Fixed grequsts/gevents monkey patching of socket code, which lead to paramiko being unable to function after a shellshock scan.
This commit is contained in:
parent
39eaca300f
commit
ce3eaa9b2e
|
@ -92,7 +92,6 @@ class ShellShockExploiter(HostExploiter):
|
|||
LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
|
||||
return False
|
||||
|
||||
|
||||
# copy the monkey
|
||||
dropper_target_path_linux = self._config.dropper_target_path_linux
|
||||
if self.skip_exist and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
||||
|
@ -193,7 +192,7 @@ class ShellShockExploiter(HostExploiter):
|
|||
Checks if which urls exist
|
||||
:return: Sequence of URLs to try and attack
|
||||
"""
|
||||
import grequests
|
||||
import grequests # at this point, it monkey patches half the world and we must stop it
|
||||
attack_path = 'http://'
|
||||
if is_https:
|
||||
attack_path = 'https://'
|
||||
|
@ -203,6 +202,10 @@ class ShellShockExploiter(HostExploiter):
|
|||
resps = grequests.map(reqs, size=15)
|
||||
valid_resps = [resp for resp in resps if resp and resp.status_code == requests.codes.ok]
|
||||
urls = [resp.url for resp in valid_resps]
|
||||
|
||||
# revert monkey patch
|
||||
import socket # this is the monkeypatched socket module
|
||||
reload(socket)
|
||||
return urls
|
||||
|
||||
@staticmethod
|
||||
|
|
Loading…
Reference in New Issue