forked from p34709852/monkey
get a vulnerable URL in a configurable manner
This commit is contained in:
parent
a87640c4aa
commit
610d3d1144
|
@ -89,7 +89,7 @@ class WebRCE(HostExploiter):
|
||||||
if not self.vulnerable_urls:
|
if not self.vulnerable_urls:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
self.target_url = self.vulnerable_urls[0]
|
self.target_url = self.get_target_url()
|
||||||
self.vulnerable_port = HTTPTools.get_port_from_url(self.target_url)
|
self.vulnerable_port = HTTPTools.get_port_from_url(self.target_url)
|
||||||
|
|
||||||
# Skip if monkey already exists and this option is given
|
# Skip if monkey already exists and this option is given
|
||||||
|
@ -98,21 +98,21 @@ class WebRCE(HostExploiter):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
# Check for targets architecture (if it's 32 or 64 bit)
|
# Check for targets architecture (if it's 32 or 64 bit)
|
||||||
if not exploit_config['blind_exploit'] and not self.set_host_arch(self.target_url):
|
if not exploit_config['blind_exploit'] and not self.set_host_arch(self.get_target_url()):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# Upload the right monkey to target
|
# Upload the right monkey to target
|
||||||
data = self.upload_monkey(self.target_url, exploit_config['upload_commands'])
|
data = self.upload_monkey(self.get_target_url(), exploit_config['upload_commands'])
|
||||||
|
|
||||||
if data is False:
|
if data is False:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# Change permissions to transform monkey into executable file
|
# Change permissions to transform monkey into executable file
|
||||||
if self.change_permissions(self.target_url, data['path']) is False:
|
if self.change_permissions(self.get_target_url(), data['path']) is False:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# Execute remote monkey
|
# Execute remote monkey
|
||||||
if self.execute_remote_monkey(self.target_url, data['path'], exploit_config['dropper']) is False:
|
if self.execute_remote_monkey(self.get_target_url(), data['path'], exploit_config['dropper']) is False:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
@ -502,3 +502,12 @@ class WebRCE(HostExploiter):
|
||||||
|
|
||||||
def set_vulnerable_port_from_url(self, url):
|
def set_vulnerable_port_from_url(self, url):
|
||||||
self.vulnerable_port = HTTPTools.get_port_from_url(url)
|
self.vulnerable_port = HTTPTools.get_port_from_url(url)
|
||||||
|
|
||||||
|
def get_target_url(self):
|
||||||
|
"""
|
||||||
|
This method allows "configuring" the way in which a vulnerable URL is picked.
|
||||||
|
If the same URL should be used - always return the first.
|
||||||
|
Otherwise - implement your own (e.g. Drupal must use a new URI each time).
|
||||||
|
:return: a vulnerable URL
|
||||||
|
"""
|
||||||
|
return self.vulnerable_urls[0]
|
||||||
|
|
Loading…
Reference in New Issue