Agent: fix log4shell to always close ldap and http servers, even on errors

This commit is contained in:
vakarisz 2022-01-06 12:56:04 +02:00
parent 9d5ea0f41f
commit 7bace927f8
1 changed files with 9 additions and 8 deletions

View File

@ -69,16 +69,17 @@ class Log4ShellExploiter(WebRCE):
ldap_thread = ldap.get_run_thread() ldap_thread = ldap.get_run_thread()
ldap_thread.start() ldap_thread.start()
self._trigger_exploit() try:
self.exploit(None, None)
finally:
http_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
http_thread.stop()
http_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT) java_class_http_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
http_thread.stop() Log4ShellExploiter.HTTPHandler.stop = True
java_class_http_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT) ldap_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
Log4ShellExploiter.HTTPHandler.stop = True ldap.stop()
ldap_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
ldap.stop()
# If java class was downloaded it means that victim is vulnerable # If java class was downloaded it means that victim is vulnerable
return Log4ShellExploiter.HTTPHandler.class_downloaded return Log4ShellExploiter.HTTPHandler.class_downloaded