forked from p15670423/monkey
Agent: Stamp times before the exploit runs
This commit is contained in:
parent
48e6e95271
commit
016bf5c795
|
@ -1,6 +1,7 @@
|
||||||
import logging
|
import logging
|
||||||
import time
|
import time
|
||||||
from pathlib import PurePath
|
from pathlib import PurePath
|
||||||
|
from typing import Tuple
|
||||||
|
|
||||||
from common import OperatingSystem
|
from common import OperatingSystem
|
||||||
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
|
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
|
||||||
|
@ -28,7 +29,6 @@ from infection_monkey.utils.threading import interruptible_iter
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter"
|
LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter"
|
||||||
PROPAGATION_TAGS = (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG)
|
|
||||||
|
|
||||||
|
|
||||||
class Log4ShellExploiter(WebRCE):
|
class Log4ShellExploiter(WebRCE):
|
||||||
|
@ -36,6 +36,12 @@ class Log4ShellExploiter(WebRCE):
|
||||||
SERVER_SHUTDOWN_TIMEOUT = LONG_REQUEST_TIMEOUT
|
SERVER_SHUTDOWN_TIMEOUT = LONG_REQUEST_TIMEOUT
|
||||||
REQUEST_TO_VICTIM_TIMEOUT = MEDIUM_REQUEST_TIMEOUT
|
REQUEST_TO_VICTIM_TIMEOUT = MEDIUM_REQUEST_TIMEOUT
|
||||||
|
|
||||||
|
def _exploiter_tags(self) -> Tuple[str, ...]:
|
||||||
|
return (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG)
|
||||||
|
|
||||||
|
def _propagation_tags(self) -> Tuple[str, ...]:
|
||||||
|
return (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG)
|
||||||
|
|
||||||
def _exploit_host(self) -> ExploiterResultData:
|
def _exploit_host(self) -> ExploiterResultData:
|
||||||
self._open_ports = [
|
self._open_ports = [
|
||||||
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
|
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
|
||||||
|
@ -43,10 +49,6 @@ class Log4ShellExploiter(WebRCE):
|
||||||
|
|
||||||
if not self._open_ports:
|
if not self._open_ports:
|
||||||
logger.info("Could not find any open web ports to exploit")
|
logger.info("Could not find any open web ports to exploit")
|
||||||
self._publish_exploitation_event(
|
|
||||||
target=self.host.ip_addr,
|
|
||||||
exploitation_success=False,
|
|
||||||
)
|
|
||||||
return self.exploit_result
|
return self.exploit_result
|
||||||
|
|
||||||
self._configure_servers()
|
self._configure_servers()
|
||||||
|
@ -156,31 +158,34 @@ class Log4ShellExploiter(WebRCE):
|
||||||
f"on port {port}"
|
f"on port {port}"
|
||||||
)
|
)
|
||||||
try:
|
try:
|
||||||
|
timestamp = time.time()
|
||||||
url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
|
url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
|
||||||
except Exception as err:
|
except Exception as err:
|
||||||
error_message = "An error occurred while attempting to exploit log4shell on a "
|
error_message = (
|
||||||
|
"An error occurred while attempting to exploit log4shell on a "
|
||||||
f"potential {exploit.service_name} service: {err}"
|
f"potential {exploit.service_name} service: {err}"
|
||||||
|
)
|
||||||
|
|
||||||
logger.warning(error_message)
|
logger.warning(error_message)
|
||||||
|
|
||||||
self._publish_exploitation_event(
|
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||||
target=self.host.ip_addr,
|
|
||||||
exploitation_success=False,
|
|
||||||
error_message=error_message,
|
|
||||||
tags=(LOG4SHELL_EXPLOITER_TAG,),
|
|
||||||
)
|
|
||||||
|
|
||||||
if self._wait_for_victim():
|
if self._wait_for_victim(timestamp):
|
||||||
self.exploit_info["vulnerable_service"] = {
|
self.exploit_info["vulnerable_service"] = {
|
||||||
"service_name": exploit.service_name,
|
"service_name": exploit.service_name,
|
||||||
"port": port,
|
"port": port,
|
||||||
}
|
}
|
||||||
self.exploit_info["vulnerable_urls"].append(url)
|
self.exploit_info["vulnerable_urls"].append(url)
|
||||||
|
|
||||||
def _wait_for_victim(self) -> bool:
|
def _wait_for_victim(self, timestamp: float) -> bool:
|
||||||
victim_called_back = self._wait_for_victim_to_download_java_bytecode()
|
victim_called_back = self._wait_for_victim_to_download_java_bytecode()
|
||||||
if victim_called_back:
|
if victim_called_back:
|
||||||
|
self._publish_exploitation_event(timestamp, True)
|
||||||
self._wait_for_victim_to_download_agent()
|
self._wait_for_victim_to_download_agent()
|
||||||
|
else:
|
||||||
|
error_message = "Timed out while waiting for victim to download the java bytecode"
|
||||||
|
logger.debug(error_message)
|
||||||
|
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||||
|
|
||||||
return victim_called_back
|
return victim_called_back
|
||||||
|
|
||||||
|
@ -190,24 +195,11 @@ class Log4ShellExploiter(WebRCE):
|
||||||
|
|
||||||
while not timer.is_expired():
|
while not timer.is_expired():
|
||||||
if self._exploit_class_http_server.exploit_class_downloaded():
|
if self._exploit_class_http_server.exploit_class_downloaded():
|
||||||
self._publish_exploitation_event(
|
|
||||||
target=self.host.ip_addr,
|
|
||||||
exploitation_success=True,
|
|
||||||
tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
|
|
||||||
)
|
|
||||||
self.exploit_result.exploitation_success = True
|
self.exploit_result.exploitation_success = True
|
||||||
return True
|
return True
|
||||||
|
|
||||||
time.sleep(1)
|
time.sleep(1)
|
||||||
|
|
||||||
error_message = "Timed out while waiting for victim to download the java bytecode"
|
|
||||||
logger.debug(error_message)
|
|
||||||
self._publish_exploitation_event(
|
|
||||||
target=self.host.ip_addr,
|
|
||||||
exploitation_success=False,
|
|
||||||
error_message=error_message,
|
|
||||||
tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
|
|
||||||
)
|
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def _wait_for_victim_to_download_agent(self):
|
def _wait_for_victim_to_download_agent(self):
|
||||||
|
@ -216,11 +208,7 @@ class Log4ShellExploiter(WebRCE):
|
||||||
|
|
||||||
while not timer.is_expired():
|
while not timer.is_expired():
|
||||||
if self._agent_http_server_thread.downloads > 0:
|
if self._agent_http_server_thread.downloads > 0:
|
||||||
self._publish_propagation_event(
|
self._publish_propagation_event(success=True)
|
||||||
target=self.host.ip_addr,
|
|
||||||
propagation_success=True,
|
|
||||||
tags=PROPAGATION_TAGS,
|
|
||||||
)
|
|
||||||
self.exploit_result.propagation_success = True
|
self.exploit_result.propagation_success = True
|
||||||
break
|
break
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue