improve the check of sufficient URLs for the attack
This commit is contained in:
parent
5a00d5e5f9
commit
9fcf2fe0e6
|
@ -107,6 +107,15 @@ class DrupalExploiter(WebRCE):
|
|||
"""
|
||||
return self.vulnerable_urls.pop()
|
||||
|
||||
def are_vulnerable_urls_sufficient(self):
|
||||
"""
|
||||
For the Drupal exploit, 5 distinct URLs are needed to perform the full attack.
|
||||
:return: Whether the list of vulnerable URLs has at least 5 elements.
|
||||
"""
|
||||
# We need 5 URLs for a "full-chain": check remote files, check architecture, drop monkey, chmod it and run it.
|
||||
num_urls_needed_for_full_exploit = 5
|
||||
return len(self.vulnerable_urls) > num_urls_needed_for_full_exploit
|
||||
|
||||
|
||||
def is_response_cached(r: requests.Response) -> bool:
|
||||
""" Check if a response had the cache header. """
|
||||
|
|
|
@ -92,7 +92,7 @@ class WebRCE(HostExploiter):
|
|||
potential_urls = self.build_potential_urls(ports, exploit_config['url_extensions'])
|
||||
self.add_vulnerable_urls(potential_urls, exploit_config['stop_checking_urls'])
|
||||
|
||||
if not self.vulnerable_urls:
|
||||
if not self.are_vulnerable_urls_sufficient():
|
||||
return False
|
||||
|
||||
self.target_url = self.get_target_url()
|
||||
|
@ -517,3 +517,12 @@ class WebRCE(HostExploiter):
|
|||
:return: a vulnerable URL
|
||||
"""
|
||||
return self.vulnerable_urls[0]
|
||||
|
||||
def are_vulnerable_urls_sufficient(self):
|
||||
"""
|
||||
Determine whether the number of vulnerable URLs is sufficient in order to perform the full attack.
|
||||
Often, a single URL will suffice. However, in some cases (e.g. the Drupal exploit) a vulnerable URL is for
|
||||
single use, thus we need a couple of them.
|
||||
:return: Whether or not a full attack can be performed using the available vulnerable URLs.
|
||||
"""
|
||||
return len(self.vulnerable_urls) > 0
|
||||
|
|
Loading…
Reference in New Issue