From f3f124ce76812ce9b489c5bc457016b643f550b5 Mon Sep 17 00:00:00 2001 From: ophirharpazg Date: Thu, 27 Aug 2020 19:47:08 +0300 Subject: [PATCH] renames, formatting and documentation --- monkey/infection_monkey/exploit/web_rce.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index faa183faa..dd51c615d 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -83,8 +83,8 @@ class WebRCE(HostExploiter): if not ports: return False # Get urls to try to exploit - urls = self.build_potential_urls(ports, exploit_config['url_extensions']) - self.add_vulnerable_urls(urls, exploit_config['stop_checking_urls']) + potential_urls = self.build_potential_urls(ports, exploit_config['url_extensions']) + self.add_vulnerable_urls(potential_urls, exploit_config['stop_checking_urls']) if not self.vulnerable_urls: return False @@ -187,6 +187,7 @@ class WebRCE(HostExploiter): def build_potential_urls(self, ports, extensions=None): """ + Build all possibly-vulnerable URLs on a specific host, based on the relevant ports and extensions. :param ports: Array of ports. One port is described as size 2 array: [port.no(int), isHTTPS?(bool)] Eg. ports: [[80, False], [443, True]] :param extensions: What subdirectories to scan. www.domain.com[/extension] @@ -344,7 +345,6 @@ class WebRCE(HostExploiter): if not commands: commands = {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD} command = self.get_command(paths['dest_path'], http_path, commands) - resp = self.exploit(url, command) self.add_executed_cmd(command) resp = self.run_backup_commands(resp, url, paths['dest_path'], http_path)