BB: Remove Struts2 exploiter
This commit is contained in:
parent
1f32132571
commit
d3c60af960
|
@ -16,7 +16,6 @@ class Performance(ConfigTemplate):
|
||||||
"SmbExploiter",
|
"SmbExploiter",
|
||||||
"WmiExploiter",
|
"WmiExploiter",
|
||||||
"SSHExploiter",
|
"SSHExploiter",
|
||||||
"Struts2Exploiter",
|
|
||||||
"WebLogicExploiter",
|
"WebLogicExploiter",
|
||||||
"HadoopExploiter",
|
"HadoopExploiter",
|
||||||
"MSSQLExploiter",
|
"MSSQLExploiter",
|
||||||
|
@ -27,8 +26,6 @@ class Performance(ConfigTemplate):
|
||||||
"basic_network.network_analysis.inaccessible_subnets": [
|
"basic_network.network_analysis.inaccessible_subnets": [
|
||||||
"10.2.2.0/30",
|
"10.2.2.0/30",
|
||||||
"10.2.2.8/30",
|
"10.2.2.8/30",
|
||||||
"10.2.2.24/32",
|
|
||||||
"10.2.2.23/32",
|
|
||||||
"10.2.2.21/32",
|
"10.2.2.21/32",
|
||||||
"10.2.2.19/32",
|
"10.2.2.19/32",
|
||||||
"10.2.2.18/32",
|
"10.2.2.18/32",
|
||||||
|
@ -53,8 +50,6 @@ class Performance(ConfigTemplate):
|
||||||
"10.2.2.19",
|
"10.2.2.19",
|
||||||
"10.2.2.20",
|
"10.2.2.20",
|
||||||
"10.2.2.21",
|
"10.2.2.21",
|
||||||
"10.2.2.23",
|
|
||||||
"10.2.2.24",
|
|
||||||
"10.2.2.25",
|
"10.2.2.25",
|
||||||
"10.2.3.55",
|
"10.2.3.55",
|
||||||
"10.2.3.56",
|
"10.2.3.56",
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
from copy import copy
|
|
||||||
|
|
||||||
from envs.monkey_zoo.blackbox.config_templates.base_template import BaseTemplate
|
|
||||||
from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemplate
|
|
||||||
|
|
||||||
|
|
||||||
class Struts2(ConfigTemplate):
|
|
||||||
|
|
||||||
config_values = copy(BaseTemplate.config_values)
|
|
||||||
|
|
||||||
config_values.update(
|
|
||||||
{
|
|
||||||
"basic.exploiters.exploiter_classes": ["Struts2Exploiter"],
|
|
||||||
"basic_network.scope.depth": 2,
|
|
||||||
"basic_network.scope.subnet_scan_list": ["10.2.2.23", "10.2.2.24"],
|
|
||||||
"internal.network.tcp_scanner.HTTP_PORTS": [80, 8080],
|
|
||||||
"internal.network.tcp_scanner.tcp_target_ports": [80, 8080],
|
|
||||||
}
|
|
||||||
)
|
|
|
@ -7,8 +7,6 @@ GCP_TEST_MACHINE_LIST = {
|
||||||
"mssql-16",
|
"mssql-16",
|
||||||
"mimikatz-14",
|
"mimikatz-14",
|
||||||
"mimikatz-15",
|
"mimikatz-15",
|
||||||
"struts2-23",
|
|
||||||
"struts2-24",
|
|
||||||
"tunneling-9",
|
"tunneling-9",
|
||||||
"tunneling-10",
|
"tunneling-10",
|
||||||
"tunneling-11",
|
"tunneling-11",
|
||||||
|
|
|
@ -22,7 +22,6 @@ from envs.monkey_zoo.blackbox.config_templates.powershell_credentials_reuse impo
|
||||||
from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz
|
from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz
|
||||||
from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth
|
from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth
|
||||||
from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh
|
from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh
|
||||||
from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2
|
|
||||||
from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling
|
from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling
|
||||||
from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic
|
from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic
|
||||||
from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz
|
from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz
|
||||||
|
@ -190,10 +189,6 @@ class TestMonkeyBlackbox:
|
||||||
def test_drupal_exploiter(self, island_client):
|
def test_drupal_exploiter(self, island_client):
|
||||||
TestMonkeyBlackbox.run_exploitation_test(island_client, Drupal, "Drupal_exploiter")
|
