vakarisz
a5a4957c29
Agent: small readability and style improvements
2022-01-18 15:01:47 +02:00
vakarisz
03919c3caf
Agent: fix struts2 url building
2022-01-18 14:29:57 +02:00
vakarisz
76a32d241c
Agent: log4shell readability and style fixes
2022-01-18 12:48:56 +02:00
vakarisz
52ac7dd295
Agent: fix a bug in web_rce url building
...
build_potential_urls was made static and takes IP as first parameter, but the users of this method wasn't changed and only passed ports
2022-01-18 12:22:38 +02:00
vakarisz
e3f9312ff9
BB: change log4j exploit depth to 1 (default)
...
This change is necessary to make sure that exploitation is successfull from a particular machine being tested.
2022-01-18 11:44:47 +02:00
vakarisz
f667d9203b
Agent: update Pipfile.lock to contain pyinstaller changes
...
Pyinstaller got changed to not crash ldap server that's running on a spawned process, by continuing if no m0nk3y or dr0pp3r flags are specified
2022-01-18 11:41:18 +02:00
Ilija Lazoroski
51bf553fb5
Agent, Island: Minor changes to Log4Shell
...
Return types, removing logging from solr service
and change Log4j to Log4Shell in Island reporting
2022-01-17 16:37:03 +01:00
Ilija Lazoroski
311a721880
BB: Fix IP address for Tomcat machines
2022-01-17 16:34:56 +01:00
vakarisz
77eb3ce004
BB: Added log4j configs to the list of manually generatable configs
2022-01-17 11:40:31 +02:00
Mike Salvatore
363d0e14bf
UT: Add unit test for Log4Shell LDAPExploitServer
2022-01-14 11:53:50 -05:00
Mike Salvatore
c9e59bd266
Agent: Refactor Log4Shell LDAP server to avoid race condition
...
A race condition existed between the time when the LDAP server was
instructed to start and the first exploit was sent to the victim.
Sometimes, the first exploit would be sent before the LDAP server
finished starting, resulting in failed exploitation.
To remedy this, the LDAPExploitServer.run() function now blocks until
the server has successfully started. Once the server has started,
LDAPExploitServer.run() returns. This allows the caller to have
confidence that the LDAP server is running after LDAPExploitServer.run()
returns and alleviates the need to sleep in order to avoid the race
condition.
2022-01-14 09:43:14 -05:00
Mike Salvatore
d5e05d7885
Agent: Change log level of Log4Shell HTTP startup message to INFO
2022-01-14 09:31:25 -05:00
vakarisz
be79f2bcdb
BB: add log4j machines to gcp machine list
2022-01-14 14:51:18 +02:00
vakaris_zilius
9f5034a8e5
Agent: fix race condition between ldap server and malicious requests
2022-01-14 12:24:58 +02:00
Ilija Lazoroski
b94c8e54e2
Agent: Remove POC Docker Service
2022-01-13 16:59:22 +01:00
Ilija Lazoroski
c2db37df1e
Agent: Use dropper for Log4Shell
2022-01-13 16:55:45 +01:00
Mike Salvatore
29ea2a961c
Docs: Some small tweaks to the Log4Shell documentation
2022-01-13 09:40:59 -05:00
vakarisz
a7b31dd9e4
BB: add log4shell BB tests
2022-01-13 16:11:10 +02:00
Mike Salvatore
a9d735593c
Agent: Wrap log4shell exploiters in a try/except
2022-01-13 08:58:25 -05:00
Mike Salvatore
6b934d6de5
Agent: Wrap log4shell LDAP server in a process
...
A Twisted reactor can only be started and stopped once. It cannot be
restarted after it has been stopped. To work around this, the reactor
is configured and run in a separate process. This allows us to run
multiple LDAP servers sequentially or simultaneously and stop each one
when we're done with it.
2022-01-13 08:58:25 -05:00
vakarisz
aef7beedb3
Zoo: add logstash machines that test log4shell
2022-01-13 12:42:03 +02:00
Mike Salvatore
24e891d8a8
Agent: Fix formatting of web_rce.py
2022-01-12 19:44:46 -05:00
Mike Salvatore
6fa1d20e6a
Agent: Add _initialize_http_handler() to ExploitClassHTTPServer
2022-01-12 19:27:51 -05:00
Mike Salvatore
176177b8cb
Agent: Use threading.Event() in ExploitClassHTTPServer instead of bool
2022-01-12 19:21:12 -05:00
Mike Salvatore
a3cc641101
UT: Add unit tests for ExploitClassHTTPServer
2022-01-12 19:21:10 -05:00
Mike Salvatore
c2f3042442
Agent: Move definition of exploit template constants for log4shell
...
