diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index 399a2706e..e77bbce62 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -39,6 +39,10 @@ class Log4ShellExploiter(WebRCE): if not self._open_ports: logger.info("Could not find any open web ports to exploit") + self._publish_exploitation_event( + target=self.host.ip_addr, + exploitation_success=False, + ) return self.exploit_result self._configure_servers() @@ -115,7 +119,9 @@ class Log4ShellExploiter(WebRCE): def _build_command(self, path: PurePath, http_path) -> str: # Build command to execute - monkey_cmd = build_monkey_commandline(self.servers, self.current_depth + 1, location=path) + monkey_cmd = build_monkey_commandline( + self.servers, self.current_depth + 1, location=str(path) + ) if self.host.is_windows(): base_command = LOG4SHELL_WINDOWS_COMMAND else: @@ -147,10 +153,16 @@ class Log4ShellExploiter(WebRCE): ) try: url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port) - except Exception as ex: - logger.warning( - "An error occurred while attempting to exploit log4shell on a " - f"potential {exploit.service_name} service: {ex}" + except Exception as err: + error_message = "An error occurred while attempting to exploit log4shell on a " + f"potential {exploit.service_name} service: {err}" + + logger.warning(error_message) + + self._publish_exploitation_event( + target=self.host.ip_addr, + exploitation_success=False, + error_message=error_message, ) if self._wait_for_victim(): @@ -173,6 +185,10 @@ class Log4ShellExploiter(WebRCE): while not timer.is_expired(): if self._exploit_class_http_server.exploit_class_downloaded(): + self._publish_exploitation_event( + target=self.host.ip_addr, + exploitation_success=True, + ) self.exploit_result.exploitation_success = True return True @@ -187,6 +203,10 @@ class Log4ShellExploiter(WebRCE): while not timer.is_expired(): if self._agent_http_server_thread.downloads > 0: + self._publish_propagation_event( + target=self.host.ip_addr, + propagation_success=True, + ) self.exploit_result.propagation_success = True break