From 610d3d1144fb2c2002a8894672c7306bb145e2e6 Mon Sep 17 00:00:00 2001
From: ophirharpazg <ophir.harpaz@guardicore.com>
Date: Thu, 27 Aug 2020 19:46:42 +0300
Subject: [PATCH] get a vulnerable URL in a configurable manner

---
 monkey/infection_monkey/exploit/web_rce.py | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py
index 3863d47e1..faa183faa 100644
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@@ -89,7 +89,7 @@ class WebRCE(HostExploiter):
         if not self.vulnerable_urls:
             return False
 
-        self.target_url = self.vulnerable_urls[0]
+        self.target_url = self.get_target_url()
         self.vulnerable_port = HTTPTools.get_port_from_url(self.target_url)
 
         # Skip if monkey already exists and this option is given
@@ -98,21 +98,21 @@ class WebRCE(HostExploiter):
             return True
 
         # Check for targets architecture (if it's 32 or 64 bit)
-        if not exploit_config['blind_exploit'] and not self.set_host_arch(self.target_url):
+        if not exploit_config['blind_exploit'] and not self.set_host_arch(self.get_target_url()):
             return False
 
         # Upload the right monkey to target
-        data = self.upload_monkey(self.target_url, exploit_config['upload_commands'])
+        data = self.upload_monkey(self.get_target_url(), exploit_config['upload_commands'])
 
         if data is False:
             return False
 
         # Change permissions to transform monkey into executable file
-        if self.change_permissions(self.target_url, data['path']) is False:
+        if self.change_permissions(self.get_target_url(), data['path']) is False:
             return False
 
         # Execute remote monkey
-        if self.execute_remote_monkey(self.target_url, data['path'], exploit_config['dropper']) is False:
+        if self.execute_remote_monkey(self.get_target_url(), data['path'], exploit_config['dropper']) is False:
             return False
 
         return True
@@ -502,3 +502,12 @@ class WebRCE(HostExploiter):
 
     def set_vulnerable_port_from_url(self, url):
         self.vulnerable_port = HTTPTools.get_port_from_url(url)
+
+    def get_target_url(self):
+        """
+        This method allows "configuring" the way in which a vulnerable URL is picked.
+        If the same URL should be used - always return the first.
+        Otherwise - implement your own (e.g. Drupal must use a new URI each time).
+        :return: a vulnerable URL
+        """
+        return self.vulnerable_urls[0]