The LINUX_EXPLOIT_TEMPLATE_PATH and WINDOWS_EXPLOIT_TEMPLATE_PATH are
not used in exploit_builder.py, and therefore have no reason to be
defined in this file. They are now defined in the __init__.py
2022-01-12 16:46:31 -05:00
Mike Salvatore
7733ec29ca
Agent: Add source code for log4shell Java class templates
2022-01-12 16:41:57 -05:00
Mike Salvatore
aa60313787
Agent: Remove commented out code in ExploitClassHTTPServer
2022-01-12 12:33:54 -05:00
Mike Salvatore
3bbf4f9ac6
Agent: Prefix private methods/variables with _ in Log4ShellExploiter
2022-01-12 12:23:44 -05:00
Mike Salvatore
8f53a5ccd0
Agent: Fix min_range in get_free_tcp_port()
...
get_free_tcp_port() effectively ignored the min_range parameter by using
min(1, min_range). This meant that min_range was always 1 (unless a
negative value was passed). As ports lower than 1024 are privileged on
Linux, this lead to the agent trying to bind to ports that it did not
have permission to. By using max(1, min_range), We insure that min_range
is always at least 1, but will still use the provided parameter (1024 by
default).
2022-01-12 12:20:32 -05:00
Mike Salvatore
16219b714b
Agent: Extract Java exploit HTTP server into its own module
2022-01-12 12:11:20 -05:00
Mike Salvatore
b72ad39aa6
Agent: Invoke reactor.stop() with reactor.callFromThread()
2022-01-12 10:53:10 -05:00
Shreya Malviya
7fae22e993
Docs: Add Log4Shell exploiter page
2022-01-12 14:29:38 +05:30
Shreya Malviya
f8ac13c164
Island: Add info about Log4Shell to config schema
2022-01-12 14:05:17 +05:30
Mike Salvatore
c51be159b6
Agent: Use classmethods to improve readability of HTTPHandler
2022-01-11 13:08:32 -05:00
Mike Salvatore
b79bf96359
Agent: Don't install signal handlers in LDAPExploitServer
...
This avoids exceptions that are raised when the LDAPExploitServer is not
started on the main thread.
2022-01-11 12:54:53 -05:00
Ilija Lazoroski
ab7a47384c
Agent, Island: Add Logstash service to Log4Shell exploit
2022-01-11 18:23:15 +01:00
Mike Salvatore
30c41592fb
Agent: Remove dependency on threading from LDAPExploitServer
2022-01-10 08:50:09 -05:00
Mike Salvatore
67ade141a0
Agent: Start log4shell java class server on daemon thread
2022-01-10 08:40:51 -05:00
Mike Salvatore
64827ac589
Agent: Rename IServiceExploiter -> IExploitableService
2022-01-10 08:30:55 -05:00
Mike Salvatore
eb10bdaa4e
Agent: Add unit tests for log4shell ldap server tree
2022-01-10 08:22:01 -05:00
Ilija Lazoroski
dcc68914bd
BB: Add log4j machines to monkey zoo
2022-01-10 14:17:48 +01:00
vakarisz
6782f806eb
Zoo: add log4j solr machines to terraform scripts and docs
2022-01-07 15:27:50 +02:00
vakarisz
7ba2051bf6
Agent: fix a bug in log4shell
...
Fix a bug that prevents single agent from exploiting multiple machines, by resetting the state of global HTTPHandler params
2022-01-06 16:58:40 +02:00
vakarisz
a38536b59b
Agent: refactor log4shell
...
Refactor extracts server setup and shutdown functionality into separate methods
2022-01-06 16:35:38 +02:00
Ilija Lazoroski
79d92afcd4
Agent: Add Apache Tomcat support for Log4Shell exploit
2022-01-06 13:56:17 +01:00
vakarisz
0006112e79
Agent: fix log4shell to be able to exploit more than 1 service
2022-01-06 13:01:50 +02:00
vakarisz
0cd6b1e616
Agent: remove unused upload_monkey() and rename _trigger_exploit
2022-01-06 13:00:37 +02:00
vakarisz
7bace927f8
Agent: fix log4shell to always close ldap and http servers, even on errors
2022-01-06 12:56:04 +02:00
vakarisz
9d5ea0f41f
Island: add log4shell issue processing and reporting
2022-01-06 12:26:00 +02:00