Syntactic, small changes to weblogic and web_rce

2019-01-29 13:09:38 +02:00 · 2019-01-29 13:09:38 +02:00 · 7ab22bb3e9
parent 6073e9f677
commit 7ab22bb3e9
2 changed files with 10 additions and 9 deletions
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@ -54,7 +54,7 @@ class WebRCE(HostExploiter):
        exploit_config['upload_commands'] = None

        # url_extensions: What subdirectories to scan (www.domain.com[/extension]). Eg. ["home", "index.php"]
-        exploit_config['url_extensions'] = None
+        exploit_config['url_extensions'] = []

        # stop_checking_urls: If true it will stop checking vulnerable urls once one was found vulnerable.
        exploit_config['stop_checking_urls'] = False
--- a/monkey/infection_monkey/exploit/weblogic.py
+++ b/monkey/infection_monkey/exploit/weblogic.py
@ -69,7 +69,7 @@ class WebLogicExploiter(WebRCE):
            print(e)
        return True

-    def add_vulnerable_urls(self, urls):
+    def add_vulnerable_urls(self, urls, stop_checking=False):
        """
        Overrides parent method to use listener server
        """
@ -78,7 +78,7 @@ class WebLogicExploiter(WebRCE):
        exploitable = False

        for url in urls:
-            if self.check_if_exploitable(url, httpd):
+            if self.check_if_exploitable_weblogic(url, httpd):
                exploitable = True
                break

@ -95,8 +95,8 @@ class WebLogicExploiter(WebRCE):

        self._stop_http_server(httpd, lock)

-    def check_if_exploitable(self, url, httpd):
-        payload = self.get_test_payload(ip=httpd._local_ip, port=httpd._local_port)
+    def check_if_exploitable_weblogic(self, url, httpd):
+        payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port)
        try:
            post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False)
        except exceptions.ReadTimeout:
@ -120,7 +120,8 @@ class WebLogicExploiter(WebRCE):
        lock.acquire()
        return httpd, lock

-    def _stop_http_server(self, httpd, lock):
+    @staticmethod
+    def _stop_http_server(httpd, lock):
        lock.release()
        httpd.join(SERVER_TIMEOUT)
        httpd.stop()
@ -194,8 +195,8 @@ class WebLogicExploiter(WebRCE):
        we determine if we can exploit by either getting a GET request from host or not.
        """
        def __init__(self, local_ip, local_port, lock, max_requests=1):
-            self._local_ip = local_ip
-            self._local_port = local_port
+            self.local_ip = local_ip
+            self.local_port = local_port
            self.get_requests = 0
            self.max_requests = max_requests
            self._stopped = False
@ -210,7 +211,7 @@ class WebLogicExploiter(WebRCE):
                    LOG.info('Server received a request from vulnerable machine')
                    self.get_requests += 1
            LOG.info('Server waiting for exploited machine request...')
-            httpd = HTTPServer((self._local_ip, self._local_port), S)
+            httpd = HTTPServer((self.local_ip, self.local_port), S)
            httpd.daemon = True
            self.lock.release()
            while not self._stopped and self.get_requests < self.max_requests: