for_full_exploit def is_response_cached(r: requests.Response) -> bool: diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index 833023141..0f489d0a6 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -92,7 +92,7 @@ class WebRCE(HostExploiter): potential_urls = self.build_potential_urls(ports, exploit_config['url_extensions']) self.add_vulnerable_urls(potential_urls, exploit_config['stop_checking_urls']) - if not self.vulnerable_urls: + if not self.are_vulnerable_urls_sufficient(): return False self.target_url = self.get_target_url() @@ -517,3 +517,12 @@ class WebRCE(HostExploiter): :return: a vulnerable URL """ return self.vulnerable_urls[0] + + def are_vulnerable_urls_sufficient(self): + """ + Determine whether the number of vulnerable URLs is sufficient in order to perform the full attack. + Often, a single URL will suffice. However, in some cases (e.g. the Drupal exploit) a vulnerable URL is for + single use, thus we need a couple of them. + :return: Whether or not a full attack can be performed using the available vulnerable URLs. + """ + return len(self.vulnerable_urls) > 0