TestMonkeyBlackbox.run_exploitation_test(island_client, Drupal, "Drupal_exploiter")
|
||||||
|
|
||||||
@pytest.mark.skip(reason="Struts2 exploiter is deprecated")
|
|
||||||
def test_struts_exploiter(self, island_client):
|
|
||||||
TestMonkeyBlackbox.run_exploitation_test(island_client, Struts2, "Struts2_exploiter")
|
|
||||||
|
|
||||||
@pytest.mark.skip(reason="Weblogic exploiter is deprecated")
|
@pytest.mark.skip(reason="Weblogic exploiter is deprecated")
|
||||||
def test_weblogic_exploiter(self, island_client):
|
def test_weblogic_exploiter(self, island_client):
|
||||||
TestMonkeyBlackbox.run_exploitation_test(island_client, Weblogic, "Weblogic_exploiter")
|
TestMonkeyBlackbox.run_exploitation_test(island_client, Weblogic, "Weblogic_exploiter")
|
||||||
|
|
|
@ -14,7 +14,6 @@ from envs.monkey_zoo.blackbox.config_templates.powershell import PowerShell
|
||||||
from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz
|
from envs.monkey_zoo.blackbox.config_templates.smb_mimikatz import SmbMimikatz
|
||||||
from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth
|
from envs.monkey_zoo.blackbox.config_templates.smb_pth import SmbPth
|
||||||
from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh
|
from envs.monkey_zoo.blackbox.config_templates.ssh import Ssh
|
||||||
from envs.monkey_zoo.blackbox.config_templates.struts2 import Struts2
|
|
||||||
from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling
|
from envs.monkey_zoo.blackbox.config_templates.tunneling import Tunneling
|
||||||
from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic
|
from envs.monkey_zoo.blackbox.config_templates.weblogic import Weblogic
|
||||||
from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz
|
from envs.monkey_zoo.blackbox.config_templates.wmi_mimikatz import WmiMimikatz
|
||||||
|
@ -45,7 +44,6 @@ CONFIG_TEMPLATES = [
|
||||||
SmbMimikatz,
|
SmbMimikatz,
|
||||||
SmbPth,
|
SmbPth,
|
||||||
Ssh,
|
Ssh,
|
||||||
Struts2,
|
|
||||||
Tunneling,
|
Tunneling,
|
||||||
Weblogic,
|
Weblogic,
|
||||||
WmiMimikatz,
|
WmiMimikatz,
|
||||||
|
|
|
@ -22,8 +22,6 @@ This document describes Infection Monkey’s test network, how to deploy and use
|
||||||
[Nr. 19 WebLogic](#_Toc526517181)<br>
|
[Nr. 19 WebLogic](#_Toc526517181)<br>
|
||||||
[Nr. 21 Scan](#_Toc526517196)<br>
|
[Nr. 21 Scan](#_Toc526517196)<br>
|
||||||
[Nr. 22 Scan](#_Toc526517197)<br>
|
[Nr. 22 Scan](#_Toc526517197)<br>
|
||||||
[Nr. 23 Struts2](#_Toc536021476)<br>
|
|
||||||
[Nr. 24 Struts2](#_Toc536021477)<br>
|
|
||||||
[Nr. 25 Zerologon](#_Toc536021478)<br>
|
[Nr. 25 Zerologon](#_Toc536021478)<br>
|
||||||
[Nr. 3-45 Powershell](#_Toc536021479)<br>
|
[Nr. 3-45 Powershell](#_Toc536021479)<br>
|
||||||
[Nr. 3-46 Powershell](#_Toc536021480)<br>
|
[Nr. 3-46 Powershell](#_Toc536021480)<br>
|
||||||
|
@ -776,74 +774,6 @@ Update all requirements using deployment script:<br>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
<table>
|
|
||||||
<thead>
|
|
||||||
<tr class="header">
|
|
||||||
<th><p><span id="_Toc536021476" class="anchor"></span>Nr. <strong>23</strong> Struts2</p>
|
|
||||||
<p>(10.2.2.23)</p></th>
|
|
||||||
<th>(Vulnerable)</th>
|
|
||||||
</tr>
|
|
||||||
</thead>
|
|
||||||
<tbody>
|
|
||||||
<tr class="odd">
|
|
||||||
<td>OS:</td>
|
|
||||||
<td><strong>Ubuntu 16.04.05 x64</strong></td>
|
|
||||||
</tr>
|
|
||||||
<tr class="even">
|
|
||||||
<td>Software:</td>
|
|
||||||
<td><p>JDK,</p>
|
|
||||||
<p>struts2 2.3.15.1,</p>
|
|
||||||
<p>tomcat 9.0.0.M9</p></td>
|
|
||||||
</tr>
|
|
||||||
<tr class="odd">
|
|
||||||
<td>Default server’s port:</td>
|
|
||||||
<td>8080</td>
|
|
||||||
</tr>
|
|
||||||
<tr class="even">
|
|
||||||
<td>Server’s config:</td>
|
|
||||||
<td>Default</td>
|
|
||||||
</tr>
|
|
||||||
<tr class="odd">
|
|
||||||
<td>Notes:</td>
|
|
||||||
<td></td>
|
|
||||||
</tr>
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
|
|
||||||
<table>
|
|
||||||
<thead>
|
|
||||||
<tr class="header">
|
|
||||||
<th><p><span id="_Toc536021477" class="anchor"></span>Nr. <strong>24</strong> Struts2</p>
|
|
||||||
<p>(10.2.2.24)</p></th>
|
|
||||||
<th>(Vulnerable)</th>
|
|
||||||
</tr>
|
|
||||||
</thead>
|
|
||||||
<tbody>
|
|
||||||
<tr class="odd">
|
|
||||||
<td>OS:</td>
|
|
||||||
<td><strong>Windows 10 x64</strong></td>
|
|
||||||
</tr>
|
|
||||||
<tr class="even">
|
|
||||||
<td>Software:</td>
|
|
||||||
<td><p>JDK,</p>
|
|
||||||
<p>struts2 2.3.15.1,</p>
|
|
||||||
<p>tomcat 9.0.0.M9</p></td>
|
|
||||||
</tr>
|
|
||||||
<tr class="odd">
|
|
||||||
<td>Default server’s port:</td>
|
|
||||||
<td>8080</td>
|
|
||||||
</tr>
|
|
||||||
<tr class="even">
|
|
||||||
<td>Server’s config:</td>
|
|
||||||
<td>Default</td>
|
|
||||||
</tr>
|
|
||||||
<tr class="odd">
|
|
||||||
<td>Notes:</td>
|
|
||||||
<td></td>
|
|
||||||
</tr>
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
|
|
||||||
<table>
|
<table>
|
||||||
<thead>
|
<thead>
|
||||||
<tr class="header">
|
<tr class="header">
|
||||||
|
|
|
@ -99,14 +99,6 @@ data "google_compute_image" "scan-22" {
|
||||||
name = "scan-22"
|
name = "scan-22"
|
||||||
project = local.monkeyzoo_project
|
project = local.monkeyzoo_project
|
||||||
}
|
}
|
||||||
data "google_compute_image" "struts2-23" {
|
|
||||||
name = "struts2-23"
|
|
||||||
project = local.monkeyzoo_project
|
|
||||||
}
|
|
||||||
data "google_compute_image" "struts2-24" {
|
|
||||||
name = "struts2-24"
|
|
||||||
project = local.monkeyzoo_project
|
|
||||||
}
|
|
||||||
data "google_compute_image" "zerologon-25" {
|
data "google_compute_image" "zerologon-25" {
|
||||||
name = "zerologon-25"
|
name = "zerologon-25"
|
||||||
project = local.monkeyzoo_project
|
project = local.monkeyzoo_project
|
||||||
|
|
|
@ -480,36 +480,6 @@ resource "google_compute_instance_from_template" "scan-22" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_instance_from_template" "struts2-23" {
|
|
||||||
name = "${local.resource_prefix}struts2-23"
|
|
||||||
source_instance_template = local.default_ubuntu
|
|
||||||
boot_disk{
|
|
||||||
initialize_params {
|
|
||||||
image = data.google_compute_image.struts2-23.self_link
|
|
||||||
}
|
|
||||||
auto_delete = true
|
|
||||||
}
|
|
||||||
network_interface {
|
|
||||||
subnetwork="${local.resource_prefix}monkeyzoo-main"
|
|
||||||
network_ip="10.2.2.23"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_compute_instance_from_template" "struts2-24" {
|
|
||||||
name = "${local.resource_prefix}struts2-24"
|
|
||||||
source_instance_template = local.default_windows
|
|
||||||
boot_disk{
|
|
||||||
initialize_params {
|
|
||||||
image = data.google_compute_image.struts2-24.self_link
|
|
||||||
}
|
|
||||||
auto_delete = true
|
|
||||||
}
|
|
||||||
network_interface {
|
|
||||||
subnetwork="${local.resource_prefix}monkeyzoo-main"
|
|
||||||
network_ip="10.2.2.24"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_compute_instance_from_template" "zerologon-25" {
|
resource "google_compute_instance_from_template" "zerologon-25" {
|
||||||
name = "${local.resource_prefix}zerologon-25"
|
name = "${local.resource_prefix}zerologon-25"
|
||||||
source_instance_template = local.default_windows
|
source_instance_template = local.default_windows
|
||||||
|
|
Loading…
Reference in New Issue